How to set up a VPN Incoming connection with Windows to tunnel Internet traffic?
I want to set up a VPN on a remote server to route all my Internet traffic for privacy reasons. I can set up an incoming connection and connect to it successfully. The problem is, I can just see the remote computer and no other Web sites will open. I want the remote server to act like a NAT. How can I do that?
Note that I don't want to split Internet traffic. I actually want to send all the traffic to the remote server but need to make it relay the traffic.
For the record, my remote server is Windows Web Server 2008 which does not have routing and remote access service.
Clarification
I'm mostly interested in server configuration. I don't have any problems configuring the client. By the way, Windows Web Server 2008 seems to have the same VPN features built in client OSes (like Vista) and specifically, it doesn't include the RRAS console in MMC. I'm also open to suggestions regarding third party PPTP/L2TP daemons available, if they are free.
Solution 1:
You were able to create a dial-up VPN connection between Vista and Windows Web Server 2008 without the Network Policy Server role? If so, I'm curious as to what the subnet/IP looked like to the client in that scenario once the tunnel was up.
If you have a VPN up, then you've transferred your problem domain from one of VPN to one of routing. I'm pretty confident that you'll be able to bridge connections using the Web edition and that you can also use Internet Connection Sharing. If not, there are cheap and possibly free "internet sharing" programs available (NAT32).
This assumes that your client machine somehow has an IP on the server's (internal?) network.
Also, when you say Internet traffic, it's possible your definition may include only traffic that is proxy-able. In which case you can shift the domain again from routing to proxying, and use a free proxy server bound to the IP on the other end of the tunnel.
Solution 2:
This will happen by default if the VPN is configured correctly.
When you make a VPN connection from Windows CLIENT, there is an advanced option called Use Default Gateway on Remote Network
which is checked by default.
For example, in Windows XP:
- Go to Network Connections
- Right click on your VPN connectoid
- Choose Properties
- Go to the Networking Tab
- Choose Internet Protocol (TCP/IP) from the list
- Click PROPERTIES
- Click Advanced
- In the General tab, check
Use Default Gateway on Remote Network
It is possible that the default gateway is not configured correctly on your remote server.
Solution 3:
Unfortunately you cannot install RRAS on Server 2008 Web Edition, its not an allowed role. So you would need to use a third party application, Open VPN is one of the most common and one I have used successfully on server 2003 before.
Once you have that setup, Joel's advice for the client setup will make sure your web traffic goes through the VPN.
Solution 4:
There may be a special place in purgatory for UNIX people who make suggestions along the following lines but I have used this for a purpose similar to yours (getting ip range-restricted US-only data securely from the US to Mexico City):
Install OpenSSH on the server, here is how you can do that on Vista/2008: http://www.petri.co.il/setup-ssh-server-vista.htm (I noticed that this is an .il TLD, if that is a problem from Iran maybe try looking for the cache or I can repost it if you leave a comment. Also maybe an example of why we need secure borderless internet access.)
Create a dynamic ssh connection using Putty. Here are instructions and an explanation.
Point your browser, mail client, etc., to the local proxy. In effect, what you are doing is this: you open a dynamic ssh session on the remote host. You have a local proxy that this connection is bound to. You make all requests to this local proxy, the proxy then makes an encrypted request to the server, the server fetches and returns whatever you have requested from the outside world via a secure tunnel to the local proxy and thence to your application. You can confirm that it is working by opening a website that provides geolocation of ip addresses. I'm sure it can be automated too. (If this is an outright abominable thing to do on a Windows Server, let me know in the comments.)