VPN Virtual Private Networking with Linux

Go down

VPN Virtual Private Networking with Linux Empty VPN Virtual Private Networking with Linux

Post by jamied_uk on 10th December 2013, 00:08

Where it sais aptitude you may have to use apt-get instead Very Happy


Please Note: if you are installing this remotely you can use vim instead of gedit.


How to Setup a VPN (PPTP) Server on Debian Linux
VPN Virtual Private Networking with Linux Sshot4caccb5310a98-server
VPN-ing into your server will allow you to connect to every possible service running on it, as if you were sitting next to it on the same network, without individually forwarding every port combination for every service you would like to access remotely.
Using a VPN connection also has the upshot of, if desired, granting access to other computers on the network as if you where in it locally from anywhere across the internet.
While not the most secure of the VPN solutions out there, PPTP is by far the simplest to install, configure and connect to from any modern system and from windows specifically as the client is a part of the OS since the XP days and you don’t need to mess with certificates (like with L2TP+IPsec or SSL VPNs) on both sides of the connection.
Did i get you interested? then let’s go Smile
Preface

  • You will need to forward port 1723 from the internet to the server to enable the connection (not covered here).
  • You will see me use VIM as the editor program, this is just because I’m used to it… you may use any other editor that you’d like.

Server Setup
Install the pptp server package:
Code:

For Debian (newer and better).

Code:
sudo apt-get install -y pptpd

Code:
For Older Linux
sudo aptitude install -y pptpd
Edit the “/etc/pptpd.conf” configuration file:
Code:
sudo gedit /etc/pptpd.conf
Add to it:
Code:
localip 192.168.1.5
Code:
remoteip 192.168.1.234-238,192.168.1.245
Where the “localip” is the address of the server, and the remoteip are the addresses that will be handed out to the clients, it is up to you to adjust these for your network’s requirements.
Edit the “/etc/ppp/pptpd-options” configuration file:
Code:
sudo gedit /etc/ppp/pptpd-options
Append to the end of the file, the following directives:
Code:
ms-dns 192.168.1.1
Code:
nobsdcomp
Code:
noipx
Code:
mtu 1490
Code:
mru 1490
Where the IP used for the ms-dns directive is the DNS server for the local network your client will be connecting to and, again, it is your responsibility to adjust this to your network’s configuration.
Edit the chap secrets file:
Code:
sudo gedit /etc/ppp/chap-secrets
Add to it the authentication credentials for a user’s connection, in the following syntax:
username * users-password *
Restart the connection’s daemon for the settings to take affect:
Code:
sudo /etc/init.d/pptpd restart
If you don’t want to grant yourself access to anything beyond the server, then you’re done on the server side.
Enable Forwarding (optional)
While this step is optional and could be viewed as a security risk for the extremely paranoid, it is my opinion that not doing it defeats the purpose of even having a VPN connection into your network.
By enabling forwarding we make the entire network available to us when we connect and not just the VPN server itself. Doing so allows the connecting client to “jump” through the VPN server, to all other devices on the network.
To achieve this we will be flipping the switch on the “forwarding” parameter of the system.
Edit the “sysctl” file:
Code:
sudo gedit /etc/sysctl.conf
Find the “net.ipv4.ip_forward” line and change the parameter from 0 (disabled) to 1 (enabled):
Code:
net.ipv4.ip_forward=1
You can either restart the system or issue this command for the setting to take affect:
Code:
sudo sysctl -p

Now goto your fire wall to add the correct port

For Example in your linux cli type:

Code:
alias firewall='sudo gufw'

then type firewall to then add the port number in your allow list the port to allow is


Code:
1723


Now login to your router and enable this port as well and port forward this to your internal VPN Server IP For example

Code:
 allow from TCP (any) to 192.168.1.5 on port 1723







With forwarding enabled, all the server side settings are prepared.
We recommend using a “Split Tunnel” connection mode for the VPN client.
A more in depth explanation about the recommended “Split Tunnel” mode, as well as instructions for Ubuntu Linux users can be found in the “Setting up a “Split Tunnel” VPN (PPTP) Client on Ubuntu 10.04” guide.
For windows users, follow the guides below to create the VPN client on your system.
PPTP VPN Dialer Setup on XP (split tunnel)
We will create a regular VPN dialer with one note worthy exception, that we will set the system to NOT use it as the “Default Gateway” when connected.
Skipping this step will limit the connecting computer’s surfing speed to the VPN server’s upload speed (usually slow) because all of it’s traffic would be routed through the VPN connection and that’s not what we want.
We need to start the connection wizard, so we will go to control panel.
Go to “Start” and then “Control Panel”.
VPN Virtual Private Networking with Linux Xp-vpn01_thumb
*If your system is setup with the “Classic Start Menu” you need to just point on the “Control Panel” icon and then select “Network Connections”.
In “Control Panel” double click “Network Connections”.
VPN Virtual Private Networking with Linux Xp-vpn02_thumb
Double click “New Connection wizard”.
VPN Virtual Private Networking with Linux Xp-vpn03_thumb
In the “New Connection wizard” welcome screen click “Next”.
VPN Virtual Private Networking with Linux Xp-vpn04_thumb
Select the “Connect to the network at my workspace” option and then “Next”.
VPN Virtual Private Networking with Linux Xp-vpn05_thumb
Select the “Virtual Private Network connection” option and then “Next”.
VPN Virtual Private Networking with Linux Xp-vpn06_thumb
Give a name to the VPN connection.
VPN Virtual Private Networking with Linux Xp-vpn07_thumb
Type in the name of your VPN servers DNS-name or IP address as seen from the Internet.
VPN Virtual Private Networking with Linux Xp-vpn08_thumb
Optionally You may choose to “Add a shortcut to the desktop” and “Finish”.
VPN Virtual Private Networking with Linux Xp-vpn09_thumb
Now comes the tricky part, it is vitally important you do NOT try to connect now and go into the dialer’s “Properties”.
VPN Virtual Private Networking with Linux Xp-vpn10_thumb
Go to the networking tab and change the “Type of VPN” to “PPTP VPN” as shown in the picture below (this is optional but will shorten the time it takes to connect) then go into “Properties”.
VPN Virtual Private Networking with Linux Xp-vpn11_thumb
On the next window go into “Advance” without changing anything else.
VPN Virtual Private Networking with Linux Xp-vpn12_thumb
On the next window, uncheck the “Use default gateway on remote network” option.
VPN Virtual Private Networking with Linux Xp-vpn13_thumb
Now enter the connection’s credentials as you set them on the server and connect.
VPN Virtual Private Networking with Linux Xp-vpn14_thumb
That’s it, you should now be able to access all the computers on your network from the XP client… Enjoy.
PPTP VPN Dialer Setup on Win7 (split tunnel)
We will create a regular VPN dialer with one note worthy exception, that we will set the system to NOT use it as the “Default Gateway” when connected.
Skipping this step will limit the connecting computer’s surfing speed to the VPN server’s upload speed (usually slow) because all of it’s traffic would be routed through the VPN connection and that’s not what we want.
We need to start the connection wizard, so we will go to the “Network and Sharing Center”.
Click the network icon in the system tray and then “Open Network and Sharing Center”
VPN Virtual Private Networking with Linux Win7-vpn1_thumb
In the Network center click on “Set up a new connection or network”.
VPN Virtual Private Networking with Linux Win7-vpn2_thumb
Select “Connect to a workplace” and then “Next”.
VPN Virtual Private Networking with Linux Win7-vpn3_thumb
Click on the first option of “Use my Internet connection (VPN)”.
VPN Virtual Private Networking with Linux Win7-vpn4_thumb
Set the address of your VPN server as seen from the internet either by DNS-name or IP.
VPN Virtual Private Networking with Linux Win7-vpn5_thumb
Even though it won’t connect now because we stil need to go into the dialer’s properties, Set the username and password and hit connect.
VPN Virtual Private Networking with Linux Win7-vpn6_thumb
After the connection will fails to connect (that’s normal), click on “Set up the connection anyway”.
VPN Virtual Private Networking with Linux Win7-vpn7_thumb
Back in the “Network Center”, click on “Change adapter settings”.
VPN Virtual Private Networking with Linux Win7-vpn8_thumb
Find the dialer we have just created, right click it and select “Properties”.
VPN Virtual Private Networking with Linux Win7-vpn9_thumb
While its optional, for a faster connecting dialer, set the “type” of VPN to PPTP under “the “Security” tab.
VPN Virtual Private Networking with Linux Win7-vpn00a
Go to the “Networking” tab, select the IPv4 protocol and go into it’s properties.
VPN Virtual Private Networking with Linux Win7-vpn10a_thumb
In the next window, click “Advance” without changing anything else.
VPN Virtual Private Networking with Linux Win7-vpn11_thumb
On the next window, uncheck the “Use default gateway on remote network” option.
VPN Virtual Private Networking with Linux Win7-vpn12_thumb
Now enter the connection’s credentials as you set them on the server and connect.
VPN Virtual Private Networking with Linux Win7-vpn13_thumb
That’s it, you should now be able to access all the computers on your network from the win7 client.



jamied_uk
jamied_uk
Admin

Posts : 2471
Join date : 2010-05-09
Age : 36
Location : UK

http://address-shortner.co.uk

Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum