locked
Hi guys need some expert advice... RRS feed

  • Question

  • ive just started volunteering for a small charity and they would like to be able to access their office work from home, i instantly thought a VPN

    they dont currently have a server altho one is in the works, but they cant tell me when this will be, the setup consists of about 5 laptops, again desktops are on the way but not yet, would i be right in thinking i set up one office laptop as a VPN server with the static IP and such, then simply configure the required laptops to access this server, as its a very small setup i didnt think it would be necessary to purchase a VPN device

    ive tried this out at home but would it be suitable for this scenario? any tips or advice would be greatly appreciated

    os is xp

    Sunday, April 22, 2012 11:44 AM

Answers

  • Hi

    In relation to your issue I would advise the following as a temporary solution. The key here is to make sure that what you do now will be useful when you eventually get a server in place.

    * Ensure your charity have a static IP address (this can be easily arranged via the ISP (Broadband Provider) they may also charge a small one of admin fee)

    * Purchase a VPN appliance, If you want simplicity I personally recommend the Safe@Office 500 series units (This will be a good investment as it will be useful even when you have a server in place)

    * Set your modem to bridge mode and connect to the WAN of the VPN appliance (Refer to ISP/Modem/VPN documentation for settings)

    * Ensure that your modem only connects to the WAN port of the VPN unit and the switch connects to the LAN port of the VPN Unit

    NOTE: WiFi on your modem will be rendered useless while in bridge mode, if WiFi is a requirement, ensure you either (A) Purchase a VPN unit with WiFi or (B) purchase/obtain a wireless access point to plug into your switch

    * At this point if all is configured properly, your PC's should now be able to access the net via the VPN unit

    * Note the hostnames of all PC's/Laptops in the charity (e.g Reception Computer = RECEPTION-DESKTOP etc..)

    * Ensure that ALL PC's are XP Pro or Windows 7 Pro or Vista Business (i.e. Make sure its not home versions being used)

    * Next ensure that the power management settings are correct, remember PC's have power saving mechanisms and will go into standby etc. You want to prevent it from doing that if it is to be accessed remotely. So ensure an Always On policy is set

    * Another thing to check is in Device Manager, select Network adapters and go to properties, navigate to power management tab and ensure that the "Allow the computer to turn off this device to save power" is unchecked as this will put the NIC/WNIC into standby mode which again is a problem.

    * Ensure that the computer allows incoming remote desktop connections (Usually in System Properties - Remote tab) Right Click On My Computer and hit properties.

    * Now that the PC's are configured for remote access, the next step is to connect to the VPN externally to test

    * First you must set up the VPN users on the VPN unit, while doing this ensure they have VPN permissions

    * Next go to a colleagues home and install the Checkpoint SecuRemote client on their PC, input the static IP of the charity and their username/password.

    * The VPN should connect via a self created WAN Miniport and issue an internal IP address for the charity (e.g. 10.0.0.20) -- Its a good idea to ensure your charity is not using 192.168.x.x IP ranges as most often a home setup will use this range by default and it can leed to complication later on. I always recommend a 10.x.x.x IP range and a different subnet to 255.255.255.x

    * You can also set up a DNS entry if you wish with your web hosting where you have the domain name www.genericcharity.com you could have vpn.genericcharity.com which will point to the static IP

    * Next once the VPN is connected and signed in, launch Remote Desktop client from Start > Accessories > Remote Desktop Connection

    * Input the remot computer hostname or IP and connect

    * You can save the RDP session as a link on the desktop for easy use

    If you can manage that much, you are off to a good start!

    ------------------------------------------

    When considering a server, I would recommend you go for a pro version of Windows Server which will allow Hyper-V. The nice thing about hyper-v is once it is set up on the server, you can issue your colleagues with Virtual machines which can be connected to the domain so if someone wants to work from home, they can log into the virtual machine using Active Directory and have their profile access with documents etc. I can write another novel on that if you wish :)

    Hope it all works out and feel free to ask more questions.

    Martin


    If you find my information useful, please rate it. :-)

    Sunday, April 29, 2012 1:36 AM
    Moderator

All replies

  • OK first off the host need to be XP pro.

    Second you can get a hardware or a software based VPN server.

    For what you are trying to to, I would just set the RDP host to listen on a specific ports and open those ports on your firewall appropriately.


    Regards, Bill

    Wednesday, April 25, 2012 2:05 AM
  • Hi

    In relation to your issue I would advise the following as a temporary solution. The key here is to make sure that what you do now will be useful when you eventually get a server in place.

    * Ensure your charity have a static IP address (this can be easily arranged via the ISP (Broadband Provider) they may also charge a small one of admin fee)

    * Purchase a VPN appliance, If you want simplicity I personally recommend the Safe@Office 500 series units (This will be a good investment as it will be useful even when you have a server in place)

    * Set your modem to bridge mode and connect to the WAN of the VPN appliance (Refer to ISP/Modem/VPN documentation for settings)

    * Ensure that your modem only connects to the WAN port of the VPN unit and the switch connects to the LAN port of the VPN Unit

    NOTE: WiFi on your modem will be rendered useless while in bridge mode, if WiFi is a requirement, ensure you either (A) Purchase a VPN unit with WiFi or (B) purchase/obtain a wireless access point to plug into your switch

    * At this point if all is configured properly, your PC's should now be able to access the net via the VPN unit

    * Note the hostnames of all PC's/Laptops in the charity (e.g Reception Computer = RECEPTION-DESKTOP etc..)

    * Ensure that ALL PC's are XP Pro or Windows 7 Pro or Vista Business (i.e. Make sure its not home versions being used)

    * Next ensure that the power management settings are correct, remember PC's have power saving mechanisms and will go into standby etc. You want to prevent it from doing that if it is to be accessed remotely. So ensure an Always On policy is set

    * Another thing to check is in Device Manager, select Network adapters and go to properties, navigate to power management tab and ensure that the "Allow the computer to turn off this device to save power" is unchecked as this will put the NIC/WNIC into standby mode which again is a problem.

    * Ensure that the computer allows incoming remote desktop connections (Usually in System Properties - Remote tab) Right Click On My Computer and hit properties.

    * Now that the PC's are configured for remote access, the next step is to connect to the VPN externally to test

    * First you must set up the VPN users on the VPN unit, while doing this ensure they have VPN permissions

    * Next go to a colleagues home and install the Checkpoint SecuRemote client on their PC, input the static IP of the charity and their username/password.

    * The VPN should connect via a self created WAN Miniport and issue an internal IP address for the charity (e.g. 10.0.0.20) -- Its a good idea to ensure your charity is not using 192.168.x.x IP ranges as most often a home setup will use this range by default and it can leed to complication later on. I always recommend a 10.x.x.x IP range and a different subnet to 255.255.255.x

    * You can also set up a DNS entry if you wish with your web hosting where you have the domain name www.genericcharity.com you could have vpn.genericcharity.com which will point to the static IP

    * Next once the VPN is connected and signed in, launch Remote Desktop client from Start > Accessories > Remote Desktop Connection

    * Input the remot computer hostname or IP and connect

    * You can save the RDP session as a link on the desktop for easy use

    If you can manage that much, you are off to a good start!

    ------------------------------------------

    When considering a server, I would recommend you go for a pro version of Windows Server which will allow Hyper-V. The nice thing about hyper-v is once it is set up on the server, you can issue your colleagues with Virtual machines which can be connected to the domain so if someone wants to work from home, they can log into the virtual machine using Active Directory and have their profile access with documents etc. I can write another novel on that if you wish :)

    Hope it all works out and feel free to ask more questions.

    Martin


    If you find my information useful, please rate it. :-)

    Sunday, April 29, 2012 1:36 AM
    Moderator