Changes

From Amahi Wiki
Jump to: navigation, search

IPsec VPN (view source)

Revision as of 10:30, 13 June 2017

1,435 bytes added ,  10:30, 13 June 2017
no edit summary
We now have a new [http://www.amahi.org/apps/ipsec-vpn IPsec VPN] app for your HDA!
We now have a new Amahi [http://www.amahi.org/apps/ipsec-vpn IPsec VPN app] for your HDA!
 
= Introduction =
This VPN stack has many advantages, although it still requires two ports to be forwarded from your router to your HDA. These are
* [[IPSec VPN Mac OS X Client | Mac OS X]] built-in client
* [[IPSec VPN Android Client | Android]] built-in client, (ICS, i.e. 4.x or later)
 
The Android (2.x/3.x) OS is known to be broken with respect to [http://www.amahi.org/apps/ipsec-vpn IPSec VPN]. See [[IPSEC/L2TP_VPN_Server|here]] for a manual implementation that should work.
'''NOTE:''' By default, the VPN will only route traffic destined for your home network via the VPN. General web traffic etc, will *not* be encrypted. To change this behaviour so that all network traffic from your client is routed via your VPN, edit /etc/racoon/racoon.conf and remove the lines beginning "split_network" and "split_dns". The restart racoon.  = Changing the Secret and/or the Group Name =
Optionally, you can change the secret and/or group name.
service racoon restart
= Route All IPSEC VPN traffic through VPN (Amahi 6/Ubuntu) = After you install IPSEC VPN =and configure your router and iPhone correctly, you may find that Twitter and Facebook are still blocked by some networks. Also searching for "what is my ip" via Google or your favorite search engine will report back that you are still on the local network.
After The Amahi VPN is set to use a split VPN tunnel by default. If you install IPSEC VPN and configure your router and iPhone correctlywant to use blocked services while behind somebody's internet filters, you may find that twitter can use these steps to encrypt your traffic and facebook are still use blocked by some networks.Also google-ing "what is my ip" will report back that you are still on the local networkservices like Twitter and Facebook.
It turns out that Below are the Amahi VPN is set steps to use a split direct all traffic through the VPN tunnel by default. If you want to use blocked services while behind somebody's internet filtersPlease note this will divert all of your traffic through your HDA, but you can use these steps will not be able to encrypt access some of your traffic and use blocked services like twitter and facebooknetwork resources.
Below are the steps to direct all traffic through the VPN1. Please note: this will divert all of Open a terminal on your traffic through your hda, but you will not be able to access some of your network resourcesHDA or use SSH.<br />
1 - Open a terminal on your hda or ssh in2.Go to /etc/racoon. cd /etc/racoon
2 - go to /etc3. Back up the original racoon.conf in case things break.<br /> cp racoon.conf racoon (that is spelled correctly BTW).conf.orig
{{Code| cd /etc/racoon}}3 - 4. As root user, open racoon.conf with your favorite editor, mine happens to be nano (this needs to be done as root).{{Code| sudo nano racoon.conf}}4 - down arrow 5. Go to the line with "mode_cfg".{{Code| <pre>mode_cfg {
auth_source system;
save_passwd on;
dns4 192.168.1.10;
wins4 192.168.1.10;
default_domain "Jamahi3amahi3.com";
auth_throttle 60;
split_network include 198.162.1.0/24 10.100.100.0/24;
split_dns "home.com";
banner "/etc/racoon/welcome.txt";
}}}note: I'm going to concentrate on the two lines that I changed: "split_network" and "split_dns".</pre>
5 - change split_network from "include" to "local_lan" and delete the 198.162.... range.
{{Code| <b>NOTE:</b> Let's concentrate on the two lines that were changed: "split_network" and "split_dns". 6. Change split_network from "include" to "local_lan" and delete the 198.162.... range.<pre>mode_cfg {
~~
split_network local_lan 10.100.100.0/24; </pre> }}6 - I also changed 7. Also change "split_dns " to the name that I changed my home domain to...{{Code| <pre>mode_cfg {
~~
split_dns "Jamahi3amahi3.com";</pre>}}7 8. Save your work<br /> 9. Restart the racoon server  sudo service racoon restart   Or open up your HDA dashboard, click on settings- save >servers and restart the IPSEC server. Searching for "what is my ip" via Google or your workfavorite search engine should now report your home VPN. You should then be able to use Twitter and Facebook through your VPN. = Route all traffic through VPN (Fedora) =  Solution for IPSec VPN Server in Fedora 19 with Amahi 7 in order to Forward all traffic through the VPN <br>1. At /etc/racoon/racoon.confdelete the 2 lines with split in mode_cfg :  split_network include 192.168.1.0/24, 10.8.1.0/24; split_dns "home.com"; 
8 - restart the racoon server2. At your Hda run ifconfig to see what is your network interface. {{Code| sudo <br>At /etc/initracoon/amahi-up-down change the lines 19 and 26 from eth0 to em1 because this is the network interface of my Hda.dThe changes are<br>from: iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}/racoon restart 32 -o eth0 -j MASQUERADEto iptables -t nat -A POSTROUTING -s ${INTERNAL_ADDR4}}/32 -o em1 -j MASQUERADE
Or and from: iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}/32 - open up your hda, click on settingso eth0 -j MASQUERADE<br>servers and restart the IPSEC server.to iptables -t nat -D POSTROUTING -s ${INTERNAL_ADDR4}/32 -o em1 -j MASQUERADE
Googling "What is My IP" should now report your home VPN. You should then be able Finally go to use twitter <nowiki>http://hda</nowiki>->Setup->Settings->Servers and facebook through your restart the IPsec VPNServer.
Cpg
Trusted, Bots, Bureaucrats, emailconfirmed, Administrators
3,789

edits

Retrieved from "https://wiki.amahi.org/index.php/Special:MobileDiff/66968...108626"