1. Field of the Invention
The present invention relates to remote computer configuration, and more particularly to a system and method for automatically configuring a remote computer for establishing a virtual private network (VPN).
2. Background of the Related Art
A Virtual Private Network (VPN) is a secure communication channel established between computers over a shared public network. In most instances, the VPN connects a remote user's computer (sometimes referred to as the caller) with a local host computer (sometimes referred to as the callee) over the Internet. Thus, for example, a user's home computer can be connected to a local area network (LAN) at the user's place of employment. Before such a connection can be established, however, the user's home computer and the LAN need to be properly configured for the remote connection.
Referring to FIG. 1, a structure of a related art VPN is shown. Referring to FIG. 1, a LAN includes at least one server 100 having various local user computers 100-1 ˜100-N connected thereto. Additionally, the server 100 is coupled to a gateway/router 120 to access the Internet 130. The gateway/router 120 allows for two-way communication between the server 100 and the Internet 130. Additionally, the gateway/router 120 can also be coupled to an Internet service provider (ISP) 150.
At least one remote computer 140-1 is also coupled to the Internet 130. The remote user 140-1 can connect to the Internet 130 using its own ISP 150. When the remote user 140-1 and the gateway/router 120 are properly configured, the remote computer 140-1 can establish a secure connection through the Internet 130 to the gateway/router 120. The VPN connection is thus established. Once the VPN connection is established, the remote computer 140-1 is seen by the server 100 as another local user connected to the server 100. For example, the remote computer 140-1 would be present in the network neighborhood administered by the server 100. Any number of remote users could access the gateway/router 120 through the Internet 130, depending on the configuration of the gateway/router 120.
Before a VPN connection can be established between the remote computer 140-1 and the server 100, however, the remote computer 140-1 and the gateway/router 120 need to be properly configured. For example, the remote computer 140-1 needs to be given the proper network address to the gateway/router 120, and needs to know how to access the server 100. For example, various client services must be installed and configured on the remote computer to access the server. The procedure for accessing the server 100 could include, for example, knowing proper user names and passwords.
A network administrator operating the LAN is typically required to configure both the gateway/router 120 and the remote computer 140-1. Because the gateway/router 120 is typically co-located with the LAN, and is also remotely accessible by using prescribed TELNET commands, the network administrator supporting the LAN can easily access the gateway/router 120 (being an Internet device) so as to properly configure it. However, most remote computers are, by definition, not co-located with the LAN 100. Therefore, these computers are most often not remotely accessible to be remotely configured.
Accordingly, a problem with a related art VPN is that a network administrator needs to individually configure each remote computer so that the user will be able to access the LAN. This may require that the network administrator physically visit the remote location where the remote computer is, or alternatively may require that a remote user bring the remote computer to the network administrator. This can be very inconvenient and cause delay in configuring the remote computer. Additionally, when establishing the connection between the remote computer 140-1 and the server 100, a remote user may be required to first access the remote user's Internet service provider, next access the gateway/router, and then access the LAN. Accordingly, there can be up to three levels of authentication that need to be traversed by the remote user to gain access to the LAN. This can be difficult for some users to properly navigate.
One solution to this problem is to provide an HTML wizard that can provide instructions for a user to follow to configure a computer for remote access. However, because of the complexity of properly configuring a remote computer for access, this method can prove ineffective. Additionally, even with the instructions, the process of configuring the remote computer can still be time-consuming. Finally, a user following the instructions of the wizard may still enter erroneous data, thus requiring a network administrator to first undo the mistake and then reconfigure the computer for remote access.
The above references are incorporated by reference herein where appropriate for appropriate teachings of additional or alternative details, features and/or technical background.