Monday, September 1, 2014

How to Create a VPN Server on Your Windows Computer Without Installing Any Software

How to Create a VPN Server on Your Windows Computer Without Installing Any Software

create-vpn-server-in-windows
Windows has the built-in ability to function as VPN server, although this option is hidden. This trick works on both Windows 7 and Windows 8. The server uses the point-to-point tunneling protocol (PPTP.)
This could be useful for connecting to your home network on the road, playing LAN games with someone, or securing your web browsing on a public Wi-Fi connection – a few of the many reasons you might want to use a VPN.

Limitations

While this is a pretty interesting feature, it may not be the ideal way to allow VPN connections to your local network. It has some limitations:
  • You will need the ability to forward ports from your router.
  • You have to expose Windows and a port for the PPTP VPN server directly to the Internet, which is not ideal from a security standpoint. You should use a strong password and consider using a port that isn’t the default port.
  • This isn’t as easy to set up and use as software like LogMeIn Hamachi and TeamViewer. Most people will probably be better off with a more complete software package like those two.

Creating a VPN Server

First, you’ll need to open the Network Connections window. The quickest way to open it is to press the Windows key, type ncpa.cpl, and press Enter.
open-ncpa.cpl-on-windows-8
Press the Alt key, click the File menu that appears, and select New Incoming Connection.
windows-new-incoming-connection
You can now select the user accounts that can connect remotely. To increase security, you may want to create a new, limited user account rather than allow VPN logins from your primary user account. (Click Add someone to create a new user account.) Ensure the user you allow has a very strong password, as a weak password could be cracked by a dictionary attack.
windows-select-vpn-user-accounts
Select the Through the Internet option to allow VPN connections over the Internet. You can also allow incoming connections over a dial-up modem, if you have the dial-up hardware.
allow-vpn-connections-through-the-internet
You can then select the networking protocols that should be enabled for incoming connections. For example, if you don’t want people connected to the VPN to have access to shared files and printers on your local network, you can uncheck the File and Printer Sharing option.
select-vpn-networking-protocols
Click the Allow access button and Windows will set up a VPN server.
allow-vpn-access-in-windows
If you want to disable the VPN server in the future, you can delete the Incoming Connectionsitem from your Network Connections window.
delete-incoming-connections-vpn-server

Router Setup

You will now need to log into your router’s setup page and forward port 1723 to the IP address of the computer where you set up the VPN server. For more instructions, read How to Forward Ports on Your Router.
For maximum security, you may want to create a port forwarding rule that forwards a random “external port” – such as 23243 – to “internal port” 1723 on your computer. This will allow you to connect to the VPN server using port 23243, and will protect you from malicious programs that scan and attempt to automatically connect to VPN servers running on the default port.
You can also consider using a router or firewall to only allow incoming connections from specific IP addresses.
To ensure you can always connect to the VPN server, you may want to set up a dynamic DNS service like DynDNS on your router.

Connecting to Your VPN Server

To connect to the VPN server, you will need your computer’s public IP address (its IP address on the Internet) or its dynamic DNS address, if you set up a dynamic DNS service above.
Use the Connect to a network option in Windows and enter your computer’s public IP address. Provide the username and password you created to log in.
For more instructions on connecting, read How to Connect to a VPN on Windows.