How to Setup & Secure your Personal VPN Server

[racer]

VPN server stands for Virtual Private Network. VPN allows you to arrange and setup a low cost IT infrastructure where admins can manage their users and database from remote location. It is simply like controlling your office from remote location or doesn't matter if you are travelling. All its needs is proper configuration to setup an active connection and system equipped with internet. It is much easier to manage and expand your business under a VPN environment. On the same hand taking care about the security is also a serious concern. But anyhow today there are two options you can go for. First setup your own VPN networks using operating system platform or just hire a ready to use service with prescribed budget. VPN setup removes the options of setting up physical setup for each and every location and connect them with each o there. This needs lots of manpower and resources. With dedicated tools you can simply setup a VPN environment inside your office network and assign admins to manage it. This VPN network offers you to run applications, update database, provide user based services, etc. Today mostly people prefer to go with ready to user services by paying prescribed fee on the base of features chosen. Under readymade services you can search for VPS plans. This are called as Virtual Private Server which allows you to manage and control more than one network at a time. The list of customization under a VPS offers you to choose an operating system, storage space and number of server you need.

Going for traditional Virtual Private Network if you are a big entity or planning to go for the same then you must go for Virtual Private Server. A server is a kind of high end system placed on internet. You can setup multiple sites on it and also manage a large database. Some of them offer you better backup plan. Depends on your need and requirement you can customize the server as and when needed. This time I am going to target more on controlling and creating a Personal VPN Setup. For example you have ample of data on your single system or you manage a small 10-15 pc office. Under this going for a VPS is not recommended as you might never going to benefit from the features. You can simply setup a virtual private network on Windows platform. There are option available for other platform also. I will list software plus manual method to configure and access the network. A person vpn setup is a private network where the admin determines whether who can and who cannot join the same. It is recommended protecting the network with appropriate security to avoid threats and attacks. A short example of VPN network is remote desktop sharing. This not a network but the method which is involved is similar. You enter an ip address or a computer name and access the system. VPN is broader and secure. A VPN can be used to share data, host intranet sites, control and manage devices, etc. VPN is just the central part where all this stuff are controlled and managed. You can with the help of your internet connection connect with any other location. It is a kind of person WAN network via Internet.

VPN is one of the inexpensive solutions for users to create their personal setup. There are certain modes which are used under a VPN connection. Those modes define either to use a dial up VPN network or remote sharing. It depends usually on the type of usage. Anyhow it is also important to protect the VPN traffic by properly tunneling it under a secure pass. VPN tunneling stands for a process of accepting the incoming connection under a secure passage which cannot be accessed by anyone. This is one of the best things to keep your connectivity secure. Let’s begin with a short process of setting up a VPN-based Remote Access. You can just run this test method and ensure how it works. It is necessary to learn a bit on the connectivity setup. You can either use Windows Server edition operating system or Windows XP. There are some updates which are needed to be run before performing this process. I will not go in much detail about the entire network diagram. Rather I will jump to easy steps for the same. This process is used by many companies to allow their users to connect to the corporate network outside their workplace. One can easily imagine many possible applications like LAN access (corporate) remotely and securely to mobile workers. Secure file sharing and LAN gaming with remote machines.

[racer]

Steps to Setup a Personal VPN:

• VPN PPTP-server for secure client connections can be configured only on server versions of Windows 2003/2008 on the same computer with the Traffic Inspector. It is configured as a remote access server (RAS-server) in the service of the RRAS (Routing and Remote Access).
• To create a VPN server. Open a service routing and remote access > Select your server. After that, select Configure and Enable Routing and Remote Access.
• For a master server setup routing and remote access. Click Next. In the next menu, select the item Special configuration. Next.
• In the next window, select the Access to a virtual private network (VPN) > Network Address Translation (NAT) > Routing network and click Next. Click Finish.
• In the resulting window, click on Start the service > Routing and Remote Access.
• Go to the properties of the server. Set the settings on the General tab. Turn to the tab and choose a static IPv4 address pool. Then click Add button and assign a pool of addresses. (In this case, the selected subnet 192.168.200.1-192.168.200.10, consisting of 10 addresses. Moreover, the server receives the address of 192.168.200.1).
• Now to the tab Logging > Enable logging of errors and warnings.
• For configuring the ports the settings are bit different. For that Go to the properties of the Ports. To ensure stable server operation is recommended to remove unneeded ports and a number of ports Remove the SSTP, PPOE, L2TP and IKEv2. Affirmatively respond to a warning to reduce the number of ports.
• Now to configuring NAT Go to Network Address Translation (NAT) and add the new interface. Choose connection to the Internet. Mark it as a common interface connected to the Internet and put a check Enable NAT on this interface. Then select the internal interface and mark it as Private interface connected to private network.
• For setting up client run the Server Manager > Local Users and Groups > Users > add a new user. Specify the username and password. Now go user properties > incoming calls and provide a setting in accordance with the following picture (you can also assign a user a static IP).

VPN LifeGuard:

You have to see that whether you are in public network or not. In that case you will need to secure your VPN server more. There is a small tool called as VPN Lifeguard. This tool allows you to disconnect the active connection after a certain time period. This utility allows for windows to automatically reconnect the VPN when disconnected, while blocking Internet traffic to its choice of applications P2P, Firefox, etc. These applications are locked closed whenever there is the VPN connection occurring, and then they are recharged once the VPN connection is restored. Very useful to surf or go behind a P2P VPN without being exposed when disconnecting the VPN.

Downloading Files from VPN :

When you download many files through a VPN connection passes through the platform of accessing your VPN provider and your IP address is not visible on the network. In general, especially if the files are large, you do not necessarily spend your time in front of your screen to watch the progress of the "blue bar" (or green, red, . It sometimes happens that after a micro-interruption on the network of your ISP, or following a deterioration in the quality of transmission, your VPN connection is interrupted. Depending on the type of VPN you use, this may have some consequences that may not be immediately visible. To more easily understand what is happening in this case, do first a little background. When your VPN connection is established, the VPN software on your computer changes the "default gateway" on your connection. Without going into technical details, this means that the access platform of your VPN provider will become the default destination for all your traffic instead of your "box" internet.

If your VPN connection is interrupted, the default gateway becomes again what it was before, ie your "box". This does not usually continue downloading with the difference that you are no longer protected by your VPN and IP address becomes visible. PPTP is an older protocol and does not support automatic reconnection. Interruption your IP address becomes visible. A message appears on your screen to notify you but if you are not watching him.

Tips to Protect your VPN Server

It is also necessary to be alert about the VPN security. You cannot just connect to the network anywhere. Many a time we use services like openVPN which offers us a free option to surf safely anywhere we go. But to some extent when are working on our own personal VPN then security is more concerned. There are many tactics carried on by people to access the network and target your personal information. Sometime even your vpn got hacked due to leak of information by the user on the network. Below are some easy to use tips for the security of VPN network:

1. Use a strong authentication process: In order to provide access to your users you must not depend on the existing network security structure. You can try configuring each and every permission as per user group. The stronger the authentication process it the more secure your network becomes. Rightnow EAP-TLS is considered as the most secure one which is used with smart cards. In order to access the network the process needs PKI (Public Key Infrastructure).
2. Use a strong encryption and password policy on VPN: Encryption is the way by which the passwords or sensitive credentials are located on server. In order to get a good encryption support on your VPN you can use Layer Two Tunneling Protocol. This is recommended to use over the regular IPSec protocol. This is a far more secure way. Do not let your users to use regular or common text passwords Enable strong password policy on the server.
3. Limiting the number of users : Do not allot access to everyone. Provide access only if needed. The more limited access given to the server will keep it more secure.
4. Accessing to specific location only: Instead of giving full access to every file on the network you can plan to give access only to those where it is needed. Like giving rights specifically to the download part to give user accessing the files only instead of playing with everyone in the network.
5. Configuring email without VPN: You can setup email service which does not requires user to access VPN. In that way you can keep the users who are going to use mail separate. It can be done by Exchange proxy server.
6. Securing with better third party antivirus solution: Do not stay behind to use a good antivirus, firewall, anti spammer, etc tools for your vpn network. You must go for the best.