How do I create an encrypted VPN to tunnel my iPhone traffic through my home internet connection?
August 2012 Update: PPTP VPNs are no longer secure. The encryption has been cracked and PPTP VPNs should no longer be used!
You need:
- DD-WRT 24sp1 installed in your home router
- iPod Touch, iPhone, or other computer or device. This guide happens to show an iPod Touch.
- Ideally have DynDNS (free) already setup in your DD-WRT, or alternatively have a domain name pointing to your home ip address.
1. In DD-WRT go to Services > PPTP
Create the following settings:
PPTP Server: Enable
Server IP: 192.168.1.1
Client IP(s): 192.168.1.140-150
CHAP-Secrets:
username * password *
Server IP is your router’s private ip address. This will be the same as the private ip address you are using in your web browser to access DD-WRT, for instance.
Client IP(s): You must pick a range of available DHCP private IP addresses that are available as specified in DD-WRT > Setup.
CHAP-Secrets: Your desired VPN login in this format:
username[SPACE]*[SPACE]password[SPACE]*
Click Apply Settings, then Save.
2. Next go to Security > VPN
Enable PPTP Passthrough
Click Apply, then Save.
3. Finally go to Administration > Commands
Enter the following command into the ‘Commands’ box and click Run Commands, and then Save Startup.
sed -i -e 's/mppe .*/mppe required,stateless/' /tmp/pptpd/options.pptpd
4. Finally, reboot your router under
Administration > Management > Reboot Router
Ok your router should be all set!
Now for this example I’m connecting with an iPod Touch. You could also use these settings for other computers or devices to connect to your VPN.
In the iPod or iPhone, go to Settings > General
Network >
VPN >
Add VPN Configuration >
Click PPTP
Description: put your home domain
Server: put home domain, or ip address
Account: put your CHAP-Secrets VPN username
Password: put your CHAP-Secrets VPN password
Encryption Level: Auto
Send All Traffic: ON
Click to Save at the top.
You can now toggle a switch to turn your VPN ‘ON’ under your iPod settings. When connected you get a small VPN indicator at the top.
DONE!
I have used this method to configure my VPN on both my iPhone 4 and iPad 2 with success, sort of.
The connection works flawlessly with the exception that my iPad consistently cannot connect if it is the first client connecting to the VPN. As soon as I make a connection from my iPhone or a PC to the VPN, then my iPad will connect successfully every time. I can then disconnect the first client and the iPad will continue to function on the VPN as expected. Reconnecting however, would again require that another client be connected first.
The iPhone and iPad connections are configured identically, both using Encryption Level: Auto.
This is very consistent and reproducable. I can attempt dozens of times to connect to the VPN as the first client from my iPad and it will consistently show “Connecting”, then “Starting”, then “Disconnecting”. As soon as I make the same connection from my iPhone or PC, the next attempt from my iPad works perfectly.
I am using DD-WRT v24-sp1 and have configured the PPTP server as per this article including required encryption:
http://www.dd-wrt.com/wiki/index.php/PPTP_Server_Configuration
cat /tmp/pptpd/options.pptpd shows the following:
lock
name *
proxyarp
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 10
lcp-echo-interval 5
deflate 0
auth
-chap
-mschap
+mschap-v2
mppe required,stateless
mppc
ms-ignore-domain
chap-secrets /tmp/pptpd/chap-secrets
ip-up-script /tmp/pptpd/ip-up
ip-down-script /tmp/pptpd/ip-down
ms-dns 192.168.1.1
mtu 1450
mru 1450
Any ideas would be appreciated.
David
Twitter: scottlinux
Hm that all seems ok to me. I have since gone to dd-wrt v24-sp2 on my router. It seems to have better VPN support. You can just select a button to enable encryption instead of doing some sort of sed command.
See this image:
> http://scottlinux.com/wp-content/uploads/2011/04/ddwrt.png
The only downside is that there is no ipv6 support in this build of dd-wrt, if that concerns you. Otherwise. I’d suggest trying v24-sp2,
This is a iphone 4.3 bug
http://www.dd-wrt.com/wiki/index.php/PPTP_Server_Configuration#iOS.2FiPhone
OK, I have been trying to get this working for 3 days now… some websites say I have to put in my routers private IP address into the server IP in the router, others say it has to be my WAN IP address…
If I use my wan IP address then all works fine while I am connected to the local wi-fi but not from an external network…. Actually same as using the lan IP address in the server IP box… can connect fine when using my local wi-fi but not from an external source…
Any idea why?
Twitter: scottlinux
Are you coming from the outside with a same private ip range as your home network? This can be problematic for a VPN.
Dont think so… I am using my 3g connection on my iphone to connect to the VPN and it simply wont connect…
Now the confusing part is that some websites say to set the PPTP server in dd-wrt as the private IP address as you have done, others say to use the WAN (public) ip address. I ahve tried it all ways and nothing works.
currently the PPTP server is set to 192.168.1.1 Client IP’s are set to 192.168.1.50-60 (my DHCP starts at 192.168.1.100)
I also have a 2nd vpn connection setup on the iphone to try and that is using the DDNS settings and the iphone comes up with the error “the PPTPN-VPN server did not respond”
if I connect to my lan via wi-fi then it all works so obviously the authentication etc is fine, its getting the external connection thats killing me…
Twitter: scottlinux
Ok hrmm. Yeah the server ip setting should technically work with either the private ip or public WAN address.
Have you tried to connect from a coffee shop wifi with your phone on that wifi?
(In case there is anything being filtered by your 3G connection?)
will try that from starbucks tomorrow…..
Hi, How can I verify if PPTPN-VPN is working well(on DDWRT 24 sp2)? I have “the PPTPN-VPN server did not respond” error via 3G connection(I use no-ip DDNS). Have a nice day