Tutorial/instructions on setting up a home VPN.

[KlokWyze]

I want to access windows fileshares from a secure remote connection. I want to do this with a VPN for practical and educational reasons. I'll read anything relevant you throw my way. I just can't seem to find any documentation that thoroughly explains the process of actually setting up a VPN, including creating the keys, how to share the keys, how to configure both the client and server, etc., etc.

Home network setup:
WRT54G w/ DDWRT v24 std (necessary to switch to 'VPN' version?)
Primary PC (server): Windows 7 x64. Always on. Has static internal IP.
My public IP address is NOT static, but it's never changed in over a year.
The client is going to be a laptop running Windows Vista x64

Do I just configure the Router to forward specific ports to my Primary PC?
Do I just allow incoming from internet connections through the control panel networking section?
How do i setup the client?
What should I use to encrypt? PPTP, L2TP, IPSec, etc?

 

[JackMDS]

http://www.dd-wrt.com/wiki/index.php/OpenVPN

 

[KlokWyze]

http://www.dd-wrt.com/wiki/index.php/OpenVPN

That is some busted software. I've gotten 3 different errors installing it and attempting to create the keys within an hour.

I'm just going to try to run through the DD-WRT "normal" VPN wiki. If anyone else has any advice, or links, please let me know. :biggrin:

 

[KlokWyze]

Should I try to create the VPN with the router using PPTP/CHAP or directly with my Windows 7 machine (forward all port 1723 TCP packets to the PC's internal static address)?

Are both viable options? I really just want to see my windows file shares. I wouldn't really need to enable PPTP or anything on my router if I was tunneling to the Windows machine, just forward all the packets correct?

 

[JackMDS]

VPN needs client and server.

The DD_WRT can acts as an Hardware server.
if you do not like it (or it does not work) than do not use the VPN on the Router.
configure your Computer as a sever.

http://www.sevenforums.com/tutorial...work-vpn-enable-incoming-vpn-connections.html

 

[VirtualLarry]

I set up a VPN on my DD-WRT router. I have a PC running 24/7 to power my magicjack, so I have that PC running the DynDns updater client. I signed up for a free dynamic DNS account, which tracks my public IP address using the updater client.

I am on FIOS, so I have coax coming from my ONT into an ActionTec router, and then I have a secondary DD-WRT router that is the main router for my LAN. I have the secondary router in the DMZ of the ActionTec.

All I did was enable the PPTP server on the DD-WRT router, and create a couple of username/password combos on it. Then I restarted the router.

It works, generally, but when I'm at a friend's house, there are some things that I cannot access over the VPN.

I cannot go to http://www.microsoft.com/windows/windows7/
Nor can I download MPC-HC from the sourceforge page.

In both cases, the pages hang accessing some domain name. It's not a DNS problem, because I can run NSLOOKUP while using the VPN, and those same domains that hang in FF4 come up with an IP address immediately.

I don't have a solution to why the VPN only mostly works, and not completely works. Perhaps bugs in DD-WRT?

 

[KlokWyze]

VPN needs client and server.

The DD_WRT can acts as an Hardware server.
if you do not like it (or it does not work) than do not use the VPN on the Router.
configure your Computer as a sever.

http://www.sevenforums.com/tutorial...work-vpn-enable-incoming-vpn-connections.html

Thanks. :thumbup:

I can now connect through the VPN, but I can't access network resources. File shares, etc. Could it be an internal network addressing conflict? ie, both the router on my home network and the network I am connecting the VPN through have their gateways/routers set to 192.168.1.1.....

BTW I setup the VPN by just allowing access on my Primary computer (through control panel) and setting up the connection manually on my client laptop. I just forwarded port 1723 (TCP) to my primary computer 192.168.1.150 on my router and allowed all the VPN passthrough options. I did NOT enable PPTP or anything like that on the router, just allowed it to passthrough, etc.

 

[JackMDS]

Do you see the shares if you connect normally?

Did you open the open the ports through the Software Firewall to?

If you can connect and every thing VPN wise is configured correctly, seeing the shares is matter of configuring the Sharing.

 

[KlokWyze]

I set up a VPN on my DD-WRT router. I have a PC running 24/7 to power my magicjack, so I have that PC running the DynDns updater client. I signed up for a free dynamic DNS account, which tracks my public IP address using the updater client.

I am on FIOS, so I have coax coming from my ONT into an ActionTec router, and then I have a secondary DD-WRT router that is the main router for my LAN. I have the secondary router in the DMZ of the ActionTec.

All I did was enable the PPTP server on the DD-WRT router, and create a couple of username/password combos on it. Then I restarted the router.

It works, generally, but when I'm at a friend's house, there are some things that I cannot access over the VPN.

I cannot go to http://www.microsoft.com/windows/windows7/
Nor can I download MPC-HC from the sourceforge page.

In both cases, the pages hang accessing some domain name. It's not a DNS problem, because I can run NSLOOKUP while using the VPN, and those same domains that hang in FF4 come up with an IP address immediately.

I don't have a solution to why the VPN only mostly works, and not completely works. Perhaps bugs in DD-WRT?

Thanks. Very interesting actually because I've decided to try experimenting with the PPTP option in DD-WRT if I can't get the current setup to work. TBH the Windows option is a bit strange. Windows created a separate RAS network connection, that, when enabled, drastically slows down throughput (on both client and server), basically rendering web browsing impossible.

Which leads me too....

Do you see the shares if you connect normally?

Did you open the open the ports through the Software Firewall to?

If you can connect and every thing VPN wise is configured correctly, seeing the shares is matter of configuring the Sharing.

I do not see the shares @ all. They would appear as though they would as if I was connected to my home LAN correct?

Thanks for the now obvious advice....lol. I'll look into what services use what ports and just forward everything & test, etc.

 

[imagoon]

I set up a VPN on my DD-WRT router. I have a PC running 24/7 to power my magicjack, so I have that PC running the DynDns updater client. I signed up for a free dynamic DNS account, which tracks my public IP address using the updater client.

I am on FIOS, so I have coax coming from my ONT into an ActionTec router, and then I have a secondary DD-WRT router that is the main router for my LAN. I have the secondary router in the DMZ of the ActionTec.

All I did was enable the PPTP server on the DD-WRT router, and create a couple of username/password combos on it. Then I restarted the router.

It works, generally, but when I'm at a friend's house, there are some things that I cannot access over the VPN.

I cannot go to http://www.microsoft.com/windows/windows7/
Nor can I download MPC-HC from the sourceforge page.

In both cases, the pages hang accessing some domain name. It's not a DNS problem, because I can run NSLOOKUP while using the VPN, and those same domains that hang in FF4 come up with an IP address immediately.

I don't have a solution to why the VPN only mostly works, and not completely works. Perhaps bugs in DD-WRT?

Not sure how DD-WRT does it but sounds like possible MTU / fragmentation issue. It is possible that the VPN interface is not in the routing table properly also. I don't use DD-WRT anywhere so a bit hard for me to do more than guess. I mostly saw strange issues like this only when connecting to a firewall that is also NATting the rest of the network. I solved it by using a dedicated device at one point and finally getting a fixed firmware for the Netscreen end points and some policy based routing magic.

 

[KlokWyze]

I'm sort of making an educated guess that my Windows Vista Laptop (client) is tunneling into my Windows 7 PC (server) using SSTP (PPP (or PPTP?!?!?!?) through SSL). If I AM using PPTP then I should open 47 for GRE (Generic Routing Encapsulation), but I can't seem to find any information on specific protocols my Windows 7 computer (server) is even configured to use. Or even any info online. I'm just going to forward 47 anyways.....

Forwarded all these to the server:

GRE (If PPTP is used): 47
SMB: 137
1723.

Going to test now...

 

[KlokWyze]

Still the same as before. I can access the VPN, but I can't see any of the network shares. Also, web browsing is impossible. There is no throughput..... I can ping both my home router and server (by name, but not by IP) remotely, but that's it.

Any ideas?

 

[KlokWyze]

I didn't realize that setting up VPNs could be so difficult and hard to find relevant information on. It's strange that Microsoft doesn't really tell you or show you what it's doing. It just allows you to setup an incoming VPN "from the internet". Searching all over Microsoft and Google doesn't provide any additional information. OpenVPN is broken for me, it just doesn't work. Theoretically OpenVPN would be the best option, but I ran into far too many errors.... if this is the industry standard why is it so buggy?

I actually got network, file and web browsing access through the 'PPTP Server' option in DD-WRT. Good speed as well.... about 200 kbps. Setting it up was easy as hell, but I know that it's not nearly as secure as L2TP or IPSec, but TBH I can't really find any documentation on how to configure these options.

I'll ditch the effort to VPN with the built-in Microsoft option... if anyone can find documentation on how exactly MS implements VPN with Vista and 7, please let me know.

Here is a good read here:
too dumb to use openVPN =P

 

[VirtualLarry]

Not sure how DD-WRT does it but sounds like possible MTU / fragmentation issue.

That's kind of what I thought too, but I cannot seem to find where MS exposes a manual MTU setting for the VPN adaptor. If I right-click and select Properties, there's no MTU setting there.