You are on page 1of 39

OS Platform: Windows

1. Install a Internet enabled LAN


Once you've set up your hardware (i.e. slotted in the network card and connected all of
the computers - actually you don't have to connect to another computer at this stage, but
you must have installed the network card) boot up your computer (for instructions on
installing your network card, see the instructions that come with it).

Chances are the network card you have is PnP (Plug and Play) compatible. If so Windows
should detect the network card and (provided you follow the on screen instructions
correctly) complete the installation process (it probably gave your network card the Realtek
drivers). Your computer may rebooted automatically to complete the installation process.

Upon loading Windows, you will be asked for your name and password. Type in
a name and press OK (do not enter a password - you can do that later if you want).

Right click on the Network icon that has now appeared on your desktop and
select properties.

To make things easier, we'll deal with the Identification tab first.

Select the Identification tab by clicking on it. You will be presented with the following
screen:
Enter the appropriate information. Note - the computer name must be unique for each
computer but the computer description can be blank/same/different for each
computer. The Workgroup must be the same for each computer that wants to
belong to a particular network. You can have several logical networks connected by the
same physical network (i.e. cables)!

Now go back to the Configuration tab.

In here you may already have a Dial-Up Adapter (an adapter) if you have a modem and
an Internet connection. If so then you'll also have theTCP/IP -> Dial-Up Adapter (a
protocol) displayed. As these are just for the Internet, you can ignore them (i.e. don't edit
or delete them).

Also in this box will be another adapter and another protocol relating to the adapter. This
will have been set up during the previous boot-up when Windows installed and configured
your new network card. The adapter may say something like Realtek RTL8029 PnP
Ethernet Adapter and will have the protocol IPX/SPX-compatible Protocol -> Realtek
RTL8029 PnP Ethernet Adapter.

NOTE - the protocols may not be listed as [PROTOCOL] -> FOR ADAPTER XXXX as this
is not needed if there is only one adapter. In which case it will simply list the protocol being
used.

Here is an example of the configuration tab:


The first thing you should do here is ensure that the Primary network Logon is set
to Windows Logon. This means that you do not need to enter a password every time you
log on.

If you want to other computers on the network to be able to view/access your files and/or
use your printer, etc click on File and Print Sharingand then tick the relevant boxes. I
recommend that you tick both these boxes for now because even with them ticked, they are
still not actually enabled - more on this later...

Now to set up the TCP/IP protocol for the network adapter (required for some games
such as Close Combat 2, Half Life, etc).

Click Add | Protocol | Microsoft | TCP/IP

You will now see:

TCP/IP-compatible Protocol -> Realtek RTL8029 PnP Ethernet Adapter

Double click on this to display the following screen:


Enter the settings as shown i.e.:

Specify an
Selected
IP address
IP Address 10.0.0.1
Subnet
255.255.255.0
Mask

For each computer on the network the Subnet Mask must be the same, but the IP address
must be different (or you will get an IP address conflict error) e.g.: 10.0.0.1, 10.0.0.2,
10.0.0.3, etc.

Then go to the Bindings tab and make sure that the Client for Microsoft Networks option
is ticked and the File and Printer Sharing for Microsoft Networks option is unticked.

Click on OK to go back to the main network configuration screen.


Click OK again to quit the network configuration screen
Windows will probably ask for the Win 9x CD and will then ask you to restart the computer
Once everyone has restarted their computers, double click on the Network icon on your
desktop (also in Explorer). You should now see the names of all of the computers connected
to the network. If not, try pres27 February, 2007should be done automatically). If you still
can't see everyone, ask EVERYONE to reboot their computer - this is sometimes necessary.
if you still can't see everyone's computer, check your settings; you probably overlooked
something. For some pointers check out my troubleshooting page.

At this point you can now start playing games with your friends (soon to become mortal
enemies!) :-)

However I recommend that you put this off for just a few more minutes and read the
following section on file and printer sharing!

Windows 2000
Here I will tell you how to set up a LAN in Windows 2000.

Once you've set up your hardware (i.e. slotted in the network card and connected all of
the computers - actually you don't have to connect to another computer at this stage, but
you must have installed the network card) boot up your computer (for instructions on
installing your network card, see the instructions that come with it).

Chances are the network card you have is PnP (Plug and Play) compatible. If so Windows
should detect the network card and (provided you follow the on screen instructions
correctly) complete the installation process (it probably gave your network card the Realtek
drivers). Your computer may rebooted automatically to complete the installation process.

Upon loading Windows, you will be asked for your name and password. Type in
a name and press OK (do not enter a password - you can do that later if you want).

Right click on the 'My Computer' icon on your desktop and select 'Properties'.

Then select the 'Network Identification' tab and select 'Properties':


Give your computer a name (I called my PC Den because it is located in a room in my house
called the Den).

Give your Workgroup a name (explanation on workgroups and domains coming soon)

Note - the computer name must be unique for each computer but the computer
description can be blank/same/different for each computer. The Workgroup must
be the same for each computer that wants to belong to a particular network. You
can have several logical networks connected by the same physical network (i.e. cables)!

Then press OK

Right click on the 'My Network Places' icon that has now appeared on your desktop and
select 'Properties'.

Then double click on 'Local Area Connection' to get to this screen:


and then select Properties to arrive here:
In here you may already have a Dial-Up Adapter (an adapter) if you have a modem and
an Internet connection. If so then you'll also have theTCP/IP -> Dial-Up Adapter (a
protocol) displayed. As these are just for the Internet, you can ignore them (i.e. don't edit
or delete them).

Also in this box will be another adapter and another protocol relating to the adapter. This
will have been set up during the previous boot-up when Windows installed and configured
your new network card. The adapter may say something like Realtek RTL8029 PnP
Ethernet Adapter and will have the protocol IPX/SPX-compatible Protocol -> Realtek
RTL8029 PnP Ethernet Adapter.

NOTE - the protocols may not be listed as [PROTOCOL] -> FOR ADAPTER XXXX as this
is not needed if there is only one adapter. In which case it will simply list the protocol being
used.

To add a protocol or service, just click on the 'Install' button pictured in the screenshot
above and then browse to it.

The protocols that you should install are:

 Internet Protocol (TCP/IP)


 NWLink IPX/SPX/NetBIOS Compatible Transfer Protocol
 NWLink NetBIOS

The services that you should install are:

 Client for Microsoft Networks


 File and Printer Sharing for Microsoft Networks (only needed if you want other
people on the LAN to browse/open/use files on your computer and access hardware
attached to your computer - such as printers. more on this later...)

Now to set up the TCP/IP protocol for the network adapter (required for some games
such as Close Combat IV, Half Life, etc).

Click Add | Protocol | Microsoft | TCP/IP

You will now see something like:

Internet Protocol (TCP/IP) -> Realtek RTL8029 PnP Ethernet Adapter

Double click on this to display the following screen:


Enter the settings as shown i.e.:

Use the
following an Selected
IP address
IP Address 10.0.0.1
Subnet
255.255.255.0
Mask

For each computer on the network the Subnet Mask must be the same, but the IP address
must be different (or you will get an IP address conflict error) e.g.: 10.0.0.1, 10.0.0.2,
10.0.0.3, etc.

Click on OK to go back to the main network configuration screen.


Click OK again to quit the network configuration screen
Windows may ask for the Windows 2000 CD and will then ask you to restart the
computer
Windows XP
Once you've set up your hardware (i.e. slotted in the network card and connected all of
the computers - actually you don't have to connect to another computer at this stage, but
you must have installed the network card) boot up your computer (for instructions on
installing your network card, see the instructions that come with it).

Chances are the network card you have is PnP (Plug and Play) compatible. If so Windows
should detect the network card and (provided you follow the on screen instructions
correctly) complete the installation process (it probably gave your network card the Realtek
drivers). Your computer may rebooted automatically to complete the installation process.

Once installed you can either follow the Windows XP networking wizard or set it up
manually. The easiest option is to use the wizard - then you can manually tweak it later if
you want to.

To start the New Connection wizard either:

 Boot up your PC after installing your new network card - it should then appear
 Insert your Windows XP CD and choose the New network Connection Wizard option
 Start | Control Panel | Network Connections | Create a new connection

This will bring up the network connection wizard screen:

Select Next
Select the 'Set up a home or small office network' option and then press Next
Select Finish to close this Wizard and then open the Network Setup wizard
Select Next

Select Next
Select the required connection method (view the examples if you are unsure).

If you want your computer to connect directly to the Internet, you mucst already have this
set up (e.g. a modem, ISDN, ADSL or Cable connection). If not you will asked to set up the
connection first before being allowed to continue with this wizard.

If you choose to connect to the Internet via another computer or a gateway, the wizard will
search for it later.

Select other if you do not have an available Internet connection or if your PC connects to a
hub which in turn connects to an Internet gateway or modem

Then select Next


Enter a Computer name and description (optional). Then select Next
Enter a name for the Workgroup, or accept the default name of 'MSHOME'. Then
select Next

Select Next and Windows will wizz off and set everything up for you!

Once completed, run the wizard on any remaining Windows XP based PCs on the network.
With any luck you will have a LAN up and running within 5 - 10 minutes and all of your PCs
will be able to connect to the internet!

Now just follow the next few pages of this site to configure your LAN so that you can share
files, printers.

Special note if some of the PCs on your LAN are running operating systems other
than Windows 2000, NT4 and XP.

In order for people on the other operating systems to view files on your computer you will
need to enable the 'guest' account on your computer. This is disabled by default for
security reasons. To enable it go to:
Start | Settings | Control Panel | Administrative Tools | Computer Management |
Local Users and Groups | Users

Double click on Guest and then un-tick the 'Account is Disabled' checkbox.

----------------------------------------------------------------------------------------------------------

2. Installing a VOIP
What is VoIP?

 VoIP is short for Voice Over Internet Protocol. This means that analog signals, like the kind you
hear when you talk on the phone, are turned into digital data that can be transmitted over the
Internet giving you the ability to use your phone right over your internet connection.

ATA-analog telephone adapter

Setting up the Hardware: Schematic if you have a router.

Internet
WWW

High-Speed
Cable/DSL
Modem

Router/Hub Analog Telephone


Adapter
Back View
LAN and Power
Connections

Computer Computer Font View Telephone


1 2 Connections

Telephone
1 / Telephone 2
(Second Phone
Optional)

ATA - Phone Adapter

1. Disconnect the power from all devices on your network. This includes your cable/DSL modem,
router, and computer(s).
2. Disconnect any USB cables from the cable/DSL modem if present.
3. Connect the provided network cable from the cable/DSL modem's Ethernet port to the
Internet/WAN port on the router.
4. Connect an Ethernet cable from the LAN/Ethernet port on the router to the Ethernet port on the
Phone Adapter.
5. Connect a telephone to the PHONE1 port of the Phone Adapter using a standard phone line (If you
ordered a second/fax line, connect the second phone line to Phone2.)
6. Connect the appropriate power cable to the Cable/DSL modem.
7. Wait about two minutes for the Cable/DSL modem to boot up before continuing
8. Connect the appropriate power cable to the router.
9. Wait about two minutes for the router to boot up before continuing.
10. Connect the power cable provided with the Phone Adapter to the POWER port on the Phone
Adapter.
11. Wait at least five minutes for the Phone Adapter to boot up. The Phone Adapter's blue status light
will blink in sequence until it has fully connected to the

There may be updates that need to be downloaded such as new firmware or changes to your features. Do
not interrupt the configuration process by unplugging the power or lifting the receiver on your
phone during the startup process. Interruption of the startup may result in interruption of
service.
Once the Phone Adapter's blue status light is solid, the Phone Adapter is ready to use.
Pick up your telephone receiver and listen for a dial tone. If you hear a dial tone, you have finished the
installation and can begin making calls.
Connect an Ethernet cable from the LAN/Ethernet ports on the router to each of your computers.
Power up each computer. Your Internet connection should work as it did before you installed the Phone
Adapter

Setting up the Software: Download any VoIP Solution software and get it configured. Software will
automatically configure the Router for data in/Out.

This is needed for renewing the account.

--------------------------------------------------------------------

3. Create a VPN
Preparing the infrastructure
The first thing you need to consider is the hardware requirements for your VPN server. Remember that
Windows 2000 by itself requires substantial hardware resources. In an enterprise environment, you will
want your VPN server to be a dedicated server with nothing but Windows 2000 Server or Windows 2000
Advanced Server running on the machine. For this configuration, I would recommend at least a 450-MHz
Pentium III with at least 256 megabytes of RAM. For a small business or branch office with fewer than
100 users and fewer than 20 remote access connections, you can use a 300 MHz (or better) Pentium II or
Celeron machine with at least 128 megabytes of RAM.

Your server will need to have two network cards. One card will connect to the Internet and the other will
connect to the local area network. As you’ve probably realized, this means your VPN server is actually
functioning as more of a VPN router than as a server. It authenticates the users, creates the secure
tunnel, and then, like any router, allows users to access resources on the subnet to which they are
connecting or to another subnet, based on routing tables. Keep in mind that this can include non-
Windows resources such as NetWare and UNIX servers.
The final major consideration is your Internet connection. Using a VPN server can mean that you’ll be
able to get rid of many of your phone lines that are currently dedicated to RAS. However, in one sense,
this is robbing Peter to pay Paul because you’ll probably need to consider increasing the Internet
bandwidth at your corporate office. This will depend on how much bandwidth you have to begin with, what
your current utilization is, and the numbers of users and remote offices that will be connecting to your
VPN server. Also, VPN works best if you have an always-on Internet connection at your corporate
network. If you have a dial-up Internet connection, the only VPN solution I would recommend would be a
server-to-server connection between your corporate office and a remote office.

Configuring the VPN server


VPNs and tunnels are powerful, convenient and secure ways to access resources remotely. You can
implement a secure tunnel/VPN between your company and remote users by enabling the RAS VPN
services in Windows 2000 Server. Windows 2000 Server can support both L2TP and PPTP based clients
and is very easy to set up.

The procedure
To enable RAS VPN services on Windows 2000 Server, go to Start | Programs | Administrative Tools |
Routing and Remote Access and right-click the name of your server and choose Configure And Enable
Routing And Remote Access from the shortcut menu. This will start a wizard to help you set up a VPN
server as shown in Figure A.

Figure A

Configure Routing and Remote Access.


On the Welcome screen for the wizard, shown in Figure B, click Next to continue.

Figure B

Welcome screen for the Routing and Remote Access Server setup wizard

The wizard provides you with six different configuration options for RAS (Remote Access Services) on
Windows 2000. For the purposes of this article, choose to set up a VPN server as shown in Figure C.
Figure C

Choose the VPN option.

The next screen, shown in Figure D, provides a list of protocols active on the VPN server. Since
Windows 2000 uses TCP/IP by default, that is all I have installed. If you run IPX/SPX, you’ll see this
option listed as well. Click Next to move on.

Figure D

Remote client protocols configuration


The next screen asks you to choose the adapter that you want to use to provide VPN services. You will
need two network adapters; the VPN services wizard will install strong security controls on the VPN
adapter to help protect it from attack, since it will have to be exposed to the outside world. For my
example here, I will install the VPN services using my AMD PCNET adapter, as you can see in Figure E.

Figure E

Choosing the adapter

The next screen, Figure F, asks you how you want to handle addressing of the remote clients. Since
these incoming clients will be coming in through a VPN tunnel, they will be viewed as an extension of
your network and, as such, will require local IP addressing. You can specify a range of addresses or allow
your DHCP server to automatically assign the addresses.

Figure F
IP address assignment

If you specify a range of addresses, the screen in Figure G will ask you for that information. To add a
range of addresses, click New and type in the range that you wish to use. Keep in mind that these
addresses should be from the same local pool of addresses as your internal network, even if your
network is based on RFC 1918 private addresses. These packets will be encapsulated inside IP packets
going over the Internet and broken down once they reach your VPN server, so routing issues do not
come into play for the RFC 1918 addresses.
Figure G

Assigning a range of addresses

Windows 2000 also has the ability to provide RADIUS (Remote Authentication Dial-In User Service)
services. RADIUS is a service that allows you to centrally administer user accounts for remote access. On
the screen shown in Figure H, you can enable RADIUS.

Figure H
Use RADIUS?

Finally, you are finished and the wizard installs your settings. You will get a message indicating that you
must enable the relay of DHCP messages across the VPN server, which is also acting as a router to your
network. Client DHCP requests are not able to traverse the VPN server to your internal DHCP server if
you do not do this. If you specified a range of addresses, DHCP relay won’t be a problem. Just dismiss
the message.

In order for users to be able to make use of this service, they must be explicitly allowed to do so by using
Active Directory Users And Computers. All you have to do is make a change on the Dial-In properties
page as in Figure I.
Figure I

Allowing a user access from outside

Establishing a client session


At this point, you have a fully functional remote access tunnel/VPN server. In order to use it, you need
PPTP or L2TP client software. All recent versions of Windows include a PPTP client, and Windows 2000
and XP both include full L2TP/IPSec-based clients for additional security. For this example, I will be
initiating a PPTP connection to my VPN server using Windows XP as the client.

To begin with, start the New Network Connection Wizard in Windows XP and choose Connect To The
Network At My Workplace, as shown in Figure J, which is Windows XP’s way to set up a VPN.

Figure J
Network connection type

You’ll then see the Network Connection screen shown in Figure K. This screen asks whether this will be
a dial-up or a VPN connection.
Figure K

A VPN or a dial up connection

The next screen is the Connection Name screen, seen in Figure L. As you can probably guess, all you
have to do is give a name for the connection.

Figure L

Name the connection.


Next, you need to specify the IP address for the public VPN interface that you set up on your Windows
2000 Server. As shown in Figure M, enter the address in the Host Name field. My public address is
192.168.1.150 since I am doing this example behind a firewall.

Figure M

VPN server address

When you are done, the connection dialog box, seen in Figure N, will come up and ask for authentication
information. I will use the credentials for the user for whom I granted the ability to dial into the VPN server.
Figure N

Connection dialog

Once the credentials are verified, you are assigned an IP address from the range specified earlier and will
be able to access resources on the host network. From there, your users are set and ready to go!

Now!
Once you’ve dealt with the hardware issues, you need to install Windows 2000 Server and the latest
Service Pack on your machine. Make sure you don’t install other unnecessary services, such as DNS,
DHCP, and IIS. Also avoid loading any additional third-party software, except for things that are
absolutely necessary such as backup agents.

During installation, you should choose to statically assign IP addresses. You’ll need to set up one network
card with a true Internet IP address and the default gateway of your Internet router. The other network
card should have an IP address assigned to the local network, and it should not contain a default
gateway.

You’ll also need to set the domain/workgroup for your VPN server. This setting will depend on how you
decide to do authentication. There are three basic options: The VPN server can authenticate users
locally, you can use Windows 2000 domain security, or you can pass authentication to a RADIUS server.
If you have the VPN server authenticate users locally, you’ll want to set up a workgroup just for the VPN
server—something like “Internet.” If you want to use Active Directory and have a Windows 2000 domain
controller handle authentication, have the VPN server join a Windows 2000 domain. If you’re going to
have a cluster of VPN servers, you may want to use a RADIUS server (such as Microsoft’s Internet
Authentication Service) to perform VPN authentication. In this example, we’ll have the VPN server
authenticate users locally.

Once you have Windows 2000 Server installed, go to Start | Programs | Administrative Tools | Routing
And Remote Access to pull up the RRAS Microsoft Management Console, shown in Figure A. Then, click
on the icon with the name of your server and click Action | Configure And Enable Routing And Remote
Access. This will launch a wizard that sets up a new server. Select Manually Configured Server, which will
take you into RRAS to begin your configuration. You may be tempted to select the VPN option in the
wizard, but please control yourself. The VPN wizard is still a little quirky, and it’s much better to configure
the few basic VPN settings in RRAS manually so you'll know how to troubleshoot and tweak them in the
future.

Figure A
RRAS Microsoft Management Console

Start the configuration by right clicking on the icon with the name of your VPN server and selecting
Properties. This will bring up the main options you’ll use to activate your VPN server. In the General tab,
shown in Figure B, make sure that you have checked the Router and Remote Access Server selections
and that the LAN And Demand-Dial Routing option is selected under Router. Switch to the Security tab
and select Windows Authentication if the VPN server is doing its own authentication or if you’re using a
Windows domain for authentication. If you’re using a RADIUS server, choose RADIUS Authentication. As
for PPP and Event Logging, you can leave the default settings or tweak them to your preferences.
Figure B

General tab in the Properties dialog box

The settings in the IP tab, shown in Figure C, are very important. You’ll want to check Enable IP Routing
and Allow IP-based Remote Access And Demand-Dial Connections, and then configure IP Address
Assignment for DHCP or assign a static address pool (in the subnet you want clients to connect on). Set
the Adapter option to the adapter that connects to your LAN. The settings in the IP tab are crucial
because they regulate the IP and network information that incoming VPN clients will receive. In most
cases, I would recommend using DHCP to assign IP information to your VPN clients. This is especially
effective when using the same DHCP server that clients on your LAN use to receive their IP information.
VPN users can also receive static IPs, as you will see when we get to client configuration.
Figure C

Settings in the IP tab

After completing the VPN server properties, there are only a few more settings to configure. If you did opt
to use DHCP, you’ll need to right click on DHCP Relay Agent (a container under IP Routing), select
Properties, and add the IP address of the DHCP server(s) for your local area network. After that, right
click on Ports and select Properties, and you should see the default configuration of 10 PPTP ports, 10
L2TP ports, and 1 Parallel port, as shown in Figure D.
Figure D

The Ports Properties dialog box

You can leave the default Parallel port alone, but you can double-click on the PPTP and L2TP ports and
configure the number of ports you need for these protocols. You want to make sure that there are enough
ports for all of your users and remote servers, but you don’t want to enable more ports than you need.
Keep in mind that Windows 2000 Professional is currently the only client that supports L2TP, so most
clients will connect using PPTP. While L2TP is destined to become the new standard in VPN, this article
will focus on making connections using the simpler and more universal PPTP protocol.

Configuring remote clients


You have now completed all of the basic steps for preparing a VPN server on your corporate network.
Now, let’s take a look at how to connect a remote client. In this example, I’ll focus on the best VPN client,
Windows 2000 Professional. You can also make good VPN connections with Windows NT 4.0 and
Windows 98, but they aren’t nearly as fast or as functional as Win2K Pro. However, before any client can
connect to your VPN server, you need to provide their user account with remote access permission.

If your VPN server is authenticating users locally, set up user remote access permissions by going to
Start | Programs | Administrative Tools | Computer Management | Local Users And Groups | Users and
double-clicking a user (or creating a username) that you want to enable for remote access. Next, select
the Dial-In tab, shown in Figure E, and select the Allow Access option. As you get more advanced with
VPN, you can select Control Access Through Remote Access Policy and use Remote Access Policies for
greater control and security. The Dial-In tab also lets you set up users to receive a static IP address,
rather than receiving their IP information from DHCP when they connect.

Figure E

Options in the Dial-In tab

On a Windows 2000 Professional machine with an Internet connection, connecting to a corporate VPN
server is simple. First, click Start | Settings | Network And Dial-up Connections | Make New Connection.
Click Next to begin the wizard, and then select Connect To A Private Network Through The Internet. At
the next prompt, you’ll need to specify how to connect to the Internet. If you have an “always-on”
connection, such as a DSL or cable modem, choose Do Not Dial The Initial Connection. If you have a
dial-up connection, choose Automatically Dial This Connection and select your Internet dial-up connection
from the list. Now, you’ll need to select your Destination Address, which will be the fully qualified domain
name or IP address of your VPN server. Choose whether the connection will be accessible For All Users
or Only For Myself. Then, name the connection (I suggest something like Office VPN) and click Finish.
Now, when you open Network And Dial-up Connections, you’ll notice the Office VPN icon, as shown
in Figure F.

Figure F

The Network And Dial-up Connections window

Right click on the Office VPN icon and click Properties. This will bring up your client VPN options, which
you’ll use to troubleshoot and adjust settings in the future. Now you can double-click the Office VPN icon
to display a login screen, shown in Figure G. Enter a username and password for a user who has remote
access permission and click Connect. If you have an always-on Internet connection, this should bring up
a dialog box to follow along with the authentication steps. If you have a dial-up connection, you should
see the dial-up connection triggered first (you may have to hit Connect for that one and then hit Connect
again for the VPN connection), and then you will see the dialog box showing the VPN authentication
process.
Figure 7

The Office VPN login screen

You might also like