Mobile Office

As from home, anywhere

Virgin Media is boasting 100 Mb/s download and 5 Mb/s upload data transfer. With these speeds, it is not only thinkable to make a VPN to tunnel traffic and avoid eavesdroppers on public WiFi, but also use it to navigate the Internet as if you were at home.
Therefore, if I ever wanted to watch BBC iPlayer or other video on demand services from abroad, I could.

Here is a description on how to prepare this on Debian Linux and connect from an iPad tablet, but other distro will work the same way.

Of course, this is legal as you will have your home in the UK and paid for the TV licence where needed.

Jump to: Server configModem configClient config

Hardware and software being used

Note: if you want to make good use of your Raspberry Pi, that would also work :)

 

How to configure the server

As I used the microserver headless, all instructions goes through the command line. Configuration files can be downloaded at the bottom of the post, as example.

First, we need to install the VPN server package. For simplicity reasons, I use PPTP. It is not the most robust or secure, but still better than sending email password in clear on open WiFi…
Then, you need to edit the server configuration file to personalise.
We will assume:

  1. that your Internet gateway (modem router) is 10.0.1.1 and subnet is 255.255.255.0,
  2. the Debian server IP is 10.0.1.100 and,
  3. we will only have a maximum of 10 VPN clients simultaneously connected and,
  4. we have no device on the network between 10.0.1.200 to 10.0.1.209 and,
  5. we will use Google public DNS (this way it is not ISP dependent).

sudo aptitude install pptpd
sudo nano /etc/pptpd.conf

Scroll down to add:

localip 10.0.1.100
remoteip 10.0.1.200-209

Then ^O ^X to save and exit.

sudo nano /etc/ppp/pptpd-options

Scroll down to edit the lines starting with #ms-dns so they read as follows:

ms-dns 8.8.8.8
ms-dns 8.8.4.4

Scroll down to add

noipx

Then ^O ^X to save and exit.
Note: you can edit the following if you have your own domain name called “mydomain.com” and your server is called “vpn”. This is not necessary.

name vpn.mydomain.com
domain mydomain.com

Now you need to create your users

sudo nano /etc/ppp/chap-secrets

Add a line for each user and separate columns with

alban    *      password1      *

Then ^O ^X to save and exit.
NOTE: the first * could be replaced with vpn.mydomain.com if you have used the name in /etc/ppp/pptpd-options

Now apply all changes:

sudo /etc/init.d/pptpd restart

 

How to configure your modem/Internet gateway

You need to redirect ports 47 TCP+UDP and port 1723 TCP to your server.

This is 10.0.1.100 in our example. If you don’t redirect the ports, your server won’t be listening to connections.

 

How to configure the client

Snapshot of Apple iOS Add VPN Configuration menu

Go to your Apple mobile device Settings => Network => VPN => Add VPN Configuration. Select PPTP.

Then populate the fields.

For server, either enter the IP address or the domain name. If you have a real dynamic IP address, you might wish to use DynDNS. My Virgin Media connection is a sticky dynamic IP: it hasn’t changed for over a year…

The user and password are the ones you entered in /etc/ppp/chap-secrets
If you want to tunnel all your traffic through your home, use “Send All Traffic”. You need to select that if you want to access UK video on demand from abroad.

You might want to use a “split tunnel” to only send through VPN traffic for your home (accessing local IP) and access Internet directly for speed reasons. To do this, simply switch “Send All Traffic” off.

Note: you can connect a laptop using Microsoft Windows operating system very easily too.  Ask in comments if you wish me to add the procedure.

How to test everything works fine

Very simple, on your iOS client:

  1. Go to http://www.whatismyip.com/ and note the IP address down.
  2. Connect to the VPN. the VPN icon should show in your status bar.
  3. Go to http://www.whatismyip.com/, your IP address should have changed to the one from home.
iOS VPN Connected

What success should look like

Troubleshooting

VPN is connected, I can access internal servers like modem webpage, but not outside

Check that you have configured the DNS properly.
a. When you enter google.fi in your iOS browser, a connection error is displayed.
b. When you enter 87.248.122.122 in your iOS browser you see the URL change to http://failsafe.fp.yahoo.com/404.html but there is no page content.

Solution: make sure you have uncommmented ms-dns lines in /etc/ppp/pptpd-options

 

Configuration file examples

Reference