How to Setup a VPN in Windows Vista: The Client

Last month in part one of our two-part article on setting up a Virtual Private Network through Windows Vista, we walked you through configuring the VPN host. The Host system is the computer that listens for a remote connection and is either part of the network you need to access or contains the data that you’re looking to retrieve.

In this article, we'll show you how to configure the VPN client. The client is any remote computer you use to gain access to those network resources. We’ll also highlight some of the common problems you might run into while attempting to establish a virtual connection.

Setting Up the Client

Before we begin you’ll need to know the IP address of your Host network’s WAN connection. This IP address is different from the one that you assigned to the VPN Host. Instead this IP address is the Global IP address that your ISP assigned you. You can find it in your router configuration under the WAN section. Check your router documentation for further information on locating this information.

Once you have this IP address we can begin.

• Log into your laptop using an account with administrative privileges. With that complete, click Start > Control Panel > Network and Internet > Network and Sharing Center and select Set up a connection or network, and then click Connect to a workplace. Press Next.
• A dialog window will display asking you “How do you want to connect?” When it does, select “Use my Internet connection (VPN).
• You will now be presented with a screen titled “Type the Internet address to connect to.” Type the WAN IP address we discussed earlier into the field named Internet address. Next, enter the Destination name. This could be anything descriptive (i.e., VPN Connection). Finally, check the option “Don’t connect now; just set it up so I can connect later. Press Next to continue.

IMPORTANT NOTE: The WAN IP address can be either static or dynamically assigned. Unless you have a business account for your cable modem or DSL line, chances are that you have a dynamic WAN IP address. This means that this address might change from time-to-time. When that happens, your preconfigured VPN Client will no longer be able to locate the VPN Host; unless of course you knew about the change ahead of time and updated the VPN Client configuration accordingly. One way to circumvent this problem would be to use a Dynamic DNS service, which automatically tracks and updates the changes to your network's public IP address. Some of these you pay for, while others offer the service for free. For more information on Dynamic DNS services check out this article.

• The next screen asks you to enter your user name and password. Filling it in lets you log in faster, but it's less secure. Leaving it blank means entering your info every time you want to connect to the VPN, which is more secure. I recommend that you leave it blank. Press Create when ready to proceed. Then press Close.
• With that complete, click Start > Control Panel > Network and Internet > Network and Sharing Center and select Manage network connections from the Tasks Pane on the left.
• Now right-click on the VPN connection you just created and select Properties.
• Go to the Security tab, select the Advanced (custom settings) and press Settings.
• Set the Data encryption field for “Maximum strength encryption (discount if server declines)”.
• Where it says “Allow these protocols” check only “Microsoft CHAP Version 2 (MS-CHAP v2). Click OK.

Congratulations! You have just completed configuring your VPN Client and should now be ready to connect to your VPN Host. That wasn’t too bad now was it?

Troubleshooting Tips

If you have trouble connecting to your VPN, it usually comes down to these issues:

Wrong IP Address
If you’re not familiar with differences between local and global IP addresses, they could be hard to identify. A simple way to identify your global IP address is to use a site like SpeedTest.net. Once the page loads you’ll see your IP address located in the lower left corner of the screen. REMEMBER: This is the VPN Host address, and it's the same IP Address you’ll need to connect to when using the VPN Client.  

Configured Firewall
Most computers these days have two firewalls protecting them; a hardware one (in a router, for example) and a software one (ex. Norton Internet Security, Windows Firewall, Zone Alarm, etc.). In order for the remote computer to access the host system the firewall has to be configured to correctly pass these requests on to the appropriate system it’s protecting.

In most cases this will be the cause of your problem. The best way to verify this is to disable all of your firewalls and attempt to establish the connection again. Note: you need to do this for both the VPN Host and the VPN Client machines. The easiest way to do this is to connect your cable modem or DSL line directly to your system and just disable the software firewall (if any). This essentially disables all security and exposes your PC to the Internet with no protection.

REMEMBER, THIS IS ONLY FOR TROUBLESHOOTING YOUR FIREWALL ISSUES. DO NOT LEAVE YOUR SYSTEM IN THIS STATE, AS YOUR PC WILL BE AT RISK!

Miscellaneous Issues
You might also run into encryption issues. By default, the VPN doesn’t require you to use encryption, but since I’d prefer to err on the side of caution, my instructions here enable encryption. If all else fails you can disable encryption for testing, but once it's working, I highly recommend you re-enable it and work through the problems.

ISP Policy Violation
Finally, if you’re certain that firewalls on both the client and the host systems are not blocking traffic, but you still can’t connect, then the problem could be with your Internet Service Provider (ISP). Some ISP’s block VPN traffic or allow it only with certain types of accounts. Check your ISP’s polices for details.

Plan B

If all this still seems a bit too complicated for you there is an even easier alternative available. A free software utility called Hamachi that will in most cases let you set up a working VPN in just a few minutes, usually with little or no configuration. I’ve used this before and it works surprisingly well. A colleague of mine explored this in greater detail, and you can check out that article here:

Now that you’ve established a successful VPN connection, you’ll need to configure your PC or network to share network resources. Next month, we’ll show you how to do just that. Until then, I hope this helps to get you started.

Ronald Pacchiano is a contributing writer for SmallBusinessComputing.com.

This article was first published on SmallBusinessComputing.com.