Virtual Private Networking using PPTP (Point to Point Tunneling Protocol) over the internet. Extending the office LAN to home or any remote location with encryption.

For security purposes TCP/IP will be used for the clear connection to the internet, but not used for the actual tunneled protocol. NetBEUI protocol will be used for the tunnel protocol which relies on computer Names. So, TCP/IP will not be bound to any Network Client or Service (File & Printer sharing), in the clear (un-encrypted).

If using Windows XP, the NetBEUI files must be manually copied from the Windows XP CD-ROM before NetBEUI will show up in the list of installable network protocols.

NetBIOS is the basic protocol for a LAN, using just computer names, which are not routable. NetBEUI (NetBios Enhanced User Interface) providing extensions to NetBIOS. NetBIOS cannot be addressed or accessed using TCP/IP, an inherent security. It is only by using a server running PPTP encapsulating NetBEUI that makes NetBIOS networking possible. A hacker using all of the tools available for TCP/IP (NetCat, etc.) canot reach NetBEUI resources. It is like trying to get a rotary dial phone to do tone (DTMF) signaling, with all of the advanced dialing capabilities.

Another benefit of extending NetBIOS through the PPTP is the ability to setup pcAnywhere using NetBIOS, eliminating another TCP/IP set of ports.

In this example, the client PC is DROITEC running W95. The server PC is CAPEMAY running W2K server. Note: While testing the NetBEUI tunnel, do not be also locally connected to the client PC ergo Error 720.

W95 Client

In this scenario, the client will be accessing the server using DUN (Dial Up Networking V1.3 with PPTP). In actual practice, DUN is too slow, Network Neighborhood does not work, a DSL or Cable connection should be used. There are a lot of items in the networking control settings.

The login prompt information used in W95 is passed on to W2K after the tunnel is connected and may not necessarily be the same as the username/password used to connect to the tunnel, and probably not the same as the connection to the ISP.

DUN to the internet is the same as before, so I will not delve into for any extent. The only pertinent point would be that only the TCP/IP protocol is bound to the Dial Up Adapter, the TCP/IP protocol for the Dial Up Adapter is not bound to any client or service.

Dial Up Adapter #2 (VPN Support) needs to be bound to the NetBEUI protocol. The Advanced tab uses the defaults, Enable PTP IP - Yes, IP packet size - Automatic, Record a log file - optional, IPX header is not used - set as Yes.

Leave the MS Virtual Private Networking Adapter with the defaults, with binding to the NDISWAN protocol.

NE2000 Compatible Ethernet board (LAN) is bound to the NetBEUI protocol, solely, with File and Printer sharing and MS Client. On the advanced tab, check & set this protocol as the default.

There are no settings for the NDISWAN protocol.

The NetBEUI protocol for the Dial Up Adapter #2 (VPN Support) needs to be bound to the NetBEUI protocol.

The NetBEUI protocol for the NE2000 Compatible Ethernet board is bound with File and Printer sharing and MS Client. On the advanced tab, check set this protocol as the default.

DUN is set up standard for an internet connection.

Creat a VPN using the Make New Connection wizard.

As shown above encryption is enabled. On the server side MS-CHAP2 is the required encryption.

W2K server

Enable Routing and Remote Access by adding the server. There are no other settings within the Routing and Remote Access MMC. Routing is performed by Incoming Connection in Network and Dial Up Connections.

Note that NetBEUI callers have access.

Routing and Remote Access status for fankc.