Can someone please explain VPN and setting it up?!
#1
hey everyone!

I have looked up VPN and understand that its a private network but confused on a few things.

Basically I have a pi connected to NAS, and I want that storage (with all my media) to be able to be connected by another Pi at my family's house a few hours away.
I am being told setting up a VPN is the best way to go, OpenVPN?

There are many guides out there (if someone can post a LEGIT one that would be great, for RASPBMC), but I dont understand what the difference is of setting up your own OpenVPN server vs paying for VPN (like VYPRVPN), If I pay for one do I just connect both Pi's to the Paid VPN via authentication as client? and how does one Pi see another, doesn't the IP Address always change?

Those are mainly the things I am confused about, the server side there are lots of guides but how do you actually connect the two pi's after that?? via server instructions or paid service!

thanks so much!!
Reply
#2
Hi there.

VPN world is confusing and full of acronyms, hence very disturbing.
1. You need a VPN server somewhere in your own network (LAN). Some Modem & Routers do have PPPTP VPN server included inside them, like Asus RT-AC66U. Most NAS devices (Synology for instance) has VPN server inside them as well. This is very good! Raspberry PI can be constructed as a VPN server also. PPPTP is the easest to implement.

2. Choose what VPN technology yo use:
* PPPTP in old and can easely be cracked, but it's easy to implement, uses only one TCP port. Only user & password.
* L2TP/IPSEC is more seruce, uses 3 UPD ports and has PSK keyphraze with user&password. Quite easy. I'm using this.
* OpenVPN is the most secure and the best, but client needs to have certificates (2 files) installed into the client.

3. Open needed ports from your WAN_router / modem and direct them (NAT Rule) to the VPN server inside you LAN and and enable VPN passthrough perhaps.
4. Test the VPN connection e.g. iPad / iPhone / Android from outside you LAN, from the internet (3g perhaps).
* If the connection succeeds, ask for phones's IP from e.g. http://ipaddress.com/ and the IP should be the same as your home WAN_IP (operator gives).

OpenElec for Raspberry PI has VPN client inside under settings, so it should be quite easy to make the connection to your LAN's NAS via VPN and use SMB/NFS shares avaiable for the XBMC. The other houses Raberry PI needs to connected to the internet ofcource..
Reply
#3
it looks like Raspbmc had an option to click the VNC radio within Raspbmc Settings. Not sure how to change the settings tho, no options that I see of in the GUI im assuming its on the SSH side of things

I understand number 2, I like the idea of OpenVPN, are there any good guides for Raspbmc to set it up? I used this site; http://raspberrypihelp.net/tutorials/1-o...r-tutorial to try and set it up but theres no directions for the client side, and it is geared more towards Raspbian, which has a different iptables setup etc...but I have Rasbpmc with Secure-rmc iptables.

I am more so confused about number 3. opening the ports like 1194 (openvpn) is easy, but direct them to VPN server inside your land and enable vpn passthrough, i am lost...

P.S. this is the only thing i see within my router as far as VPN options: http://imgur.com/n3AEaXL

oh and one last thing! If I were to use an outside VPN source like VyprVPN, and just install the certificates on the client computers, would this by chance remove the possible throttling my ISP is doing for all my downloads, as in once the VPN certs are installed, will my ISP be able to see me downloading those files or will the think its coming from another IP?
Reply
#4
VNC is not VPN. VNC is a way to see a desktop remotely.

VPN in use consists of several parts in a home environment:

1) A VPN server sitting on the network with the resources to access.
2) An Internet router set up to channel external VPN calls to the VPN server
3) The Internet over which a remote client will connect
4) A different home network with an Internet router (see important note below)
5) A device on the remote network running VPN client software to connect to the VPN server

For 1) you need to install VPN server software, either on the Pi or on a different device like a NAS
I first investigated doing this on the Pi but found it to be way simpler to use my NAS (a Synology DS212j DiskStation) because it already had a function for VPN that just needed an install command plus configuration.

For 2) You need to go into the router configuration and tell it to forward TCP port 1723 to the VPN server device's IP address.
This step was not possible for me to do while traveling in March so I had to wait until I got home. All routers have functions to forward calls on the Internet side on specific port numbers to an internal device by local IP address.

For 3) you need no configuration...
Dynamic DNS
Except that you will probably need to get yourself a Dynamic DNS account somewhere (there are lots available), which makes it possible to connect to your server through a friendly name like myhomenetwork.synology.me. Synology provides a free service for users of their NAS products, which is what I use.

On 4) you need a router that is VPN aware such that it can forward the VPN packet traffic. But apart from that there is nothing to do here.

Finally for 5) you need to configure a VPN network client on the device you want to connect "home" from.
In your case you need to install the VPN client on your Raspberry Pi and configure it to connect to the VPN server using the external Internet address of the router on the server network.
This is where the Dynamic DNS comes in handy so you won't get hit if the ISP changes your IP address.
Once the VPN client has connected you can access the remote network using the IP addresses on that network. THe routing from your client site to the server site will be handled by the VPN system.

One last important note:
The two involved home networks must have different IP addresses on their networks!!!!
If the server VPN is on network 192.168.1.x then this is forbidden for the client network, it must use something else like 192.168.13.x or similar, otherwise the client will not be routed over VPN and all calls to the other side will wind up being local calls to devices that do not exist and hence they fail...
Bo Berglund
Sweden
Reply
#5
Boss B: your message was very helpful! Thank you.

I have one question though..

I understand that IP address have to be different from one network to the other. But in my Synology VPN server config (PPTP) it asks for ip range and default is 10.0.0.0. My 2 networks are 192.168.2.x and 192.168.1.x

What should I put in the VPN server settings as ip range and subnet?

Will I be able to locate and access computers even if they are not the same ip range (192.168.2.x will be able to access 192.168.1.x) ?

Thanks I'm getting closer!
Reply
#6
(2014-10-15, 05:24)marc.chabot Wrote: Bosse_B: your message was very helpful! Thank you.

I have one question though..

I understand that IP address have to be different from one network to the other. But in my Synology VPN server config (PPTP) it asks for ip range and default is 10.0.0.0. My 2 networks are 192.168.2.x and 192.168.1.x

What should I put in the VPN server settings as ip range and subnet?

Will I be able to locate and access computers even if they are not the same ip range (192.168.2.x will be able to access 192.168.1.x) ?

Thanks I'm getting closer!
I am not sure I understand you question fully, but as I understand it the address you enter into the Synology config is the IP address the VPN tunnel will use, so when you connect the VPN your remote device will get an address in this range. It is important that this range is not used on your home network or on the client side network.
Now when you want to access a resource on your home network the call to that address will be routed through the tunnel using your new address as the source and then the VPN server will check if the target is on the local home network, in which case it will route the call to that device. If the target is not on the home network then the routing will go to the home network internet router and out on to the Internet.

Address translation (NAT) is used in these steps by the VPN server.

But one case will fail and that is when duplicate networks are encountered:
- If the remote site uses a network address range that is the same as either the VPN tunnel address (set in the Synology VPN config) or the same as your home network, then the tunnel will not be used for communication and you will fail to connect where you wanted.
So instead of using the default 10.0.0.0, which is probably in use at many places, change it to something like 10.113.237.0.
Bo Berglund
Sweden
Reply
#7
I might add that I have now switched to using a Raspberry Pi as the VPN server, since I have more control using this.
I installed RASPBIAN on that Pi and then configured both OpenVPN and PPTP VPN on the Pi. So I am no longer using the Synology NAS as the VPN server.
The Pi works just fine and I have found that the OpenVPN is the most versatile VPN server of the two, PPTP has issues from certain locations like hotels and such whereas OpenVPN always has worked for me.

The drawback of using OpenVPN is that it is rather complicated creating new logins for it, right now I am stuck and cannot see how to do that.
But apart from this issue it is very good.
So when you reach the client login creation phase, make sure to create a bunch of spare clients for the future....
Bo Berglund
Sweden
Reply
#8
I managed to get connected to my VPN from my Windows 10 preview where I have XBMC installed.

The thing is I don't seem to be able to access my shares?!

I am able to reach my remote shares from my iPhone through that same VPN but not from Windows 10. Any idea why? Could it be because of my firewall? I'm getting closer but still need your help.
Reply

Logout Mark Read Team Forum Stats Members Help
Can someone please explain VPN and setting it up?!0