PPTP and Win2K

Setting Up the Server to Accept Incoming Virtual Connections
The third option in Screen 3 is Accept incoming connections. Thus, you might think you can use the same Network Connection Wizard to set up incoming Internet connections on the Win2K server. You are partially correct. If you're on a Beta 2 workstation or server in a workgroup, you can use the wizard to set up incoming connections. The process is similar to the two-stage process you use to set up the ISP Connection and Virtual Private Connection icons. But if you're on a Beta 2 domain controller or server in a domain, you can't use the wizard. If you open Make New Connection, select Accept incoming connections, and click Next, you get a message that says Because this Windows NT 5.0 Server belongs to or controls a domain, you must use the RRAS to configure this machine to accept incoming connections. Cancel the wizard and switch to this console? If you click No, Win2K sends you to Screen 3. If you click Yes, Win2K starts the RRAS console and cancels the wizard. Alternatively, you can open the RRAS Manager instead of using the Network Connections window.

Microsoft introduced the different approaches for different machines in Beta 2. In builds between Beta 1 and Beta 2, you used the Network Connection Wizard to set up an Incoming Connections icon for all types of Win2K machines.

Win2K's RRAS Manager looks similar to the one in NT 4.0--­although when you open the Win2K version, you might be surprised to see that Win2K has already configured the incoming connections for you. Win2K typically installs RRAS with a default configuration when you set up the domain controller for the first time. However, you should reinstall RRAS because the existing default installation isn't customized to your environment. If you reinstall RRAS, Win2K prompts you for relevant configuration settings, which you can set to meet your needs.

To properly install the service, select the host server from the RRAS list. Right-click and then select Install RRAS. A wizard will ask whether you want Routing only, RAS only, or both Routing and RAS. After you select the option you want and exit the wizard, the service reinstalls and reinitializes the configuration. This procedure also works if Win2K did not install RRAS for you by default.

You can use the RRAS Manager to change and manage the incoming connections. If you select Properties for Ports, you can configure PPTP, Layer 2 Tunneling Protocol (L2TP), and incoming RAS connections for each modem attached to your server. In the Ports Properties window in Screen 4, you can see that I didn't configure one modem for routing or dial-in services, but I configured both the PPTP and L2TP modems to allow a default of five incoming connections each.

Although the configurations for the RRAS connections might seem correct, you need to check the actual service configuration by right-clicking the server in RRAS Manager and selecting Properties. As Screen 5 shows, a five-tabbed window displaying the various RRAS properties for the selected server appears. From here, you can enable and disable the current services, specify the type of authentication you want to use, set TCP/IP and Point-to-Point Protocol (PPP) properties, and manage RAS logging.

Of the five tabs, the most interesting ones are Security and TCP/IP. Screen 5 shows the Security tab, which provides many authentication options. (Some controversy exists about PPTP's security. For more information, see the sidebar "How Safe Is PPTP?" page 113.) Screen 6 shows the TCP/IP tab. This screen will worry many network administrators. Microsoft asks you for a start address and subnet mask rather than a start and end address range. This setup means you must determine the correct subnet mask to provide the exact address range you are looking for. In addition, Beta 2 has a bug in the algorithm that sometimes causes the incorrect calculation of the address ranges and the total number of addresses. Presuming that Microsoft fixes this bug in future releases, Screen 6 shows the windows in which you'll allocate the pool of addresses that your incoming connections will require over PPTP if you use Dynamic Host Configuration Protocol (DHCP). By the way, don't copy the IP addresses from Screen 6; they're only meant as an example.

Logging on to the Client via PPTP
You can log on to the client two ways. In the first method, you log on to the workstation as usual and establish an ISP connection first and then a PPTP connection to the remote network. You can then check the IP network connections by typing

ipconfig /all

in a command prompt window.

In the second method, you log on to a domain via the modem. Specifically, you place the workstation in an NT domain. When you log on, you select Logon using dial-up connection in the Logon dialog box. After you click OK, dial-up networking prompt appears with the relevant connection in the dial-up box. You then click Dial, and the process completes.

A Definite Improvement
Overall, Microsoft has made network connections of all types easier to set up and manage in Beta 2. With my range of DHCP addresses in hand, I was able to set up incoming PPTP connections in less than a minute. Setting up my client connections took a similar amount of time. Microsoft's new approach to network connections makes sense and will likely make significant inroads into making Win2K an easier network operating system (NOS) to manage.