Last month, we completed our discussion on how to setup and configure a VPN client to connect to the VPN host we configured the month before. We also outlined some common troubleshooting techniques to help you resolve some of the connection issues you might run into. This month we conclude our discussion by how to access your network resources via the VPN.
First off, we need to make sure that both the host and the client computers use the same Workgroup name. Verify this by going to Control Panel and clicking on System. Look under the section Computer name, domain, and workgroup settings. In Vista, the default Workgroup name is WORKGROUP, but you can change this to practically anything. For Vista PCs, this step isn’t absolutely necessary, but it will increase performance, and it’s a must if your client PC uses Windows XP.
Next, Vista makes use of two different connection types, Public or Private. Private, as you might suspect, is the setting you want for your home or work network, as it will allow your system to see, and be seen, by other devices on the network. This is the setting to use with the VPN connection.
You should use the Public setting only in unsecured locations (like airport or coffee shop hotspots) to help protect your system from unauthorized or malicious access. This is managed by Vista’s Network Discovery function. If your network is set to Private, then by default Network discovery is on. You can verify these settings by clicking Start > Control Panel > Network and Internet > Network and Sharing Center and clicking on the down arrow next to the word Network Discovery.
With that now out of the way, we can get started. There are three primary functions available to you when using the VPN: file and folder sharing, remote printing and Remote Desktop.
File and Folder Sharing
VPNs are most commonly used for file and folder sharing. This is where people on a network can access and files and folders stored on a networked computer no matter where that computer is physically located. Setting up this functionality isn’t all that complicated, but there are a few specific steps you need to perform.
- Log into your Host PC using an account with administrative privileges and click Start > Control Panel > Network and Internet > Network and Sharing Center.
- Go to the Sharing and Discovery section and click on the down arrow next to the word File sharing
- Select Turn on file sharing and press Apply.
You now have the capability to Share files and folders. However at this point, you haven’t configured any shared folders. So let’s do that now.
- Create a folder on your desktop to share. For our example we’ll call ours VPN_Projects and populate it with some data (documents, pictures, presentations, etc.)
- When finished, right-click on VPN_Projects and select Share.
- This will bring up a dialog box asking you to Choose people to share with. Your user account will be listed by default. If you use another account for your VPN access, enter it here. During the last column we used VPNUSER. When finished, press Share.
- This process might take a few minutes. Once it’s finished, your folder will be shared. Click Doneto complete.
- Now right-click on the VPN_Projects folder and select the Sharing tab.
- Press the Advanced Sharing button. *Windows might ask for your permission to continue. If it does just press Continue.
- One the next screen, check the Share this folder option. You also have the option of setting the number of simultaneous users who could access this folder. If you’re going to be the only one you can set it for 1. We’ll leave it at the default of 10.
- Now press Permissions. By default Everyone has Read access to the folder. My advice would be to remove Everyone and only add the specific user accounts which will need access. This would be the account you use to connect to the VPN (again, in last month’s column that was vpnuser).
- Type the username and then press Check Name to verify it. Once verified press OK. Under the Permissions for VPNUSER check Allow for Full Control. Press OK. Press OK again and then Close.
Now if you go to the Network and Sharing Center, at the bottom of the dialog box click where it says, Show me all the shared network folders on this computer. Doing so opens a window showing you all of your shares. The VPN_Projects folder should now be visible.
*Note that if you’re using a third-party software firewall (e.g., something other than Vista’s built-in Windows Firewall) you might run into some configuration issues. If you do, try TEMPORARILY disabling it until you can isolate the problem.
On the client PC, you need to map a drive to the shared folder. Unfortunately, the odds are you won’t be able to browse for the host PC since the VPN won’t pass NetBIOS traffic. For this reason you’ll need to know the IP address of the Host PC and the shared folder name.
Remember, the IP address is not the global IP address you used to connect the VPN client to the Host PC, but the local LAN address of the PC. If you don’t remember the address, you can find it by opening a DOS window on the host PC and typing IPCONFIG. Ours is 192.168.0.101.
Once you’ve got the IP address of the computer you want to connect to, just follow these steps:
- Open Windows Explorer (Start>All Programs>Accessories>Windows Explorer)
- On the menu at the top, click Tools (If the menu bar is not visible click Organize>Layout>Menu Bar)
- Select Map Network Drive
- Assign it a drive letter. It could be any available drive letter, but for our example we’ll use Z:.
- On the folder line enter the IP address and share name; example, 192.168.0.101VPN_PROJECTS and click Finish. Note – If you’re going to use this share on a regular basis, be sure to select the Reconnect at Logon option.
That’s it, now drive Z: is connected to the VPN_Projects folder, and you’ll have full access to all the files and folders contained in it.
If you don’t want to memorize the IP addresses of your network devices, you can create an LMHOSTS file and place it on your client PC. An LMHOSTS file is a static table that resolves a host name to an IP address and assists with remote NetBIOS name resolution.
To create an LMHOSTS file you must open Notepad and enter the IP address and name of all of your network devices (PCs, printers, etc.) and the extension #PRE. Following any entry in the file with the characters #PRE will cause the entry to be preloaded into the name cache for faster resolution.
An example of the contents of an LMHOSTS file would be:
- 192.168.0.101 VPN-HOST #PRE
- 192.168.0.199 HP3550 #PRE
In this example, the first entry is our VPN-Host PC and the other is our network printer. After you make the appropriate changes to the file, save it as: LMHOSTS. DO NOT use any file extension. This is important because sometimes Notepad places a .TXT extension to the end of a document you’ve created, which in this case would prevent the file from functioning properly.
Copy the LMHOSTS file to the C:Windowssystem32driversetc folder on the VPN client computer and reboot the system. The client can then use the syntax ComputerNameShareName to access shared folders on the remote network (ex. VPN-HOSTVPN_Projects).
Remote Printing
Setting up the capability to access a printer attached to the Host PC (or even to a regular network printer) is very similar to setting up a shared folder. Let’s begin.
- Log into your Host PC using an account with administrative privileges and click Start > Control Panel > Network and Internet > Network and Sharing Center.
- Go to the Sharing and Discovery section and click on the down arrow next to the word Printer sharing
- Select Turn on printer sharing and press Apply.
Now you can access a remote printer. All you need to do now is configure it on the client PC. First, make sure you have either the Port name or the IP address of your printer. Like the PC, it’s always best to use static IP addresses for network devices whenever possible. Otherwise you run the risk of the device not working one day because its address changed unexpectedly.
- Go to Start > Control Panel > Printers
- At the top of the window press the Add a printerbutton.
- At the Add Printer dialog box select Add a network, wireless or Bluetooth printer and press Next.
- You should see a message that reads, No printers were found. Select the option The printer that I want isn’t listed.
- On the next screen click, Add a printer using a TCP/IP address or hostname, and press Next.
- Enter the printer’s IP address on the line labeled Hostname or IP address and make sure the option Query the printer and automatically select the driver to use is checked. Press Next when finished.
At this point the PC client will automatically go out to the network to retrieve the printer driver and configure it for use with your system. It might ask you to name it, ask if it should be the default printer and print a test page. Once completed, click Finished, and your printer is now setup and ready to go!
Remote Desktop
A VPN connection also makes certain Vista features, such as Remote Desktop, much easier to use. With Remote Desktop you can use, for example, your home computer to access your office PC as if you were sitting right in front of it – with access to all of your programs, files, and other network resources (like external hard drives and printers) without having to configure any specific folders or user permissions.
Typically setting up Remote desktop to function over the Internet can be EXTREMELY problematic. Yet, you can have it can be up and running over the VPN in just a few clicks. The only caveat to Remote Desktop is that the machine you want to access remotely (a.k.a. the host) has to be running Vista Business, Enterprise or Ultimate Edition. The PC used to access the host system (a.k.a. the client) can be running Windows XP or any version of Vista.
You’ll find detailed setup and configuration guidance for Remote Desktop in this August 2008 article entitled, From a Distance: Your Vista System Made Accessible.
This concludes our discussion on setting up a Virtual Private Network. Remember that these three columns only represent a small number of the benefits and cost savings you can realize from implementing VPN technology. For more extensive and robust solutions, you should seek the help and guidance of a qualified IT professional. Until next month, good luck!
Ronald Pacchiano is a contributing writer for SmallBusinessComputing.com, where this article first appeared.