Amahi Wiki - User contributions [en]

IPsec VPN

2013-09-19T08:27:12Z

Thanasis: /* Forwarding all traffic through the VPN */

We now have a new [http://www.amahi.org/apps/ipsec-vpn IPsec VPN] app for your HDA!

This VPN stack has many advantages, although it still requires two ports to be forwarded from your router to your HDA. These are

'''500 UDP''' and '''4500 UDP'''

UDP, not TCP.

Here is how to set up clients for various client operating systems:

* [[IPSec VPN iOS Client | iOS]] (iPad, iPhone, iPod) built-in client
* [[IPSec VPN Windows Client | Windows 7]]
* [[IPSec VPN Mac OS X Client | Mac OS X]] built-in client
* [[IPSec VPN Android Client | Android]] built-in client, (ICS, i.e. 4.x or later)

The Android (2.x/3.x) OS is known to be broken with respect to [http://www.amahi.org/apps/ipsec-vpn IPSec VPN]. See [[IPSEC/L2TP_VPN_Server|here]] for a manual implementation that should work.

= Changing the Secret and/or the Group Name =

Optionally, you can change the secret and/or group name.

For that, you have to be able to edit a system file as root.

Become root via ssh or a terminal and then edit this file:

/etc/racoon/psk.txt

This file has two field separated by at least one space. The first one is the Group name and the second is the Secret. Change them , keeping in mind that.

The changes will be picked up automatically a few seconds later. If you want to make sure, perform a:

service racoon restart

= Route All IPSEC VPN traffic through IPSEC VPN =

After you install IPSEC VPN and configure your router and iPhone correctly, you may find that twitter and facebook are still blocked by some networks.Also google-ing "what is my ip" will report back that you are still on the local network.

The Amahi VPN is set to use a split VPN tunnel by default. If you want to use blocked services while behind somebody's internet filters, you can use these steps to encrypt your traffic and use blocked services like twitter and facebook.

Below are the steps to direct all traffic through the VPN. Please note: this will divert all of your traffic through your hda, but you will not be able to access some of your network resources.

1 Open a terminal on your hda or ssh in.
2 Go to /etc/racoon (that is spelled correctly BTW)
{{Code| cd /etc/racoon}}
3 Back-up the original racoon.conf in case things break
4 As root, open racoon.conf with your favorite editor, mine happens to be nano
{{Code| sudo nano racoon.conf}}
5 down arrow to the mode_cfg
{{Code| mode_cfg {
auth_source system;
save_passwd on;
network4 10.8.1.1;
netmask4 255.255.255.0;
pool_size 10;
dns4 192.168.1.10;
wins4 192.168.1.10;
default_domain "Jamahi3.com";
auth_throttle 60;
split_network include 198.162.1.0/24 10.100.100.0/24;
split_dns "home.com";
banner "/etc/racoon/welcome.txt";
}
}}
note: I'm going to concentrate on the two lines that I changed: "split_network" and "split_dns".
6 Change split_network from "include" to "local_lan" and delete the 198.162.... range.
{{Code| mode_cfg {
~~
split_network local_lan 10.100.100.0/24;
}}
7 I also changed split_dns to the name that I changed my home domain to...
{{Code| mode_cfg {
~~
split_dns "Jamahi3.com";
}}
8 Save your work
9 Restart the racoon server
{{Code| sudo service racoon restart
}}
Or - open up your hda, click on settings>servers and restart the IPSEC server.

Googling "What is My IP" should now report your home VPN. You should then be able to use twitter and facebook through your VPN.

= Forwarding all traffic through the VPN =

Solution for IPSec VPN Server in Fedora 19 with Amahi 7 in order to Forward all traffic through the VPN

 
1. At /etc/racoon/racoon.conf
delete the 2 lines with split in mode_cfg :

{{Code|split_network include 192.168.1.0/24, 10.8.1.0/24;
split_dns "home.com";}}

2. At your Hda run ifconfig to see what is your network interface.
 At /etc/racoon/amahi-up-down change the lines 19 and 26 from eth0 to em1 because this is the network interface of my Hda. The changes are
 from:
{{Code| iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/32 -o eth0 -j MASQUERADE}}
to
{{Code| iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/32 -o em1 -j MASQUERADE}}

and from:
{{Code| iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}/32 -o eth0 -j MASQUERADE}}
 to
{{Code| iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}/32 -o em1 -j MASQUERADE}}

Finally go to http://hda->Setup->Settings->Servers and restart the IPsec VPN Server.

IPsec VPN

2013-09-19T08:26:12Z

Thanasis: /* Forwarding all traffic through the VPN */

We now have a new [http://www.amahi.org/apps/ipsec-vpn IPsec VPN] app for your HDA!

This VPN stack has many advantages, although it still requires two ports to be forwarded from your router to your HDA. These are

'''500 UDP''' and '''4500 UDP'''

UDP, not TCP.

Here is how to set up clients for various client operating systems:

* [[IPSec VPN iOS Client | iOS]] (iPad, iPhone, iPod) built-in client
* [[IPSec VPN Windows Client | Windows 7]]
* [[IPSec VPN Mac OS X Client | Mac OS X]] built-in client
* [[IPSec VPN Android Client | Android]] built-in client, (ICS, i.e. 4.x or later)

The Android (2.x/3.x) OS is known to be broken with respect to [http://www.amahi.org/apps/ipsec-vpn IPSec VPN]. See [[IPSEC/L2TP_VPN_Server|here]] for a manual implementation that should work.

= Changing the Secret and/or the Group Name =

Optionally, you can change the secret and/or group name.

For that, you have to be able to edit a system file as root.

Become root via ssh or a terminal and then edit this file:

/etc/racoon/psk.txt

This file has two field separated by at least one space. The first one is the Group name and the second is the Secret. Change them , keeping in mind that.

The changes will be picked up automatically a few seconds later. If you want to make sure, perform a:

service racoon restart

= Route All IPSEC VPN traffic through IPSEC VPN =

After you install IPSEC VPN and configure your router and iPhone correctly, you may find that twitter and facebook are still blocked by some networks.Also google-ing "what is my ip" will report back that you are still on the local network.

The Amahi VPN is set to use a split VPN tunnel by default. If you want to use blocked services while behind somebody's internet filters, you can use these steps to encrypt your traffic and use blocked services like twitter and facebook.

Below are the steps to direct all traffic through the VPN. Please note: this will divert all of your traffic through your hda, but you will not be able to access some of your network resources.

1 Open a terminal on your hda or ssh in.
2 Go to /etc/racoon (that is spelled correctly BTW)
{{Code| cd /etc/racoon}}
3 Back-up the original racoon.conf in case things break
4 As root, open racoon.conf with your favorite editor, mine happens to be nano
{{Code| sudo nano racoon.conf}}
5 down arrow to the mode_cfg
{{Code| mode_cfg {
auth_source system;
save_passwd on;
network4 10.8.1.1;
netmask4 255.255.255.0;
pool_size 10;
dns4 192.168.1.10;
wins4 192.168.1.10;
default_domain "Jamahi3.com";
auth_throttle 60;
split_network include 198.162.1.0/24 10.100.100.0/24;
split_dns "home.com";
banner "/etc/racoon/welcome.txt";
}
}}
note: I'm going to concentrate on the two lines that I changed: "split_network" and "split_dns".
6 Change split_network from "include" to "local_lan" and delete the 198.162.... range.
{{Code| mode_cfg {
~~
split_network local_lan 10.100.100.0/24;
}}
7 I also changed split_dns to the name that I changed my home domain to...
{{Code| mode_cfg {
~~
split_dns "Jamahi3.com";
}}
8 Save your work
9 Restart the racoon server
{{Code| sudo service racoon restart
}}
Or - open up your hda, click on settings>servers and restart the IPSEC server.

Googling "What is My IP" should now report your home VPN. You should then be able to use twitter and facebook through your VPN.

= Forwarding all traffic through the VPN =

Solution for IPSec VPN Server in Fedora 19 with Amahi 7 in order to Forward all traffic through the VPN

 
1. At /etc/racoon/racoon.conf
delete the 2 lines with split in mode_cfg :

{{Code|split_network include 192.168.1.0/24, 10.8.1.0/24;
split_dns "home.com";}}

2. At your Hda run ifconfig to see what is your network interface.
 At /etc/racoon/amahi-up-down change the lines 19 and 26 from eth0 to em1 because this is the network interface of my Hda. The changes are
 from:
{{Code| iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/32 -o eth0 -j MASQUERADE}}
to
{{Code| iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/32 -o em1 -j MASQUERADE}}

and from:
{{Code| iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}/32 -o eth0 -j MASQUERADE}}
 to
{{Code| iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}/32 -o em1 -j MASQUERADE}}

Finally I go to http://hda->Setup->Settings->Servers and restart the IPsec VPN Server.

IPsec VPN

2013-09-19T08:12:02Z

Thanasis: /* Forwarding all traffic through the VPN */

We now have a new [http://www.amahi.org/apps/ipsec-vpn IPsec VPN] app for your HDA!

This VPN stack has many advantages, although it still requires two ports to be forwarded from your router to your HDA. These are

'''500 UDP''' and '''4500 UDP'''

UDP, not TCP.

Here is how to set up clients for various client operating systems:

* [[IPSec VPN iOS Client | iOS]] (iPad, iPhone, iPod) built-in client
* [[IPSec VPN Windows Client | Windows 7]]
* [[IPSec VPN Mac OS X Client | Mac OS X]] built-in client
* [[IPSec VPN Android Client | Android]] built-in client, (ICS, i.e. 4.x or later)

The Android (2.x/3.x) OS is known to be broken with respect to [http://www.amahi.org/apps/ipsec-vpn IPSec VPN]. See [[IPSEC/L2TP_VPN_Server|here]] for a manual implementation that should work.

= Changing the Secret and/or the Group Name =

Optionally, you can change the secret and/or group name.

For that, you have to be able to edit a system file as root.

Become root via ssh or a terminal and then edit this file:

/etc/racoon/psk.txt

This file has two field separated by at least one space. The first one is the Group name and the second is the Secret. Change them , keeping in mind that.

The changes will be picked up automatically a few seconds later. If you want to make sure, perform a:

service racoon restart

= Route All IPSEC VPN traffic through IPSEC VPN =

After you install IPSEC VPN and configure your router and iPhone correctly, you may find that twitter and facebook are still blocked by some networks.Also google-ing "what is my ip" will report back that you are still on the local network.

The Amahi VPN is set to use a split VPN tunnel by default. If you want to use blocked services while behind somebody's internet filters, you can use these steps to encrypt your traffic and use blocked services like twitter and facebook.

Below are the steps to direct all traffic through the VPN. Please note: this will divert all of your traffic through your hda, but you will not be able to access some of your network resources.

1 Open a terminal on your hda or ssh in.
2 Go to /etc/racoon (that is spelled correctly BTW)
{{Code| cd /etc/racoon}}
3 Back-up the original racoon.conf in case things break
4 As root, open racoon.conf with your favorite editor, mine happens to be nano
{{Code| sudo nano racoon.conf}}
5 down arrow to the mode_cfg
{{Code| mode_cfg {
auth_source system;
save_passwd on;
network4 10.8.1.1;
netmask4 255.255.255.0;
pool_size 10;
dns4 192.168.1.10;
wins4 192.168.1.10;
default_domain "Jamahi3.com";
auth_throttle 60;
split_network include 198.162.1.0/24 10.100.100.0/24;
split_dns "home.com";
banner "/etc/racoon/welcome.txt";
}
}}
note: I'm going to concentrate on the two lines that I changed: "split_network" and "split_dns".
6 Change split_network from "include" to "local_lan" and delete the 198.162.... range.
{{Code| mode_cfg {
~~
split_network local_lan 10.100.100.0/24;
}}
7 I also changed split_dns to the name that I changed my home domain to...
{{Code| mode_cfg {
~~
split_dns "Jamahi3.com";
}}
8 Save your work
9 Restart the racoon server
{{Code| sudo service racoon restart
}}
Or - open up your hda, click on settings>servers and restart the IPSEC server.

Googling "What is My IP" should now report your home VPN. You should then be able to use twitter and facebook through your VPN.

= Forwarding all traffic through the VPN =

Solution for IPSec VPN Server in Fedora 19 with Amahi 7 in order to Forward all traffic through the VPN

 
1. At /etc/racoon/racoon.conf
Delete the 2 lines with split in mode_cfg :

split_network include 192.168.1.0/24, 10.8.1.0/24;
 split_dns "home.com";

2. At your Hda run ifconfig to see what is your network interface.
 At /etc/racoon/amahi-up-down
I change the lines 19 and 26 from eth0 to em1 because this is the network interface of my Hda. The changes are
from:
 iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/32 -o eth0 -j MASQUERADE
to
 iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/32 -o em1 -j MASQUERADE

and from:
 iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}/32 -o eth0 -j MASQUERADE
 to
 iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}/32 -o em1 -j MASQUERADE

Finally I go to http://hda->Setup->Settings->Servers and restart the IPsec VPN Server.

IPsec VPN

2013-09-19T08:08:47Z

Thanasis: /* Forwarding all traffic through the VPN */

We now have a new [http://www.amahi.org/apps/ipsec-vpn IPsec VPN] app for your HDA!

This VPN stack has many advantages, although it still requires two ports to be forwarded from your router to your HDA. These are

'''500 UDP''' and '''4500 UDP'''

UDP, not TCP.

Here is how to set up clients for various client operating systems:

* [[IPSec VPN iOS Client | iOS]] (iPad, iPhone, iPod) built-in client
* [[IPSec VPN Windows Client | Windows 7]]
* [[IPSec VPN Mac OS X Client | Mac OS X]] built-in client
* [[IPSec VPN Android Client | Android]] built-in client, (ICS, i.e. 4.x or later)

The Android (2.x/3.x) OS is known to be broken with respect to [http://www.amahi.org/apps/ipsec-vpn IPSec VPN]. See [[IPSEC/L2TP_VPN_Server|here]] for a manual implementation that should work.

= Changing the Secret and/or the Group Name =

Optionally, you can change the secret and/or group name.

For that, you have to be able to edit a system file as root.

Become root via ssh or a terminal and then edit this file:

/etc/racoon/psk.txt

This file has two field separated by at least one space. The first one is the Group name and the second is the Secret. Change them , keeping in mind that.

The changes will be picked up automatically a few seconds later. If you want to make sure, perform a:

service racoon restart

= Route All IPSEC VPN traffic through IPSEC VPN =

After you install IPSEC VPN and configure your router and iPhone correctly, you may find that twitter and facebook are still blocked by some networks.Also google-ing "what is my ip" will report back that you are still on the local network.

The Amahi VPN is set to use a split VPN tunnel by default. If you want to use blocked services while behind somebody's internet filters, you can use these steps to encrypt your traffic and use blocked services like twitter and facebook.

Below are the steps to direct all traffic through the VPN. Please note: this will divert all of your traffic through your hda, but you will not be able to access some of your network resources.

1 Open a terminal on your hda or ssh in.
2 Go to /etc/racoon (that is spelled correctly BTW)
{{Code| cd /etc/racoon}}
3 Back-up the original racoon.conf in case things break
4 As root, open racoon.conf with your favorite editor, mine happens to be nano
{{Code| sudo nano racoon.conf}}
5 down arrow to the mode_cfg
{{Code| mode_cfg {
auth_source system;
save_passwd on;
network4 10.8.1.1;
netmask4 255.255.255.0;
pool_size 10;
dns4 192.168.1.10;
wins4 192.168.1.10;
default_domain "Jamahi3.com";
auth_throttle 60;
split_network include 198.162.1.0/24 10.100.100.0/24;
split_dns "home.com";
banner "/etc/racoon/welcome.txt";
}
}}
note: I'm going to concentrate on the two lines that I changed: "split_network" and "split_dns".
6 Change split_network from "include" to "local_lan" and delete the 198.162.... range.
{{Code| mode_cfg {
~~
split_network local_lan 10.100.100.0/24;
}}
7 I also changed split_dns to the name that I changed my home domain to...
{{Code| mode_cfg {
~~
split_dns "Jamahi3.com";
}}
8 Save your work
9 Restart the racoon server
{{Code| sudo service racoon restart
}}
Or - open up your hda, click on settings>servers and restart the IPSEC server.

Googling "What is My IP" should now report your home VPN. You should then be able to use twitter and facebook through your VPN.

= Forwarding all traffic through the VPN =

Solution for IPSec VPN Server in Fedora 19 with Amahi 7 in order to Forward all traffic through the VPN

 
1. At /etc/racoon/racoon.conf
Delete the 2 lines with split in mode_cfg :

split_network include 192.168.1.0/24, 10.8.1.0/24;
 split_dns "home.com";

2. At your Hda run ifconfig to see what is your network interface.
At /etc/racoon/amahi-up-down
I change the lines 19 and 26 from eth0 to em1 because this is the network interface of my Hda. The changes are
from:
iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/32 -o eth0 -j MASQUERADE
to
iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/32 -o em1 -j MASQUERADE

and from:
iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}/32 -o eth0 -j MASQUERADE
to
iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}/32 -o em1 -j MASQUERADE

Finally I go to http://hda->Setup->Settings->Servers and restart the IPsec VPN Server.

IPsec VPN

2013-09-19T08:02:25Z

Thanasis: /* Forwarding all traffic through the VPN */

We now have a new [http://www.amahi.org/apps/ipsec-vpn IPsec VPN] app for your HDA!

This VPN stack has many advantages, although it still requires two ports to be forwarded from your router to your HDA. These are

'''500 UDP''' and '''4500 UDP'''

UDP, not TCP.

Here is how to set up clients for various client operating systems:

* [[IPSec VPN iOS Client | iOS]] (iPad, iPhone, iPod) built-in client
* [[IPSec VPN Windows Client | Windows 7]]
* [[IPSec VPN Mac OS X Client | Mac OS X]] built-in client
* [[IPSec VPN Android Client | Android]] built-in client, (ICS, i.e. 4.x or later)

The Android (2.x/3.x) OS is known to be broken with respect to [http://www.amahi.org/apps/ipsec-vpn IPSec VPN]. See [[IPSEC/L2TP_VPN_Server|here]] for a manual implementation that should work.

= Changing the Secret and/or the Group Name =

Optionally, you can change the secret and/or group name.

For that, you have to be able to edit a system file as root.

Become root via ssh or a terminal and then edit this file:

/etc/racoon/psk.txt

This file has two field separated by at least one space. The first one is the Group name and the second is the Secret. Change them , keeping in mind that.

The changes will be picked up automatically a few seconds later. If you want to make sure, perform a:

service racoon restart

= Route All IPSEC VPN traffic through IPSEC VPN =

After you install IPSEC VPN and configure your router and iPhone correctly, you may find that twitter and facebook are still blocked by some networks.Also google-ing "what is my ip" will report back that you are still on the local network.

The Amahi VPN is set to use a split VPN tunnel by default. If you want to use blocked services while behind somebody's internet filters, you can use these steps to encrypt your traffic and use blocked services like twitter and facebook.

Below are the steps to direct all traffic through the VPN. Please note: this will divert all of your traffic through your hda, but you will not be able to access some of your network resources.

1 Open a terminal on your hda or ssh in.
2 Go to /etc/racoon (that is spelled correctly BTW)
{{Code| cd /etc/racoon}}
3 Back-up the original racoon.conf in case things break
4 As root, open racoon.conf with your favorite editor, mine happens to be nano
{{Code| sudo nano racoon.conf}}
5 down arrow to the mode_cfg
{{Code| mode_cfg {
auth_source system;
save_passwd on;
network4 10.8.1.1;
netmask4 255.255.255.0;
pool_size 10;
dns4 192.168.1.10;
wins4 192.168.1.10;
default_domain "Jamahi3.com";
auth_throttle 60;
split_network include 198.162.1.0/24 10.100.100.0/24;
split_dns "home.com";
banner "/etc/racoon/welcome.txt";
}
}}
note: I'm going to concentrate on the two lines that I changed: "split_network" and "split_dns".
6 Change split_network from "include" to "local_lan" and delete the 198.162.... range.
{{Code| mode_cfg {
~~
split_network local_lan 10.100.100.0/24;
}}
7 I also changed split_dns to the name that I changed my home domain to...
{{Code| mode_cfg {
~~
split_dns "Jamahi3.com";
}}
8 Save your work
9 Restart the racoon server
{{Code| sudo service racoon restart
}}
Or - open up your hda, click on settings>servers and restart the IPSEC server.

Googling "What is My IP" should now report your home VPN. You should then be able to use twitter and facebook through your VPN.

= Forwarding all traffic through the VPN =

Solution for IPSec VPN Server in Fedora 19 with Amahi 7 in order to Forward all traffic through the VPN

1. At /etc/racoon/racoon.conf
Delete the 2 lines with split in mode_cfg :

split_network include 192.168.1.0/24, 10.8.1.0/24;
split_dns "home.com";

2. At your Hda run ifconfig to see what is your network interface.
At /etc/racoon/amahi-up-down
I change the lines 19 and 26 from eth0 to em1 because this is the network interface of my Hda. The changes are
from:
iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/32 -o eth0 -j MASQUERADE
to
iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/32 -o em1 -j MASQUERADE

and from:
iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}/32 -o eth0 -j MASQUERADE
to
iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}/32 -o em1 -j MASQUERADE

Finally I go to http://hda->Setup->Settings->Servers and restart the IPsec VPN Server.