Creating a VPN


Connecting to the office network using a VPN on your home machine rather than one supplied by OCTO could run a risk of transferring a virus if your machine is not sufficiently well maintained.  At the very least you should have a reputable anti-virus package running, and up to date, and have all Windows updates applied as well.

If you have doubts about this, I am happy to advise, and can supply suitable anti-virus software.

How to create a VPN in Windows XP

Before starting, check with Paul or Patrick that you are a member of the VPNusers group, which gives you permission to connect using a VPN - otherwise your attempts to connect will be rejected by the server.

VPN software is built into Windows, so nothing needs to be installed. The instructions below are for Windows XP; if you have Vista, there will be differences in detail, but the general idea is the same - however, I don't have a copy of Vista to check the instructions against.

To install the VPN, you need to run the New Connection Wizard; there are several ways to get to this, but the one that should be possible on all computers is the following sequence:

Open Control Panel
Open Network Connections
Open New Connection Wizard

Now go through the following steps:

Click Next
Select Connect to the network at my workplace and click Next
Select Virtual Private Network connection and click Next
Type (for instance) OCTO VPN and click Next
Type and click Next
Select My use only and click Next
Select Add a shortcut to the desktop and click Finish

Now you can double-click the icon to connect a VPN; you use the same name and password as for your normal login in the office. It is bad practice to tell it to remember the password!

When you have connected successfully, a small networking icon should appear in the task bar (the one supposedly representing two screens); if you right-click on it, you have a menu which includes the option to disconnect.

Optional refinement

The type of VPN used by default is called PPTP.  Sometimes this is blocked, either because it is considered insecure (there was a security problem that was fixed over ten years ago), or because of a technical limitation that makes it largely unusable through some types of firewall. 

To avoid this block, should it occur, you can do the following to change the default type of VPN that will be used to L2TP:

Double-click the OCTO VPN icon (or whatever you called it)
Select Properties (instead of Connect)
Select the Security tab
Click IPSec settings...
Select Use pre-shared key for authentication
Type the key: OCTOlogyL2TP
Click OK
Select the Networking tab
In the Type of VPN field, select L2TP IPsec VPN from the dropdown
Click OK

If you omit the last change, leaving "Type of VPN" as Automatic, the VPN will attempt to use PPTP first, and then L2TP if that fails.  This may cause the connection to take longer to set up, but allows for the (much more rare) situation in which the L2TP type of VPN is blocked.

Using a MAC with OS X 10.5 (Leopard) or 10.6 (Snow Leopard)

From the Apple menu, select System Preferences... . When the System Preferences window opens, from the View menu, select Network.

Near the bottom left corner of the Network window, click + (plus sign). In the sheet that appears, next to "Interface:", choose VPN. Next to "VPN Type:", choose L2TP over IPSec. Click Create.

Note: If you can't click + (plus sign), click the padlock icon next to "Click the lock to make changes". Enter the password for an administrator account on your Mac, and then click OK.

In the "Server Address:" field, enter:

In the "Account Name:" field, type your Windows login username.

Click Authentication Settings... . In the "User Authentication" section, make sure Password is selected, but do not enter your password (it is bad practice to remember the password here).

In the "Machine Authentication" section, make sure Shared Secret is selected, and in the field type: OCTOlogyL2TP
Click OK.

Click Advanced... . Under the Options tab, make sure Send all traffic over VPN connection is checked, and then click OK.

Click Apply.

To make a VPN connection, click Connect.

To display a small VPN icon in the upper right corner of your screen, leave Show VPN status in menu bar checked. You can then click this icon and select from several options in the pull-down menu, rather than having to access VPN options from System Preferences.

Using a MAC with OS X 10.3 (Panther) or 10.4 (Tiger)

From your Applications folder, open Internet Connect.

When the program opens, from the File menu, select New VPN Connection. On the sheet that drops down, select L2TP over IPsec, and then click Continue.

In the "Server Address:" field, enter:

In the "Account Name:" field, type your Windows login username.

Next to "Configuration:", select Edit Configurations... . In the sheet that appears, next to "Save As:", type a descriptive name such as "OCTO VPN". Click Save.

In the sheet that appears, make sure the descriptive name you just saved is selected under "Configuration". Make sure Shared Secret is selected, and in the field type: OCTOlogyL2TP

Click OK.

To make a VPN connection, click Connect.

