VPN Instructions

Exchange Hosting Service provides a VPN (Virtual Private Network) capability, so you can connect to the servers through VPN if you choose.

Using VPN requires the use of a HOSTS file, and it requires a customized vpn HOSTS file which is slightly different from the general one. See: HOSTSfileinstructions-vpn.htm

Using VPN also requires a modification to the Connectivity Test. You will need to follow the VPN Instructions and create the VPN connection before doing the ping test. The VPN must be connected for the ping test to work.

The software for making a VPN connection is included in Windows XP and Windows 2000. Earlier versions of Windows require the installation of additional software to support VPN. Contact us for additional information if you are using an older version of Windows.

If you use a personal firewall or broadband router, or if there are firewalls between the VPN client and the VPN server, TCP port 1723 and IP protocol 47 (GRE) must be enabled on all firewalls and routers that are between the VPN client and the VPN server. By default, most corporate firewalls will prevent VPN connections, and will need to be configured to allow VPN. 

Step 1.

Connecting through VPN requires the use of a HOSTS file. See HOSTS File Instructions for help setting up a HOSTS file on your computer.

This is not optional, in order to successfully connect Outlook to Exchange over the VPN, you must use a hosts file, and the hosts file must be configured for VPN use, as shown in our hosts file instructions.

In the hosts file instructions, make note of the difference between the hosts file for general, non-vpn use and the vpn hosts file. The IP addresses in the vpn hosts file start with 10 instead of 65.

Step 2.

Create the VPN connection. Instructions are provided separately below for Windows 2000 and Windows XP.

Windows 2000

Open Start > Settings > Network and Dial-up Connections >Make New connection. Click Next.

Select “Connect to a private network through the Internet” and click Next. See screen shot.

On the next page of the wizard, if you use a dial-up connection to connect to the Internet, click Automatically dial this initial connection, and then, in the list, click your dial-up Internet connection.

If you use a full-time connection (such as a rotten cable company that blocks your access to port 135), click "Do not dial the initial connection." See screen shot.

On the next page of the wizard, enter VPN.WEBVILLE.NET as the destination and click Next. See screen shot.

 
On the next page of the wizard, select “Only for Myself” and click Next.

Name your VPN connection whatever you like, and choose whether to “add a shortcut to my desktop.” Click Finish to close the wizard.

Don't click Connect just yet. If it asks you whether you want to dial, say no. You need to edit the properties first. Find the connection on your desktop or in Network Connections, right click it and choose Properties, to edit the properties of the new VPN connection.

Click the Networking tab of the VPN connection properties. See screen shot.

Click Internet Protocol (TCP/IP) in the list of components, then click the Properties button. See screen shot.

Click the Advanced button. See screen shot.

This is key. Clear the check box marked "Use default gateway on remote network." You do not want to use the default gateway on the remote network.

Now just click OK 3 times to confirm the changes.

Skip the Windows XP section below and see step 4 at the bottom of this page.

Windows XP

Open Start > Control Panel > Network Connections.

Under Network Tasks, choose Create a New Connection. The New Connection Wizard will appear. Click Next on the wizard's welcome page.

Choose Connect to the Network at my Workplace and click Next. See screen shot.

Choose Virtual Private Network connection and click Next. See screen shot.

Name the connection anything you like and click Next. See screen shot.

On the next page of the wizard, if you use a dial-up connection to connect to the Internet, click Automatically dial this initial connection, and then, in the list, click your dial-up Internet connection.

If you use a full-time connection (such as a rotten cable company that blocks your access to port 135), click "Do not dial the initial connection." See screen shot.

Type VPN.WEBVILLE.NET for the name of the VPN server and click Next. See screen shot.

On the next page of the wizard, select “My use only” and click Next.

Choose whether to add a shortcut to your desktop and click Finish to close the wizard.

Don't click Connect just yet. Click Properties, to edit the properties of the VPN connection.

Click the Networking tab of the VPN connection properties. See screen shot.

Click Internet Protocol (TCP/IP) in the list of components, then click the Properties button. See screen shot.

Click the Advanced button. See screen shot.

This is key. Clear the check box marked "Use default gateway on remote network." You do not want to use the default gateway on the remote network.

Now just click OK 3 times to confirm the changes and you should be all set.

Step 3.

Initiate the VPN connection. The VPN connection needs to be established before you start Outlook. It needs to remain established the entire time Outlook is running, if you're working in the online mode, (not offline). Use the same username and password for the VPN connection that you use for your mailbox. 

Step 4.

Verify the VPN configuration with a ping test. To verify your configuration, start the VPN connection and try the ping test. Click here for instructions on using ping to test a connection. Ping Shelley3 when your VPN connection is active and you should get replies from 10.115.231.153 not 65.115.231.153.

If you get replies from 65.115.231.153, then your HOSTS file is not configured correctly, and your system is continuing to use the external address of the server instead of the internal (vpn) address. This would mean you need to go back to step 1, and fix your HOSTS file.

If you get replies from 10.115.231.153, then go to step 5.

Step 5.

Theoretically, this step should not be necessary, but a number of people have needed to create a new profile at this point. Their old profile won't work, but a new profile will.

While connected to VPN, start the profile wizard and create a new Outlook profile. Hitting the check name button is the critical moment. If that works, you should be good to go.

See Outlook Profiles for the steps to create an Outlook profile. Follow the instructions for creating a traditional profile, not RPC-over-HTTP.

References

This How To article from the Microsoft Knowledge Base contains many details and troubleshooting steps which you may find useful:

HOW TO: Configure a Connection to a Virtual Private Network (VPN) in Windows XP

 

Thank you for your patience.

 

 

 

Copyright 2007, Webville Networks. All rights reserved.
This page updated: 03/06/07