Tuesday, September 18, 2012

VPN + iPhone

Using VPN connection to access Internet through your smartphone is a bit secure than usual, especially on a public wifi. It will encapsulate the data transfers between your smartphone from/to the Internet without other people can intervene the connection on LAN.

Other than getting a secure connectivity, users tend to use VPN to hide their original IP, to access blocked websites, and to bypass mobile data limit quota.

There are many different classifications, implementations, and uses for VPN, but in this write-up, I'll explain a bit on how to implement PPTP with iPhone on a CentOS server.

VPN Installation (CentOS)

Make sure pptp and ppp is not installed/uninstalled
yum remove -y pptpd ppp

Flush all NAT POSTROUTING and FORWARD iptables rules
iptables --flush POSTROUTING --table nat
iptables --flush FORWARD

Delete existing pptpd.conf and ppp directory
rm -rf /etc/pptpd.conf
rm -rf /etc/ppp

Download the required packages to install PPTP
wget http://www.diahosting.com/dload/dkms-2.0.17.5-1.noarch.rpm
wget http://www.diahosting.com/dload/kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
wget http://www.diahosting.com/dload/pptpd-1.3.4-1.rhel5.1.i386.rpm
wget http://www.diahosting.com/dload/ppp-2.4.4-9.0.rhel5.i386.rpm

Install packages and dependencies
yum -y install make libpcap iptables gcc-c++ logrotate tar cpio perl pam tcp_wrappers
rpm -ivh dkms-2.0.17.5-1.noarch.rpm
rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
rpm -qa kernel_ppp_mppe
rpm -Uvh ppp-2.4.4-9.0.rhel5.i386.rpm
rpm -ivh pptpd-1.3.4-1.rhel5.1.i386.rpm

Enable IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

Configure pptpd.conf for local and remote ip
echo "localip 10.0.0.1" >> /etc/pptpd.conf
echo "remoteip 10.0.0.2-254" >> /etc/pptpd.conf

Configure options.pptpd for DNS server
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
echo "ms-dns 8.8.4.4" >> /etc/ppp/options.pptpd

Adding user for VPN connection
echo "myvpnusername pptpd myvpnpassword *" >> /etc/ppp/chap-secrets

Allow IP Masquerading in iptables
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to-source `ifconfig  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 {print $1}'`
iptables -A FORWARD -p tcp --syn -s 10.0.0.0/24 -j TCPMSS --set-mss 1356
service iptables save
service iptables restart

Turn on pptpd service on start-up
chkconfig pptpd on

Reboot the server. When the server is back online, you can create VPN connection based on username and password you inserted on /etc/ppp/chap-secrets

Connecting to VPN server via iPhone

Tap Settings icon and tap on VPN tab. If there is no VPN tab, scroll down a bit and tap on General tab and then Network tab.


On VPN screen, tap on "Add VPN Configuration"


On "Add Configuration" screen, tap on PPTP, and insert your vpn settings.
Description: Your VPN description
Server: Your VPN IP or hostname
Account: Your VPN username
Password: Your VPN password
Send All Traffic: On


When done entering the VPN details, tap on "Save". Then tap on "On" to connect to your VPN server.


Once your VPN connection has established, you can see a small VPN icon on top of your screen.


Credit: Rockia

No comments:

Post a Comment