Edit

Virtual Private Network Connections

  • Article

The Remote Access Service (RAS) supports Virtual Private Network (VPN) connections in addition to conventional remote access connections that use Point-to-Point Protocol (PPP). In a VPN connection, the VPN packets are encapsulated in IP packets and sent across an IP network such as the Internet. Therefore, access to an IP network is a requirement in order to establish a VPN connection. If the client computer has an always-on connection to an IP network, for example a connection to an IP LAN, the client can establish the VPN connection using a single call to the RasDial function.

If the client computer does not have an always-on connection to an IP network, two calls to RasDial are required to establish the VPN connection. The first call establishes a dial-up connection to the IP network; the second call establishes the VPN connection.

The szLocalPhoneNumber member of the RASENTRY structure for the VPN connection should contain either the DNS name or IP address of the destination VPN server.

Each connection requires a separate phone-book entry. The first call to RasDial specifies the phone-book entry for the IP network. The second call specifies the phone-book entry for the VPN.

The RasDial function takes a pointer to a RASDIALPARAMS structure as a parameter. This structure specifies the authentication credentials to use for the network specified by the phone-book entry. The credentials required to access the IP network are typically different from those for the VPN. The first call to RasDial should specify credentials for the IP network. The second call should specify credentials for the VPN.

If the RasDial function is successful, it returns a handle for the connection. Use this handle in a call to RasHangUp to terminate the connection.

In the preceding scenario, the two calls to RasDial return separate connection handles for the IP network and the VPN. Calling RasHangUp with the handle for the VPN connection terminates the VPN connection but leaves the connection to the IP network intact.