The method of establishing VPN under DOS (CMD) _ Server

Source: Internet
Author: User
Source: Guardian Angel ' S Blog

1. Premises
Windows Firewall stop in service (or trouble spots can be router protocol, port 1723 to go with)
The Remote Registry service must be open
The server service must be turned on
Router routing service must be turned on

Two or more network card Win2000 VPN is very convenient, after adding NAT protocol, client dial-in, can use remote network to connect to the Internet. So that some clients can improve the speed of the network, and to achieve the role of agents.

The winxp,win2003 of a network card is still very convenient to do similar VPN, after the NAT protocol is added, add two additional interfaces, one is local connection, one is internal, set local connection is full forwarding, internal is private mode, can let the user with permission to dial in.

A network card Win2000, do a similar VPN is inconvenient, Nat protocol added, and then add interface, can only add on the local connection, the interior does not allow the addition of graphical interface, see the netsh dump >c:\1.txt after the attempt in the Netsh command to add an internal interface, through. command is: Netsh routing ip nat add interface internal private

Here are some common commands:

netsh ras set user username permit//Set user authorization, the user cannot be TsInternetUser support_388945a0 etc.

netsh ras ip set addrassign pool//Set static address pool mode

netsh ras ip add range 10.0.0.1 10.0.0.100//Set the static pool scope to use a standard LAN address to avoid future address forwarding errors when accessing the Internet.

netsh routing ip NAT install//Add NAT protocol

netsh routing ip nat add interface local connection full//Add NAT interface local connection all forwarding

netsh routing ip nat add interface internal private//Add NAT excuse for internal proprietary mode

IGMP can also be configured in netsh with a long command line:

netsh routing ip igmp install

netsh routing ip igmp add interface internal IGMPPROTOTYPE=IGMPRTRV2 ifenabled=enable robustvar=2 startupquerycount=2 startupqu eryinterval=31 genqueryinterval=125 genqueryresptime=10 lastmemquerycount=2 lastmemqueryinterval=1000 Accnonrtralertpkts=yes

netsh routing ip igmp add interface name= "Local Area Connection" Igmpprototype=igmpproxy ifenabled=enable
If you already have an interface before you configure it, you must first remove:

netsh routing ip IGMP delete interface internal//similar

The Routing and Remote Access service records a lot of information in the system, security journal, such as IPSec, login information.

Modify the registry to avoid:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters

ProhibitIpSec "=dword:00000001

Hkey_local_machine\system\currentcontrolset\services\remoteaccess\parameters

Loggingflags "=dword:00000000

Now in addition to login information, ipsec,remoteaccess warning, has not been recorded.

----------------------------------------

There is also worth mentioning is the establishment of a good VPN, usually using the PPTP protocol, tcp1723 Port, if we are in the IP policy of the network card added tcp1723 of the allowable entry, can basically dial in. Why is it basic, because PPTP has a ip47 protocol in addition to tcp1723, and unlike TCP, which is different from UDP, this protocol is important for authentication. If the firewall on the network is cut off, there will be a problem that dial-up-> user authentication-> not be disconnected by authentication.

When the VPN is configured, it also needs the support of the Remoteregister service, which can be turned off after establishment.

Workstation, SERVER,RPC is also required at the time of configuration.

----------------------------------------

After the test, the entire command line establishes the VPN, the Rrasmgmt.msc does not appear the concrete configuration information. In other words, only look at the network Connection folder to see a dial-in connection. Seemingly concealed, compared to the deuce.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.