If you're out and about and connecting to free wireless hotspots on a regular basis, you probably are — or should be — thinking about protecting yourself with a virtual private network (VPN). You probably use VPN to connect to your work network when you are working remotely, but perhaps you are looking for a way to protect your activity when you aren't working, or when you don't have a work-provided offering.
VPN creates a tunnel, and all your network and online activity travels through it. From the point of view of someone else sniffing around on the same network, your activity is hidden because it is inside that tunnel. Furthermore, all your data is encrypted, giving you another level of security.
You have a few options when it comes to VPN. You can try out a VPN service, which creates a tunnel from its servers to your computer. Once you are connected to the service's servers, you are using the service's VPN network for the rest of your online session. Not only is your connection encrypted, you are also hiding your geographic location from the website owners.
Alternatively, you can check out third-party VPN software, such as Comodo and LogMeIn Hamachi, to easily create secure connections between computers.
Another alternative is to set up your own VPN and control your own online destiny.
There are two types of VPN connections: Incoming and outgoing. An outgoing session means the user is using the computer to remotely connect to some other network or machine, as may happen when the user is accessing a work computer. If you have a wireless router at home that supports VPN, you can set up an outgoing connection from your laptop to connect to the router and get access to your media server, your home computer, and other devices on your home network remotely.
An incoming session means other machines can access your machine. Think carefully before you grant access to your computer. One scenario where this makes sense is if you have a lot of media files or documents on the computer that people need to be able to access at any time.
It is straightforward to set up either type of connection using the built-in VPN client in Windows 7.
Outgoing VPN: Connecting to a VPN server or router
Step 1. In the Network and Sharing Centre (under Control Panel, Network and Internet), there is an option to "Set up a new connection or network." The next step is to click on "Connect to a Workplace" in order to start the connection wizard, and then select "Use my Internet connection (VPN)" option to begin the process. If you have a 3G card installed, first of all you may see a prompt to use the 3G card instead of creating a "new" connection. In this case, you want the "new" connection so that you can use your existing Internet connection (yes, it's a little confusing).
A far easier way to get to this point is to click on the Start button and type "VPN" in the search box. It will jump straight to the "Set up a virtual private network (VPN) connection" window in the wizard.
Step 2. In the Internet address field, enter the IP address of the VPN server or the network's domain name. This information will usually be provided by the network administrator. If you are connecting to the home router, then you would put in the IP address of that router.
The destination name field displays the name users would see. If you aren't going to connect right away, tick the "Don't connect now; just set it up so I can connect later" box.
Leaving it unchecked means the client will try to make a connection at the end of the wizard. If there are multiple users on the Windows 7 box, you can either tick "Allow other people to use this connection" to make the VPN connection available to others, or leave it unchecked to ensure no one else has the option.
Step 3. The next screen asks for a username and password. If you leave it blank, you will be prompted to enter the information when making the actual connection.
Step 4. The final window, if you selected "Don't connect now," will display a "Connect now" option. You can close the window now, or connect.
When you are ready to connect, just click on the network icon in the system tray (the icon could be for the wireless network or for the wired one) and the connection that was created earlier will show up in the list under "Dial-up and VPN." You can also get here by clicking on "Connect to a network" under the Network and Sharing Centre.
Step 5. In the VPN connection box, enter the username and password to the VPN network, if it isn't already pre-populated, along with the domain provided by the administrator. This connection should work for a majority of VPN networks.
Step 6. If the connection fails, click on Properties. The most common issue pertains to the server configuration. Select the "Security" tab in the Properties window. The "Type of VPN" should be set to Automatic. Check with the administrator if it should be set to PPTP, L2TP/IpSec, SSTP, or IKEv2. If it still doesn't work, it's possible you should uncheck "Include Windows logon domain" under the Options tab.
Step 7. After saving the properties, select Connect to launch the connection. You are now connected to a VPN server and your connection is safe.
Incoming VPN: Letting other computers connect to you
Step 1. Before you can set up the incoming VPN connection, first off you need to configure your network router so that it knows which computer it has to forward all VPN traffic to. Log in to the router's control panel — this is usually as simple as opening up a web browser and typing in 192.168.1.1 (or whatever IP address your router has) — but refer to the router's setup instructions from the manufacturer for more details.
Once you are in the router's control panel, configure port-forwarding or virtual server settings so that port 1723 has the IP address of the Windows computer you are setting up VPN on. You can always get the IP address of the Windows computer by typing ipconfig at the command prompt.
By default, most routers have PPTP or VPN pass-through options enabled in firewall settings. It's worth checking to make sure this is turned on before closing the router settings page.
Step 2. Once the router is configured, open up the Network and Sharing Centre (under Control Panel, Network and Internet) on the Windows 7 computer that will accept incoming VPN connections. Look for the sub-heading "Change Adapter Settings" on the left-hand side of the screen. You can also get to this window by typing "Network and sharing" from the search bar under the Start menu.
Step 3. In the "Change Adapter Settings" windows, you will see adapters showing wireless connections you've already configured on the computer, VPN connections, and the regular network adapter that is installed on the computer. Click on the File menu and select "New Incoming Connection." If you don't see the File menu, hit ALT-F to open the menu.
Step 4. Select all the user accounts that can access this computer. You can even create new accounts using the "Add someone" option.
Step 5. After selecting the users, you will be asked how people will connect to the computer. Select the "Through the Internet" checkbox.
Step 6. In the next window asking about network protocols, most people will just need to set up the TCP/IPv4 connection. If your computer is on an IPv6 network, or if you know users will be coming in via IPv6, then you can enable that as well. You should make it a point to uncheck (turn off) "File and Printer Sharing" as keeping it enabled will allow the remote user to access other resources on the network. If you do want the remote guest to be able to jump from your computer to another, or to use the printer, then keep it turned on, but think carefully before making that decision.
Step 7. You will see a confirmation message that the incoming VPN connection has been created, with the name of the computer the remote user will need. The remote user will enter that computer name when creating the outgoing VPN connection on their own computer.
If you go back to the adapters list in "Network Connections," you will now see the connection that you just created, and the message "No clients connected." When remote users connect successfully, this message will change.
And that's it! Now you can have remote users connect to your computer securely, and you can create secure VPN connections to other computers as well.