Scott Hanselman

Configuring PPTP VPN with alternate Linksys Router Firmware

February 12, 2006 Comment on this post [2] Posted in Gaming
Sponsored By

A couple of folks emailed me about how to get VPN to work using the DD-WRT firmware and my Linksys Router and why I said "zero install." Since I work in a corporate environment, as does my wife, we're used to having to install Cisco VPN or other 3rd party VPN clients. I called the solution I'm using for home "zero install" because I was able to use the Windows XP built in stuff with this firmware.

Step 1 - Get a Dynamic DNS Hostname

Dynamic Network Services will give (or sell) you a DNS name like that is easier to remember than your DSL or Cable Modem's possibly-changing IP address. Additionally, firmware like DD-WRT will let you enter your DynDNS name and password and will automatically update the service with your current IP address.

Go to your router's Web interface, usually at and find the DDNS section. Enter your DynDNS username and password, as well as the host address you chose. That will be the address you'll need to remember to VPN into your house.

You can skip this step if you have a static IP address and you're able to remember it. I'm not that smart.

HANSELMAN - Dynamic DNS - Mozilla Firefox

Step 2 - Configure VPN on the Router

Find the PPTP section in the administration section of your router's Web interface. "Enable" the PPTP Server and enter in your router's IP address. This is almost always the same IP address that was displayed in the DDNS section in the previous step. Enter a Client IP range that is outside the range you chose for regular DHCP. I picked for VPN'ed clients and for "regular" clients that connect via Wireless or Wired.

Under CHAP Secrets, enter a username and password in the format "username * password * " and make sure to pick a VERY strong password.

HANSELMAN - Services - Mozilla Firefox (2)

Step 3 - Configure the (Windows) Client

This step will happen OUTSIDE your home, perhaps at your local coffee shop or anywhere you can take your laptop and attempt VPN back into your home.

In Windows XP, go to Network Connections and run the New Connection Wizard. Select "Connect to the Network at my workplace" and click next. Select "Virtual Private Network connection" and click next. Enter in any name for this connection and click next. Now, enter the hostname you select in Step 1, like and click Finish.

Go back to Network Connections and find the connectoid you just created. Right-click and select Properties. Select the Security Tab and ensure that "Require Data Encryption" is selected as well as "Require Secure Password" is picked in the drop down. If you like, you can go into Advanced and select Microsoft CHAP and MS-CHAPv2, but you'll get the same result.

Now you should be able to connect to your home over any Internet connection you come upon, assuming that connection allows outgoing PPTP connections. I've never had a problem at hotels or cafes.

Now playing: OXM Magazine - Episode 3: Official Xbox Magazine Video Podcast

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Hosting By
Hosted in an Azure App Service
February 12, 2006 23:09
One thing you may want to do, is change your local network to be something other than What happens is that this is the default IP ranged used by almost every NATted network - and you end up trying to VPN to your home on a network with the same IP Range - and it just won't work, due to ambiguity (when you try to connect to are you trying to go through your VPN to a machine at home, or are you trying to connect to someone else on the network of the hotel you are staying at?).

See the problem?

So what I have done is made my local network at home sit on 192.168.42.X.
February 12, 2006 23:21
Mileage using the Linksys DynDNS Daemon varies a little. It had a couple of ugly bugs, including one that kept knocking off the host wildcard flag. I switched to DirectUpdate after a lot of messing w/ it.,guid,f6ee0869-c51e-4dfe-b895-ffac5388c671.aspx,guid,83e2b910-42f6-441f-88a0-233d57b2a181.aspx

The quality of the firmware may well have improved by now however...

Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.