Windows 10 built in VPN

-
DISCLAIMER: The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues. 

Server setup:


Take note that, beside using port 1723 for PPTP protocol, Windows built in VPN server apparently will use port 443 as well which is the same port as HTTPS. If you running a web server using that port, you might need to change its' port.
  1. You need to have your internal IP to be in different subnet between your VPN server and client. For example if the client IP in the range of 192.168.1.x, the server IP should be in 192.168.2.x. Of course you can use totally different IP class like 10.x.x.x for either server or client as long there are in different subnet. This can be setup in your router, or manually in your network adapter.
  2. You should get a fix domain name for your server. You can register for free dynamic DNS for your VPN server.
     
  3. Open Control Panel, Network and Sharing Center. Click on Change Adapter Setting



  4. Click on menu File, New Incoming Connection


  5. Choose user that can connect to VPN. You can also add new user by clicking on Add Someone


  6. Click Next after selecting users(s). Check the Through The Internet checkbox and click Next.


  7. Check all checkbox EXCEPT Internet Protocol Version 6. If you know what you are doing, feel free to enable IPv6. It won't break anything anyway.

  8. Select Internet Protocol Version 4 and click Properties. In the Properties window, you can leave everything to default. The VPN client will get the IP from your router (on the server network). But in my example here, I choose to set the IP of the VPN client so that I don't have to do the extra step of finding out what's the client's IP will be. Since I will only have 1 client to connect, I put the range to 2 IPs, which is the minimum: it won't allow you to have the same IP for "From" and "To". You can have as many IPs as you wish. But if you want to assign more than 3 IPs, it's better to select Assign IP Address automatically.

    If you know what you are doing, you can also check Allow calling computer to specify its own IP. This is exactly what I did, so that I will always know the client's IP. But to simplify things, I will not include this step (where you need to configure client's IP later) in this guide.

    Click OK when you're done, then click Allow Access.


    If there wasn't any error, it will tell you the computer name and allow you to print the information. Just click Close and forget about what you see there. What you need is the domain name that you have registered with dynamic DNS provider before, not the computer name itself.

  9. Next, you need to allow incoming connection to VPN by your firewall. Open Control Panel, Windows Defender Firewall. Click on Allow an app of feature.......


  10. Scroll down and make sure Routing and Remote Access is allowed on Private and Public. Click OK.



  11. You will also need to setup port forwarding in your router. Log into your router’s setup page and forward port 1723 to the IP address of the computer where you set up the VPN server. You DO NOT have to forward to port 443. Most probably the server use that port for some internal thing. Now that the VPN is open to the public, make sure that you use strong password and have Windows install update automatically.

Client's Setup:
  1. Open Control Panel, Network and Sharing Center. Click the Set up  a new connection or network.



  2. Select Connect to a workplace and click Next.




  3. Click Use my Internet connection.



  4. Enter you dynamic DNS domain name in Internet Address and any thing meaningful to identify your VPN server in Destination Name.



  5. Go back to Control Panel, Network and Sharing Center. On the left pane, click the Change adapter settings.



  6. Right click the VPN adapter and click Properties.



  7. Make sure in General tab is the the correct domain name.

    In Options tab, you can check Remember my credentials and select idle time (to disconnect VPN if not being use), or just leave the default values there.

    On Security tab:
    Type of VPN: Point to Point Tunneling Protocol (PPTP)
    Data encryption: Maximum strength encryption (disconnect if server declines)

    On the Networking tab:
    Uncheck the Internet Protocol Version 6 (TCP/IPv6) option.
    Check the Internet Protocol Version 4 (TCP/IPv4) option.

    Still on the Networking tab:
    Select the Internet Protocol Version 4 (TCP/IPv4) option and click Properties button.
    Click the Advanced button.

    Uncheck the Use default gateway on remote network option.





    We’re disabling this option to prevent your web traffic to go through the VPN, which can dramatically slow down your internet connection. However, if you’re accessing the internet through a VPN connection, then don’t change this.

    Click OK.

    Now you are back at the IPv4 properties. Feel free to set your own IP here if you know what you're doing. Otherwise leave it as it is: Obtain IP and DNS automatically,

    Click OK, and OK again.
  8. Open Settings, Network & Internet, VPN. Click the VPN connection option and click Connect.



    It will ask for credential. Use the user's credential that you select when you setup the server and you should be connected. Try to ping the local IP of your VPN server to confirm the connection.



Autoconnect VPN on start up:

  1.  Control Panel, Network and Sharing Center, Change adapter settings.
  2.  Right click the VPN adapter and click Properties.
  3. In Options tab, check Remember my credentials.
  4. Create a text file and put this:

    rasdial "my vpn's server name" "username" "password"



  5. Save it as batch file (with .bat extension, no txt).
  6.  Open Windows Startup by running this:

    shell:startup



  7. Drop the file in Windows Startup or create shortcut of the file there.
You can also connect manually by running that batch file. Alternatively, you can also run the batch file via Windows Scheduler every few minutes. It won't give any error if you try to connect when it's already connected.


Connecting from server to client:

While the client can access server (limited by rules set up in server), the server can't really access the client. This usually because of client's firewall.

To allow server access to client, you need to allow incoming connection from server in firewall.
  1. Open Control Panel, Windows Defender Firewall. Click Advanced Setting.


  2. Select Inbound Rules on the left pane and click New Rule on the right pane.

  3. Choose Custom and click Next


  4. Choose All programs and click Next
  5. On the next window, choose Protocol Type: Any, and click Next
  6. Choose These IP Address under Which local IP... and click Add


  7. Put the IP subnet or IP address range and click OK. This is the IP of the client that you set up in server, or manually set in client.




  8. Click Next.

    Select Allow the connection and click Next.

    Select all (Domain, Private and Public) and click Next.
  9. Put any meaningful name like VPN Server Inbound and click Finish.
  10. Try to ping the client from server.


Credit:
https://www.howtogeek.com/135996/how-to-create-a-vpn-server-on-your-windows-computer-without-installing-any-software
https://pureinfotech.com/setup-vpn-server-windows-10
https://strongvpn.com/autoconnect-windows-10-pptp

Comments

Post a Comment

Popular posts from this blog

Useful aliases

-
alias ll="ls -lah" alias branch="git branch" alias checkout="git checkout" add() { # Colors GREEN="\033[32m" RED="\033[31m" YELLOW="\033[33m" BLUE="\033[34m" RESET="\033[0m" # Arrays for summary added_files=() skipped_files=() # Get changed files (including renamed, deleted, etc.) mapfile -t files commit() { echo "Enter commit message (Ctrl+D to finish):" msg=$(cat) git commit -m "$msg" } git_push() { # Colors RED="\033[0;31m" GREEN="\033[0;32m" CYAN="\033[0;36m" YELLOW="\033[1;33m" NC="\033[0m" CURRENT_BRANCH="$(git rev-parse --abbrev-ref HEAD)" git fetch origin "$CURRENT_BRANCH" >/dev/null 2>&1 echo -e "${CYAN}Commits to push on $CURRENT_BRANCH:${NC}" git log origin/$CURRENT_BRANCH..$CURRENT_BRANCH --oneline || echo "No upstream ...
Read more

Enable Search Engine Friendly (Pretty URLs) in Yii2

-
In config/web.php : 'urlManager' => [ 'class' => 'yii\web\UrlManager', // Hide index.php 'showScriptName' => false, // Use pretty URLs 'enablePrettyUrl' => true, 'rules' => [ ], ], Create .htaccess file in web root folder: RewriteEngine on # If a directory or a file exists, use the request directly RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # Otherwise forward the request to index.php RewriteRule . index.php To use Gii in Pretty URL, add these in rules: 'urlManager' => [ 'class' => 'yii\web\UrlManager', // Hide index.php 'showScriptName' => false, // Use pretty URLs 'enablePrettyUrl' => true, 'rules' => [ 'gii' => 'gii', 'gii/<controller:\w+>' => 'gii/<controller>', 'gii/<controller:\w+>/...
Read more