{"id":559,"date":"2014-04-08T07:41:03","date_gmt":"2014-04-08T12:41:03","guid":{"rendered":"http:\/\/otac.isa-geek.net\/blog\/?p=559"},"modified":"2014-12-04T08:04:31","modified_gmt":"2014-12-04T13:04:31","slug":"home-vpn-connectivity","status":"publish","type":"post","link":"https:\/\/otac.isa-geek.net\/blog\/?p=559","title":{"rendered":"Home VPN connectivity"},"content":{"rendered":"

I’ve wanted to set up VPN capability \u00a0to my home network for a while now, in order to gain the benefits of improved security and local network access while working remotely. After a bit of research and some tweaking, I eventually got it working using the following steps.<\/span><\/p>\n

The type of VPN I chose to use is based on PPTP, rather than the more complex IPSec or L2TP. My primary rationale: I wanted to finish by dinner. Keep in mind, that with the easier implementation of PPTP, one does give up some increased sense of security from the trusted certificate usage and end-end encryption found in IPSEc and L2TP.<\/p>\n

Commands:<\/p>\n

$ sudo aptitude install pptpd<\/strong><\/p>\n

$ sudo vi \/etc\/pptpd.conf<\/strong>
\n#Settings for Otac network – DCato 1\/04\/14
\nlocalip 192.168.2.12
\nremoteip 192.168.2.234-238,192.168.2.245<\/p>\n

$ sudo vi \/etc\/ppp\/pptpd-options<\/strong>
\n#Settings for Otac network – DCato 1\/4\/14
\nms-dns 192.168.2.1<\/p>\n

nobsdcomp<\/p>\n

noipx<\/p>\n

mtu 1490<\/p>\n

mru 1490<\/p>\n

sudo vi \/etc\/ppp\/chap-secrets<\/strong>
\n# client server secret IP addresses
\nusername * secret-password *<\/p>\n

Finally, you can reboot the pptpd server with:
\n$ sudo \/etc\/init.d\/pptpd restart<\/strong><\/p>\n

Edit \/etc\/sysctl.conf
\nUn-comment the following line in “\/etc\/sysctl.conf”:
\nnet.ipv4.ip_forward=1<\/p>\n

The following command reloads the configuration (you can also just reboot at the end of this guide):
\n$ sudo sysctl -p<\/strong><\/p>\n

Open the port on the server:<\/p>\n

$ sudo ufw allow 1723<\/strong><\/p>\n

Edit \/etc\/default\/ufw
\nEdit “\/etc\/default\/ufw” and change the option “DEFAULT_FORWARD_POLICY” from “DROP” to “ACCEPT”<\/p>\n

Edit \/etc\/ufw\/before.rules
\nAdd the following either at the beginning of “\/etc\/ufw\/before.rules” or just before the *filter rules (recommended):
\n# NAT table rules
\n*nat<\/p>\n

:POSTROUTING ACCEPT [0:0]
\n# Allow forward traffic to eth0
\n-A POSTROUTING -s 10.99.99.0\/24 -o eth0 -j MASQUERADE<\/p>\n

# Process the NAT table rules
\nCOMMIT<\/p>\n

At this point, you can reset and restart the local firewall:<\/p>\n

$ sudo ufw disable && sudo ufw enable<\/strong><\/p>\n

Remember to open up your NAT fireweall as well. This may involve setting up appropriate port forwarding or a DMZ to ensure you can get through to the pptp server on port 1723.<\/p>\n

Finally, connecting. On the client side, settings are pretty straight forward – here’s my Android client:<\/p>\n

\"Screenshot_2014-12-04-07-19-56\"<\/a><\/p>\n

\"Screenshot_2014-12-04-07-22-08\"<\/p>\n

Similar settings would apply for connecting from Windows or other operating systems.<\/p>\n","protected":false},"excerpt":{"rendered":"

I’ve wanted to set up VPN capability \u00a0to my home network for a while now, in order to gain the benefits of improved security and local network access while working remotely. After a bit of research and some tweaking, I eventually got it working using the following steps. The type of VPN I chose to […]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,75,44],"tags":[73],"class_list":["post-559","post","type-post","status-publish","format-standard","hentry","category-linux","category-pptp","category-ubuntu","tag-vpn-pptp-linux-ubuntu-windows"],"_links":{"self":[{"href":"https:\/\/otac.isa-geek.net\/blog\/index.php?rest_route=\/wp\/v2\/posts\/559","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/otac.isa-geek.net\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/otac.isa-geek.net\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/otac.isa-geek.net\/blog\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/otac.isa-geek.net\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=559"}],"version-history":[{"count":9,"href":"https:\/\/otac.isa-geek.net\/blog\/index.php?rest_route=\/wp\/v2\/posts\/559\/revisions"}],"predecessor-version":[{"id":629,"href":"https:\/\/otac.isa-geek.net\/blog\/index.php?rest_route=\/wp\/v2\/posts\/559\/revisions\/629"}],"wp:attachment":[{"href":"https:\/\/otac.isa-geek.net\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=559"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/otac.isa-geek.net\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=559"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/otac.isa-geek.net\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=559"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}