Let's look at each of these three scenarios in turn and identify what problems could arise, how the problems can be identified and how they can be resolved.

One of the practical difficulties that immediately arises is that there are configuration settings to establish at both ends of the VPN connection, whereas you as the user can only be in one place at one time. For this reason, those new to VPN may want to experiment setting up connections with someone who can be present at the other end (by phone or on-line chat) to perform diagnostic tests and configuration changes. When I first started experimenting with VPN I had our dear Administrator supporting me at the other end. Of course, at that time he wasn't our Administrator and he didn't know very much about VPN. I learned a great deal from those early experiments but unfortunately our Administrator did not.

Note that as we move from Scenario 1, through Scenario 2 to Scenario 3 we encounter interfaces of increasing sophistication but if we plot the distribution of problems encountered we observe:

In other words, all the problems that occur in Scenario 1 can also occur in Scenarios 2 and 3; Scenario 2 has additional problems to consider and Scenario 3 more problems still. Right, enough of the philosophical stuff, lets get down to business.

Before we try to establish a connection for the first time, its useful to ensure that there is a potential link through the Internet between the two endpoints. This can be done by a ‘ping' test, which sends a test packet from your PC to the network to which you need to connect, addressed by either its DNS address or its IP address, then waits for an answer from the far end; for example:

I have ‘pinged' the DNS address dell.com and received a response. Note that the ‘-a' qualifier requests a full DNS lookup (in this case a reverse DNS lookup) of the address dell.com so that the response also includes the IP address.

Note that if there had been no response this could mean the far end is not contactable or the far end is set to not respond to a ping test (see below). Most Internet Gateways have a setting which enables ‘ping return' to be enabled or disabled. It is recommended that this is set to enabled at least until a VPN connection has been established.