Windows has the built-in ability to function as VPN server, although this option is hidden. This trick works on both Windows 7 and Windows 8. The server uses the point-to-point tunneling protocol (PPTP.)
This could be useful for connecting to your home network on the road, playing LAN games with someone, or securing your web browsing on a public Wi-Fi connection – a few of the many reasons you might want to use a VPN.
While this is a pretty interesting feature, it may not be the ideal way to allow VPN connections to your local network. It has some limitations:
- You will need the ability to forward ports from your router.
- You have to expose Windows and a port for the PPTP VPN server directly to the Internet, which is not ideal from a security standpoint. You should use a strong password and consider using a port that isn’t the default port.
- This isn’t as easy to set up and use as software like LogMeIn Hamachi and TeamViewer. Most people will probably be better off with a more complete software package like those two.
Creating a VPN Server
First, you’ll need to open the Network Connections window. The quickest way to open it is to press the Windows key, type ncpa.cpl, and press Enter.
Press the Alt key, click the File menu that appears, and select New Incoming Connection.
You can now select the user accounts that can connect remotely. To increase security, you may want to create a new, limited user account rather than allow VPN logins from your primary user account. (Click Add someone to create a new user account.) Ensure the user you allow has a very strong password, as a weak password could be cracked by a dictionary attack.
Select the Through the Internet option to allow VPN connections over the Internet. You can also allow incoming connections over a dial-up modem, if you have the dial-up hardware.
You can then select the networking protocols that should be enabled for incoming connections. For example, if you don’t want people connected to the VPN to have access to shared files and printers on your local network, you can uncheck the File and Printer Sharing option.
Click the Allow access button and Windows will set up a VPN server.
If you want to disable the VPN server in the future, you can delete the Incoming Connections item from your Network Connections window.
You will now need to log into your router’s setup page and forward port 1723 to the IP address of the computer where you set up the VPN server. For more instructions, read How to Forward Ports on Your Router.
For maximum security, you may want to create a port forwarding rule that forwards a random “external port” – such as 23243 – to “internal port” 1723 on your computer. This will allow you to connect to the VPN server using port 23243, and will protect you from malicious programs that scan and attempt to automatically connect to VPN servers running on the default port.
You can also consider using a router or firewall to only allow incoming connections from specific IP addresses.
To ensure you can always connect to the VPN server, you may want to set up a dynamic DNS service like DynDNS on your router.
Connecting to Your VPN Server
To connect to the VPN server, you will need your computer’s public IP address (its IP address on the Internet) or its dynamic DNS address, if you set up a dynamic DNS service above.
Use the Connect to a network option in Windows and enter your computer’s public IP address. Provide the username and password you created to log in.
For more instructions on connecting, read How to Connect to a VPN on Windows.
Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.
- Published 02/3/13