HOWTO Use VPN

From i3Detroit
Jump to: navigation, search

The router running at i3Detroit runs a PPTP VPN endpoint, which members can use to gain remote access to the space. Once you are connected, the i3 fileshare and any of the remote desktop protocol machines should work as if you were on the network in the space.

For credentials, please contact Mark Furland or Amelia Meyer at least a week before needed, please!

Windows 10

Adapted from [1]

1. Add a new VPN connection. Go to Settings > Network & Internet > VPN > Add a VPN connection

VPN Provider: Windows (built-in)
Connection name: PPTP
Server name: space.i3detroit.org
VPN Type: Point to Point Tunneling Protocol (PPTP)
Type of sign-in info: User name and password
User name: <username>
Password: <secret>

2. Navigate to the Windows 10 Network connections. Go to Settings > Network & Internet > Status > Change Adapter Options > PPTP Adapter properties

Security > Allow these protocols > Microsoft CHAP Version 2 (MS-CHAP v2)


NetworkManager

  • For debian, the package is `network-manager-pptp-gnome`
  • space.i3detroit.org, username+pass
  • Disable auth methods that aren't MSCHAPv2
  • enable MPPE, I left it as "all available" for security.

Mac OS

Adapted from [2]

≤10.11

For older OS X (macOS) versions, the setup of a PPTP VPN connection consists of the following steps:

  1. Click on the Apple icon in the top left corner of your screen.
  2. Open System Preferences > Network.
  3. Click on the “+” button from the left panel.How to set up a PPTP connection on Mac - Leopard
  4. For the Interface, select the VPN option.
  5. Next, select PPTP as the VPN Type and type-in a Service Name.
  6. Click on the Create button.
  7. Enter the VPN server name or IP to the Server Address textbox and the VPN user name to the Account Name field.
  8. Further, click the Authentication Settings button and enter your VPN account access password. Click the OK button.
  9. Lastly, click the Connect button.

To disable the VPN on Mac, enter the VPN connection properties (System Preferences > Network > VPN connection name) and click on the Disconnect button.

>10.11, <10.15

Even though for these macOS versions, PPTP is no longer available in the macOS built-in VPN client, a PPTP connection can still be set up.

A simple script can be created to configure and directly use the PPTP.ppp plugin in order to initiate a VPN over PPTP connection.

Basically, you need to create a file and paste the following commands:

plugin PPTP.ppp
noauth
remoteaddress "space.i3detroit.org"
user <username>
password <secret>
redialcount 1
redialtimer 5
idle 1800
# mru 1368
# mtu 1368
receive-all
novj 0:0
ipcp-accept-local
ipcp-accept-remote
refuse-eap
refuse-pap
refuse-chap-md5
hide-password
mppe-stateless
mppe-128
# require-mppe-128
looplocal
nodetach
ms-dns 8.8.8.8
usepeerdns
# ipparam gwvpn
defaultroute
debug

Then, from the Terminal app, execute the commands in the file with the PPTP.ppp plugin:

sudo pppd file ~/path-to-your-file/vpn.txt

The script will create a VPN connection to the specified server and it will authenticate with the provided username and password.

To disable the VPN stop the pppd process:

killall pppd

10.15

Unfortunately, Apple hates us, and got rid of PPTP entirely. The best option recommended is PrimoVPN, which is not free. Alternatively, you may be able to make these instructions work to add your own PPTP.ppp library.

How to add users

Adapted from [3]

On the router CLI (either in the webUI or over SSH), this process:

configure
set vpn pptp remote-access authentication local-users username <username> password <secret>
commit
save
exit

Please make regular backups and put them in the Admin/infrastructure/network_backups/router/ share on Google Drive.