The Internet is Infected! The Ultimate Cyber Security Guide for Small Business and Home Computing!

If you find the information on this blog valuable you will find my upcoming three volume cyber security books infinitely more so! Visit my website at http://thatcybersecurityguy.com. My 8 years of research and 900 written pages are about much more than just cyber security as my writing presents valuable small business and general home computer knowledge. Visit me on Twitter @ThatCyberSecGuy. See the ACLU video "Invasion of the Data Snatchers" at YouTube to understand why you need my books and PDF files on the infected Internet.


Saturday, February 4, 2017

How To Setup your Router to Pass Thru a Windows 10 Pro VPN Connection Port

Getting your Windows 10 VPN working is going to be a three step process that you can attack in any order. The three pieces of the puzzle are your router, server and client; all require a bit of work to get everything working. We are going to tackle the router configuration piece first because if your network hardware is old or cheap you may not be able to get a VPN working. What is cool is you would perform this exact same process to forward port 22 to a SSH server which is described in detail in my SSH book chapter PDF. (See:  http://thatcybersecurityguy.ipage.com/index.php?option=com_sppagebuilder&view=page&id=20)


In my book, I stress the importance of having a hardware firewall between your network and the Internet. I hope that you have purchased an advanced router to place between your computers and your cable modem. For this example, I am using a NETGEAR R6300 router, which is the first device that we will configure to setup our VPN. Log in to your router and upgrade the firmware, if it needs it.  To do so in the NETGEAR R6300 log in as ‘admin’, click on the Advanced tab at the top > expand the Administration menu on the left > click on Router Update > click on the Check button upper left and hopefully you will see the message No new firmware version available. If it does update, it may take a while for the router to reboot so be patient as you will eventually be prompted to log in again.

If you are planning to run your own VPN you will need to get the IP Address of your computer selected to be your VPN server. Most routers will reveal the MAC and IP Address that you will need by just showing the Attached Devices. While in the Advanced tab under Administration click on Attached Devices and write down the IP Address, Device Name and MAC Address of the Windows 10 Pro computer you are planning to use as your VPN server. If you can’t display attached devices, open a command prompt by clicking on Start > Run > type CMD , or Start > All Programs > Accessories > select Command Prompt > at the prompt type C:\...\ipconfig and make note of your Windows 10 Pro VPN server's IP and MAC address.

Now we need to assure that your VPN server behind you hardware firewall is assigned the same local network IP address every time. We will do this the easy way by setting up an Address Reservation. We could also do this by setting up a static IP address but a Address Reservation is easier and more convenient. The DHCP feature called address reservation, you can have the best of both worlds: You get automatic assignment and management of IP addresses without giving up the ability to assign specific addresses set aside for the exclusive use of specific devices. (See:  http://www.smallbusinesscomputing.com/webmaster/article.php/3799551/Networking-With-Address-Reservations.htm)

Click on the Advanced tab at the top > on the left panel click on Setup, LAN Setup > below Address Reservation click on the Add button > under Address Reservation Table tick your VPN server's entry, which will fill in the IP Address, MAC Address and Device name fields > click on the +Add button at the top > This will bring you back to the Lan Setup screen, which will show the Address Reservation for your VPN server.

Now that we have hit the “that was easy” button we now need to tell the router to forward VPN connection requests to our Windows 10 Pro server. We do this by using port forwarding, also referred to as port mapping. Port forward is simply a method of forwarding a network port from one network node to another. This will allow external user to reach a port on a private IP address (your VPN server inside a your LAN) from the outside your NAT-enabled router. Therefore, we are going to open up and forward your routers VPN port and protocol to your VPN server.

Click on Advanced Setup arrow down to select Port Forwarding / Port Triggering > tick Port Forwarding and under Service Name select VPN-PPTP > under Server IP Address enter the IP Reservation Address that we just made above, click on +Add. This will configure port 1723 to be forwarded to your VPN server.

Your router is now setup to forward incoming VPN connections to your Window 10 Pro VPN server which we will setup next.

No comments:

Post a Comment

Please leave a comment so I can improve my writing and content!