Navigation

Personal tools

IPsec VPN

From Amahi Wiki

Jump to: navigation, search
Msgbox.update.png Update Needed
The contents of this page have become outdated or irrelevant. Please consider updating it.


We now have a new IPsec VPN app for your HDA!

This VPN stack has many advantages, although it still requires two ports to be forwarded from your router to your HDA. These are

 500 UDP and 4500 UDP

UDP, not TCP.

Here is how to set up clients for various client operating systems:

The Android (2.x/3.x) OS is known to be broken with respect to IPSec VPN. See here for a manual implementation that should work.

Changing the Secret and/or the Group Name

Optionally, you can change the secret and/or group name.

For that, you have to be able to edit a system file as root.

Become root via ssh or a terminal and then edit this file:

         /etc/racoon/psk.txt

This file has two field separated by at least one space. The first one is the Group name and the second is the Secret. Change them , keeping in mind that.

The changes will be picked up automatically a few seconds later. If you want to make sure, perform a:

        service racoon restart

Route All IPSEC VPN traffic through IPSEC VPN

After you install IPSEC VPN and configure your router and iPhone correctly, you may find that Twitter and Facebook are still blocked by some networks. Also searching for "what is my ip" via Google or your favorite search engine will report back that you are still on the local network.

The Amahi VPN is set to use a split VPN tunnel by default. If you want to use blocked services while behind somebody's internet filters, you can use these steps to encrypt your traffic and use blocked services like Twitter and Facebook.

Below are the steps to direct all traffic through the VPN. Please note this will divert all of your traffic through your HDA, but you will not be able to access some of your network resources.

1. Open a terminal on your HDA or use SSH.

2. Go to /etc/racoon.

bash code
cd /etc/racoon​


3. Back up the original racoon.conf in case things break.

bash code
cp racoon.conf racoon.conf.orig​


4. As root user, open racoon.conf with your favorite editor.

bash code
sudo nano racoon.conf​


5. Go to the line with "mode_cfg".

bash code
​ mode_cfg {

        auth_source system;
        save_passwd on;
        network4 10.8.1.1;
        netmask4 255.255.255.0;
        pool_size 10;
        dns4 192.168.1.10;
        wins4 192.168.1.10;
        default_domain "amahi3.com";
        auth_throttle 60;
        split_network include 198.162.1.0/24 10.100.100.0/24;
        split_dns "home.com";
        banner "/etc/racoon/welcome.txt";
}


NOTE: Let's concentrate on the two lines that were changed: "split_network" and "split_dns".

6. Change split_network from "include" to "local_lan" and delete the 198.162.... range.

bash code
​ mode_cfg {

~~
        split_network local_lan 10.100.100.0/24;      


7. Also change "split_dns" to the name that I changed home domain to...

bash code
​ mode_cfg {

~~
        split_dns "amahi3.com";


8. Save your work

9. Restart the racoon server

bash code
sudo service racoon restart      


Or open up your HDA dashboard, click on settings->servers and restart the IPSEC server.

Searching for "what is my ip" via Google or your favorite search engine should now report your home VPN. You should then be able to use Twitter and Facebook through your VPN.

Forwarding all traffic through the VPN

Solution for IPSec VPN Server in Fedora 19 with Amahi 7 in order to Forward all traffic through the VPN


1. At /etc/racoon/racoon.conf delete the 2 lines with split in mode_cfg  :

bash code
​split_network include 192.168.1.0/24, 10.8.1.0/24;

split_dns "home.com";​


2. At your Hda run ifconfig to see what is your network interface.
At /etc/racoon/amahi-up-down change the lines 19 and 26 from eth0 to em1 because this is the network interface of my Hda. The changes are
from:

bash code
​ iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/32 -o eth0 -j MASQUERADE​

to

bash code
​ iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/32 -o em1 -j MASQUERADE​


and from:

bash code
​ iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}/32 -o eth0 -j MASQUERADE​


to

bash code
​ iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}/32 -o em1 -j MASQUERADE​


Finally go to http://hda->Setup->Settings->Servers and restart the IPsec VPN Server.