Virtual Private Network

**Aaron Elliott** · Dec 6th, 2000, 12:58 PM

does anyone know how to incorporate a virtual private network (VPN) into a Visual Basic probram? Also, if this can be done, is there a way that we can not allow them access to the network, and solely use this VPN for the program?

**kurtsimons** · Dec 6th, 2000, 01:50 PM

If you set up a VPN connection that does not log them into the domain... only gives them a new IP address and a new route... TCP/IP allows the computers (your programs) to talk each other but does not give the VPN user any domain permissions.

have the network admin. set up an account for vpn use but don't allow computers to log into the network or give that user no access to anything.

Of course I assume you planned on communicating via winsock and the ms winsock control

**Aaron Elliott** · Dec 6th, 2000, 03:07 PM

kurt:

well the thing is that the program i'm working on is a voice over ip program, like microsoft messenger, and i need to just be able to add the user, and have it route to the person automatically when they wish to call the person behind the lan. maybe vpn isn't even the way to go, i'm totally lost here.

**kurtsimons** · Dec 7th, 2000, 12:23 AM

You are actually writing the voice over IP?
- would love to see some basic code..

anyway

you have a problem. The remote computer is behind a firewall. You can only get to it by getting into the lan. Who is in control of the LAN? Is it a company?

A normal company would not be willing to do anything to help you. VPN is something they set up for you to dial in. (just like a phone connection only using the speed and accesabilily of the internet)

The best way to do it would be to tell the remote computer where your computer is and have it create a connection with you. (assuming you are not behind a firewall)

This is also assuming that the remote computers network allows for "direct" internet routes, hense does not require the internal computer to get out via the use of a proxy or a socks server.

Tell me more

**Aaron Elliott** · Dec 7th, 2000, 08:15 AM

well kurt, to explain my problem in a little more detail, when an external user an a person behind the lan connect for a phone conversation (doesn't matter who connects to who) the person on the external machine can hear what the person inside the lan is saying, no problem at all. the problem is that when the external user tries to talk back, the person inside the lan can't hear him. this is because the external user is sent the internal ip of the machine on the lan, and when he speaks, the voice data doesn't know where to go, because of course it cannot find that ip (like trying to ping a computer on the lan from outside, which isn't neccessarily a firewall problem, more that the internal ip is "hidden" by the external ip of the lan). in theory, all we would have to do is send the data to the external ip, and from there have it routed to the appropriate computer. sounds simple. it's not. i didn't actually do the programming for this, which makes it even harder. i'm new to the company, and this was the first task put in front of me...i'm right out of college, by the way.

**Aaron Elliott** · Dec 7th, 2000, 08:20 AM

also, the lan is owned by whoever buys the software, i got to get something that will work with any lan.

**kurtsimons** · Dec 7th, 2000, 08:56 AM

If the computer behind the firewall connects to you. The communication path should be all set. I am not at your level of programming (its only 1/2 a job but mostly a hobby)

When the computer behind the lan connects to you... you receive the IP address of the router (gateway) that send the packet from the lan to the internet. The address of the internal computer is not relevant unless you are trying to connect back to it rather than send data back on the same connection.

I guess I don't understand where you are getting the internal address from. (or how) its is coming from the applicatiion behind the lan or is "your" computer figuring this out by looking at the TCP/IP connection that has been established

do you know about the dos command
NETSTAT -P tcp

this will show you the remote addresses of all tcp connections to your system

**Aaron Elliott** · Dec 7th, 2000, 10:18 AM

see connection isn't really the thing because we are using udp for the connection. the connection can be made, but when it does, the server "backs off" and creates a peer-to-peer network between the two computers. this is called the taggorant theory. this is when tcp takes over for the actual conversation.

a client outside the lan gets internal address (the ip address of the actual individual computer on the lan) from an array from the server. say if your outside, and i'm inside the lan, and i come online, the server sends you the array with my name, email, and internal ip address. when you click on me to dial me, it doesn't find me because it looks for that ip address, instead of looking for my external (or the ip address of the lan), and from there route to my computer.

**Aaron Elliott** · Dec 7th, 2000, 10:21 AM

kurt: you on icq or messenger?

**Edneeis** · Dec 7th, 2000, 12:14 PM

Actually this is pretty interesting stuff it'd be nice if you could keep public.

**Aaron Elliott** · Dec 7th, 2000, 12:41 PM

ed: i have no problem with that...just wish i could get this licked. i'm about to try ppp and pptp to set up the virtual network. i'll post results.

**kurtsimons** · Dec 8th, 2000, 08:03 AM

------------------------

I think you may be over my head. If you were someone using the mswinsock control to send data I would tell you there is no need what so ever to establish a PPP or PPTP connection inorder to make this work (unless both computers were behind fire walls, naturally)

I guess I don't understand why the client can't establish a connection direct with the server, and then if it needs to make a second connection to receive data on.

ICQ, net2phone etc all connect from client to server, they don't ask the server to dial into their network?!?!?

Like I said... if this is the way it needs to be done... Its over my head

- kurt

[Edited by kurtsimons on 12-08-2000 at 07:17 PM]

**Aaron Elliott** · Dec 8th, 2000, 08:04 AM

maybe i'm going too in depth with this...does anyone know if you can do this with winsock, or something else?

**Aaron Elliott** · Dec 8th, 2000, 08:16 AM

still working on the ppp

**Aaron Elliott** · Dec 8th, 2000, 10:35 AM

just wanted to send a big thank you out to kurt for his help thusfar. i feel closer to getting this now than ever.

thanks buddy!

**Vince McMullin** · Dec 11th, 2000, 03:19 PM

Aaron I would like to know if you have found anyways of figuring out this VPN idea?

I too am looking to obtain information on getting through firewalls and using VPNs....

Thanks for any comments in advance

**Aaron Elliott** · Dec 12th, 2000, 08:15 AM

vince,

don't think vpn is the way to go, probably tcp. because, as kurt has told me, tcp can trace back over itself when the initial connection has been made. but as far as the firewall goes, i think the ports have to be open on the firewall itself, and some network admins would get pissed. unfortunately this tcp idea isn't practical for me, because it would mean a massive rewrite, and i don't have time. i need to find a way to get tcp to open the udp ports, if this is even possible, and have them closed when the connection is ended. not sure if this will work either. getting very frustrated!

Thread: Virtual Private Network

Thread Tools

Display

vpn

vpn

vpn

vpn

vpn

vpn

Posting Permissions