Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server thereby creating a virtual private network (VPN) by using TCP/IP-based data networks. PPTP supports multiple network protocols (IP, IPX, and NetBEUI) and can be used for VPN over public and private networks. You can use PPTP to provide secure, on-demand, virtual networks by using dial-up lines, local area networks (LANs), wide are networks (WANs), or the Internet and other public, TCP/IP-based networks.

This section covers the following: -

1. Setting up a VPN server
2. Setting up a VPN client
3. Setting Up A Windows NT VPN Client
4. Common error messages

---

If you are going to run a VPN server, we recommend that you use service pack 5. Service packs 3 and 6 cause the "blue screen of death" (BSOD) when VPN connections are established with NetBEUI.

1. Install PPTP on your NT system. Click on Start -> Control Panel -> Network -> Protocols -> Add. Highlight 'Point To Point Tunneling Protocol' and click OK.

2. A 'PPTP Configuration' box will pop up. In the 'Number of Virtual Private Networks' box enter in how many VPN connections you want, then click OK.

3. A 'Setup Message' box will pop up stating that "Remote Access Service (RAS) will now be installed. Please configure the PPTP ports in RAS setup to enable you to use RAS over PPTP. Install remote access service (RAS)." Click OK.
4. An 'Add RAS Device' box will pop up. You will have to add each VPN connection and configure each VPN adapter.

5. Under 'Remote Access Setup',
   1. Click on 'Configure'. For 'Port Usage' select "Receive calls only" and click OK.

2. Click on 'Network'.
   1. Under 'Server Settings',
      • check the boxes next to "NetBEUI" and "TCP/IP",
      • select "Require Microsoft encrypted authentication",
      • check the box next to "Require data encryption", and
      • click OK.

2. A 'RAS Server NetBEUI Configuration' box will pop up. Select either "Entire network" or "This computer only" and click OK.
3. A 'RAS Server TCP/IP Configuration' box will pop up. Here is where you will specify an address pool This address pool will determine what IP addresses the NT system will give to each successful VPN connection.
   • Under 'Allow remote TCP/IP clients to access" select "Entire network".
   • Under ' Choose Cancel if you do not want to allow remote TCP/IP clients to dial in' select "Use static address pool" and enter in the IP address range.
   • Click OK -> Continue to save your RAS configurations.

6. A 'Setup Message' box will pop up stating "Remote Access Service has been successfully installed. Use Remote Access Admin or User Manager in the Administrative Tools Folder to assign Remote Access permissions to users." Click OK to save your configuration and reboot your system.
7. Once your system is back up click on Start -> Programs -> Administrative Tools -> User Manager for Domains to create your RAS users and assign permissions to each one.

8. Click on User -> Properties. To configure a user for VPN, whether it be a new user or an existing user, click on the 'Dialin' button.

In the 'Dialin Information' box,

1. check the box next to "Grant dialin permission to user", and
2. select "No Call Back".

9. Click OK -> OK to save your user configurations. You now have a VPN server.

---

Setting Up A Windows 95/98 VPN Client

1. Click on Start -> Settings -> Control Panel -> Network -> Configuration -> Add -> Adapter -> Add.
   1. Under 'Manufacturers' highlight 'Microsoft'.
   2. Under 'Network Adapters' highlight 'Microsoft Virtual Private Networking Adapter'.
   3. Click OK to save your settings and reboot your system.

2. Once your system is back up create a dial-up VPN connection. To do this click on My Computer -> Dial-Up Networking -> Make New Connection. Under 'Select a device' select "Microsoft VPN Adapter", then click on Next.

3. Under 'Host name or IP Address' enter in the IP address or domain name of the VPN server you are connecting to. Click on Next.

4. Click on Finish and you are done. The next time you connect to the internet, just double-click on your new dial-up account and connect to you VPN server.

5. Once you have established a VPN connection, click on Start -> Find -> Computer. Type in the name of the computer you are connected to.

NOTE If you can not find the VPN server by computer name, on the VPN server "Enable DNS for Windows Resolution" under the WINS Address tab for its TCP/IP Protocol. From the VPN server, click on Start -> Settings -> Control Panel -> Network -> Protocols. Highlight 'TCP/IP Protocol' and click on 'Properties'. Click on the 'WINS Address' tab and check the box next to "Enable DNS for Windows Resolution".

---

1. You will need to install PPTP and RAS for your NT to be a VPN client. You can refer to steps 1 through 4 under "Setting Up A VPN Server".
2. Once PPTP and RAS have been successfully installed, click on Start -> Settings -> Control Panel -> Network -> Services -> Remote Access Service -> Properties.

3. You will have to add at least one VPN RAS device to establish a VPN connection. Click on 'Configure' and select either "Dial out only" or "Dial out and Receive calls".

4. Click OK and save your VPN configuration.
5. You will now have to add a dial-up networking account using the RAS VPN device. Click on My Computer -> Dial-Up Networking -> Select your DUN account -> More -> Edit entry and modem properties.
   1. Under the 'Basic' tab, for "Phone number" enter the IP address or domain name of the VPN server.

2. Under the 'Server' tab select "PPP: Windows NT" and check the boxes next to the desired network protocols.

6. Click OK to save your Phonebook settings. You are now ready to connect to your VPN server.
7. When you have successfully connected to your VPN server, you should get a confirmation similar to the one below:

8. If you want to gain access to shared folders on that computer, click on Start -> Find -> Computer and type in the name of the computer you are connected to.

NOTE If you can not find the VPN server by computer name, on the VPN server "Enable DNS for Windows Resolution" under the WINS Address tab for its TCP/IP Protocol. From the VPN server, click on Start -> Settings -> Control Panel -> Network -> Protocols. Highlight 'TCP/IP Protocol' and click on 'Properties'. Click on the 'WINS Address' tab and check the box next to "Enable DNS for Windows Resolution".

---

You probably do not have any permission to connect remotely to the VPN server. Check your VPN server's User Managers for Domains. Refer to step 8 under "Setting Up A VPN Server".

You have entered an invalid username and/or password. Check with your Administrator.

You probably have the incorrect protocols selected or have not selected the protocol to connect with. Make sure the protocols you have selected for the client and server are consistent with each other.

Make sure you have the correct IP address or domain name of the VPN server you are connecting to.