Tunneling IPX/SPX via TCP/IP with Windows 2000 Professional 1) Introduction 2) Description of Virtual Private Networks 3) Creating a VPN with Windows 2000 4) Additional Information 1) Introduction Have you ever had the desire to play a network game like Command & Conquer - Red Alert 2 through the internet, without using official Servers ? Whatever the reason may be, if you try to use the network feature in the internet it won't work - C & C RA2 uses - like many other, mostly strategy games - the IPX/SPX protocol to communicate with your opponent. The internet uses a completely different protocol, the TCP/IP-Protocol family. So, how to play then ? 2) Description of Virtual Private Networks The Origin of VPNs lies within the security sector - at least, i would say this. They are usually meant to provide a secure communication connection between a host/network- combination by using an unsecure media, like the internet. Let's have a look how a VPN between two networks usually works: Network (1) --- Router(2) ---- Internet (3) ---- Router (4) --- Network (5) In the Networks (1 & 2) the traffic is unencrypted and "as usual". Many different protocols exist within these networks, which are not possible to be used in the internet, since there only exists TCP/IP. The Router (2) belongs to the Network (1). Every packet of which the destination is the second network is encrypted and "packed" into an TCP/IP-packet, sent through the internet and received at the Router (4), which belongs to the Network (5). Router (4) decrypts the received packet and removes everything that was added at router (2) to make the packet "TCP/IP compatible". Then, the packet is sent on to Network (5). The perfect illusion of one simple network, while in reality 3 networks are involved. Conclusion: VPNs help us to play games or do other things which need other protocols than TCP/IP through the internet. 3) Creating a VPNS with Windows 2000 Professional There are two things you should know first: The internet connection should be fast enough (just have a try) and the VPN server must not be behind a router if a) the router doesn't support incoming VPN connections b) the router does not forward the needed ports to your machine. Since these conditions should exist in most cases, i today only care about creating a VPN Server which is directly connected to the internet. The client could be a machine directly connected to the internet or could also be located behind a router. Let's go: Log in as Administrator, then do the following: 1.) Right-click My Network Places, and then click Properties. 2.) Right-click Make New Connections, and then click New Connection to start the New Connection Wizard. 3.) Click Next. 4.) On the Network Connections Type dialog box, click Accept Incoming Connections, and then click Next. 5.) On the Devices for Incoming Connections dialog box, do not select any device, only click Next. 6.) On the Incoming Virtual Private Connection dialog box, click Allow Private Connections, and then click Next. 7.) On the Allowed Users dialog box, select or add all users for whom you want to enable access. The accounts have to exist on both computers that are involved in establishing the VPN connection. 9.) On the Networking Components dialog box, click Next to accept all networking components. File and Printer Sharing for Microsoft Networks, and Client for Microsoft Networks should be listed as networking components. 10.) On the Completing the Network Connection Wizard dialog box, the connection name is " Incoming Connections" by default and the name cannot be changed. 11.) Click Finish. Now we have to configure the client: 1.) Right-click My Network Places, and then click Properties. 2.) Right-click Make New Connections, and then click New Connection to start the New Connection Wizard. 3.) Click Next. 4.) On the Network Connection Type dialog box, click Connect to Private Network through Internet, and then click Next. On the Public Network dialog box, if you need to dial an Internet service provider (ISP) to connect to the Internet, click Automatically Dial This Initial Connection, and then click the appropriate phone book entry. NOTE: The phone book entry must exist before you configure the VPN connection. If the phone book entry does not exist, click Do Not Dial the Initial Connection. 5.) On the Destination Address dialog box, type the IP address of the Windows 2000 Professional-based computer to which you are attempting to connect, and then click Next. 6.) On the Connection Availability dialog box, click All Users or click Only Myself, and then click Next. 7.) On the Completing the Network Connection Wizard dialog box, give this connectoid a name, and then click Finish. Now, after connecting to the internet and using the created Dialup for a VPN at the client, the two computers should establish a VPN. You can see that the connection is created when another symbol (like the internet symbol) appears next to your clock (which is mostly located in the bottom right). 4.) Additional Information Guide written by Florian Hobelsberger / BlueScreen ( BlueScreen@IT-Checkpoint.net ). Links: http://www.IT-Checkpoint.net http://www.he-crew.de http://www.he-board.de http://www.NGSecurity.de http://www.Lobnan.de