XP Remote Desktop over VPN problem

OS: XP Pro V2002 SP2.
Trying to use XP Remote Desktop within VPN (using XP inbuilt VPN
Client/Server) between two standalone PCs. Each work fine on their own ie.
VPN connects OK or RDT connects and works OK, but once I setup VPN connection
and try and run RDT over it, it fails to connect. I have used this solution
successfully between two XP PCs, but with domains defined (using Computer
Name in the RDT Connection 'Computer:' field). The PCs I have the problem
with both have a workgroup defined, not domain, (Windows default of
WORKGROUP). I have tried both the Computer Name and the hostname, neither
work.
Can anyone help with a solution?

When you connect with the VPN can you ping the target Remote Desktop (RDC)
host PC by IP?

Note that if the PPTP VPN server network and the remote network your
accessing the server on are using the same address scope, ie. both in the
192.168.0.X range for example, you will have trouble connecting to the RDC
host. Its a good idea for the server network and the remote network to be in
different address ranges, ie. PPTP VPN server on 192.168.0.X and the remote
client on 102.168.1.X for example. Note the third octet.

--

Al Jarvi (MS-MVP Windows – Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

"Stew" <Stew@discussions.microsoft.com> wrote in message
news:298A9DFF-AF45-4A7F-9C07-507A6944691D@microsoft.com...
> OS: XP Pro V2002 SP2.
> Trying to use XP Remote Desktop within VPN (using XP inbuilt VPN
> Client/Server) between two standalone PCs. Each work fine on their own ie.
> VPN connects OK or RDT connects and works OK, but once I setup VPN
> connection
> and try and run RDT over it, it fails to connect. I have used this
> solution
> successfully between two XP PCs, but with domains defined (using Computer
> Name in the RDT Connection 'Computer:' field). The PCs I have the problem
> with both have a workgroup defined, not domain, (Windows default of
> WORKGROUP). I have tried both the Computer Name and the hostname, neither
> work.
> Can anyone help with a solution?
>

Correction..."client on 192.168.1.X for example. Note the third octet."

--

Al Jarvi (MS-MVP Windows – Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375


The last should read .... "
"Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> wrote in message
news:C296F5BB-DF82-499D-9CD5-639C965DE4A7@microsoft.com...
> When you connect with the VPN can you ping the target Remote Desktop (RDC)
> host PC by IP?
>
> Note that if the PPTP VPN server network and the remote network your
> accessing the server on are using the same address scope, ie. both in the
> 192.168.0.X range for example, you will have trouble connecting to the RDC
> host. Its a good idea for the server network and the remote network to be
> in different address ranges, ie. PPTP VPN server on 192.168.0.X and the
> remote client on 102.168.1.X for example. Note the third octet.
>
> --
>
> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
> How to ask a question
> http://support.microsoft.com/KB/555375
>
> "Stew" <Stew@discussions.microsoft.com> wrote in message
> news:298A9DFF-AF45-4A7F-9C07-507A6944691D@microsoft.com...
>> OS: XP Pro V2002 SP2.
>> Trying to use XP Remote Desktop within VPN (using XP inbuilt VPN
>> Client/Server) between two standalone PCs. Each work fine on their own
>> ie.
>> VPN connects OK or RDT connects and works OK, but once I setup VPN
>> connection
>> and try and run RDT over it, it fails to connect. I have used this
>> solution
>> successfully between two XP PCs, but with domains defined (using Computer
>> Name in the RDT Connection 'Computer:' field). The PCs I have the problem
>> with both have a workgroup defined, not domain, (Windows default of
>> WORKGROUP). I have tried both the Computer Name and the hostname, neither
>> work.
>> Can anyone help with a solution?
>>
>

Correction..."client on 192.168.1.X for example. Note the third octet."

--

Al Jarvi (MS-MVP Windows – Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

"Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> wrote in message
news:C296F5BB-DF82-499D-9CD5-639C965DE4A7@microsoft.com...
> When you connect with the VPN can you ping the target Remote Desktop (RDC)
> host PC by IP?
>
> Note that if the PPTP VPN server network and the remote network your
> accessing the server on are using the same address scope, ie. both in the
> 192.168.0.X range for example, you will have trouble connecting to the RDC
> host. Its a good idea for the server network and the remote network to be
> in different address ranges, ie. PPTP VPN server on 192.168.0.X and the
> remote client on 102.168.1.X for example. Note the third octet.
>
> --
>
> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
> How to ask a question
> http://support.microsoft.com/KB/555375
>
> "Stew" <Stew@discussions.microsoft.com> wrote in message
> news:298A9DFF-AF45-4A7F-9C07-507A6944691D@microsoft.com...
>> OS: XP Pro V2002 SP2.
>> Trying to use XP Remote Desktop within VPN (using XP inbuilt VPN
>> Client/Server) between two standalone PCs. Each work fine on their own
>> ie.
>> VPN connects OK or RDT connects and works OK, but once I setup VPN
>> connection
>> and try and run RDT over it, it fails to connect. I have used this
>> solution
>> successfully between two XP PCs, but with domains defined (using Computer
>> Name in the RDT Connection 'Computer:' field). The PCs I have the problem
>> with both have a workgroup defined, not domain, (Windows default of
>> WORKGROUP). I have tried both the Computer Name and the hostname, neither
>> work.
>> Can anyone help with a solution?
>>
>

The PC I'm remoting into is unmanned (telemetry PC) and uses a Wireless
Broadband modem with dynamic IP address. Often I am using the same config on
my local PC. Therefore the IP addresses are allocated from the ISPs pool and
appear to be across the various Public IP address ranges and I assume have no
control over this (they don't offer a static IP service). I have have just
noted in another thread on another site that VPN allocates it's own separate
set of IP addresses inside of this. They tend to be in the 169.254.x.x range.
I have also just found I can see the client/server addresses at the local end
and can use the server IP address in RDT to connect. However these addresses
seem to be dynamic as well and I was trying to find a way to use a consistent
connection name in RDT (like Computer Name) as I have a number of different
remote PCs to connect into. I tried putting the VPN server IP address in the
HOST file of the remote PC with a text name, but it didn't work.
Fundamentally I'm trying to keep it simple and just wanted to use a hostname
to establish VPN and Computer Name for RDT.

"Sooner Al [MVP]" wrote:

> Correction..."client on 192.168.1.X for example. Note the third octet."
>
> --
>
> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
> How to ask a question
> http://support.microsoft.com/KB/555375
>
> "Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> wrote in message
> news:C296F5BB-DF82-499D-9CD5-639C965DE4A7@microsoft.com...
> > When you connect with the VPN can you ping the target Remote Desktop (RDC)
> > host PC by IP?
> >
> > Note that if the PPTP VPN server network and the remote network your
> > accessing the server on are using the same address scope, ie. both in the
> > 192.168.0.X range for example, you will have trouble connecting to the RDC
> > host. Its a good idea for the server network and the remote network to be
> > in different address ranges, ie. PPTP VPN server on 192.168.0.X and the
> > remote client on 102.168.1.X for example. Note the third octet.
> >
> > --
> >
> > Al Jarvi (MS-MVP Windows – Desktop User Experience)
> >
> > Please post *ALL* questions and replies to the news group for the
> > mutual benefit of all of us...
> > The MS-MVP Program - http://mvp.support.microsoft.com
> > This posting is provided "AS IS" with no warranties, and confers no
> > rights...
> > How to ask a question
> > http://support.microsoft.com/KB/555375
> >
> > "Stew" <Stew@discussions.microsoft.com> wrote in message
> > news:298A9DFF-AF45-4A7F-9C07-507A6944691D@microsoft.com...
> >> OS: XP Pro V2002 SP2.
> >> Trying to use XP Remote Desktop within VPN (using XP inbuilt VPN
> >> Client/Server) between two standalone PCs. Each work fine on their own
> >> ie.
> >> VPN connects OK or RDT connects and works OK, but once I setup VPN
> >> connection
> >> and try and run RDT over it, it fails to connect. I have used this
> >> solution
> >> successfully between two XP PCs, but with domains defined (using Computer
> >> Name in the RDT Connection 'Computer:' field). The PCs I have the problem
> >> with both have a workgroup defined, not domain, (Windows default of
> >> WORKGROUP). I have tried both the Computer Name and the hostname, neither
> >> work.
> >> Can anyone help with a solution?
> >>
> >
>

So your basic connection is like this if you ignore the desktop and laptop
on the VPN servers network. You only have the VPN client and the VPN server
which is also the PC you want to access with Remote Desktop (RDC), right?

http://theillustratednetwork.mvps.or...-HomeUser.html

As far as dynamically assigned IPs from an ISP you could use a service like
No-IP.com to map a fully qualified domain name (FQDN) to the ISP assigned
IP. That way you simply call the remote VPN server or Remote Desktop (RDC)
host PC by the FQDN.

The 169.254.X.X address is not assigned by the VPN or DHCP server. That
simply means the client PC your seeing it on is not getting a valid IP from
the local DHCP server.

If your running the built-in PPTP VPN server on an XP box you can manually
configure what the address is the client will receive. In the case of an XP
box acting as both a PPTP VPN server and the RDC host use the first address
in the example, ie. the From: address. The client gets the To: address.

http://theillustratednetwork.mvps.or...tionsTCPIP.JPG

--

Al Jarvi (MS-MVP Windows – Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375


"Stew" <Stew@discussions.microsoft.com> wrote in message
news:6916C4BF-0A72-4CB5-A030-B601159B9BCC@microsoft.com...
> The PC I'm remoting into is unmanned (telemetry PC) and uses a Wireless
> Broadband modem with dynamic IP address. Often I am using the same config
> on
> my local PC. Therefore the IP addresses are allocated from the ISPs pool
> and
> appear to be across the various Public IP address ranges and I assume have
> no
> control over this (they don't offer a static IP service). I have have just
> noted in another thread on another site that VPN allocates it's own
> separate
> set of IP addresses inside of this. They tend to be in the 169.254.x.x
> range.
> I have also just found I can see the client/server addresses at the local
> end
> and can use the server IP address in RDT to connect. However these
> addresses
> seem to be dynamic as well and I was trying to find a way to use a
> consistent
> connection name in RDT (like Computer Name) as I have a number of
> different
> remote PCs to connect into. I tried putting the VPN server IP address in
> the
> HOST file of the remote PC with a text name, but it didn't work.
> Fundamentally I'm trying to keep it simple and just wanted to use a
> hostname
> to establish VPN and Computer Name for RDT.
>
> "Sooner Al [MVP]" wrote:
>
>> Correction..."client on 192.168.1.X for example. Note the third octet."
>>
>> --
>>
>> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>>
>> Please post *ALL* questions and replies to the news group for the
>> mutual benefit of all of us...
>> The MS-MVP Program - http://mvp.support.microsoft.com
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights...
>> How to ask a question
>> http://support.microsoft.com/KB/555375
>>
>> "Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> wrote in message
>> news:C296F5BB-DF82-499D-9CD5-639C965DE4A7@microsoft.com...
>> > When you connect with the VPN can you ping the target Remote Desktop
>> > (RDC)
>> > host PC by IP?
>> >
>> > Note that if the PPTP VPN server network and the remote network your
>> > accessing the server on are using the same address scope, ie. both in
>> > the
>> > 192.168.0.X range for example, you will have trouble connecting to the
>> > RDC
>> > host. Its a good idea for the server network and the remote network to
>> > be
>> > in different address ranges, ie. PPTP VPN server on 192.168.0.X and the
>> > remote client on 102.168.1.X for example. Note the third octet.
>> >
>> > --
>> >
>> > Al Jarvi (MS-MVP Windows – Desktop User Experience)
>> >
>> > Please post *ALL* questions and replies to the news group for the
>> > mutual benefit of all of us...
>> > The MS-MVP Program - http://mvp.support.microsoft.com
>> > This posting is provided "AS IS" with no warranties, and confers no
>> > rights...
>> > How to ask a question
>> > http://support.microsoft.com/KB/555375
>> >
>> > "Stew" <Stew@discussions.microsoft.com> wrote in message
>> > news:298A9DFF-AF45-4A7F-9C07-507A6944691D@microsoft.com...
>> >> OS: XP Pro V2002 SP2.
>> >> Trying to use XP Remote Desktop within VPN (using XP inbuilt VPN
>> >> Client/Server) between two standalone PCs. Each work fine on their own
>> >> ie.
>> >> VPN connects OK or RDT connects and works OK, but once I setup VPN
>> >> connection
>> >> and try and run RDT over it, it fails to connect. I have used this
>> >> solution
>> >> successfully between two XP PCs, but with domains defined (using
>> >> Computer
>> >> Name in the RDT Connection 'Computer:' field). The PCs I have the
>> >> problem
>> >> with both have a workgroup defined, not domain, (Windows default of
>> >> WORKGROUP). I have tried both the Computer Name and the hostname,
>> >> neither
>> >> work.
>> >> Can anyone help with a solution?
>> >>
>> >
>>

Yes it's just two XP PCs connected to each other with the internet in
between, no private LAN, servers or routers etc. I already use a hostname
service via DynDNS.com to manage the dynamic IP address issue of the remote
PC. So yes I establish the VPN connection by using the FQDN.
But here's the thing, once I've got the VPN tunnel established I thought I
could use the 'Computer Name' to make the RDT connection because this works
with PCs that have a common domain defined in Control Panel/System/Computer
Name. However these PCs actually have no domain but a workgroup defined and
the Computer Name connection method fails.
Why is this so????
If I use the FQDN again in the RDT it also fails. Fyr if I try the latter
with PCs that have identical domains it sets up two parallel paths: 1 x VPN,
1 x RDT and I used a Protocol Analyser to confirm that the RDT traffic is
outside the VPN tunnel ie. it's not encrypted.
Re yor last paragraph... I think this is going to be a good alternate
solution. I'll do some testing and get back to you.

Thanks heaps.

"Sooner Al [MVP]" wrote:

> So your basic connection is like this if you ignore the desktop and laptop
> on the VPN servers network. You only have the VPN client and the VPN server
> which is also the PC you want to access with Remote Desktop (RDC), right?
>
> http://theillustratednetwork.mvps.or...-HomeUser.html
>
> As far as dynamically assigned IPs from an ISP you could use a service like
> No-IP.com to map a fully qualified domain name (FQDN) to the ISP assigned
> IP. That way you simply call the remote VPN server or Remote Desktop (RDC)
> host PC by the FQDN.
>
> The 169.254.X.X address is not assigned by the VPN or DHCP server. That
> simply means the client PC your seeing it on is not getting a valid IP from
> the local DHCP server.
>
> If your running the built-in PPTP VPN server on an XP box you can manually
> configure what the address is the client will receive. In the case of an XP
> box acting as both a PPTP VPN server and the RDC host use the first address
> in the example, ie. the From: address. The client gets the To: address.
>
> http://theillustratednetwork.mvps.or...tionsTCPIP.JPG
>
> --
>
> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
> How to ask a question
> http://support.microsoft.com/KB/555375
>
>
> "Stew" <Stew@discussions.microsoft.com> wrote in message
> news:6916C4BF-0A72-4CB5-A030-B601159B9BCC@microsoft.com...
> > The PC I'm remoting into is unmanned (telemetry PC) and uses a Wireless
> > Broadband modem with dynamic IP address. Often I am using the same config
> > on
> > my local PC. Therefore the IP addresses are allocated from the ISPs pool
> > and
> > appear to be across the various Public IP address ranges and I assume have
> > no
> > control over this (they don't offer a static IP service). I have have just
> > noted in another thread on another site that VPN allocates it's own
> > separate
> > set of IP addresses inside of this. They tend to be in the 169.254.x.x
> > range.
> > I have also just found I can see the client/server addresses at the local
> > end
> > and can use the server IP address in RDT to connect. However these
> > addresses
> > seem to be dynamic as well and I was trying to find a way to use a
> > consistent
> > connection name in RDT (like Computer Name) as I have a number of
> > different
> > remote PCs to connect into. I tried putting the VPN server IP address in
> > the
> > HOST file of the remote PC with a text name, but it didn't work.
> > Fundamentally I'm trying to keep it simple and just wanted to use a
> > hostname
> > to establish VPN and Computer Name for RDT.
> >
> > "Sooner Al [MVP]" wrote:
> >
> >> Correction..."client on 192.168.1.X for example. Note the third octet."
> >>
> >> --
> >>
> >> Al Jarvi (MS-MVP Windows – Desktop User Experience)
> >>
> >> Please post *ALL* questions and replies to the news group for the
> >> mutual benefit of all of us...
> >> The MS-MVP Program - http://mvp.support.microsoft.com
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights...
> >> How to ask a question
> >> http://support.microsoft.com/KB/555375
> >>
> >> "Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> wrote in message
> >> news:C296F5BB-DF82-499D-9CD5-639C965DE4A7@microsoft.com...
> >> > When you connect with the VPN can you ping the target Remote Desktop
> >> > (RDC)
> >> > host PC by IP?
> >> >
> >> > Note that if the PPTP VPN server network and the remote network your
> >> > accessing the server on are using the same address scope, ie. both in
> >> > the
> >> > 192.168.0.X range for example, you will have trouble connecting to the
> >> > RDC
> >> > host. Its a good idea for the server network and the remote network to
> >> > be
> >> > in different address ranges, ie. PPTP VPN server on 192.168.0.X and the
> >> > remote client on 102.168.1.X for example. Note the third octet.
> >> >
> >> > --
> >> >
> >> > Al Jarvi (MS-MVP Windows – Desktop User Experience)
> >> >
> >> > Please post *ALL* questions and replies to the news group for the
> >> > mutual benefit of all of us...
> >> > The MS-MVP Program - http://mvp.support.microsoft.com
> >> > This posting is provided "AS IS" with no warranties, and confers no
> >> > rights...
> >> > How to ask a question
> >> > http://support.microsoft.com/KB/555375
> >> >
> >> > "Stew" <Stew@discussions.microsoft.com> wrote in message
> >> > news:298A9DFF-AF45-4A7F-9C07-507A6944691D@microsoft.com...
> >> >> OS: XP Pro V2002 SP2.
> >> >> Trying to use XP Remote Desktop within VPN (using XP inbuilt VPN
> >> >> Client/Server) between two standalone PCs. Each work fine on their own
> >> >> ie.
> >> >> VPN connects OK or RDT connects and works OK, but once I setup VPN
> >> >> connection
> >> >> and try and run RDT over it, it fails to connect. I have used this
> >> >> solution
> >> >> successfully between two XP PCs, but with domains defined (using
> >> >> Computer
> >> >> Name in the RDT Connection 'Computer:' field). The PCs I have the
> >> >> problem
> >> >> with both have a workgroup defined, not domain, (Windows default of
> >> >> WORKGROUP). I have tried both the Computer Name and the hostname,
> >> >> neither
> >> >> work.
> >> >> Can anyone help with a solution?
> >> >>
> >> >
> >>
>

See the inline replies...

"Stew" <Stew@discussions.microsoft.com> wrote in message
news:FF736BF6-54F9-4D85-98C3-8BD8E6C972AC@microsoft.com...
> Yes it's just two XP PCs connected to each other with the internet in
> between, no private LAN, servers or routers etc. I already use a hostname
> service via DynDNS.com to manage the dynamic IP address issue of the
> remote
> PC. So yes I establish the VPN connection by using the FQDN.
> But here's the thing, once I've got the VPN tunnel established I thought I
> could use the 'Computer Name' to make the RDT connection because this
> works
> with PCs that have a common domain defined in Control
> Panel/System/Computer
> Name. However these PCs actually have no domain but a workgroup defined
> and
> the Computer Name connection method fails.
> Why is this so????

I am not sure if NetBIOS names are propagated through a PPTP VPN tunnel. I
used a lmhosts or hosts file to map NetBIOS names through a PPTP VPN tunnel
when I used one in the past. Use of the IP works all the time. In your case
use the From: IP that you setup in the PPTP VPN server config to call the PC
using RDC since your trying to connect to the same PC through the VPN
tunnel.

> If I use the FQDN again in the RDT it also fails.

Right because you probably don't have TCP Port 3389 open on any software
firewall the remote PC is running. As an alternative to VPN just open TCP
Port 3389 up and forget about the VPN. You can then use the FQDN to call the
PC. The RDC connection is natively encrypted. Make sure you use a *strong*
password.

>Fyr if I try the latter
> with PCs that have identical domains it sets up two parallel paths: 1 x
> VPN,
> 1 x RDT and I used a Protocol Analyser to confirm that the RDT traffic is
> outside the VPN tunnel ie. it's not encrypted.

RDC is natively encrypted. I don't know why your analyzer says otherwise.

> Re yor last paragraph... I think this is going to be a good alternate
> solution. I'll do some testing and get back to you.
>
> Thanks heaps.

--

Al Jarvi (MS-MVP Windows – Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

>
> "Sooner Al [MVP]" wrote:
>
>> So your basic connection is like this if you ignore the desktop and
>> laptop
>> on the VPN servers network. You only have the VPN client and the VPN
>> server
>> which is also the PC you want to access with Remote Desktop (RDC), right?
>>
>> http://theillustratednetwork.mvps.or...-HomeUser.html
>>
>> As far as dynamically assigned IPs from an ISP you could use a service
>> like
>> No-IP.com to map a fully qualified domain name (FQDN) to the ISP assigned
>> IP. That way you simply call the remote VPN server or Remote Desktop
>> (RDC)
>> host PC by the FQDN.
>>
>> The 169.254.X.X address is not assigned by the VPN or DHCP server. That
>> simply means the client PC your seeing it on is not getting a valid IP
>> from
>> the local DHCP server.
>>
>> If your running the built-in PPTP VPN server on an XP box you can
>> manually
>> configure what the address is the client will receive. In the case of an
>> XP
>> box acting as both a PPTP VPN server and the RDC host use the first
>> address
>> in the example, ie. the From: address. The client gets the To: address.
>>
>> http://theillustratednetwork.mvps.or...tionsTCPIP.JPG
>>
>> --
>>
>> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>>
>> Please post *ALL* questions and replies to the news group for the
>> mutual benefit of all of us...
>> The MS-MVP Program - http://mvp.support.microsoft.com
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights...
>> How to ask a question
>> http://support.microsoft.com/KB/555375
>>
>>
>> "Stew" <Stew@discussions.microsoft.com> wrote in message
>> news:6916C4BF-0A72-4CB5-A030-B601159B9BCC@microsoft.com...
>> > The PC I'm remoting into is unmanned (telemetry PC) and uses a Wireless
>> > Broadband modem with dynamic IP address. Often I am using the same
>> > config
>> > on
>> > my local PC. Therefore the IP addresses are allocated from the ISPs
>> > pool
>> > and
>> > appear to be across the various Public IP address ranges and I assume
>> > have
>> > no
>> > control over this (they don't offer a static IP service). I have have
>> > just
>> > noted in another thread on another site that VPN allocates it's own
>> > separate
>> > set of IP addresses inside of this. They tend to be in the 169.254.x.x
>> > range.
>> > I have also just found I can see the client/server addresses at the
>> > local
>> > end
>> > and can use the server IP address in RDT to connect. However these
>> > addresses
>> > seem to be dynamic as well and I was trying to find a way to use a
>> > consistent
>> > connection name in RDT (like Computer Name) as I have a number of
>> > different
>> > remote PCs to connect into. I tried putting the VPN server IP address
>> > in
>> > the
>> > HOST file of the remote PC with a text name, but it didn't work.
>> > Fundamentally I'm trying to keep it simple and just wanted to use a
>> > hostname
>> > to establish VPN and Computer Name for RDT.
>> >
>> > "Sooner Al [MVP]" wrote:
>> >
>> >> Correction..."client on 192.168.1.X for example. Note the third
>> >> octet."
>> >>
>> >> --
>> >>
>> >> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>> >>
>> >> Please post *ALL* questions and replies to the news group for the
>> >> mutual benefit of all of us...
>> >> The MS-MVP Program - http://mvp.support.microsoft.com
>> >> This posting is provided "AS IS" with no warranties, and confers no
>> >> rights...
>> >> How to ask a question
>> >> http://support.microsoft.com/KB/555375
>> >>
>> >> "Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> wrote in message
>> >> news:C296F5BB-DF82-499D-9CD5-639C965DE4A7@microsoft.com...
>> >> > When you connect with the VPN can you ping the target Remote Desktop
>> >> > (RDC)
>> >> > host PC by IP?
>> >> >
>> >> > Note that if the PPTP VPN server network and the remote network your
>> >> > accessing the server on are using the same address scope, ie. both
>> >> > in
>> >> > the
>> >> > 192.168.0.X range for example, you will have trouble connecting to
>> >> > the
>> >> > RDC
>> >> > host. Its a good idea for the server network and the remote network
>> >> > to
>> >> > be
>> >> > in different address ranges, ie. PPTP VPN server on 192.168.0.X and
>> >> > the
>> >> > remote client on 102.168.1.X for example. Note the third octet.
>> >> >
>> >> > --
>> >> >
>> >> > Al Jarvi (MS-MVP Windows – Desktop User Experience)
>> >> >
>> >> > Please post *ALL* questions and replies to the news group for the
>> >> > mutual benefit of all of us...
>> >> > The MS-MVP Program - http://mvp.support.microsoft.com
>> >> > This posting is provided "AS IS" with no warranties, and confers no
>> >> > rights...
>> >> > How to ask a question
>> >> > http://support.microsoft.com/KB/555375
>> >> >
>> >> > "Stew" <Stew@discussions.microsoft.com> wrote in message
>> >> > news:298A9DFF-AF45-4A7F-9C07-507A6944691D@microsoft.com...
>> >> >> OS: XP Pro V2002 SP2.
>> >> >> Trying to use XP Remote Desktop within VPN (using XP inbuilt VPN
>> >> >> Client/Server) between two standalone PCs. Each work fine on their
>> >> >> own
>> >> >> ie.
>> >> >> VPN connects OK or RDT connects and works OK, but once I setup VPN
>> >> >> connection
>> >> >> and try and run RDT over it, it fails to connect. I have used this
>> >> >> solution
>> >> >> successfully between two XP PCs, but with domains defined (using
>> >> >> Computer
>> >> >> Name in the RDT Connection 'Computer:' field). The PCs I have the
>> >> >> problem
>> >> >> with both have a workgroup defined, not domain, (Windows default of
>> >> >> WORKGROUP). I have tried both the Computer Name and the hostname,
>> >> >> neither
>> >> >> work.
>> >> >> Can anyone help with a solution?
>> >> >>
>> >> >
>> >>
>>

I forgot to add here is how to configure the XP Windows Firewall on your
headless PPTP VPN/RDC server/host machine if you just want to use RDC
without going through the VPN tunnel. Obviously its similar if your using a
different software firewall on the PC.

http://theillustratednetwork.mvps.or...t_for warding

You also might consider changing the default encryption level to "High" from
the default. That is done via a group policy setting on your RDC host
machine. The following was written for a Vista host but its the same for XP.

http://theillustratednetwork.mvps.or...ions.html#host

--

Al Jarvi (MS-MVP Windows – Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

"Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> wrote in message
news:A3C0EF6C-A17C-4A30-BDD7-4B420D9E7F4A@microsoft.com...
> See the inline replies...
>
> "Stew" <Stew@discussions.microsoft.com> wrote in message
> news:FF736BF6-54F9-4D85-98C3-8BD8E6C972AC@microsoft.com...
>> Yes it's just two XP PCs connected to each other with the internet in
>> between, no private LAN, servers or routers etc. I already use a hostname
>> service via DynDNS.com to manage the dynamic IP address issue of the
>> remote
>> PC. So yes I establish the VPN connection by using the FQDN.
>> But here's the thing, once I've got the VPN tunnel established I thought
>> I
>> could use the 'Computer Name' to make the RDT connection because this
>> works
>> with PCs that have a common domain defined in Control
>> Panel/System/Computer
>> Name. However these PCs actually have no domain but a workgroup defined
>> and
>> the Computer Name connection method fails.
>> Why is this so????
>
> I am not sure if NetBIOS names are propagated through a PPTP VPN tunnel. I
> used a lmhosts or hosts file to map NetBIOS names through a PPTP VPN
> tunnel when I used one in the past. Use of the IP works all the time. In
> your case use the From: IP that you setup in the PPTP VPN server config to
> call the PC using RDC since your trying to connect to the same PC through
> the VPN tunnel.
>
>> If I use the FQDN again in the RDT it also fails.
>
> Right because you probably don't have TCP Port 3389 open on any software
> firewall the remote PC is running. As an alternative to VPN just open TCP
> Port 3389 up and forget about the VPN. You can then use the FQDN to call
> the PC. The RDC connection is natively encrypted. Make sure you use a
> *strong* password.
>
>>Fyr if I try the latter
>> with PCs that have identical domains it sets up two parallel paths: 1 x
>> VPN,
>> 1 x RDT and I used a Protocol Analyser to confirm that the RDT traffic is
>> outside the VPN tunnel ie. it's not encrypted.
>
> RDC is natively encrypted. I don't know why your analyzer says otherwise.
>
>> Re yor last paragraph... I think this is going to be a good alternate
>> solution. I'll do some testing and get back to you.
>>
>> Thanks heaps.
>
> --
>
> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
> How to ask a question
> http://support.microsoft.com/KB/555375
>
>>
>> "Sooner Al [MVP]" wrote:
>>
>>> So your basic connection is like this if you ignore the desktop and
>>> laptop
>>> on the VPN servers network. You only have the VPN client and the VPN
>>> server
>>> which is also the PC you want to access with Remote Desktop (RDC),
>>> right?
>>>
>>> http://theillustratednetwork.mvps.or...-HomeUser.html
>>>
>>> As far as dynamically assigned IPs from an ISP you could use a service
>>> like
>>> No-IP.com to map a fully qualified domain name (FQDN) to the ISP
>>> assigned
>>> IP. That way you simply call the remote VPN server or Remote Desktop
>>> (RDC)
>>> host PC by the FQDN.
>>>
>>> The 169.254.X.X address is not assigned by the VPN or DHCP server. That
>>> simply means the client PC your seeing it on is not getting a valid IP
>>> from
>>> the local DHCP server.
>>>
>>> If your running the built-in PPTP VPN server on an XP box you can
>>> manually
>>> configure what the address is the client will receive. In the case of an
>>> XP
>>> box acting as both a PPTP VPN server and the RDC host use the first
>>> address
>>> in the example, ie. the From: address. The client gets the To: address.
>>>
>>> http://theillustratednetwork.mvps.or...tionsTCPIP.JPG
>>>
>>> --
>>>
>>> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>>>
>>> Please post *ALL* questions and replies to the news group for the
>>> mutual benefit of all of us...
>>> The MS-MVP Program - http://mvp.support.microsoft.com
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights...
>>> How to ask a question
>>> http://support.microsoft.com/KB/555375
>>>
>>>
>>> "Stew" <Stew@discussions.microsoft.com> wrote in message
>>> news:6916C4BF-0A72-4CB5-A030-B601159B9BCC@microsoft.com...
>>> > The PC I'm remoting into is unmanned (telemetry PC) and uses a
>>> > Wireless
>>> > Broadband modem with dynamic IP address. Often I am using the same
>>> > config
>>> > on
>>> > my local PC. Therefore the IP addresses are allocated from the ISPs
>>> > pool
>>> > and
>>> > appear to be across the various Public IP address ranges and I assume
>>> > have
>>> > no
>>> > control over this (they don't offer a static IP service). I have have
>>> > just
>>> > noted in another thread on another site that VPN allocates it's own
>>> > separate
>>> > set of IP addresses inside of this. They tend to be in the 169.254.x.x
>>> > range.
>>> > I have also just found I can see the client/server addresses at the
>>> > local
>>> > end
>>> > and can use the server IP address in RDT to connect. However these
>>> > addresses
>>> > seem to be dynamic as well and I was trying to find a way to use a
>>> > consistent
>>> > connection name in RDT (like Computer Name) as I have a number of
>>> > different
>>> > remote PCs to connect into. I tried putting the VPN server IP address
>>> > in
>>> > the
>>> > HOST file of the remote PC with a text name, but it didn't work.
>>> > Fundamentally I'm trying to keep it simple and just wanted to use a
>>> > hostname
>>> > to establish VPN and Computer Name for RDT.
>>> >
>>> > "Sooner Al [MVP]" wrote:
>>> >
>>> >> Correction..."client on 192.168.1.X for example. Note the third
>>> >> octet."
>>> >>
>>> >> --
>>> >>
>>> >> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>>> >>
>>> >> Please post *ALL* questions and replies to the news group for the
>>> >> mutual benefit of all of us...
>>> >> The MS-MVP Program - http://mvp.support.microsoft.com
>>> >> This posting is provided "AS IS" with no warranties, and confers no
>>> >> rights...
>>> >> How to ask a question
>>> >> http://support.microsoft.com/KB/555375
>>> >>
>>> >> "Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> wrote in message
>>> >> news:C296F5BB-DF82-499D-9CD5-639C965DE4A7@microsoft.com...
>>> >> > When you connect with the VPN can you ping the target Remote
>>> >> > Desktop
>>> >> > (RDC)
>>> >> > host PC by IP?
>>> >> >
>>> >> > Note that if the PPTP VPN server network and the remote network
>>> >> > your
>>> >> > accessing the server on are using the same address scope, ie. both
>>> >> > in
>>> >> > the
>>> >> > 192.168.0.X range for example, you will have trouble connecting to
>>> >> > the
>>> >> > RDC
>>> >> > host. Its a good idea for the server network and the remote network
>>> >> > to
>>> >> > be
>>> >> > in different address ranges, ie. PPTP VPN server on 192.168.0.X and
>>> >> > the
>>> >> > remote client on 102.168.1.X for example. Note the third octet.
>>> >> >
>>> >> > --
>>> >> >
>>> >> > Al Jarvi (MS-MVP Windows – Desktop User Experience)
>>> >> >
>>> >> > Please post *ALL* questions and replies to the news group for the
>>> >> > mutual benefit of all of us...
>>> >> > The MS-MVP Program - http://mvp.support.microsoft.com
>>> >> > This posting is provided "AS IS" with no warranties, and confers no
>>> >> > rights...
>>> >> > How to ask a question
>>> >> > http://support.microsoft.com/KB/555375
>>> >> >
>>> >> > "Stew" <Stew@discussions.microsoft.com> wrote in message
>>> >> > news:298A9DFF-AF45-4A7F-9C07-507A6944691D@microsoft.com...
>>> >> >> OS: XP Pro V2002 SP2.
>>> >> >> Trying to use XP Remote Desktop within VPN (using XP inbuilt VPN
>>> >> >> Client/Server) between two standalone PCs. Each work fine on their
>>> >> >> own
>>> >> >> ie.
>>> >> >> VPN connects OK or RDT connects and works OK, but once I setup VPN
>>> >> >> connection
>>> >> >> and try and run RDT over it, it fails to connect. I have used this
>>> >> >> solution
>>> >> >> successfully between two XP PCs, but with domains defined (using
>>> >> >> Computer
>>> >> >> Name in the RDT Connection 'Computer:' field). The PCs I have the
>>> >> >> problem
>>> >> >> with both have a workgroup defined, not domain, (Windows default
>>> >> >> of
>>> >> >> WORKGROUP). I have tried both the Computer Name and the hostname,
>>> >> >> neither
>>> >> >> work.
>>> >> >> Can anyone help with a solution?
>>> >> >>
>>> >> >
>>> >>
>>>
>

Thanks for all the extra info, it's been interesting reading.

I've got good news (as you would expect). I used your suggested alternative
to manually configure what address the client/host will receive. To keep it
simple I used 11.11.11.11 - 11.11.11.12 for PC1, 22.22.22.22 - 22.22.22.23
for PC2 etc. This makes the connection setup more user friendly.
For example the VPN is established using a FQDN, via a hostname service,
which has recognisable text pertanent to the host (telemetry) PC. Once the
VPN is connected the RDT is connected using 11.11.11.11, if it's PC1 we're
connecting to. For certain applications TightVNC is more suitable than XP RDT
and this method ensures the payload is encrypted. Once a successful
connection has been made then the addresses are stored in the RDT drop down
list and helps the user setup the connection without having to
remember/retyping the addresses.

A great outcome, thanks.



"Sooner Al [MVP]" wrote:

> I forgot to add here is how to configure the XP Windows Firewall on your
> headless PPTP VPN/RDC server/host machine if you just want to use RDC
> without going through the VPN tunnel. Obviously its similar if your using a
> different software firewall on the PC.
>
> http://theillustratednetwork.mvps.or...t_for warding
>
> You also might consider changing the default encryption level to "High" from
> the default. That is done via a group policy setting on your RDC host
> machine. The following was written for a Vista host but its the same for XP.
>
> http://theillustratednetwork.mvps.or...ions.html#host
>
> --
>
> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
> How to ask a question
> http://support.microsoft.com/KB/555375
>
> "Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> wrote in message
> news:A3C0EF6C-A17C-4A30-BDD7-4B420D9E7F4A@microsoft.com...
> > See the inline replies...
> >
> > "Stew" <Stew@discussions.microsoft.com> wrote in message
> > news:FF736BF6-54F9-4D85-98C3-8BD8E6C972AC@microsoft.com...
> >> Yes it's just two XP PCs connected to each other with the internet in
> >> between, no private LAN, servers or routers etc. I already use a hostname
> >> service via DynDNS.com to manage the dynamic IP address issue of the
> >> remote
> >> PC. So yes I establish the VPN connection by using the FQDN.
> >> But here's the thing, once I've got the VPN tunnel established I thought
> >> I
> >> could use the 'Computer Name' to make the RDT connection because this
> >> works
> >> with PCs that have a common domain defined in Control
> >> Panel/System/Computer
> >> Name. However these PCs actually have no domain but a workgroup defined
> >> and
> >> the Computer Name connection method fails.
> >> Why is this so????
> >
> > I am not sure if NetBIOS names are propagated through a PPTP VPN tunnel. I
> > used a lmhosts or hosts file to map NetBIOS names through a PPTP VPN
> > tunnel when I used one in the past. Use of the IP works all the time. In
> > your case use the From: IP that you setup in the PPTP VPN server config to
> > call the