Configuring and creating a VPN server on Windows 7. A VPN server on the router

To date, private virtual networks, referred to as VPN, which in the decoding means Virtual Private Network , will not surprise anyone. However, not every user of the same "seven" knows how this works. Let's see what a VPN server is on Windows 7, how to install and configure it using your own tools and third-party programs.

What is VPN?

Let's start with the basics. The creation of a VPN server can not do without an understanding of what it really is. Apparently, not every user faces such a problem and fully realizes what a thing is.

A virtual server is exactly the means that allows you to create independent private networks on the basis of an Internet connection, as if several computer terminals, laptops or even mobile devices were connected together by cables. But only in this case we are talking about virtual cables.

Why do I need a VPN server?

The advantages of this technology to many seem to be a step backward in terms of security of connection and data transfer, but the virtual network is often much more secure than the usual "localization".

In addition, when using a VPN connection, the user can exchange data between individual terminals that are scattered around the world. Yes Yes! The technology of connecting a VPN server is such that it is possible to combine computers or mobile devices into a virtual network, regardless of their geographic location.

Well, for gamers, it's all a godsend. Imagine that after creating a VPN server, you can easily go through some kind of command "ferment" like Counter Strike in a team with players, for example, from Brazil. But in order to make this possible, and will require theoretical knowledge about the Virtual Private Network. Now, let's see what it means to create and configure a VPN server for Windows 7, in more detail.

In this case, it is worth paying attention to several mandatory conditions, without understanding which the entire process of creating a virtual server simply will not make sense.

VPN server on Windows 7: what should I pay attention to?

First of all, every user who creates a virtual server on a home terminal must clearly realize that there are some connection restrictions in Windows 7. The fact is that only one user can connect to the created server in one session. And it is impossible to get around this obstacle with the system's own resources.

In principle, as an option, you can use the installation of a special (but unofficial) patch that will help fix the problem. On the other hand, if you approach the issue of creating a normal working VPN server from the point of view of Windows licensing, then it is better to use the "seven" of the server version (Windows Server). Few people know, but it is for Windows 7 that this version is also there.

Create a VPN server with Windows tools: configure the router

Now, after describing all the initial concepts and questions, you can start creating the server directly. As an example, consider the initial configuration required by the Zyxel Keenetic device. The VPN server in the case of using such devices is quite different by its settings (especially in the case without the pre-installed NDMS firmware).

Here the problem is that the main PPTE protocol for all systems in this case is represented in the modified form MPTE, which makes it impossible for simultaneous access to the server by several users. The firmware allows you to work around this problem. After its installation, access is guaranteed at the level of ten simultaneously connected users.

After installing the program in the application center section, the VPN server component should appear, where you will need to configure the Keenetic Internet Center, which will subsequently be responsible for accessing and pooling the IP addresses currently provided to clients using the PPTE protocol.

What is most interesting, it is permissible to cross the addresses with a 24-bit mask. That is, when specifying a range, for example, 192.168.0.10 - 192.168.0.20, the VPN server address for a single client connection for the Home parameter can be 192.168.0.51.

But that's not all. The VPN server on the router (in our case Zyxel) means access only through the Keenetic account. To enable such access, you must allow the user to access the VPN. This is done by clicking on the "account" with the subsequent installation of a tick in the corresponding field.

Another plus of this connection is that one username and password can be used for several client records that will be used to access the Keenetic VPN server. Let's pay attention to one more feature of this connection. It consists in the fact that the VPN server created on the basis of Zyxel is able to access not only internal internal, but also external networks. This way, you can get remote access to any client machine connected through a Keenetic account.

First steps

Now the question is how to configure the VPN server on the router, let's leave it aside and go directly to the "operating system" itself.

First, you need to use the Network and Sharing Center section located in the standard "Control Panel". In the upper menu, select the "File" section (if it is not displayed, press the Alt key), then click on the line of the new incoming connection.

After that, you need to use the addition of a new user, which by default will be named Vpnuser. Then fill in all the required fields (the full name can be left blank, since this does not affect the connection), and then enter the password and confirmation (must be a complete match). If you need to add more users, repeat the above procedure.

Now you need to specify the type of access via the Internet in a new window, after which you can proceed to one of the most important steps, namely, to configure the TCP / IP protocol, because the VPN server on Windows without such correctly configured parameters will simply not work.

Configuring IPv4

In principle, in most cases this version of the protocol is used, since IPv6 is not supported by all providers. If the support is still there, the setting of versions 4 and 6 will not be particularly different.

So, in the protocol properties, you should first use the access authorization item for the callers to the local network, and then select the IP address explicitly and specify the required range. This is done so that in the future it is possible to connect several users at the same time. At the end of the procedure, simply click the "OK" button. All - the server is created. But this does not stop there. You also need to configure the VPN server on the client terminals so that they can be accessed.

Configuring client machines

Now, on the computer terminal from which you intend to connect to the virtual server, in the "Control Panel" you need to use the settings of the Network and Sharing Center, where a new connection is selected, after activation of which the "Master" will start. Next, select the type of connection to the workplace, and then use the existing connection to the VPN.

Now the most important point is the address of the VPN server. In this case, you can use the address viewed on the server itself, or enter a domain name. In order not to waste time on setting up, you can skip the offer for immediate connection.

Now it remains to enter the login and password that were specified when creating a VPN server, and optionally - specify the retention of data for later login. This concludes the procedure. If the server is in the active state, you can connect to the virtual network.

Firewall settings

But even if everything is done correctly, sometimes there can be some problems. Often such a connection can be blocked, strange as it may sound, with Windows own means, more precisely, with built-in firewall (firewalls) related to the security system.

To avoid problems, you need to find connection icons in the same network management center. For the client this is RAS, for the server - VPN. It remains only when clicking on the parameter on both terminals specify the type of access in the form of a home network. That's all.

Port Forwarding

Ports are more complicated. The problem concerns mostly ADSL modems, which simply can not open the required VPN ports. You must configure these settings manually.

Here again you will have to access the router settings. As a rule, the instruction for VPN-connection is in the documentation for the device itself. Here it is worth noting that Windows-based systems use TCP with a value of 1723. If it is possible to disable the GRE lock, it is desirable to use it.

Error 807

Naturally, now you can rebuild the parameters of the created VPN server, however, it is believed that the real scourge of absolutely all users who encounter the creation of connections of this type for the first time is the occurrence of an error under the number 807.

To get rid of it, you first need to make sure that the IP address fields on the client machine are correctly filled in and the port parameters are directly on the server.

In addition, the remote access service must be active. You can check its status with the services.msc command, entered in the "Run" menu (Win + R), followed by the selection of the Routing and Remote Access section. The operating state and the automatic access type must be indicated here.

In extreme cases, if there are problems, you can try to connect even to yourself. To do this, a new client connection is created, where 127.0.0.1 is specified as IP.

If this does not help, you can refer to the help of some Internet resources like portscan.ru, which are able to monitor an active external connection (1723 is entered in the connection field, after which the start of the check is used). But, if everything is done correctly, a positive result will not keep you waiting. Otherwise, you have to check the settings of the router and the virtual server.

Third-Party Programs

Of course, most users, far from such settings, all this may seem, so to speak, too homegrown. It's much easier to configure a VPN server using special automated programs.

Consider one of the most popular. It's called SecurityKISS. Install it is easy. Next, you should launch the application, after which the user will be prompted to make the minimum initial settings and enter some necessary data. You will need to specify your own IP. You can find it using the ipconfig command, and with several terminals on the network, ipconfig / all.

The main recommendation for this SecurityKISS client is to select the one from the proposed list of servers that is geographically closest to the terminal from which it is supposed to connect. Note that in this case there is no question of creating a server - you can connect to the existing servers. And this saves the user from the product of all those procedures that were described above.

The connection is made to an already created server, and by and large, absolutely no matter where in the world it is located. If there is a good high-speed connection, even geo-location does not play a significant role.

What in the end?

In principle, the issue of creating a VPN server can be terminated. However, many users of computer systems should pay attention to some minor inconsistencies. The matter is that, depending on the version of the same "seven" installed, the names of some fields or lines to be filled may differ in the names. In addition, some "cracked" versions of Windows 7 may have limited capabilities, because to save disk space or increase performance in them, these or other functions were disabled. This is just the case with the controls for network connections at the global level. It does not even save access rights at the super administrator level. Moreover - in the parameters of local group policies or in the system registry, which by and large duplicates them, nothing can be properly configured.

Returning to the question of creating a VPN server, it remains to add that this technology, strangely enough, in most cases remains unclaimed, unless it will be useful for gamers who want to play with an opponent who is very far from it. System administrators, perhaps, this also does not come in handy, since the connection itself, although it uses a 128-bit encryption system, is still not insured against data loss or unauthorized access to the virtual network. So to create a VPN server or not is already a personal matter.

However, for Windows systems the settings are quite complex, especially from the point of view of an untrained user. For the simplest connection, it's better to use VPN clients, which you can download for free, and configure in automatic mode. And there are a lot less problems with them than with changing the configuration of the system, which is fraught with a global "hit" when doing wrong actions.

Nevertheless, information on this issue should be received by every user, since knowing how to connect to such networks can ultimately secure their terminals from penetration of threats. Sometimes, with an active Internet connection, the user may not even suspect that his machine is connected to the network, and he himself can not determine the level of risk and security.