Home & Office

A Hidden Gotcha

Find out the problems Microsoft 2000 and Microsoft ME has with Virtual Private Networks (VPNs).
Written by Michael J. Miller, Contributor

The changes in Windows Me are a reminder that any change at all can cause problems. Microsoft has done lots of things in Windows Me -- as it did in Windows 2000 -- that are designed to make things better in the long run but may present problems in the short term.

For instance, the changes in the way Windows 2000 works with virtual private networks compared with previous versions have caused us lots of headaches here at PC Magazine. Many of our staffers use VPN connections from their homes and from hotels and remote locations across the country. But the move to Windows 2000 has turned the desire to use a VPN into a major challenge.

We've been using third-party VPN products for Windows 95, 98, and NT from companies such as Intel (Shiva) and Cisco (Altiga) with generally good results for a long time. These clients, however, typically work by using the IPSec protocol and their own propriety VPN clients, which often replace or modify the Winsock file on earlier versions of Windows. But with Windows 2000, we have a new tcp/ip stack and Winsock that are protected by Microsoft's new System File Protection feature. So the old proprietary clients don't work.

Windows 2000 comes with a native VPN client, but it communicates only via PPTP (Point-to-Point Tunneling Protocol) or over the L2TP (Layer 2 Tunneling Protocol) version of IPSec. Most of the VPN vendors don't like PPTP (they think it's less secure than IPSec, though Microsoft thinks the opposite), and the L2TP method requires setting up an external certificate authority. We did get the native client working with PPTP on a Cisco VPN but are still having problems when multiple clients try to connect from a single IP address, as you would if you had a simple DSL router in a remote office. Meanwhile, most VPN vendors are working on new versions of their clients, but that's a big process.

In short, it's been a pain.

Windows Me incorporates many of the changes to TCP/IP that are in Windows 2000 but implements them in a way that offers more backward compatiblity. It supports PPTP, but with enough slight changes that new versions of some of the clients will be necessary. Still, we have run into a number of problems with firewalls and VPN clients. Microsoft says most of the vendors will have new versions around the time the operating system is actually on the shelves. I hope so.

Two lessons to be learned: The first is that every OS can cause problems for it and network managers who may have to support the remote-access aspects of employees' home PCs. Even if your company doesn't change OSs, some home users will. The second: Every upgrade has its issues.

Editorial standards