How to Create a VPN server (home or Office)

How to create the VPN server interface, step-by-step
1. Click Start | Control Panel.
2. In the Control Panel, open the Network Connections applet.
3. In the Network Connections window (see Figure A), open the New Connection Wizard.
Figure A

The Network Connections window 4. On the Welcome To The New Connection Wizard page, click Next.
5. On the Network Connection Type page (see Figure B), select the Set Up An Advanced Connection option.
Figure B
On the Advanced Connection Options page (see Figure C), select the Accept Incoming Connections option and click Next.
Figure C

Configuring XP to accept incoming connections 7. On the Devices For Incoming Connections page (see Figure D), you can select optional devices on which you want to accept incoming connections.
Figure D

Note that you are not presented with any of the network interfaces on the computer. 8. On the Incoming Virtual Private Network (VPN) Connection page (see Figure E), select the Allow Virtual Private Connections option and click Next.
Figure E
9. On the User Permissions page (see Figure F), select the users that are allowed to make incoming VPN connections. Click Next.
Figure F

Any user that isn't selected won't be able to initiate an incoming connection. 10. On the Networking Software page (see Figure G), click on the Internet Protocol (TCP/IP) entry and click the Properties button.
Figure G

Configuring TCP/IP properties 11. In the Incoming TCP/IP Properties dialog box (see Figure H), place a check mark in the Allow Callers To Access My Local Area Network check box. This will allow VPN callers to connect to other computers on the LAN. If this check box isn't selected, VPN callers will only be able to connect to resources on the Windows XP VPN server itself. Click OK to return to the Networking Software page and then click Next.
Figure H

Granting LAN access to callers 12. On the Completing The New Connection Wizard page, click Finish to create the connection.
After the Incoming Connection is complete, right-click on the connection in the Network Connections window and select the Properties command (see Figure I).
Figure I

Accessing the properties of the VPN server link Note that on the General tab of the Incoming Connections Properties page (see Figure J) that no devices are listed. The comment No Hardware Capable Of Accepting Calls Is Installed isn't true, since you can now create VPN connections to both network interface cards. In practice, there is no point in creating a VPN connection to the internal interface card.

Figure J VPN clients will only call the external IP address of the Windows XP Professional VPN server.

VPN server optimization tips
The New Connection Wizard made it easy to create the VPN server interface, but you can still do more to optimize your VPN connections. First, note that you can create PPTP or L2TP/IPSec VPN connections. Figure K shows the connection status dialog box of a Windows XP VPN client connected to a Windows XP VPN server. Note that MPPE 128-bit encryption is automatically enabled and that Microsoft CHAP v2 is used for authentication.

Figure K

If both machines had machine certificates from the same Certification Authority installed, an L2TP/IPSec VPN link could have been negotiated. If you want the VPN client to access resources on the internal network, the IP address assigned to the VPN client should be on the same network ID as the internal interface of the Windows XP VPN server computer. In addition, all the machines on the internal network should have a default gateway set using the IP address of the internal interface of the Windows XP VPN server.
In the unlikely event that the SOHO has multiple network segments, the routing table on the Windows XP VPN server needs to be configured with paths to the various internal network IDs. You can use the ROUTE ADD command to create these routing table entries.
Small networks that use a Windows XP Professional machine for a VPN server probably won't have network services such as WINS or DNS. If name resolution on the private network is an issue for the VPN client, then you should create a LMHOSTS file, a simple text file that contains name and IP address mappings. For example, the following line could represent an entry in an LMHOSTS file:
10.0.0.2 DEFIANT
The VPN client must be configured with an IP address or host name for the Windows XP Professional VPN server. If the Windows XP Professional client has a dedicated link to the Internet and a static IP address, you can use that IP address in the VPN client configuration interface. However, if the Windows XP Professional VPN server is assigned an IP address via DHCP, you'll have to use an Internet host name and a method of registering the host name dynamically. A couple of services you might want to look into are TZO and DYNDNS. Both of these services will let you dynamically register a computer's IP address into the public DNS database.
Conclusion
Windows XP Professional provides simple VPN server capabilities that let you connect single VPN clients to your internal network, one at a time. If the Windows XP Professional computer has a dedicated connection to the Internet, you can connect to that computer from virtually anywhere in the world using a VPN link. The VPN server setup is simple and can accept calls from any Windows PPTP or L2TP/IPSec client.