For the VPN virgin's out there, a VPN allows you to connect to your internal network securely over the internet and gain access to the resources you have at home, perhaps you want to read documents off your NAS drive, open an SSH connect to your Pi, or if your away in a different country you can use your home internet connection to access services which are restricted to your country (i.e. BBC iPlayer in the UK or Hulu in the US).
I choose to use PPTP on the Raspberry Pi, its not as secure as other services such as OpenVPN, but its much easier to setup, maintain and as a typical home user the additional risk was outweighed by the simple maintenance.
I used the instructions on this blog as the basis for installing PPTP on the Raspbian distribution.
I needed to specify the IP addresses I wanted my VPN to use in the pptpd configuration file.
Adding the following configuration lines to the bottom of the file, you will see some examples commented out:
localip is the IP address of your Raspberry Pi, my Raspberry Pi has static IP address making this step easier if your network assigns IP addresses dynamically (pretty typical), see this post for details on how to set a static IP address.
remoteip is a range of IP addresses which your Raspberry Pi will give out to clients who join the VPN. You need to give sufficient range to cope with the number of clients that may need to connect.
I modified the pptpd options file:
ms-dns is the ip address of your local dns service, more than often this will be the IP address of your router.
I created a user and password in the chap-secrets config file, this will be the user and password you login as, so its definitely a good idea to make this a strong password.
The username and password is put into the chap-secrets file in the format:
So it looks like this (obviously with your username and password!):
Configure Pi to forward traffic
In order to access network resources, other than the Pi itself, over the VPN, the Pi needed configuring the forward traffic, modify /etc/sysctl.conf and apply the change:
Find the option "net.ipv4.ip_forward", which should be commented out and look like:
Un-comment it and save the changes:
Apply the change:
In order to access the VPN from outside your network you need to configure your router to forward TCP port 1723 to the IP address of your Raspberry Pi, see portforward.com for more information about port forwarding guides and info; you may find setting up port forwarding simpler if your raspberry Pi has a static IP address, see this post on how to set a static IP address.
I had a problem with my router, in that i didn't support "GRE Protocol 47", which meant that when I tried to connect to the VPN from internet it would fail, router support for protocol 47 seems pretty random not necessarily related to a specific brand or price point. So if you have problems connecting to your VPN do a google search for our router and GRE.
Connect to the VPN
Setting up the connection to the VPN will be different depending on the client (e.g. PC, iPad, Phone) but most setups are you are going to need this information:
- Host = this is your external internet address, you might find it useful to use a dynamic IP service such as no-ip so you can use a DNS (e.g. myhost.no-ip.com) see this post for more information about no-ip and how to setup it up.
- Type of VPN = PPTP
- Domain = leave blank
- Username - the username you setup in the chap-secrets file
- Password - the password you setup in the chap-secrets file