Back in 2015 I did a series of blog entries on how to set up a VPN in Windows 7. Hopefully, you took advantage of Microsoft's FREE upgrade to Windows 10 (had to be done before July 29, 2016), and all your computers are running Windows 10 Pro now. I could leave up my old Windows 7 VPN blog entries but I grow tired of searching the Internet for technical solutions and find I'm on a years old web page, irrelevant solution wasting my time so I won't do that to you. Therefore, as my Windows 10 Pro VPN solution gets posted I will be deleting my old Windows 7 VPN solution. Besides, most people still running Windows 7 who did not take advantage of the FREE Windows 10 upgrade will probably not be interested in setting up a SOHO VPN.
If you search the Internet you will see LOT of VPN services that you can pay for but that is not necessary. Windows 10 Pro comes with everything you need to set up a FREE VPN into your SB or Home local network. However, getting everything working is not all the straight forward. In my book we went into detail about how to set up a Linux Secure Shell (SSH) server and configure your router to forward an SSH port to it. We then used that SSH server to securely use WiFi hotspots and transfer files back and forth with our partners. To set all of this up used things such as address reservations, an old computer collecting dust, QoS prioritization and much more. However, suppose you just want a simple Virtual Private Network connection to your local network behind your firewall. A VPN can be viewed as a network of computers that can be securely connected to your Small Business or Home Computing (SB/HC) network. There are many advantages to setting up your own VPN, not the least of which is encrypted, somewhat secure, access to your SB/HC network at anytime from anywhere. You do not want to have to purchase expensive services or additional hardware to be able to use hotspots securely.
WARNING
As seen many times in my book!
|
In the documents leaked by
Edward Snowden, the NSA and GHCQ have gone through extraordinary lengths to
break VPN encryption. We also have to
be suspicious of using commercial encryption software as the documents show
that the NSA has convinced commercial companies to compromise their own
software. Privacy advocates recommend
using only open source software such as OpenVPN for secure communication. Written in numerous articles, there is
strong evidence that the NSA has installed a cryptographic back door in all
versions of Windows since Windows 98. If those back doors have been leaked or discovered by third parties,
your VPN connection could be easily compromised by other entities.
We have to be cautious when using a VPN as Microsoft itself has
issued a warning against using PPTP in conjunction with the Microsoft
Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). (See:
http://technet.microsoft.com/en-us/security/advisory/2743314) This will also expose a port on the Windows
OS called PPTP thus exposing the VPN server directly to the Internet, so the use
a strong password and use of a non-standard port are wise precautions.
|
While we on that topic let’s briefly discuss these two VPN protocols. PPTP is a OSI Layer 2 protocol that uses port 1723. Encapsulates and transports multiprotocol data traffic over IP networks. It uses a set of communication rules, created by Microsoft that allows you to extend their own corporate network through private "tunnels" over the public Internet. In effect, this allows you to use a wide area network (WAN aka the Internet) as a single, large local area network (LAN). PPTP is known as a tunneling protocol because the PPTP protocol dials through the PPP connection, which results in a secure connection between client and server. You can use Point-to-Point PPP to transmit TCP/IP network communications over point-to-point connections. PPP acts as a carrier for PPTP, which is used to establish a VPN connection.
Layer Two Tunneling Protocol (L2TP) is a secure enhancement of PPTP and can also be used to create a VPN. L2TP is a combination of PPTP and Cisco's Layer 2 Forwarding (L2F) tunneling protocols. L2TP uses User Datagram Protocol (UDP) for sending packets as well as for maintaining the connection. Internet Protocol Security (IPSec) is used in conjunction with L2TP for encryption of the data. A SOHO router may not have support built in for L2TP but you should use it if it does. If you are a small business you will want to spend the extra money for a hardware firewall router that supports L2TP. For example, by default my home 802.11ac router only supports VPN-PPTP. To use L2TP I would need to set up a Custom Service on UDP port 1701. You may also have to open UDP port 500 to allow Internet Key Exchange (IKE) and UDP 5500 to allow IPSec Network Address Translation. Because L2TP does not provide confidentiality or strong authentication by itself, IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. IPSec needs IKE to negotiate the security association. (See: https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol)
No comments:
Post a Comment
Please leave a comment so I can improve my writing and content!