Hng dn tng bc cch thit lp W2K VPN server

VPN Clients
Th no l VPN client? VPN clients c th l bt k mt computer no s dng h
iu hnh t Win9x, Windows NT Workstation hay l Windows 2000
Professional. Ngay c server cng c th l VPN clients. Cch lm vic gia
client computer v server nh th no? Cch n gin v thng dng nht l client
computer khi to mt kt ni vi ISP bng giao thc PPP (Point to Point
Protocol). Sau khi kt ni theo dng ny cn c gi l Non-Virtual kt ni
khng o tng datalink, client c th s dng giao thc PPP ny mt ln na
thit lp mt kt ni o vi VPN server v t y n c th tr thnh mt node hay
mt my trm trong h thng LAN.
Lu : Khi client kt ni c vi VPN server, thc t n vn ang kt ni vi
internet. Tuy nhin, sau khi thit lp c kt ni VPN vi VPN server, th client
hay my trm s t ng tm kim mt a ch IP m a ch IP ny phi trng hay
ni ng hn l phi cng subnet vi mng o m n kt ni ti, s kt ni ny s
to ra mt interface o hay l mt card mng o. Card mng o ny s thit lp
mt gateway mc nh.
Cch ci t VPN Server
Trc khi client c th gi vo hoc c th truy cp c vo mng ca bn, bn
cn phi ci t VPN server. Trong bi ny chng ta s cng nhau tm hiu cch
ci t mt VPN Server nh th no cng nh s im qua mt vi vn quan
trng trong h thng h tng ca gii php mng o VPN.
Bc u tin l enable Routing and Remote Access Service (RRAS). Bc ny
th bn khng cn phi ci t v n c ci t sn khi bn ci t h iu
hnh Windows. Tuy nhin mc d c ci t theo windows nhng n cha
c enable, cho nn c th enable RRAS th bn c th lm theo cc bc sau
y:

1. Chn start, chn Programs, chn Administrative Tools, chn Routing and
Remote Access (RRAS).
2. Trong Routing and Remote Access console, right click
tn server ca bn, v chn Enable Routing and

Remote Access. Sau khi chn nh trn n cn khong vi giy

activate.
3. Sau RRAS Wizard s khi ng. Trong phn ny bn nn chn mc
Manually configured server v click Next theo hnh di y.

4. Bn c tip tc lm theo s ch dn trn wizard cho ti khi bn hon tt

phn wizard, v cui cng l chn Finish hon tt phn enable RRAS.
5. Sau khi hon tt phn enable RRAS bn cn phi restart service, bn ch
chn Yes.
Lu : Chng ta khng s dng mc Virtual private network (VPN) server v
c mt tr ngi l khi chn mc ny, n s bo v ci interface m bn chn bng
cch ci b lc m ch cho php hai giao thc cn bn l L2TP v PPTP c
quyn truyn ti d liu, RRAS s khng truyn ti nu n khng phi l giao thc
trn, l l do nn s dng mc Manually configured server.
Khi RRAS bt u lm vic th bn s thy nh tm hnh di y.

Phn General Tab

Right click vo server name ca bn v chn Properties theo hnh di y.

Trong phn Properties trn bn c th chn vo mc Router v computer ca bn

s chu trch nhim chuyn ti nhng yu cu t VPN clients vi li mng ni b
LAN, l l do bn cn phi chn vo mc router. Phn lm vic ca mc router
ny l route traffic trc tip gia mng LAN v nhng my truy cp thng qua kt
ni theo dng demand-dial. Nu bn mun VPN theo dng gateway-to-gateway
VPN, bn nn chn mc Router v lun c mc LAN and demand-dial routing.
Bn nh chn thm mc Remote access server. Nu bn khng chn mc ny th
VPN client khng th gi vo c.
The Server "IP" Tab
Chn vo mc IP tab nh hnh di y.
Chn vo mc Enable IP routing, mc ny cho php clients c quyn truy cp
vo mng ni b ca bn, nu bn khng chn mc ny th cc clients ch c th
truy cp vo VPN server m thi.
Mc Allow IP-based remote access and demand-dial

connections phi c enable cc clients c th cp pht a ch IP khi client

truy cp. Khi bn chn mc ny c ngha l bn cho php giao thc iu khin IP
(IPCP), giao thc ny c s dng thit lp kt ni theo dng PPP.
Bc k tip l bn cn phi quyt nh s IP cp pht cho VPN clients nh th
no. Bn c hai cch cp pht IP
Dynamic Host Configuration Protocol (DHCP) IP ng.
Static Address Pool IP Tnh
Theo kinh nghim th nn chn DHCP v khng cn phi mt c chia v cp pht
th no cho clients. Khi DHCP server c configure vi mt scope a ch IP
cho card LAN ca VPN server, thng thng by default RRAS/VPN server c
khong 10 ports cho php to kt ni, v vy n s chm khong 10 IP address
ca DHCP server v n s s dng mt cho chnh n. Nu tt c IP address u
c s dng ht bi cc kt ni VPN v nu VPN server ca bn c nhiu hn 10
ports th n s ly thm 10 IP addresses na t DHCP server s cua cho cc
truy cp sau.
Cch d nht gii quyt a ch IP cho client l t DHCP server trong cng mt
subnet vi VPN server interface. Bn c th thit lp DHCP Relay Agent, tuy
nhin phn ny s cp mc khc.
Nu nh bn s dng IP tnh cho php client to kt ni th phi bo m rng
n phi cng subnet vi mng ni b ca VPN server hay l internet interface ca
VPN server. Cn khng th hi phin phc.
phn cui ca hnh di bn chn vo mc Use the following
adapter to obtain DHCP, DNS, and WINS addresses for dial-up
clients, y bn nn chn NIC card cn li ca VPN server, v l client khi kt
ni vi mng VPN ca bn, n cn phi nm trong cng mng LAN, cho nn bn
phi chn NIC card ca RRAS server v NIC card ny s chu trch nhim cung
cp cc thng tin v DHCP, DNS v WINS cho client.

Sau khi bn chn xong th click OK tip tc phn configure ports nh hnh di
y.
Configuring the VPN Ports
Trong phn RRAS Console, bn right click vo Ports, chn Properties nh hnh
di y.

Configuring the VPN Ports

Trong phn Ports Properties nh hnh di y. Chn VPN interface m bn
mun enable, v d nh bn mun enable giao thc PPTP client c th to kt
ni vi mng VPN, giao thc PPTP tng i l n gin nht, cho nn bn nn
bt u bng giao thc ny bng cch chn WAN Miniport (PPTP) sau nhn
vo mc Configure nh hnh di y.

Trong phn configure WAN Miniport (PPTP) nh hnh di, bn nn chn mc

Remote access connections (inbound only) clients c th to kt ni vi VPN
server.
Mc Demand-dial routing connections (inbound and outbound) cho php
RRAS server c php khi to hoc l chp nhn kt ni n v t demand-dial
routers. Nu bn mun thc hin gii php gateway-to-gateway VPN solution, th
bn nn chn mc ny, nhng nu bn ch mun cho php nhn kt ni t clients
thi th bn c th disable th mc ny.
Trong hp Phone number for this device, nhp vo a ch IP ca VPN server
interface nh hnh di.
mc Maximum ports box, bn c th nhp vo bao nhiu ports cng c ty
theo nhu cu ca bn, ports th c tng cng khong 16384 ports, cho nn nu bn
c nhu cu nhiu hn s lng ports th bn phi cn thm mt VPN server.

Click OK. Nu bn chn t hn s port mc nh th bn s gp li cnh co nh

hnh di y, nhng khng sao bn c vic click Yes. Sau click Apply trong
phn Port Properties.

Bc cui cng l cho php truy cp qua Remote Access Policy. Chn vo th
mc Remote Access Policy, bn tay phi bn right click vo mc Allow access if
dial-in permission is enable chn properties nh hnh di.

Trong phn Allow access if dial-in permission is enable Properties, chn vo

mc Grant remote access permission. Mc ny cho php users truy cp bt c
lc no min l khp vi iu kin t ra ca Policy Change the If a user matches
the conditions setting to
Grant remote access permission nh hnh di sau .

Click Apply and then click OK.

Kt lun
Trong bi vit ny chng ta cng nhau lt qua cch thit lp mt VPN server.
Tht ra cch thit lp mt VPN server nh chng ta va lm thuc dng n gin
cho php clients to cc kt ni vi VPN server. Tuy nhin mt khi bn
c th bo m rng VPN server ca bn lm vic mt cch tt p bng cch
bn to mt kt ni th nghim t ngoi vo, nu thnh cng th bn hy bc mt
bc k tip k thut hn cng nh gia tng bo mt.
Windows 2000 RRAS Server rt mnh v cng l mt chng trnh phn mm
chng n gin cht no. C rt nhiu options trong ci RRAS console ny, nu
bn bit cch pht huy hay s dng n ng th s to cho bn rt nhiu thch th.
Tt nht khi thit lp bt c server loi no, iu bn nn nh u tin l c gng

n gin vic thit lp chc chn rng nhng ci chng ta va thit lp hot
ng cn bn ri
Cch thit lp VPN (Virtual Private Networks) Client - Phn II
Virtual Private Networks (VPN) hay gi theo ting Vit l Mng Ring o,
cho php bn m rng phm vi mng ni b bng cch s dng li th ca
internet. K thut VPN cho php bn kt ni vi mt host nm xa hng ngn
dm vi mng LAN ca bn v lm cho n tr thnh mt node hay mt PC
na trong mng LAN. Mt c im na ca VPN l s kt ni gia clients
v mng o ca bn kh an ton nh chnh bn ang ngi trong cng mt
mng LAN.
Hng dn ci t VPN Client bng hnh nh minh ha
1. Right click vo My Network Places, chn Properties, double click vo Make
New Connection, sau click Next

2. Chn vo Connect to private network through the Internet theo hnh di y.

3. Nu bn cha kt ni vi internet th bn c th chn mc Automatically dial

this initial connection, nu bn kt ni ri th nn chn Do not dial the initial
connection theo hnh di y v Click Next

4. Trong phn host name or IP, bn c th nhp vo server name ca bn hoc nu

bn khng c tn min th bn c th nhp vo a ch IP address nh hnh di
y.

5. Nu bn cho php cc users khc c php s dng kt ni ny ca bn

truy cp VPN th chn mc For all users, cn khng th chn Only for myself

6. Trong hnh di y bn ch vic nhp vo user name v password kt ni.

7. Khi mi thit lp v lm quen vi VPN, bn nn s dng giao thc PPTP, v

giao thc ny l giao thc n gin nht trong 3 giao thc v n khng i hi
certificate hay l PKI (Public Key Infrastructure) nh L2TP.

Hy vng l nhng hnh nh trn c th gip bn t nhiu trong cch thit lp VPN

client.
I can ping you pc from server
Ok Thanks
Let me try to do
Thanks you!
May I have a look of your drytek routers configuration