RDP over VPN between two XP pro machines

[Kris]

Hi,

Like many others I'm trying to setup a WinXP machine to be a vpn server and
a rdp server, so at work i can connect to my home pc, open a vpn tunnel and
then open a rdp session.




I have a few questions about this. Hopefully someone can help me out.

Both at work and at home I have a WinXP Pro machine. At work all ports are
open and at home, I'm behind a router on which I can do port forwarding. I'd
like to use my home pc when I'm at work.

The VPN server (the home pc) is behind a router so Port Mapping will need to
be done on the router I guess. Standard port usage is 1723 for PPTP and
IPSec is 500 I think. I also heard something about PPTP passthrough but I
don't know whether this is relevant?

The things I don't fully understand:

- how/where can I determine whether my VPN server should use PPTP
or Ipsec ?

- if I would use PPTP, why might I need to configure "PPTP
passthrough" ? And how?

- Currently the RDP service on my home pc is accepting RDP requests from
remote clients. But because this would be more secure over VPN I've added
the XP VPN service ("incoming connections"). My question : how can I make
sure that RDP will only work AFTER the tunnel has been created?

- Any other (security) issues I need to consider?



Thanks!

Rgds,
Kris

 

[robert]

Hi Ksir

- how/where can I determine whether my VPN server should use PPTP
or Ipsec ?

not sure but i think the XP server will detect what the client is using , so
u can setup the vpn type on the client.
right click the client vpn connection properties networking>> change type of
vpn, then connect and see if it works.

- if I would use PPTP, why might I need to configure "PPTP
passthrough" ? And how?

your router should support PPTP passthrough, u need to configure PPTP
forwarding on port 1723 so that the router knows which computer to forward
client requests.
e.g
internet client --- external ip------router listening on port
1723------forwards all requests to 192.168.2.3
router listening on port
80 ------forwards all requests to 192.168.2.5

- Currently the RDP service on my home pc is accepting RDP requests from
remote clients. But because this would be more secure over VPN I've added
the XP VPN service ("incoming connections"). My question : how can I make
sure that RDP will only work AFTER the tunnel has been created?

setup your router to discard any requests on port 3389. if your router
doesnt support this then just setup the router to forward requests on port
3389 to a dummy address.

 

[Kris]

Thank you for this great info.

Meanwhile I've succesfully setup the VPN service on my XP home machine and
connected over the internet with the VPN client on a WinXP machine.
Everything worked.

Only one question remains.

Before using VPN I just used RDP. I had configured my router to listen on a
obscure port and then forward to my internal workstation on the standard RDP
port.
Now my router is listening on the standard VPN port and forwarding to my
internal workstation also on the standard vpn port.

=> Isn't there a way to change the vpn port?
=> And if I wouldn't change the vpn port, would this VPN approach still be
safer than the obscure rdp port approach I used before?

Thanks!
Kris

 

[Sooner Al]

Using RDP standalone or RDP through a PPTP VPN tunnel is just a secure either way. Both are
encrypted the same.

http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/pree_rem_quaq.asp

The advantage of using a PPTP VPN tunnel is you can access the remote PC without logging the current
user off if you simply want to access shared files/folders or you want to access multiple PCs (via
RDP) without opening a lot of holes in your firewall.

Personally, I use the PPTP VPN tunnel approach...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

 

[robert]

vpn traffic is sent via port 1723
rdp traffice is routed via 3389

Before using VPN I just used RDP. I had configured my router to listen on a

obscure port and then forward to my internal workstation on the standard RDP
port.

do u mean listen on port 1234 external and forward to local 3389?
if so then try the same thing with the vpn port and see if it works.

And if I wouldn't change the vpn port, would this VPN approach still be
safer than the obscure rdp port approach I used before?

first of all if u successfully established an rdp session through vpn then
close any connections to RDP.
coz u cone need unnecessary ports open.
refer to the post by Sooner AL about the security issue.