Scott Hanselman

Configuring PPTP VPN with alternate Linksys Router Firmware

February 12, '06 Comments [2] Posted in Gaming
Sponsored By

A couple of folks emailed me about how to get VPN to work using the DD-WRT firmware and my Linksys Router and why I said "zero install." Since I work in a corporate environment, as does my wife, we're used to having to install Cisco VPN or other 3rd party VPN clients. I called the solution I'm using for home "zero install" because I was able to use the Windows XP built in stuff with this firmware.

Step 1 - Get a Dynamic DNS Hostname

Dynamic Network Services will give (or sell) you a DNS name like myhouse.dyndns.org that is easier to remember than your DSL or Cable Modem's possibly-changing IP address. Additionally, firmware like DD-WRT will let you enter your DynDNS name and password and will automatically update the service with your current IP address.

Go to your router's Web interface, usually at http://192.168.1.1 and find the DDNS section. Enter your DynDNS username and password, as well as the host address you chose. That will be the address you'll need to remember to VPN into your house.

You can skip this step if you have a static IP address and you're able to remember it. I'm not that smart.

HANSELMAN - Dynamic DNS - Mozilla Firefox

Step 2 - Configure VPN on the Router

Find the PPTP section in the administration section of your router's Web interface. "Enable" the PPTP Server and enter in your router's IP address. This is almost always the same IP address that was displayed in the DDNS section in the previous step. Enter a Client IP range that is outside the range you chose for regular DHCP. I picked 192.168.0.210-220 for VPN'ed clients and 192.168.1.100 for "regular" clients that connect via Wireless or Wired.

Under CHAP Secrets, enter a username and password in the format "username * password * " and make sure to pick a VERY strong password.

HANSELMAN - Services - Mozilla Firefox (2)

Step 3 - Configure the (Windows) Client

This step will happen OUTSIDE your home, perhaps at your local coffee shop or anywhere you can take your laptop and attempt VPN back into your home.

In Windows XP, go to Network Connections and run the New Connection Wizard. Select "Connect to the Network at my workplace" and click next. Select "Virtual Private Network connection" and click next. Enter in any name for this connection and click next. Now, enter the hostname you select in Step 1, like myhouse.dyndns.org and click Finish.

Go back to Network Connections and find the connectoid you just created. Right-click and select Properties. Select the Security Tab and ensure that "Require Data Encryption" is selected as well as "Require Secure Password" is picked in the drop down. If you like, you can go into Advanced and select Microsoft CHAP and MS-CHAPv2, but you'll get the same result.

Now you should be able to connect to your home over any Internet connection you come upon, assuming that connection allows outgoing PPTP connections. I've never had a problem at hotels or cafes.

Now playing: OXM Magazine - Episode 3: Official Xbox Magazine Video Podcast

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb
Sunday, 12 February 2006 19:09:28 UTC
One thing you may want to do, is change your local network to be something other than 192.168.1.1. What happens is that this is the default IP ranged used by almost every NATted network - and you end up trying to VPN to your home on a network with the same IP Range - and it just won't work, due to ambiguity (when you try to connect to 192.168.1.20 are you trying to go through your VPN to a machine at home, or are you trying to connect to someone else on the network of the hotel you are staying at?).

See the problem?

So what I have done is made my local network at home sit on 192.168.42.X.
Sunday, 12 February 2006 19:21:57 UTC
Mileage using the Linksys DynDNS Daemon varies a little. It had a couple of ugly bugs, including one that kept knocking off the host wildcard flag. I switched to DirectUpdate after a lot of messing w/ it.

http://stephbu.homedns.org/blog/PermaLink,guid,f6ee0869-c51e-4dfe-b895-ffac5388c671.aspx

http://stephbu.homedns.org/blog/PermaLink,guid,83e2b910-42f6-441f-88a0-233d57b2a181.aspx

The quality of the firmware may well have improved by now however...
Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.