Virtual Private Networks (VPN / PPTP)

The Internet has evolved in the last year to one of the main issues in networking:

Most people use it to "surf": to view WWW-webpages in HTML-format.
But the Internet has also its security problems, because any information transmitted
from your system (like: your credit-card number , you enter on making an online
purchase), is transmitted via several stages to the destination server, and somebody
could listen in to that transmission:


That problem was solved by introducing SHTTP (Secure Hyper Text ) in addition
to the standard HTTP-protocol.

Now the worldwide availability of the Internet becomes more and more interesting
for companies for internal use:

-	have the "road warriors" (salesmen, service technician,..) connect to the home office via Internet (instead of making expensive long distance, sometimes intercontinental, phone calls)
-	connect branch offices in different locations (countries, continents) via Internet (instead via expensive leased lines, like: Frame-relay)

It is very easy to setup a Windows system (95 / 98 / NT4) to share a drive via the Internet,
but again, it leaves a security problem:


unauthorized people (usually called hackers) try to break in (not everybody has such
top secret information like the US Department of Defense, which have several hundred
such attacks a day, but hackers can do some damage to any data).
For that reason, companies connecting their network to the Internet usually try to protect
their system by installing a "Firewall": a filter between the Internet and the company
network.

To allow secure connection via the Internet, several companies (including Microsoft)
agreed on a new protocol:
Point-to-Point Tunneling Protocol (PPTP).

PPTP allows to establish via an IP-network (which is usually the Internet, but can also
be a company Intranet) a secure connection by encapsulating inside the IP-packet an
encrypted private protocol, which can be NetBEUI, IPX or TCP/IP (with a private
IP-address range):

There are several companies offering now devices/support for PPTP.

Microsoft has implemented PPTP on Windows 95 / 98 / NT4 as:
Virtual Private Network (VPN):


Using NetBEUI as example, the above animation shows:
- the network client passes a request to the protocol layer
- the request is wrapped in a protocol envelope (in this example: NetBEUI)
- the protocol envelope is passed on to the VPN-adapter
- the protocol envelope is wrapped again inside a TCP/IP envelope
- the TCP/IP envelope is transmitted via the Internet
on the receiving system:
- the VPN-adapter opens the TCP/IP envelope.
- the protocol envelope is then opened again.
- the data (the "letter inside 2 envelopes") is passed on to its final destination.

You can download detailed information via a link from:
http://www.microsoft.com/communications/PPTPdownload0.htm on:

it downloads as MSPPTP.EXE (143 Kbyte), which is self-extracting to a word-file:
PPTPInstall5-22.doc (1.378 KByte) with 34 pages.

While Windows NT4 Server can handle MULTIPLE incoming VPN-connections
and while Windows NT4 workstation can handle ONE incoming VPN-connection,
Windows95 and Windows98 can only be VPN-Clients:
able to establish the connection to an NT4 VPN-server, but not beeing
able to act as a VPN-server, accepting incoming VPN-connections.
Windows95/98 cannot act as VPN-server
(but Windows95/98 is able to provide simple disk sharing via the Internet)

- Installation of the Windows NT4 RAS-Server
- Connection with Windows NT4 RAS-Server to the Internet
- Installation of the Windows NT4 RAS-VPN Server
- Allowing connection to Windows NT4 RAS-VPN Server

- Installation of the Windows95/98 VPN-Client
- Configure the Windows95/98 VPN Connection
- Connect from Windows95/98 to a VPN server

Using a Windows NT4 workstation as a VPN-dialin to a Server network:



Using a Windows NT4 workstation as a TCP/IP-dialin to a Mainframe: