- How to restrict access
- How to configure the VPN server
- Pluses of VPN connections
- OpenVPN - server setup on a router
- How to raise the OpenVPN server on the router
- Configure the Router.
- Creating a new VPN connection in Windows.
- Possible problems
With development network technologies VPN setup The router has become one of the tasks of the overall security complex for home networks and small office networks - the so-called SOHO segment (Small office Home Office). Organization secure transmission data through insecure channels has been used by mankind since ancient times. How to ensure the confidentiality and integrity of information if it is transmitted by methods that are not credible? This issue has been resolved long ago: by encrypting the message.
Customization VPN server and on each particular router may be different.
The receiving and transmitting parties agree in advance on the message encryption / decryption system, after which even unreliable communication channels can be used. Information will not be available for prying eyes or ears. A similar problem in computer networks is solved by a technology that has received the generic name VPN (an abbreviation of Virtual Private Network). Its essence can be simply described as follows:
- One computer (conditionally called a client) that has a connection to global network Internet, wants to access resources on another computer.
- The second computer (conditionally called a server) and having an Internet connection is ready to provide its resources (for example, folders with photos, music or movies), but it’s ready to provide these resources only limited circle persons (more correctly, a limited and predetermined number of specific computers).
How to restrict access
Access restrictions can be arranged, for example, by closing folders. public access special logins and passwords. But, as popular wisdom says, locks are from honest people. With special skills, you can break such locks and get unauthorized access to all resources exposed on the Internet. Well-trained teams of hackers (crackers) constantly scan computer networks for such “shared” folders. More correct solution - organize VPN:
Configuring VPN is necessary for securing home and office networks.
- A special client is installed on the client machine. software called a VPN client that can encrypt outgoing commands and requests using modern system public and private keys.
- A special software is installed on the server - a VPN server, which using the same pre-specified public and private keys, can decrypt requests and commands coming from insecure network called the Internet.
- Responses to client requests server part encrypts in the same way and sends back to client machine where the received information is decrypted.
Modern routers with vpn server - routers, they allow to hardware level support networks using VPN technology. As a rule, such routers support several protocols, the most common of them are:
- PPTP (Point to Point Tunneling Protocol) - the organization of a secure connection is achieved by creating a special logical tunnel;
- L2TP (Layer 2 Tunneling Protocol) - the organization of a secure connection is also carried out by the creation of a special tunnel and is a development of the PPTP protocol;
- IPsec is an add-on to existing protocols.
A router that supports VPN technology can be divided into 2 types, which have a built-in VPN server, and those that do not have it, but can pass through encrypted information flows. If the router does not have a built-in server, then there is a special tab in its settings, as a rule, in the Security / VPN section:
- PPTP pass-through;
- L2TP pass-through;
- IPsec pass-through.
By installing a “birdie” in the corresponding “checkbox”, it is allowed or denied the passage of such secret packets through the router.
In this case, it is assumed that the role of the VPN server is performed by any of the computers located in internal network and the task of the router is to provide a pass to one and the other side of encrypted packets. More sophisticated routers have an embedded VPN server in their implementation, allowing them to provide access to devices on the internal network ( home media server , external drive etc) via a secure channel from the outside. More difficult application - unification of several geographically separated networks into a single logical structure.
For example, a company has several branches located in different cities . Exposing a public finance director's computer would be the height of levity. A properly configured connection between routers in each of the offices unites geographically dispersed computers into a single logical network that is protected from outside intrusion.
How to configure the VPN server
Setting up a VPN server on each specific router may differ, but consists of the following steps:
- Sign in administrative panel , authorization, after which you need to check all existing settings and do full backup in case of failure in the settings.
- Update existing firmware . This is not always an extra operation, more fresh versions tend to be more workable.
- Select the VPN server tab in the main menu, select the protocol type, it can be PPTP or L2TP. Depending on the type of protocol chosen, the settings will be slightly different. But in any case, you will need to specify a pool of addresses, a range of IP addresses from the internal network that will be distributed to clients connected via VPN.
- You must specify a username and password on the basis of which the keys for encryption will be built.
- The next parameter is MPPE-128 encryption conditions (or more complex). The increasing complexity of encryption increases the cryptographic strength of the connection, but additional resources are spent on encryption / decryption, which reduces the overall connection speed.
- L2TP setup has the same sequence of steps and is not fundamentally different.
- After saving and rebooting the router, the server part is configured.
Pluses of VPN connections
Additional advantages of using VPN routers and connections. Next, you need to configure the client, that is, the software that will communicate with the server. Relevant customers are available for different operating platforms , their configuration is described in detail in the relevant documentation. Once setting up such access to home computer network , you can safely access your home file storage from any point supporting the Internet from your device (be it a laptop, tablet or just a smartphone). In this case, you can absolutely not fear that someone will analyze the traffic and try to crack the passwords to your mail or client-bank. And this is very important in places where there are open channels Internet access - McDonalds, major supermarkets, airports and others.
Let's take a look at how to configure VPN router For example Wi-Fi router but D-Link DIR 320.
1. First you need to connect the router to the computer using the wire that comes in the kit. Next in the browser line (for example, in Internet Explorer , Google chrome , Opera, Firefox, etc.) URL address - 192.168.0.1. Before this, it is recommended to bring the TCP / IP settings network card at auto mode to get IP address values (DHCP). Do not forget to plug the power adapter of the router into an electrical outlet.
2. Enter the login and password to log on to the server (you can find out this data in the documentation attached to the router). If you do not know the password, just enter the username only, and leave the password field blank.
3. After logging in, you are taken to the online interface of the router. In the Setup menu, the Internet Setup section will open ( Internet connection ). Here you need to select the type of Internet connection - in our case, PPTP (Dual Access) mode - or Russia PPTP. Next, we set the settings in the PPTP (Dual Access) section: select “ Static ip address "And bring everything required parameters : Subnet Mask, IP Address, Gateway ...
IP-address / Server name: indicate the address of your provider.
DNS: 217.78.177.250 (or another DNS server address provided by the service provider)
PPTP account: usually the contract number with the provider.
PPTP password: enter the password for VPN
Re-enter PPTP password:
Connection mode: "always."
Next, click the "Save Settings" button.
In the web interface, find the Status tab - here you will find your unique IP address and other parameters that the device received when connecting to a VPN. Also, you will see the buttons "Connect" (Connect the connection) and "Disconnect" (Disconnect the connection).
Now you can connect to a VPN through a Wi-Fi router. If the connection is not established, restart the router.
With the growing need for data protection when working on the Internet - there is a growing need for a reliable connection, the interception of which from the outside if not impossible, then very difficult. Using virtual private VPNs is one of the most available in a way organize direct communication between computers around the world without worrying about the vulnerability of third-party network nodes. In this case, even when intercepting the data stream - hackers will not be able to decrypt it.
About what can be used VPN, told the previous article on the topic. Here it will go about how to raise OpenVPN server on the router. Also, the material will tell you how to set up an OpenVPN network, the server of which is your router.
Important! You can raise the VPN server only if the provider provides you with a static (permanent) IP address. Due to the lack of the latter, the operators assign permanent addresses upon request and for extra charge (usually it is 10-100 UAH / month).
OpenVPN - server setup on a router
The vast majority of routers designed to home use , have a simplified firmware, in which everything is done beautifully and intuitively clear, but its functionality is limited. Manufacturers believe that the user enough to configure the connection to the Internet and wireless network , and all the rest - the lot of pros using more expensive and specific equipment.
How to raise the OpenVPN server on the router
Before you raise the VPN server on the router, install secure password for wifi. Otherwise, network protection does not make sense, since anyone who connected to the router and downloaded the access profile will be able to use your VPN.
Configure the Router.
1. Go to the settings of the router, to do this, enter address bar Your browser is 192.168.0.1 or 192.168.1.1 .
2. Enter the login and password to access the router, the default is admin / admin .
3. Click the PPTP tab VPN server > Server Settings ; Check PPTP Server: ⊙Enable and MPPE Encryption: ⊙Enable .
4. Specify the range of IP addresses Start 192.168.0.200 and End 192.168.0.215
5. Go to the PPTP VPN Server> Account Settings tab; Add new account by clicking Add New .
6. In the Account field, create any login for your VPN server, for example, "server". In the Password field, create New password , in the Confirm Password field, enter the password you have invented again. In the Status field, select Enabled .
* Make sure that the VPN call is enabled in the settings of another router to which the server is connected.
Configuration of the router is complete.
Creating a new VPN connection in Windows.
1. Go to Control Panel> Network and Internet> Network and Sharing Center
2. Click on Create and configure a new connection or network.
3. Connection to the workplace (Setting up a telephone or VPN connection to the workplace)
4. Use my internet connection (VPN)
5. In the Internet address field, enter the external IP Address provided by your ISP in the place where the VPN connection will be made. You can find it if you go to 2ip.ru.
6. In the Destination object name field, enter any name for the VPN connection.
7. Go to Control Panel> Network and Internet> Network connections . On your new VPN connection, right-click on the> properties, in the Security tab> VPN type> select Point-to-Point Tunneling Protocol (PPTP). Data Encryption> select Mandatory (disconnect if there is no encryption). Check the box next to Allow the following protocols and leave as default. > OK.
8. On your new VPN connection, right-click> connect. Enter the username and password of the Account from item 6. Router settings of this manual.
Creature VPN connection it is finished.
Possible problems
1. VPN connection is disconnected every 2 minutes.
Go to Control Panel> System and Security> Windows Firewall> Enable and Disable windows firewall . Disable both items. Scroll back and click Extra options > Windows Firewall Properties. In the opened window, the Domain Profile tab> Firewall> Disable.
2. Not all sites open via a VPN connection.
Go to Control Panel> Network and Internet> Network Connections. On your new VPN connection, right-click> properties. Network tab> select Internet Protocol Version 4 (TCP / IPv4)> Properties> Advanced> Uncheck "Use default gateway on remote network". OK.
3. VPN connection continues to disconnect after a random amount of time.
a) Create text document with txt extension . Write the following text in it, replacing the text in quotes with your settings.
@echo off
set conn = "the name of your new VPN connection"
set login = "login from Account of item 6. Router settings of this instruction"
set pass = "password from Account item 6. Router settings of this manual"
set pause = 15
rasdial% conn% login%% pass%
goto exit
b) Rename the file extension "txt" to "bat". Place the file anywhere on the computer.
c) Go to the start, find the Task Scheduler in the search. In the opened window on the Task Scheduler Library> right click> create task.
d) In the General tab, name the new task.
d) In the Triggers tab, select New. Start task> Scheduled. Options> Daily. Repeat task> every 15 minutes. Within> indefinitely. The rest of the settings at your discretion.
f) On the Action tab, click New> Browse> Select the file with the "bat" extension that you created in a). OK.
g) You can make the rest of the scheduler of your choice.
If you often use mobile devices at hacker conferences or like to sit through free wifi in McDonald's, then sooner or later you will think about the security of your connection and come to the VPN.
Of course, there are many free and paid VPN service s for every taste and budget, but home Internet access channels are already so thickened that you can always easily select a couple of megabits for VPN traffic. And more for mobile access Do not need.
Having organized a home VPN, you also get a home cloud (in the sense of a small cloud :)), in which you can store photos and documents that you may need on a business trip and who are reluctant to trust public clouds.
Today you can configure a home VPN server on almost every home wi-fi the router. However, sometimes it is necessary to install custom firmware, such as DD-WRT, OpenWRT and others.
The router is fast, dual-band (2.4 and 5 GHz), stream the webcam (use as a video monitor) and fumble the printer, sometimes moonlighting as a media server.
Here on it I located my home private VPN server. For correct work VPN I recommend to connect the static IP service from the provider.
Configuring the iPad to work through a VPN service turned out to be a matter of 2 minutes
Now you can safely connect to any free wifi (or even to fast 3G), enable the VPN slider on the iPad, boldly surf the Internet and even manage the household without worrying about password security, theft of cookies and the substitution of web pages.
However, PPTP (more precisely, MS-CHAPv2) has a serious vulnerability: an attacker can dump MS-CHAPv2 handshake packets and decrypt your encryption key within 24 hours.
The solution to this problem is to use alternative VPN technology such as OpenVPN. On the Internet for a long time there is a special. build OpenVPN for home routers. The disadvantage of OpenVPN is the work in the user context (for example, the PPTP daemon usually works at the kernel level), which should have a noticeable impact on the performance and load of the router's brain. Pros from using OpenVPN - significantly more resistant AES encryption 128 bits (you can even protect state secrets by American standards) and the ability to work on any port, which means blocking such a VPN will be much more difficult.
Unfortunately for install OpenVPN A client needs a jailbreak and a very large tambourine for IDEs. There are no such problems with Android. You can configure the OpenVPN server on the router according to this instruction.
Once again. Home VPN helps you to hide your traffic from laptops, phones and tablets from prying eyes, bypass local bans on access to various internet resources, access to home file storage, webcam, etc. ... and all this for free and without any special worries home wifi the router. Cool?
How to ensure the confidentiality and integrity of information if it is transmitted by methods that are not credible?
Cool?