PPTP VPN

From TreoCentral

Jump to: navigation, search

Using VPN is a very good idea for those who are running services they intend to use for their Treo's out of their house. When setting up these services, a common problem which arises is opening up your network to hacking. These services attach themselves to ports, which must be opened up in your firewall. Doing so allows hackers to use a variety of attacks to gain unauthorized entry into your network or server. The most logical solution to this problem is to keep as many ports as possible closed. PPTP VPN is very easy to set up and applies the above logical solution. It does require one port to be open, but once this is done, will no longer require the need for open ports for services such as FTP, SSH, VNC, POP3, SMTP, and more. This article will provide step by step instructions on how to set up a PPTP VPN on a Windows desktop.

Windows XP has a built in PPTP server, so no additional software is required. In order to properly setup the system to accept PPTP connections several things must first occur.

1) Go to Start->Control Panel
2) Switch to classic view if you have not already.
img1mi0.png
3) Double click the Network Connections icon.
img2jm0.png
4) Click "Create a New Connection".
img3se9.png
5) Click "Next".
img4xk1.png
6) Select "Set up an advanced connection" and click "Next".
img5ch5.png
7) Select "Accept incoming connections" and click "Next".
img6gh6.png
8) Ignore the "Devices for Incoming Connections" window and click "Next".
img7cw5.png
9) Select "Allow virtual private connections" and click "Next".
img8tp1.png
10) Select the users who will be able to create VPN connections. I highly suggest that you do NOT these privileges to an Administrator. After you select the users, click "Next".
img9io6.png
11) Ensure that the TCP/IP network stack and File and Printer Sharing is checked, then click "Next".
img10no1.png
12) Click "Finish".

The desktop is now properly configured to handle PPTP VPN connections. However, there are more conditions which need to be satisfied be you can make a PPTP VPN connection. Your router or firewall will also require configuration. As mentioned before, the one PPTP VPN port will cover all of your other ports. Therefore you must open up the PPTP VPN port (1723) and you may close any other ports which are being used for services. This procedure will vary for every router and firewall device, so at this point you should consult your manual. Just be sure that you forward the port to the correct address. DHCP often prevents this consistency of this, as your address may change. For this reason, I reccomend that you move your network to static addressing, this is not required however, but will aid in maximizing server uptime. Now that your network is correctly set up to handle VPN traffic, you will need a PPTP client for your Treo. The only PPTP client I am aware of for the Palm OS is Mergic VPN. AnthaVPN (formerly MovianVPN) is an IPSec client, and your server is not yet set up to handle IPSec traffic. You should also note that IPSec is more secure and also more versatile. If that is what you are looking for, then you should look at the Cisco PIX appliance which is the cheapest VPN appliance available which is compatible with AnthaVPN. The following instructions will help you set up Mergic VPN to talk to your home network.

1) Download Mergic VPN from http://mergic.com/vpnDoTrialDownload.php and run the installer on your device. Note that you will have to agree to an EULA.
2) After doing so, you will be brought to the VPN setup utility. First you will need to name the account. This can be any name.
3) The "User Name:" field can be filled in with one of the users you selected in Step 10 in the previous section.
4) The "Password:" field can either be left blank to prompt the user at every connect or entered and saved now. The password is the password that is associated with the user you selected in the previous step.
5) It is easiest and more stable to leave "Auto Connect" disabled.
6) The "VPN Server Name or Address" is either the WAN address of the desktop system or a valid DNS name. If you do not know your IP address, you can check it at http://www.esotericnet.com/scripts/ipaddress.html
7) Select "Details"
8) Set the "Idle Timeout" field to "Never".
9) The "Show Status" field is optional and based on the user's tastes.
10) Ensure that the "Send All" field is checked.
11) Leave the "DNS Suffix" field blank.
12) Select "Advanced".
13) Ensure that the "Encryption" field is checked.
14) The "Query DNS" field is required only if the server has a valid DNS name. If you are unsure about this option, leave it checked.
15) If your home network uses DHCP, then you can leave the "IP Address" field checked. Otherwise you will have to uncheck it and specify the address.
16) Select "OK".
17) Select "OK".
18) Select "Sign In".

At this point the device should try to and succeed at creating a connection with your home network. If it doesn't double check that you have correctly configured everything. Note that if you have Cingular's MEdiaNet, then PPTP will NOT work. Cingular has disabled PPTP passthrough on their side. VPN basically treats your device as if it were just another computer on your internal home network. Which means that you HAVE to use internal addressing to talk to your other services on the desktop since you closed all of the other ports.

Retrieved from "http://wiki.treocentral.com/index.php/PPTP_VPN"
Personal tools