Chapter 10. Security
10.2.2. PPTP
The Point-to-Point Tunnelling Protocol (PPTP) is used to create client-to-server Virtual Private Networks (VPNs) and was developed
by the PPTP Forum, an industry group which included Microsoft and several other companies. A VPN is a private network of
computers that uses the public Internet to connect some nodes. PPTP allows users to connect to their corporate networks across the
Internet.
Microsoft’s PPTP implementation is widely used in the Windows world to provide remote access across the Internet. If you have a
remote Windows system (for instance, a laptop or a home computer) that has access to the Internet, you can also access the
information stored on your server.
If you wish to enable VPN access, you must decide how many individual PPTP clients you will allow to connect to your server
simultaneously, and enter that number here. The simplest method is to enter the total number of remote PPTP clients in your
organization. Alternatively, if you have a slow connection to the Internet and do not want all of those PPTP clients to connect at the
same time, you can enter a lower number here. For instance, if you have five users who from time to time use PPTP to connect
remotely, entering 5 here would allow all of them to connect at any time. Entering 2 would only allow two users to connect at any
given time. If a third user tried to connect, he or she would receive an error message and would not be able to connect until one of the
other users disconnected. If, on the other hand, you entered 0 , no PPTP connections would be allowed.
After you enter a number and press Save, the server should be ready to accept PPTP connections.
To connect using PPTP, the protocol must be installed on each remote Windows client. Typically, this is done through the Network
Control Panel (you may need to have your original Windows installation CD available). After it is installed (a reboot of your
Windows system may be needed), you can create new connections through the Dial-Up Networking panel by entering the external IP
address of the server you wish to connect to. Once you’re finished, you should be able to initiate a PPTP connection by
double-clicking the appropriate icon in the Dial-Up Networking window. When you then open up your Network Neighborhood
window, you should see your server workgroup listed there.
Note: Your connection to the Internet needs to be established first before you initiate the PPTP connection. This may involve
double-clicking one Dial-Up Networking icon to start your Internet connection, then double-clicking a second icon to start the PPTP
connection. To shut down, disconnect your PPTP connection first, then disconnect from your ISP.
Warning
To protect your network, the SME Server V5 with ServiceLink enforces the use of 128-bit encryption for PPTP
connections, rather than the 40-bit encryption provided in earlier versions of Microsoft’s PPTP software. If you are unable
to establish a PPTP connection to your server, you should visit http://windowsupdate.microsoft.com/ and download the
appropriate update. Due to the dynamic nature of Microsoft’s web site, the page may appear differently depending upon
the version of Windows you are using. In most cases, you will want to look or search for Virtual Private Networking or a
Dial Up Networking 128-bit encryption update. You may need to install the 40-bit encryption update first, and then install
the 128-bit encryption update. Note that with Microsoft’s ActiveUpdate process, if you are not presented with the choice
for this update, it is most likely already installed in your system.
65