How to set up VPN at home.

Setting up VPN is easy, free and takes less then 20 minutes on Linux Ubuntu or Mac OS X server. If someone tells you it is complicated, he probably, want to sell you a VPN service

Why someone need a VPN (virtual private network)?
Once you are out of the USA you become a third world person like everybody else who live abroad. Many websites are not available from overseas.
There is no google voice outside of US, no Hulu, no Netflix… Until now i can’t figure out how to login to american monster.com with foreign IP address…. VPN access will give you an american IP address and that will unlock everything for you.

You can buy VPN service from many VPN providers, but really, there is no reason to spend money if you have a computer at home connected to the internet. You can connect to this computer and then go to internet with the same IP as you would be at home.

To connect to your home computer from the outside network, you need to install a VPN server on it.

How you can install VPN server on your home computer:

If you have a PC with Ubuntu OS, it is very easy and takes less then 20 minutes.

How to install VPN server on Ubuntu: open a terminal and do next:

Install PPTP VPN Server in Ubuntu
$ sudo apt-get install pptpd
The internal network IP address is 10.0.1.0/24, Ubuntu server IP is 10.0.1.10 and the Airport Extreme Router IP is 10.0.1.1.

Add the local IPs:

$ sudo nano /etc/pptpd.conf

Add the following two lines:
localip 10.0.1.1
remoteip 10.0.1.50
(assigns 1 IP addresses for 1 VPN user)
if you want several devises connected simultaneously, make a range of IPs:
remoteip 10.0.1.120-125

This is an example how to assign 6 IP addresses for 6 VPN users.
To exit hit shift+control+x and then “y” to save the changes

Add username and passwords:
$ sudo nano /etc/ppp/chap-secrets
Add one line:
vpnusername pptpd vpnpassword *
*also add the username and password that you assign for the account

Build the IP tables:
$ sudo nano /etc/rc.local
Add one line before exit0,
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Assign the forward IPs:
$ sudo nano /etc/sysctl.conf
uncomment
#net.ipv4.ip_forward=1

Restart your VPN server (i named it “pptpd”)

$ sudo /etc/init.d/pptpd restart

This is all what you need to set up VPN server on Linux Ubuntu!

Now, to get access from the internet to your VPN server, you need to configure your router to forward TCP port 1723

You can use the IP assigned by your ISP, but if it dynamical and can be change, you can use free dyndns.com to to assign static domain name to your dynamic IP address.
Using a Dynamic DNS service, make refer to: Remote SSH Access to the router to domain that you choose at dyndns.com. alex-v.dnydns.com for example.

How to set up VPN server on Mac OS X server: Mac OS X comes with a nice VPN server built in, meaning, OS X Server comes with everything you need to set up VPN – you’ll have a nice GUI to set it up.

Simple open Server Admin, located here on your drive: /Applications/Server. Connect to the server using its IP address and the proper username and password. Once you do, you will see a list of services available on that machine. Click on VPN and the VPN settings will appear on the right.

Select the L2TP tab and use the image above as an example. (pick your own IP addresses – don’t use one on the image!)

When a remote user connects to the internet, they receive an IP address from their service provider. When the VPN tunnel is negotiated with the VPN server, the server assigns the client an IP address from the corporate network. When the client accepts that address, it adds it to the network interface in addition to the IP address from the ISP. This means the client will has 2 addresses bound to it: one from the ISP, and another one from the VPN server.

Next, select the PPTP tab. Just as before, you must specify a pool of addresses that can be used by VPN users who connect using PPTP.

Under Mac OS X Server, Mac clients generally connect to the VPN server using L2TP. Windows XP users connect using PPTP. L2TP is considered more cryptographically sound, but since Microsoft did not conform to IPSec based standards when they wrote XP’s VPN client, Windows users are forced to use PPTP.

Finally, select the Client Information tab.

Here we specify the DNS servers the client should use once they have connected to the VPN. Since many corporations use internal DNS servers, the servers specified here will be used on any traffic that is traveling through the VPN.

Under Network Routing Definition we set the rules for the VPN routing. In my example, the corporate network is a Class C or addresses ranging from 66.62.25.1 – 66.62.25.255. In this example, the Network Address is entered as 66.62.25.22, but it might more appropriately be entered as 66.62.25.0 since the Network Mask of 255.255.255.0 details the assignment of the entire Class C. The final key value here is the Network Type. It is set to Private. This means that any traffic to or from the client that is destined for the 66.62.25.x network is considered internal and should remain on the secure VPN. Any addresses not listed as private here are not secure and the VPN client will route that traffic over the normal internet connection rather than sending it down the VPN tunnel to the corporate network. This is why the VPN client maintains a connection to the ISP assigned IP address in addition to the address that is assigned to it by the VPN server.

Lastly, a user account must be created on the server. This is done through the Workgroup Manager, and application located in the same directory as the Server Admin. When you create the account, be sure to set a strong password for the account. The username and password created here will be the credentials that the remote user will use when they log into the VPN.

The VPN server needs to dynamically assign clients IP addresses from a pool of possible addresses. That is what we are specifying in this screen. You must specify both the starting and ending addresses of the IP pool that the VPN server is allowed to hand out to connect clients. Note that when a client disconnects from the VPN, his IP address is freed up and put back in the pool to be used by future clients. It is also essential to be sure that the addresses that are used in this pool are not used by any other computers on the corporate network. If they are, conflicts will occur and neither user will be able to access the network.

Set PPP Authentication to MS-CHAPv2 and specify a Shared Secret. This Shared Secret should be the strongest possible password you can come up with. Make sure it is not a dictionary word. And, the more digits in the Shared Secret, the better. The 3 weakest parts of the VPN are the username and password the user uses to connect, and the Shared Secret. If you use weak passwords or secrets, a tunnel could be established by anyone who might be able to guess that information.

How to set up VPN server on regular Mac OS X leopard:
If you use regular Leopard, you need to install some apps to make it easy. HamachiX would be the best choice out there, you can download it from http://www.freemacware.com/hamachix/
To install it, go to http://www.freemacware.com/hamachix/ and use this videotutorial from macminisolo.net to install it.

http://www.macminicolo.net/videos/ServerVideo8.mov

P.S. If you use another Linux distribution all the steps should be similar.  Anything like that should be easy on any Unix-like OS.

If you are fun of malware software like Microsoft Windows, please go to Microsoft website and never comeback to my blog or any of my websites, you are not welcome here! I just don’t like people with a hole in their heads.