Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

Windows XP Pro IPSec VPN Server

RRAS, VPN, TS/RDP, Routing and remote Access.

Windows XP Pro IPSec VPN Server

Postby jcws6 » Sat Feb 02, 2008 12:34 pm

I'm trying to set up an L2TP/IPSec connection between a Windows XP Pro computer and a Windows Mobile 6 smartphone. So far, I've got the "Incoming Connections" VPN server created. But I can't figure out how to enable IPSec over the connection. Help!
jcws6
 
Posts: 8
Joined: Sat Feb 02, 2008 1:50 am

Postby fenton » Sat Feb 02, 2008 5:33 pm

I am not sure I understand the issue. Assume you want to configure smartphone to access IPSec VPN, press Start>Settings>Connections>VPN. Choose Add a new VPN server connection. You need to know the hostname or IP address, username and password.
fenton
 
Posts: 421
Joined: Mon Dec 04, 2006 3:25 pm

Postby jcws6 » Sat Feb 02, 2008 6:11 pm

The smartphone part isn't the problem. The PC part is. I can't figure out how to enable IPSec from the XP Pro VPN server.

The smartphone asks me for a certificate or a pre-shared key for the connection. How do I enable that on the VPN server?
jcws6
 
Posts: 8
Joined: Sat Feb 02, 2008 1:50 am

Postby chicagotech » Sat Feb 02, 2008 9:15 pm

In this case, you should use PPTP instead of IPSec.
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 7066
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Postby jcws6 » Sat Feb 02, 2008 9:59 pm

Well, I know PPTP was superceded by L2TP/IPSec, and I'm looking for the most secure option I can implement. I'm guessing that IPSec over VPN can be configured via the "IP Security Policy Management" Snap-In on the Microsoft Management Console (MMC). But there are quite a few options in there, & I couldn't get the right combination just by messing with it.

If there was a writeup on how to configure those options, that would be perfect. I'd hate to hear "that can't be done" when there's a perfectly good VPN client supporting IPSec on my smartphone. Microsoft must've put it there for a reason.

I'm not averse to using a third-party VPN client - I'm just not sure what's good out there. I tried OpenVPN (not IPSec, but the SSL-based security it uses seems to be highly regarded), but the PocketPC OpenVPN client is still in alpha. Any advice?
jcws6
 
Posts: 8
Joined: Sat Feb 02, 2008 1:50 am

Postby chicagotech » Sun Feb 03, 2008 12:12 am

Normally, you setup IPSec in ISA. If you do want to try IPSec in XP this how to may help.

How to start Microsoft IPSec
How to start MS IPSec. To start the IPSec Policy, Start >Run >secpol.msc. Right click on IP Security Policy on Local Machine and choose Create IP Security ...
www.howtonetworking.com/Routers/msipsec1.htm
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 7066
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Postby jcws6 » Mon Feb 04, 2008 10:08 am

Thanks for the How To. I had no problem finding the "IP Security Management" snap-in (evidenced from my previous post), but the configuration information looks helpful.

To clarify what I'm trying to do here, I'd like to securely access my Windows XP Pro PC for Remote Desktop access (RDP or VNC) and file transfer via my Windows Mobile 6 smartphone (EvDO connection).

I've researched 6 ways to accomplish this:
1. Hamachi VPN with Pocket PC beta client (does not work - software problem with handheld client)
2. OpenVPN with Pocket PC alpha client (does not work - software problem with handheld client)
3. Third-party IPSec server for XP Pro
4. Default configuration with built-in IPSec Policies
5. SSH tunnel with third-party Pocket PC SSH client and portmapping software
6. PPTP VPN with UltraVNC or RealVNC encryption

I'm currently having a problem even using the PPTP connection, so I'll be getting that fixed first. After I have that resolved, I'll post my updates (and further questions).
jcws6
 
Posts: 8
Joined: Sat Feb 02, 2008 1:50 am

Postby chicagotech » Mon Feb 04, 2008 11:09 am

I have been working on IPSec between Windows or windows to a IPSec support router. I haven't worked on the IPSec for mobile phone, but I can tell it is not easy. Please do post back if you work it work. That will help others. Thanks.
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 7066
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Postby jcws6 » Sat Feb 09, 2008 12:12 am

I learned that I couldn't get VPN working before because of my stupid router. Apparently, my Linksys WRT54G's "PPTP Passthrough" doesn't really mean "passes GRE 47," until the latest firmware is applied. Now, all that's set up, and I was able to get a PPTP VPN connection from my Sprint Touch to my XP Pro PC (progress!). I loaded the WM6 RDP client, and I can Remote Desktop to my PC, but the VPN connection drops after a few seconds (so close...). I had a solid 2-3 bar EvDO connection that tested at >850kbps, when I performed the test - but I think it's a problem with the phone's VPN client. After I figure out why this isn't working, I'll start playing around with some IPSec policies.
jcws6
 
Posts: 8
Joined: Sat Feb 02, 2008 1:50 am

Postby chicagotech » Sat Feb 09, 2008 9:49 am

Please keep us update.
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 7066
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Postby jcws6 » Tue Feb 12, 2008 6:58 pm

An update:

I haven't figured out why the phone drops the VPN connection after a few seconds, but I did figure out how to stop it from happening. Apparently, when I set the device to ONLY use the secure connection (Start > Settings > Connections tab > Connections > Advanced tab > Select Networks, change both to "My Work Network", OK), it seems to work. I was able to maintain a 3-5 minute RDP session on two separate occasions. I also investigated another solution. Here's my updated list:

1. Hamachi VPN with Pocket PC beta client (does not work - software problem with handheld client)
2. OpenVPN with Pocket PC alpha client (does not work - software problem with handheld client)
3. Third-party IPSec server for XP Pro
4. Default configuration with built-in IPSec Policies
5. SSH tunnel with third-party Pocket PC SSH client and portmapping software
6. PPTP VPN with UltraVNC or RealVNC encryption (PPTP tunnel working with WM6 RDP client)
7. Third-party VPN client for WM6 (tried Bluefire - did not work with PPTP)
8. LogMeIn Free (very easy to use, but very few features - worked fine for remote desktop access)

My primary desktop uses a 24" monitor (1900x1200), and my smartphone is a 2.8" LCD (240x320). Using LogMeIn with landscape mode on my phone was painful. The lowest my video card supports is 800x600, and even with 75% scaling on the LogMeIn client, navigation was painful (you have to tap a separate button just to enable the right mouse button). The RDP client automatically scaled my display to 640x480 with 256 colors, which wasn't terrible (tap & hold works as the right mouse button), but still not very useful. Unless I can figure out some sort of custom 320x240 interface for my desktop, I will be abandoning my goal of using remote desktop access via my smartphone, due to lack of real-life usability. However, I will continue trying out my proposed solutions, just to satisfy my own misdirected morbid curiosity.

I attempted a couple tests with remote file transfer via my VPN connection. Here are the results:
1. "Open Path" option in File Explorer - did not work with IP address or computer name
2. Internet Explorer - did not work with IP address or computer name
3. HTC Network Folder program - did not work
4. Orb - did not require VPN (server app with web access), but worked perfectly for remote media and file access
(future tests include remote ActiveSync and PocketLAN software)

I'll keep testing when I have time, and I'll keep posting my results.
jcws6
 
Posts: 8
Joined: Sat Feb 02, 2008 1:50 am

Postby jcws6 » Fri Feb 15, 2008 11:44 am

Update:

- I was connected to my PPTP VPN for 34 minutes consecutively today, so I think I've got this part pretty much figured out. To terminate the VPN connection, I found out I had to connect to the normal phone network (Start > Settings > Connections > Manage existing connections, under Sprint > Modem tab > Tap & hold, then connect on the "Sprint PCS" connection).

- I set up a VNC server at home, with UltraVNC. Unfortunately, I could not get the Windows username/password authentication working on any of the 3 mobile VNC clients I used. I was able to connect fine with all 3 clients.

- The mobile clients I tested were: "vncview," .NET VNC Viewer 1.0.1.17, and Mocha VNC 1.1. With all 3 clients, the desktop did not appear (I just saw black). None of the display adjustment or scaling settings worked. Bummer.

- VNC isn't really a big deal, since I got RDP working. Especially since it appears that the server-side encryption settings don't work with the handheld clients. I was just curious about how the display looked. UltraVNC also has a file transfer option I was hoping to test out, but I'm not sure how to perform that action from the handheld client.

- PocketLAN did not work for remote file transfer. I was able to ping my desktop, and I could find it by the Computer name when I searched the network. To my disappointment, I could not connect to it or any of the shares on it. I'm still investigating this one.

- Remote ActiveSync has been removed in version 4.5, which is required for Windows Mobile 6. Thanks, Microsoft.
jcws6
 
Posts: 8
Joined: Sat Feb 02, 2008 1:50 am

Postby jcws6 » Fri Mar 21, 2008 5:26 pm

Update:

- Couldn't get SSH to work. The mobile PuTTY client times out after >5 minutes when trying to connect to my SSH server. I verified the connection settings, as compared to a working PuTTY session from a PC not on my network.
jcws6
 
Posts: 8
Joined: Sat Feb 02, 2008 1:50 am


Return to VPN, TS and Remote Access

Your Ad Here

Who is online

Users browsing this forum: No registered users and 5 guests