So you’ve got a well secured LAN but want to work on “local things” while out on the road. What do you do? Get a home VPN! This is surprisingly easy to get configured, especially given that your average Windows machine will have all the software you need to connect to a VPN by default.

Getting Started

So, first things first, to get started you need:

• Linux box that is always on
• A static IP or domain name that tracks your dynamic IP

We’re going to assuming you’re running Debian Linux at home and thus these instructions will also cover Deibian-like distributions such as Ubuntu. Please note that all commands and actions are to be carried out as root

Install and configure PPTPD

Firstly, install the PPTP VPN server

apt-get install pptpd

Once installed, we need to modify the configuration files

nano /etc/pptpd.conf

Then ensure that the following is present in the file. Some entries may be present already, some may be missing, or some may be present but not the same as below. Be sure to change the file carefully.

# Options path
option /etc/ppp/pptpd-options
# Relay
bcrelay eth0
# IP addresses
localip 10.0.0.3
remoteip 10.0.0.254


This configuration makes use of the following assumptions

• Your router has IP 10.0.0.2 and that your LAN uses IPs in the range 10.0.0.xxx
• Your always on home Linux server has IP 10.0.0.3
• That IP address 10.0.0.254 has not being allocated out to a machine on your LAN

This configuration, withstanding these assumptions, will provide the connecting VPN user with an IP of 10.0.0.254, thus giving them a LAN-like presence on your network.

Configure PPP

Now edit the following config file

nano /etc/ppp/pptpd-options

Then ensure that the following is present in the file. Some entries may be present already, some may be missing, or some may be present but not the same as below. Be sure to change the file carefully.

# Authentication name
name pptpd
# Encryption
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
mppe-stateful
# DNS servers
ms-dns 208.67.222.222
ms-dns 208.67.220.220
# Routing
nodefaultroute
# Compression
nobsdcomp
nodeflate
# MTU and MRU settings
mtu 1500
mru 1500


Ensure correct MTU

If you plan on connecting to your VPN from Windows XP, or you think you might ever want to do this, you’ll want to tweak the MTU that is doled out to VPN clients.

When a PPP link is setup, pppd allows the client to request it’s own MTU. This is all well and good except where the MTU your client chooses is completely unsuitable and causes some websites, particularly those using SSL, to not load at all.

With this in mind, we force a fixed MTU, irrespective of client choice. This will ensure all normal client connections will have full connectivity.

nano /etc/ppp/ip-up

Then ensure the follwing lines are added, after export PATH, near the top of the file

ifconfig $1 mtu 1500
ifconfig $1 mru 1500

Configure Login Details

In order to login to your VPN remotely, you’ll want to configure a permitted user. Do this by editing the following file

nano /etc/ppp/chap-secrets

Into this file, place a user who can gain access, obviously don’t use “password” as the password!

# Secrets for authentication using CHAP
# client server secret IP addresses
user pptpd password *


Permit Forwarding

Packet forwarding must be enabled in order to pass VPN traffic between the connected client, the VPN server and the outside world. We enable this by modifying the following file

nano /etc/sysctl.conf

Into this file, ensure the following variable is set

net/ipv4/ip_forward=1

Restart PPTPD

We need to pick up our settings so we restart the PPTPD service

/etc/init.d/pptpd restart

Restart the Server

Due to the fact we modified sysctl.conf we need to restart the whole server too. Issue the following command as root.

restart

Firewall Settings

That’s about it for server configuration but if you want to connect to your VPN server from outside the LAN you’ll need to make sure that the appropriate ports are open to the outside world.

Incoming, TCP, 1723, forward to 10.0.0.3
Incoming, GRE, Protocol 47, forward to 10.0.0.3


Consult your router manual for specifics on how to do this or ask in our forums stating your router model.

Testing

You can test your server by attempting a connection from a Windows machine. Set up a VPN connection from the network wizard, use the IP address of your server, 10.0.0.3, and the username and password you set in chap-secrets. You should be able to access the internet as normal once connected and also machines on your LAN.

In Use

In reality you won’t want to connect using 10.0.0.3 as this is an internal IP accessible only on your LAN. You’ll want to port forward to this IP from your WAN IP as per the firewall rules mentioned above and use your WAN side IP in the networking wizard to connect.

If you don’t have a static WAN IP then you can use a service like DynDNS to provide a fixed domain name that always points to your dynamic IP.

Happy VPN’ing!

We’re sure these settings will work for you but if you encounter any issues, please head over to the networking area of our forum and ask one of the experts.

So this is my first proper article on the new RouterTech blog and I want to post about my ADSL provider, Xilo Communications. From the outset let me clarify that I’m not being paid to write this but am doing so because I use the service myself and am more than a bit impressed with it. As you will see in the coming paragraphs the features on offer are numerous and are in amazing positive contrast to other ISPs currently available to home internet users.

Range of Accounts

The range of accounts on offer should provide something for every kind of user but for best value check out the Pro accounts. While sounding grand these are just simple LLU accounts that offer un-metered bandwidth, a rock solid reliable connection and a low monthly cost, which to be honest is all you really need with an ADSL connection. Contention rates are lower on Pro Office than you’ll find on most competing ISPs (25:1) but Pro Home (50:1) will most likely be more than adequate, even for heavy users.

Lead time and Migration

You should expect a lead time of 7 working days. I migrated from my old ISP and provided my MAC when I signed up. When my migration day came around (I was informed what it would be at point of ordering and again by e-mail) my old connection ceased working and my Xilo connection started. This happened in a very short space of time with minimal downtime.

Obviously I can’t speak for everyone’s situation but I would be more than a bit surprised if your experience of getting connected wasn’t smooth and trouble free.

Connection

I’m not going to go off on one about how great my connection is, the simple reason is that for everyone this is going to be different and very much dependent on their line quality and distance from the exchange.

My advice here is to check your exchange distance and expected speed on Sam Knows and then be assured that you will get at least this speed with Xilo. My actual speed is higher than indicated and the drop-outs I get are infrequent, brief and cause little to no impact on my network.

Features

So you’ve chosen your package, signed up and been sent your login details by e-mail and have a nice stable connection running. This is where Xilo broadband really starts to come into it’s own – the tools they provide to manage your connection. Below is a screen shot from the broadband control panel. Rather than offer company news and other info upon login (this is available elsewhere if you want it) the panel keeps it simple and to the point – all the broadband tools in one place with no hunting around required.

The first thing you notice about this panel is you’ve got features you wouldn’t get with other ISPs; fault logs, IP settings, notification settings. I’ll get to these later but I point them out as they’re sure to delight any discerning techie who likes to keep an eye on things.

Usage Statistics

Even with unmetered access it can be useful to know how much bandwidth you are using and when, especially if your router doesn’t support stats or if you use more than one machine and want to keep all your stats in the one place. Below are a few screen shots of the various statistics screens. All the graphics are animated (although obviously not on this page) and are updated daily.

If you run home servers this graph allows you to see when remote access peaks during any given 24 hour period and also when the quiet periods are – great for planning essential upgrades and other maintenance.

Current usage is probably of a lot more use to those who have chosen a metered package but it is still nice to see a pie chart breakdown of your upload and download use. I find it useful to indicate if I might have a problem with my home servers; I would for instance expect to have a considerable upload footprint due to remote users requesting files but I can see from this graph that while I was away on holiday my file server may well have fallen over as download use far exceeds upload.

The historic usage graph is without a doubt my favourite as it will let me track over time how my usage habits are changing and act accordingly. For example, if my download usage is going up by only 10Gb per month then I can probably afford to delay the expansion of my hard drive array for a while. If however I notice usage starting to increase by 50Gb or so then I might want to continue with my hardware upgrade plans after all.

Tracking Line Drops

Now onto some of the really juicy bits, after all, plenty of other ISPs provide at least a few stats. Few however will acknowledge to you how often your connection drops and those trying to track it themselves are often faced with lost logs after router restarts and log wrap-arounds on routers with a low memory capacity. With Xilo your monthly session history is logged and you can use this to determine trends in when your connection drops to diagnose interference at home or, if you have a really good connection you can prove to yourself how long it really can stay connected! In addition to simply tracking when drops occur the logs will also provide the reason so you can decide if the issue is line based or if your router may be about to croak.

Before someone points to my stats and exclaims that I seem to have a few drop outs listed, this is my take on ADSL disconnections. In an ideal world we wouldn’t have drop outs but copper wires are fallible and subject to all manner of interference. This means we simply cannot expect to have connections that stay up indefinitely.

My stats in the screen shot reflect a common situation with ADSL. The connection stays up for a good chunk of time, 10 days say, then some interference causes a drop. The connection will be re-established but because the interference is still there the rate at which it re-connects may be too high. This rate is re-negotiated on the next connect and this process continues until the rate at which you are connected is low enough to stop the interference dropping the connection and so another period of good stability resumes.

The better your line the fewer drop outs you will invariably have but you will always have some. Also note that you should not change ISP simply to escape drop outs. Your line isn’t going to change and as such the reason for the drops isn’t going to be banished just because the provider at the other end of the copper has changed.

If you do have issues with you line, drop logs like the ones Xilo provide should serve to both highlight the problem to you and also help you or an engineer to pinpoint the cause.

Proper IP Blocks

Static IPs are an unknown area for many home users and if this is you then you can ignore this option when signing up with Xilo and just have a single IP, but if you have many devices at home and know what you are doing with networking you may very well want a block of IPs for your use.

If you do go for the block, Xilo help you to manage them. You can see a list in the broadband control panel (screen shot above) and see clearly the reserved addresses that you should not assign to equipment. The IP page also provides the option to assign reverse DNS to each IP address although be aware that you must first ensure the host name has an A record for the IP. These features combined with a good home router and a little networking knowledge can help you build up a proper LAN with fully addressable host names for each device on your network and a gateway address through which all your traffic will pass.

Many ISPs, naming no names, make a really rather bad job of this as well as charging an eye watering sum for the privilege so if you are wanting to setup a home network in this way think very carefully before deciding against Xilo!

If the worst should happen

So the unthinkable has happened, you wake up one morning and find your broadband is down. Usually this means a call to your ISP, a patronising conversation with 1st level support and then a ticket raised behind the scenes on your behalf with no way to track it’s progress except when you get tired of waiting and call again or your connection comes back. You are of course rarely told what the actual problem was.

Sound familiar? Well that’s why the Xilo fault log is so useful. Firstly you won’t be patronised by support. Secondly the ticket raised on your behalf is placed in a system with API access which allows it to be presented to you in the broadband control panel – see the screen shot below.

From here you can see as the fault is passed between Xilo and other parties, the names of people dealing with the issue, the time taken for Xilo to receive a response from other parties and most importantly, what the actual problem was and what the resolution was when everything gets sorted.

Obviously you hope you’ll never have an issue and you probably won’t but knowing this kind of transparency is on offer if you do is a great comfort.

Conclusions

If you want a reliable ADSL connection at a reasonable price and with a great customer facing feature set then Xilo Communications is certainly well worth a look. While no ISP will be perfect I’ve used enough of them to know a cut above the rest when I see it.