Paul's blog

Setting up a VPN server on Debian for iPhone and Mac clients

Just set up a VPN server on Debian for my Mac and iPhone to use when they are using public WiFi. Surprisingly straight forward really!

First thing to do is to install the PPTP server:

sudo aptitude install pptpd

Next setup an account:

echo "<username> pptpd <password> *" >> /etc/ppp/chap-secrets

Enable IP forwarding and masquerading so that you are able to access the internet rather than just the local network of the VPN server:

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -
j ACCEPT
/sbin/iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT

Next, you need to let PPTPD know what DNS servers to tell clients to use:

vim /etc/ppp/pptpd-options

Change the settings for ms-dns and ms-wins to your desired DNS servers:

ms-dns 208.67.222.222
ms-dns 208.67.220.220
ms-wins 208.67.222.222
ms-wins 208.67.222.220

Obviously replace the IP addresses here with your own ones!

Finally reset the PPTP server:

service pptpd restart

When setting up the VPN configuration on the Mac, make sure to select "Send all traffic over VPN connection" in the Advanced settings.

If you can't establish a VPN connection, you may need to open the PPTP port in iptables:

iptables -I INPUT -p tcp --dport 1723 -j ACCEPT

When setting up the VPN configuration on the iPhone, make sure to set the "Encryption Level" setting to "Auto" and to set the "Send All Traffic" setting to "ON".

To save your itables settings permanently:

service iptables save active

If you get an error about an unrecognized service, follow the instructions here regarding saving your iptables settings instead.

To enable IP forwarding permanently, set the following setting in /etc/sysctl.conf:

net.ipv4.ip_forward = 1

Safe browsing!

References:

Tags:

Why work doesn't happen at work

Jason Fried has a radical theory of working: that the office isn't a good place to do it. At TEDxMidwest, he lays out the main problems (call them the M&Ms) and offers three suggestions to make work work.

Tags:

Code generation for hardware accelerated AES

Research from my undergraduate final year project has led to a published paper that was presented at the 2010 21st IEEE International Conference on Application-specific Systems Architectures and Processors (ASAP).

Paper: http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5540955

Raymond Manley has been doing further research in the same area under Dr David Gregg's supervision. :)

Tags:

Pages

Subscribe to RSS - Paul's blog