ET Phone Home
with the Point to Point Tunneling VPN Protocol
and Cisco's Small Business Routers
OK, Small Business Owners (and anybody with a sophisticated network in their home).... listen up!
Prominent links on this page contain detailed multimedia
instruction that will help you configure your private network for remote access
using a "Virtual Private Network" (VPN) based on the "Point To Point
Tunneling Protocol" (PPTP).
When you're out on the road, wouldn't you like a free, secure, powerful connection -- ALL THE WAY -- into the interior of your LAN, as if you could bypass your router, so that you could see and access EVERYTHING exactly as if you were in the office? (I'm not just talking about accessing one computer here: I mean all of your networked printers, your file servers, your router configuration menus, your print servers, your ftp servers, your web servers, your SAMBA shares; EVERYTHING! And wouldn't it be especially sweet if you could have this kind of powerful access even if your main computers were switched off? And what if you could use public email with confidence, even across a public WiFi connection, knowing that your local traffic was encrypted to hide it from prying eyes within range of the wireless network?)
You know you want this, but it had better be safe. We wouldn't want to give unauthorized or unidentified people this kind of access.
Well, it is possible, using -- "VPN" -- or -- "Virtual Private Network" -- technology.
There are basically two kinds of VPNs:
1 of 2: "Site to Site" VPNs that can merge two entire LANs, for all of their users simultaneously, across the worldwide Internet permanently, or for a long period of time, and:
2 of 2: "Remote Access" VPNs that allow individual, remote computers to access all of the resources of a single LAN during a single, authenticated work session.
Today, I will be talking about that second option: a "Remote Access" VPN.
The technology for Remote Access VPNs is dominated by Microsoft's implementation of the "Point To Point Tunneling Protocol", or -- "PPTP". This is a set of rules -- a kind of gentleman's agreement -- under which data streams can be automatically encrypted and decrypted, on-the-fly as needed, for safe transport across the worldwide Internet.
PPTP is NOT perfect; various security flaws have been found that significantly diminish the work an attacker would need to expend to bypass it. It will never be strong enough for military or banking use, or to protect against dedicated attackers that are intent on capturing highly valuable data. But if it is properly configured and appropriately managed, then routine observers, passersby, and casual attackers will conclude that your traffic is far harder to figure out and compromise than almost anybody else's. You won't look like an easy target, and you'll be left alone by anybody that isn't specifically after you. Only you can be the judge of the security you need, but for many people, carefully managed PPTP has proven to be -- "good enough".
....And it's readily available. Every version of Microsoft Windows since late 1985 has included a free -- "PPTP Client" -- that gets you halfway there, so if you're on the road with a Microsoft Windows laptop or similar computer, you won't need to pack any special equipment. Free PPTP clients are also available for Macintosh, LINUX, and Android equipment.
The other half of a PPTP setup requires a -- "PPTP Server" somewhere in the LAN of your small business or home. Various free PPTP servers are available.
Working together, a PPTP client and a PPTP server automatically route, transmit, receive, encrypt, and decrypt your Internet traffic back and forth, applying it to your LAN as if all of it had originated there.
One of the best and most convenient setups is to buy a router that has a PPTP server permanently burned into its firmware. That way, even if some or all of your main computers are switched off, you can still get into (and out of) your LAN as long as your router is on.