Jump to content
RESET Forums (homeservershow.com)
ikon

Help desired: set up VPN for Win8.1 client, WHS2011

Recommended Posts

ikon

I've been messing around with trying to set up a VPN link to my network, specifically my WHS2011. I ran into an issue where I'm getting Error 812, which is an authentication mismatch error.

 

I was looking into this error when I thought, "I wonder where I can go to get a step-by=step way to set up and configure a VPN link. If only there was some place I could go.....".

 

My answer was, "Wait a sec, why not ask the genii at the HSS Forums. So, is anyone willing to outline the steps to connect a Win8.1 client to a 2008 R2 server?

 

 

 

 

BTW, would it be better to set up a VPN to my Untangle router? Would that give me remote, secure access to my entire home LAN?

Share this post


Link to post
Share on other sites
jmwills

My ASUS router is a little unique that it opens a VPN to my LAN, yes any device.  So which part do you need help with, client or server?  Server is just a firewall rule to allow port 1723 (?) tp make the connection.

 

Client side can be a little tricky.  Windows 8.1 & 7 worked flawlessly out of the box while 10 is a little flaky at times.

Share this post


Link to post
Share on other sites
Drashna Jaelre

Well, it depends on which type of VPN you want to use. Also, I prefer using the server, as you already have created user accounts there. Otherwise, it may be easier to just to use your router.

 

Either way, you need to allow the ports, AND protocol type through for the VPN.

For PPTP, it's port 1723 and protocol 47 (IIRC).

The "protocol" option is usually enabled in consumer routers under the VPN support. However, for untangled, you may need to manually allow this protocol through the firewall (I know I did on Sophos). 

Share this post


Link to post
Share on other sites
ikon

Well, I actually got a VPN link between my Surface Pro and my Untangle box. There was some confusion about certs and config files, but the Export features inside Untangle's OpenVPN module helped out with that.

 

However, I can't see anything on my LAN. I'm pretty sure this is because my Surface is issued a 172.16.x.x address and my LAN is on 192.168.x.x. There's supposed to be some kind of "push" feature in a config file somewhere that's supposed to allow different subnets to communicate, but I haven't found it yet.

 

Gah. Configuring VPN has gotten somewhat easier than it used to be, but it's still a huge PITA. There are still too many weenies at the helm and not enough user-oriented people.

Share this post


Link to post
Share on other sites
Drashna Jaelre

Well, first problem, you're using OpenVPN....

Unless you know exactly what you're doing with it... it can be a nightmare.

Share this post


Link to post
Share on other sites
ikon

That's good to hear actually. Perhaps other VPNs are easier to set up. I had to set up several VPNs about 10 years ago. The most significant thing I recall was figuring out that I needed 4 IP addresses, on 2 different subnets: 2 IPs, on the same subnet, for the inside of the tunnel, and 2 others, on another subnet, for the LANs at each end of the VPN. IIRC, it was possible for the IPs at each end of the VPN to be on different subnets if the LANs at each end used different subnets.

 

Perhaps it's best if I just state the goal. What I would like to do is have my Surface Pro be able to remotely connect to my home LAN over a secure VPN and see my LAN as if it was attached locally. That would include being able to browse Windows Shares, PING all the devices on the LAN, etc. Like I said, as if it was directly attached to the LAN.

 

I'm not sure if the best way to do this is using Untangle, or my WHS2011, or some other way, such as Ethernet Bridging. Ideas?

Share this post


Link to post
Share on other sites
ikon

Reading some more, it appears that Ethernet Bridging is not normally recommended due to performance issues, mostly due to too much traffic going over the link. I do wonder how true that would be for a single computer linking to the LAN though, especially on a LAN that has less than a dozen devices, and some of them asleep.

Share this post


Link to post
Share on other sites
ikon

OK, some interesting news regarding the Windows 8 to Windows 8 VPN, the one where I set up my Win8 Desktop as a server and tried to connect from my Surface Pro tethered to my phone. This is the one where I could get connected but the connection would drop 15 to 20 seconds after being established.

 

I BING'd about "windows 8" "vpn" "drop" and got some hits that mentioned wireless. I thought, that could make a lot of sense: maybe the issue is that the wireless portion of the link is causing problems. After all, wireless has exhibited lots of other issues over the years.

 

Another possibility is that my phone is the culprit. I've heard of tethering issues in the past as well.

 

So, I decided to see if there is a way for me to create a hardwire link from the Internet to my LAN. At first I thought I was being an idiot. How is it possible to create a hardwire link to a cloud? I decided to have a look around anyway. When I looked at my cable modem I discovered what I think could be an answer.

 

The DOCSIS3 modem has 4 Ethernet ports. One of them is used, of course, to connect the modem to my Untangle router. Since the modem is on the Internet side of my router, I figured it constituted as being basically on the Internet. I ran a long Ethernet cable from a 2nd port on the modem to a USB Ethernet dongle I have for my Surface Pro. I then created a new VPN connection using the new network and tried to connect. It worked. The connection has been up for about 10 minutes now.

 

Thinking about it a bit further, I realised that, even if my cable modem had not had extra Ethernet ports, I could simply have used a small Ethernet switch to get the extra port I needed.

 

I did worry briefly about the security of my Surface Pro being on the outside of my Untangle router. A quick IPCONFIG allayed my fears: the IP address is in the Private Range subnet I use for my LAN — it should not be reachable from the Internet by any computer. At least, that's how I see it. Can anyone see an issue?

 

There is still at least one issue. I can PING computers on my LAN by IP address but not by name. I can see folders shares in Windows Explorer if I use the IP address, but not if I use the name. While it works by IP, it's not ideal of course.

 

Does anyone see an issue with the technique I used? The tablet is connecting to my LAN through the external NIC on my router. That means the link is going through the router, just like any Internet traffic, doesn't it?

Share this post


Link to post
Share on other sites
itGeeks

ikon,

 

I feel your pain, I have also tried to setup vpn in the past and have experienced the same trouble as you trying to get everything working. Now I use "LogMeIn Hamachi" https://secure.logmein.com/products/hamachi/

Though not free, It will cost you 29.00 a year but well worth the cost because its easy to setup and it just works. I have 10 family members on this so they can backup to me everyday and never had a problem. Sounds like your going to want to setup a Mesh Network. They have a free trial so give it a try.

Edited by MrFixit

Share this post


Link to post
Share on other sites
ikon

Thanks. I was mostly testing, to see how easy or hard it is. I may have a look at Hamachi as part of the testing.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...