Print
Being at home, even when you are not - Virtual Private Network

Being born and raised in Germany, most of my extended family lives over there and even after all these years, a simple phone call easily reconnects me with family and friends. Almost like a secret handshake, dialing a number and hearing each others voice makes me part of their network over there.

With a little bit of work, the same can be had for your computer. Even if you travel, being away from home for an extended period of time, your computer can still be made part of your home-network, with just a click of a button ...

I cannot believe that it's really that long ago, but back in March 2008, I wrote about how to Protect your online privacy when on the road by using your Home Router as a Secure Socket Proxy. This is still very relevant and works just like I had written then, but using an ssh tunnel falls short when you want to turn the remote machine into an equal member of your home network; for this we need a Virtual Private Network.


Mac OS X comes with ssh pre-installed, which makes it easy to open an SSH-Tunnel to an SSH-Host, like a LinkSys WRT-54G router with the Tomato replacement firmware installed. However, to build a VPN, we need Keith Moyer's TomatoVPN firmware, which is still based on the Tomato firmware by Jonathan Zarate.

Client-side

Since we need to create a key, which needs to happen on the client, let's start on the Mac.
Download and install Viscosity, an OpenVPN client for Mac, providing a rich Cocoa graphical user interface for creating, editing, and controlling VPN connections.

Key Generation

  1. On your Mac, open a Terminal to create a key:
  2. Enter /Applications/Viscosity.app/Contents/Resources/openvpn --genkey --secret static.key (adjust the path if you did not put Viscosity into your Application folder.).
  3. This should have created a ~/static.key file, containing a 2048 bit OpenVPN static key.

Client Configuration

Start Viscosity and Select Preferences after clicking on the new icon that just appeared in your menu bar. Start with creating a new connection setup. Here you'll see the following tabs: General, Certificates, Options, Networking, Proxy, and Advanced.

General

  1. Enter a name for your connection.
  2. Enter the IP address or preferably the name of your router (DynDns to the rescue, if you don't have a static IP).
  3. Enter a valid port number, like 1195
  4. Select udp as the protocol
  5. Select tab as the interface type.
  6. Select the Enable DHCP option.
  7. Select the Enable DNS support option.

Certificates

  1. Select Static Key as the type.
  2. Navigate to the static.key file, you created earlier. Viscosity will copy its content and keep it in ~/Library/Application Support/Viscosity/OpenVPN.
  3. Select Default for direction.

Options

  1. Only have these options checked:
  2. Persist Tun
  3. Persist Key
  4. Use LZO Compression
  5. No Bind

Networking

  1. Check Send all traffic over VPN connection.
  2. Enter your router's internal IP address, something like 192.168.1.1
  3. Leave everything else empty
Leave Proxy and Advanced settings empty and move along to the router side of things:

Router-side

Installing TomatoVPN on your router works just like upgrading any router software and if you are already familiar with Tomato, the only difference you will notice is the newly added menu-item on the lefthand side: VPN Tunneling, which allows setting up the router as a VPN client and/or server. Obviously, we are more interested in the server part here, which has 4 tabs: Basic, Advanced, Keys, and Status.

Basic

  1. Check the Start with Router option.
  2. Select TAB as the interface type.
  3. Select UDP as the protocol
  4. Enter a valid port number, like 1195 (same you were using when setting up the client software)
  5. Select Automatic as the firewall setting.
  6. Select Static Key as the authorization mode
  7. Save your configuration.

Advanced

  1. Select the Respond to DNS option.
  2. Select Use Default for encryption cipher.
  3. Select Adaptive for compression.
  4. Leave the custom configuration field empty.
  5. Save your configuration.

Keys

  1. Copy the content form the earlier create static.key file into the Static Key field.
  2. Save your configuration.
It's finally time to hit the Start Now button.

Now with the router listening for VPN requests on port 1195, everything is ready to go and the next time you're away from home, start Viscosity and select Connect after clicking on the new icon that just appeared in your menu bar. Also, select Details.. to find out what's going on. Select the log icon in the dialog window for debugging.

Helpful Information Elsewhere


QR code, to put this blog on your mobileDisclosure:
This blog is written and edited by me, it contains my words and my opinions only, and does not contain any content which might present a conflict of interest.
I am not compensated to provide opinion on products, services, websites and various other topics. This blog does not accept any form of cash advertising, sponsorship, or paid topic insertions. However, I will and do accept and keep free products, services, and other forms of compensation from companies and organizations. All advertising is in the form of advertisements generated by a third party ad network and identified as such.
I will only endorse products or services that I believe, based on my expertise, are worthy of such endorsement. Any product claim, statistic, quote or other representation about a product or service should be verified with the manufacturer or provider.

Published on: Monday, January 18th, 2010  •  Category: [software]
Feedback: Send me an email about this page and I may post it.   •   Digg: Submit story  •   Technorati: Add to Favorites