We now have a new [http://www.amahi.org/apps/ipsec-vpn IPsec VPN] app for your HDA.
We now have a new Amahi [http://www.amahi.org/apps/ipsec-vpn IPsec VPN app] for your HDA!
= Introduction =
This VPN stack has many advantages, although it still requires two ports to be forwarded from your router to your HDA. These are
UDP, not TCP.
Below Here is how to set up clients for various client operating systems: * [[IPSec VPN iOS Client | iOS]] (iPad, iPhone, iPod) built-in client* [[IPSec VPN Windows Client | Windows 7]]* [[IPSec VPN Mac OS X Client | Mac OS X]] built-in client* [[IPSec VPN Android Client | Android]] built-in client, (ICS, i.e. 4.x or later) The Android (2.x/3.x) OS is known to be broken with respect to [http://www.amahi.org/apps/ipsec-vpn IPSec VPN]. See [[IPSEC/L2TP_VPN_Server|here]] for a manual implementation that should work. '''NOTE:''' By default, the VPN will only route traffic destined for your home network via the VPN. General web traffic etc, will *not* be encrypted. To change this behaviour so that all network traffic from your client is routed via your VPN, edit /etc/racoon/racoon.conf and remove the lines beginning "split_network" and "split_dns". The restart racoon. = Changing Secret and/or Group Name = Optionally, you can change the secret and/or group name. For that, you have to be able to edit a system file as root. Become root via ssh or a terminal and then edit this file: /etc/racoon/psk.txt This file has two field separated by at least one space. The first one is the Group name and the second is the Secret. Change them , keeping in mind that.
= iOS Setup =The changes will be picked up automatically a few seconds later. If you want to make sure, perform a:
Go to Settings > Network > VPN > IPSec, enter the settings below and click on Save. service racoon restart
* Description: Amahi IPSec = Route All traffic through VPN* Server: YOURNICK.yourhda.com (put your Amahi dyndns address, nickname and host6/Ubuntu)* Account: USERNAME* Password: leave it as "Ask Every Time" or put one if you feel it's safe to leave it there* Use Certificate: leave it as OFF* Group Name: Amahi (with a capital A)* Secret: this is the 4-character you got the when you installed the IPSec VPN app in your HDA* Proxy: leave it as off=
Below After you can see how install IPSEC VPN and configure your router and iPhone correctly, you may find that Twitter and Facebook are still blocked by some networks. Also searching for "what is my ip" via Google or your favorite search engine will report back that you are still on the setup area looks in a few Apple iOS deviceslocal network.
== iPad ==The Amahi VPN is set to use a split VPN tunnel by default. If you want to use blocked services while behind somebody's internet filters, you can use these steps to encrypt your traffic and use blocked services like Twitter and Facebook.
It should look something like this on Below are the steps to direct all traffic through the [http://wwwVPN.apple.com/ipad/ iPad 2] Please note this will divert all of your traffic through your HDA, iOS 4but you will not be able to access some of your network resources.x
[[Image:IPSec VPN iPad 21.png]]Open a terminal on your HDA or use SSH.<br />
== iPhone 3, iPod Touch ==2. Go to /etc/racoon. cd /etc/racoon
It should look something like this on 3. Back up the [http:original racoon.conf in case things break.<br //www> cp racoon.appleconf racoon.com/iphone/iphone-3gs/ iPhone 3], iOS 4conf.xorig
[[Image:IPSec VPN iPhone 34.png]]As root user, open racoon.conf with your favorite editor. sudo nano racoon.conf
= Windows 7 =5. Go to the line with "mode_cfg".<pre>mode_cfg { auth_source system; save_passwd on; network4 10.8.1.1; netmask4 255.255.255.0; pool_size 10; dns4 192.168.1.10; wins4 192.168.1.10; default_domain "amahi3.com"; auth_throttle 60; split_network include 198.162.1.0/24 10.100.100.0/24; split_dns "home.com"; banner "/etc/racoon/welcome.txt";}</pre>
Currently, Amahi only supports one IPSec VPN client for windows, a free client from Shrew Soft. (Report others that also work well please)
* Download and install the [http://www.shrew.net/download/vpn/vpn-client-2.2.0-beta-2.exe Shrew Soft Client]. (Their [http://www.shrew.net/download/vpn Windows VPN Client download page] may have more recent versions.)
* Open the client, called '''VPN Access Manager''' and click on + (Add) to add a configuration
* Enter '''YOURNICK.yourhda.com'''. Replace YOURNICK with your actual HDA nickname, so that your DynDNS works.
[[Image<b>NOTE:IPSec VPN Win7</b> Let's concentrate on the two lines that were changed: "split_network" and "split_dns".png]]
* Go into 6. Change split_network from "include" to "local_lan" and delete the Authentication tab198.162.... range.* Select '''Mutual PSK + XAuth'''<pre>mode_cfg {* Under the Local Identity tab, select Key Identifier, enter Amahi (this is called the Group Name and acts as an extra layer of protection)~~ split_network local_lan 10.100.100.0/24;</pre>
[[Image:IPSec VPN Win7 Client.png]]
* In 7. Also change "split_dns" to the Credentials tab, the Pre Shared Key should be ready name that I changed home domain to take the VPN secret obtained in the VPN web page inside your HDA...<pre>mode_cfg {* The rest of things should work as default~~* Save split_dns "amahi3.com";</pre>
[[Image:IPSec VPN Win7 Client Credentials.png]]
* Finally click on connect or double click on the profile for 8. Save your VPN* Input your username and password for a user in your Amahi HDAwork<br />
[[Image:IPSec VPN Win7 Client Connect9.png]]Restart the racoon server
* If all goes well, you should be connected and you should see this welcome message: sudo service racoon restart
[[Image:IPSec VPN Win7 Client Connected.png]]
* Press OK. To disconnectOr open up your HDA dashboard, close this window or press click on Disconnectsettings->servers and restart the IPSEC server.
* For easy use, these are the recommended settings* Enable it to Searching for "what is my ip" via Google or your favorite search engine should now report your home VPN. You should then be visible in the Tray only, so that it's less obtrusive when it connects* If this is a computer you trust, you may want able to also set the "remember the connection username", for even easier use Twitter and Facebook through your VPN.
[[Image:IPSec = Route all traffic through VPN Win7 Client Preferences.png]](Fedora) =
= Max OS X Setup =
Similar Solution for IPSec VPN Server in Fedora 19 with Amahi 7 in order to iOS.Forward all traffic through the VPN
* Open System Preferences <br> Network* Click on the '''+''' sign to create a new service* For Interface select '''VPN''1. For VPN type select '''Cisco IPSec''' At /etc/racoon/racoon. Give the service a name, like '''Amahi Home''' and click on Createconf* Once added, select it. In delete the Server Address put '''YOURNICK.yourhda.com''' (replace YOURNICK 2 lines with your nickname).* In Account Name, put your username. Leave password empty unless you trust this computer.* Click on Authentication Settings* In Shared Secret, put the Group Setting from your internal IPSec VPN. In Group Name, enter '''Amahi'''. Click OK* You can now click on Connect to connect!* You can also click on "Show VPN status split in menu bar" for quick access to the VPN connection* Click on Apply to save these settingsmode_cfg :
split_network include 192.168.1.0/24, 10.8.1.0/24;
split_dns "home.com";
[[Category:Apps]]
= Advanced Topics =2. At your Hda run ifconfig to see what is your network interface. Note: <br>At /etc/racoon/amahi-up-down change the lines 19 and 26 from eth0 to em1 because this section requires editing files with root privileges and restarting is the racoon daemonnetwork interface of my Hda. The changes are<br>from: iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/32 -o eth0 -j MASQUERADEto iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/32 -o em1 -j MASQUERADE
== Changing the Preand from: iptables -Shared Key ==The pret nat -D POSTROUTING -shared key is stored in the file s ${INTERNAL_ADDR4}/etc/racoon/psk.txt. If you want 32 -o eth0 -j MASQUERADE<br>to customise it for any reason, simply edit the file with your favourite text editor and restart racoon. You will need to manually update all of your clients. Note that the web page at http:iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}//ipsec32 -o em1 -vpn will not be updated.j MASQUERADE
== Routing all network traffic via the VPN ==By default, the VPN will only route traffic destined for your home network via the VPN. General web traffic etc, will *not* be encrypted. To change this behaviour so that all network traffic from your client is routed via your VPN, edit Finally go to <nowiki>http:/etc/racoonhda</racoon.conf nowiki>->Setup->Settings->Servers and remove restart the lines beginning "split_network" and "split_dns". The restart racoonIPsec VPN Server.
