NAS Technology Consulting

Configure Win7 Corporate VPN to Secure Public WiFi Browsing

May 31st, 2011
  • Posted By: Nick Shertzer
  • Comments Off on Configure Win7 Corporate VPN to Secure Public WiFi Browsing

The following are instructions on setting up a VPN connection to a corporate office specific to Windows 7.  In addition, the end of the article includes usage information on securing your web browsing when using public WiFi hotspots.  Using a VPN can encrypt passwords, web browsing, email, banking, etc, when connected and checked “use default gateway on remote network”.  This added security comes at the expense of increased network overhead and possibly slower browsing / download speeds.  The following instructions can be used by any of my offices running Windows server with modification to the line Internet Address: mail.YOURCOMPANYNAME.com.  If you do not know this information, contact me. If you do not have access to a corporate VPN, you can use any number of for pay services (and some free). Check out LifeHacker’s Top 5 VPN Services or just skip to the voter favorite WiTopia.

Click – StartControl PanelNetwork and InternetNetwork and Sharing Center –

networksharingcenter1

choose “Set up a new Connection or network”

Choose a connection option: “Connect to a workplace” –  NEXT

(Optional path depending on configuration; don’t worry if you do not get this step) Do you want to use a connection you already have?:  “No, create a new connection” – NEXT

How do you want to connect?:  “Use my Internet Connection (VPN)”

Type the Internet address to connect to:  Internet address:  mail.YOURCOMPANYNAME.com  Destination Name: YOURCOMPANY VPN – NEXT

Type your username and password:  These are you corporate office windows log on credentials.  This is the same username and password you use to unlock your work computer. – CREATE

connectvpn

Left click the networking icon next to the system clock.  This brings up your connection menu.  Before now, you may have used this location to connect to various WiFi networks.  Now you should see another section for VPN connection.  You can connect VPN from here and begin using Remote Desktop Connection or map network drives.  Simply hit connect, enter username and password (again) and hit connect.  The connection window will disappear to the networking icon next to the system clock.  Left click again to bring up the disconnect menu.


Securing all traffic with encryption vs faster web browsing while connected to remote desktop

In addition to the initial set up of the VPN, you can configure the advanced TCP/IP v4 options to not use the remote network default gateway.  This option will speed concurrent web surfing / streaming along side of Remote Desktop Connection by only tunneling communications to the corporate office that are bound for the corporate local LAN.  Any traffic bound to the the rest of the Internet WAN will be sent out your default network adapter and NOT ENCRYPTED.  You may choose to skip the following steps and leave “Use Default Remote Gateway” checked.  This will encrypt and tunnel ALL traffic through the office ISP connection.  In layman’s terms, un-check the box for normal at home use of Remote Desktop; CHECK the box (and always use VPN) when connected to a free WiFi hotspot such as a coffee shop.  I often times switch this setting depending on my use scenario.

connecttonetwork

Right click your newly created VPN and choose Properties.

vpnoptions

Click the Options Tab as now is a good time to make the following changes:  Redial Attemps “99”; Time Between “1 sec”; check “redial if line is dropped”

vpn-properties-advanced

Find the Advanced tab.  Highlight “Internet Protocol Version 4” and click “Properties”

tcpipproperties

Leave defaults on TCP/IPv4 properties page to obtain automatically.  Just click “Advanced”

advancedtcpip

UNCHECK “use default gateway on remote network” to force only remote desktop to use the VPN connection.  This will let you, for instance, stream Pandora radio on your home laptop while connected to remote desktop in another windows.  Basically, it is a speed boost while using remote desktop.

CHECK “use default gateway on remote network” to force all network communication to be encrypted and sent through the office Internet connection.  This option is important to secure all web browsing, bank transactions, email passwords, etc, when using a public open wifi such as at a coffee shop.  You do not have to use remote desktop to get the added security protection when this option is checked.  Web browsing speed may be slower due to overhead of sending all traffic through the office VPN connection.

0 Comments