HTML5 Zone is brought to you in partnership with:

Doug Rathbone is a software architect working in Ad land. He is passionate about software design and automation, and regularly contributes to a number of industry sites on these topics. Douglas is a DZone MVB and is not an employee of DZone and has posted 60 posts at DZone. You can read more from them at their website. View Full User Profile

Secure your Internet Use While Away: Setting up VPN Server on Win7/Win8

09.11.2012
| 3076 views |
  • submit to reddit

These days we’re lucky. SSL is becoming pretty pervasive. Facebook uses it. Twitter uses it. Most modern start ups now use it. Sadly there are still other sites or services that you may be accessing on the internet that are still insecure allowing others to listen in on your internet usage, and for these your want an encrypted VPN link to route your traffic through. VPN’s can be expensive though if all you have is a home PC and a laptop on the road – lucky for us this can be a magic combination that is all you need and saves the day.

This week I’m in TechEd Australia. Microsoft make the fact that using the shared Wi-Fi could be fraught with peril:

Beware the #firesheep amongst us at #AuTechEd

The Australian TechEd program guide on Wi-fi usage.

The above statement didn’t worry me though. Why? Because I have a VPN to connect to when using third party internetzes while I'm on the road.

A few people I spoke to on the day seemed to think this was a lot harder than it is to setup. You don’t need to be a network engineer, and you don’t need Windows Server or a remote Amazon instance, or really much of a clue. All you need is a Windows 7 or Windows 8 PC to host your VPN (i.e. at PC at home), a Windows PC to dial in from (from XP right through to Win 8) and port forwarding support in your router.

How is this possible?

From Windows 7 onwards there is native support for hosting an incoming PPTP VPN service.

This allows you to setup a remote Windows 7 or Windows 8 machine as a VPN server for you dial in to while you are on the road, so that you can route your internet traffic through this remote machine’s internet connection in an encrypted fashion.

image

This allows you to cut the  complicated setup of a whole bunch of services such as DHCP, VPN, and routing into a simple step by step walk through that can take you 5 minutes.

What you’ll need

  • Windows 7 or Windows 8 remote machine for hosting the VPN connection.
  • The ability to route internet ports directly to this machine (i.e. port forwarding support in your router or a PC connected directly to the internet).

On with it then…

At home I have a Windows 7 PC used as a media pc that is on all the time for media sharing and TV watching duties. This is perfect for me as it gives me a remote PC that is on all the time and is  connected to an internet connection I trust. If you have such a PC and control the port forwarding to said machine, this is all you need.

Step 1: setup the VPN server (on your host machine).

The following works on both a Windows 8 and a Windows 7 machine (I've tested both successfully and the interface is exactly the same with just different “chrome” on the windows).

Open Network Connections

Hit the ALT Key to show the file menu, and then select New Incoming Connection.

image

At this point you can either select one of the current local machine users and grant them access to your new VPN link, or take my suggestion and create a new user just for VPN access and give it a really strong password. This will ensure that even if an evil doer gets into your VPN link, they don't necessarily have any of your other account files with the same account. Don’t make it any easier for them.

image

Then on the next page, tick the box that mentions that users will be connecting “through the internet”.

image

On the next page tick the network protocols you would like them to have access to. I’ve left mine “as is” as I only need IPv4.

image

Then click “Allow access”.

This has finished the setup of your server.

Step 2: Setup port forwarding.

Next you need to allow “the internet” to talk to your host PC on TCP port 1723.

First setup a static IP address for your host PC on your local network.

Take a look at Port Forward to find your router and instructions for how to forward TCP port 1723 to your machine’s IP address from the internet.

This will allow your host PC to be contactable from the internet, but unless you are lucky enough to have a static internet IP address from your ISP, or you don’t mind having to remember IP addresses, you’ll want to give your host machine a nicer address.

To help with making your host PC easier to connect to, take a look at setting up DynDNS.

Step 3: Your client PC.

Now that you have your home host PC all setup, you simply need to setup your client PC to connect.

This is just as simple.

Open the network control panel item Setup a VPN Connection.

Enter the remote hostname for your PC. If you’ve setup DynDNS this is your DynDNS host address (ie [yourhostname].dyndns.org.

image

Click Create.

Now when you attempt to connection, simply enter the username and password you created earlier (the one with the really strong password) and connect.

Now enjoy the security of having a remote VPN setup without all the server management hassle.

You have been warned

Using 3rd party Wi-Fi at your local cafe or in my case conference centre is a bad idea. Any website you visit while connected to these Wi-Fi access points risks anyone else on the network sniffing your traffic and stealing your session using something like Firesheep.

However there is another risk in setting up a VPN by following the above:

By following the above you are directly placing your PC “on the internet”. This means the evil doers can have just as much access as you. Be sure to place a really strong password on any accounts you setup, and change it regularly. You can also look at using a different TCP port for your VPN so that there is a bit more obscurity for anyone just trying to brute force port 1723.

Published at DZone with permission of Douglas Rathbone, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)