Connecting to VPNs in Windows 8
Today, people can work from just about
anywhere as long as they have a computer and an Internet connection.
Many companies configure VPNs to enable employees in remote locations
to connect securely from their local computer to the office network.
When employees do this, the resources they would use while in the
office are available.
To locate the options for and establish a VPN connection, complete the following steps:
-
On the Start screen, search for VPN and select Settings.
-
Select Connect To A Network Or Set Up A Virtual Private Network Connection.
-
Type the address of the VPN to which you want to connect in the Create A VPN Connection dialog box.
-
Type a Destination Name (for example, Work VPN).
-
If your company requires the use of a smart card, select the Use A Smart Card check box.
-
Select Remember My Credentials to allow the user name and password to be saved for this connection.
-
If other people need to share your connection to the VPN, select Allow Other People To Share This Connection.
Note
SECURITY ALERT BE MINDFUL OF YOUR SECURITY POLICIES
Allowing others to share this computer’s VPN connection can pose a
security risk within your organization. Carefully consider this option
before it is enabled to ensure that everyone involved understands how
this option works.
-
Tap or click Create to add the connection.
When you click Create, the connection will be added to your
computer, but it will not be active. To connect to the VPN, you need to
access it in the Network Connections application in Control Panel and choose Connect/Disconnect.
Remember that various types of VPNs are available, and you need to
know which type of VPN your company has so that it can be configured
properly. To access the properties of a VPN connection, complete the
following steps:
-
Press and hold or right-click the VPN Connection adapter in the Network Connections window.
-
Select Properties.
The Properties dialog box displayed for VPN
connections contains options for VPNs to be configured for the selected
connection. The VPN Connection Properties dialog box is displayed in Figure 3.
On the General tab, as shown in Figure 3, you provide the initial information for the VPN connection.
The options on this tab are:
-
Host Name Or IP Address Of Destination This box contains the address you need to use to establish the tunnel.
-
First Connect If you select the Dial Another Connection First check box, the VPN dials the phone number you provide before connecting to the VPN.
On the Options tab, as shown in Figure 4, you can save your credentials for future use and add some Point-to-Point Protocol (PPP) settings.
The Options tab gives you the following choices:
-
Remember My Credentials Instructs the VPN configuration to cache credentials.
-
Idle Time Before Hanging Up Establishes how long the VPN can wait for activity before disconnecting.
-
PPP Settings If you select this button, a dialog box gives you the following options:
-
Enable LCP Extensions
Select the Link Control Protocol (LCP) extensions to allow performance parameters to be negotiated during the connection process.
-
Enable Software Compression Select this check box to allow Windows to reduce the size of IP packets to improve performance and throughput.
-
Negotiate Multilink For Single-Link Connections
Select this check box to separate high-priority and low-priority channels when using a single-link connection.
On the Security tab, as shown in Figure 5, you define the VPN type. These settings require knowledge of your organization’s VPN configuration.
The options on this tab are:
-
Type Of VPN Choose the type of VPN you will use from the list.
-
Advanced Settings
Tap or click this button to see additional settings for the type of VPN
you have selected. This button is available only if your selected VPN
type has additional settings.
-
For the Layer 2 Tunneling Protocol (L2TP) VPN type, you can select Use A Preshared Key For
Authentication. You must specify a key file on both ends of the
connection to prove that each computer knows the other. Your other
choice is to select Use Certificate For Authentication. This option
uses a certificate to prove that the server is the correct one for this
connection and that the client is allowed to connect. The option to
verify the server certificate provides a bit more security, because if
it is turned on the client will not connect to servers it cannot verify.
-
For the Internet Key Exchange Version 2 (IKEv2)
VPN type, you can select the Enable Mobility check box. You can also
configure the amount of time the connection will try to reconnect.
-
Data Encryption Select the appropriate encryption options for your organization.
-
Use Extensible Authentication Protocols (EAP)
If you choose this option, you can select from the list to specify how
your computer will prove its identity to the server. Available choices
include:
-
Microsoft: EAP-AKA (Encryption Enabled)
-
Microsoft: EAP-SIM (Encryption Enabled)
-
Microsoft: EAP-TTLS (Encryption Enabled)
-
Microsoft: Protected EAP (PEAP) (Encryption Enabled)
-
Microsoft: Secured Password (EAP-MSCHAP v2) (Encryption Enabled)
-
Microsoft: Smart Card Or Other Certificate (Encryption Enabled)
-
Allow These Protocols Select this option for authentication if your environment does not support the use of EAP protocols.
-
Unencrypted Password (PAP) This protocol sends the password in plaintext.
-
Challenge Handshake Authentication Protocol (CHAP)
This protocol
authenticates the connection by using a series of challenges and
responses from the originator to determine a matching hash. If the hash
provided by the originator is what the server expects, the connection
succeeds. The password for validation of CHAP-based authentication is
sent using plaintext.
-
Microsoft CHAP Version 2 (MS-CHAP v2)
This protocol operates similarly to CHAP but requires an MD4 hash of
the password to validate the authentication. This is more secure and
does not send information in plaintext.
-
Automatically Use My Windows Logon Name And Password (And Domain If Any)
This option specifies that the currently signed-in Windows user
credentials should be passed for sign-in to the VPN connection when the
Microsoft CHAP v2 protocol is used.
The Networking tab, shown in Figure 6,
displays the network protocol configuration for the VPN connection. On
this tab, you configure IP address settings and other network items
related to the VPN.
In environments in which VPN connections
do not receive dynamically assigned IP addresses, it might be necessary
to configure an address for this connection under the properties for
Transmission Control Protocol (TCP)/IP (version 4 or 6, depending on
your environment).
You can also configure File and Print Sharing for this connection on
this tab, which allows other computers on the network to use resources shared on your computer.
On the Sharing tab, shown in Figure 7, you indicate whether the connection is available through a shared Internet connection on this computer.
The choices on this tab are:
-
Allow Other Network Users To Connect Through The Computer’s Internet Connection
If selected, the VPN connection is available to other computers within
an environment. The next two choices are available only when this
choice is selected.
Note
USER CREDENTIALS FOR THIS OPTION
When this option is enabled, user names and passwords for the
current user cannot be stored for use by others. If your user account
is signed in and enables this setting, the dial-up
options will function only when this account is signed in. Creating a
new connection for all users and saving the sign-in credentials with
that connection will ensure that the dial-up options work regardless of
the signed-in user account.
-
Establish A Dial-Up Connection Whenever A Computer On My Network Attempts To Access The Internet
If selected, the VPN connection is attempted by dialing out to an ISP
whenever a remote computer attempts to use the shared connection.
-
Allow Other Network Users To Control Or Disable The Shared Internet Connection
If selected, other users can have control over the shared connection
resources. These users would be able to turn off the shared resources
and prevent others from using them.
Important
DOCUMENT, DOCUMENT, DOCUMENT
Don’t underestimate the importance of documenting what you have done and why. With good documentation,
you can identify items on your network and make troubleshooting much
easier. Troubleshooting only the reported problem is easier than first
troubleshooting why the tools do not work and then getting them working
before you can fix the reported problem. Documentation
on how to use the tools in your environment can help in this situation.
For example, using descriptions wherever possible to reinforce the
choice of names selected might mean the difference between
troubleshooting a coworker’s problem for a half an hour and
troubleshooting the remote tools needed to help your coworker for 20
minutes first and then fixing the problem.
Because all these tools are at your disposal to aid other users and
get systems working (or to keep them running), you need to know which
tools are right for the job. If you constantly get phone calls about
how to use a tool, consider creating documentation that addresses the
problem for yourself and for the users calling for help. Sharing this
documentation should reduce the number of calls you receive and help
provide a consistent repair experience for users, thus ensuring that
the same or similar steps are taken each time a problem is addressed.
