Create a VPN Using a DD-WRT Flashed Router

From We Got Served Wiki

Jump to: navigation, search


Usually a Windows Home Server (WHS) is used to backup computers on your local network. But sometimes there is a need to back up a remote computer. This tutorial shows you how to create a Virtual Private Network (VPN) connection to your home network for the purpose of off-site backups using a router with DD-WRT software. I have “borrowed” some of this tutorial from DD-WRT. When I say borrowed I mean that I have followed their directions to set up my VPN for the first time. I will not copy their tutorial word for word but do not be surprised if some parts sound similar. I am also assuming users are using Windows Vista™, but the steps are similar in XP.

What you will need

  • A router flashed with DD-WRT software
  • A client computer running Windows Vista or
  • If using XP, you will need Windows Server 2003 Resource Kit Tools.

What to Do


Step 1: Configuring the router to accept VPN connections.

If you have a router flashed with DD-WRT (which you should) then you can configure the router to accept incoming VPN connections. If not, you will have to configure your server to accept VPN connections. Navigate to your routers homepage as shown in Screen 1-1 below. Now navigate to the “Services” tab followed by the “PPTP” tab. You should be at a display similar to Screen 1-2 below. On this tab you will see the option to Enable/Disable the Point-to-Point Tunneling Protocol (PPTP) server. Click the radio button next to “enable” to enable the PPTP service. The next entry “Server IP” contains the IP address of your router. Enter your IP address in this field in the form of xxx.xxx.xxx.xxx. ex: 192.168.1.1. The next entry is the allowed IP range for the clients that connect to your network. If you have only one computer you can specifically assign it an IP address on your network by typing in a single IP address such as 192.168.1.42 into this field. If you have multiple computers that you want to grant access to then you can specify an IP range. As an example, if you want to allow 3 remote computers with an IP range of 192.168.1.42 thru 192.168.1.45 to connect to the network you would enter 192.168.1.42-45 into this field.

The CHAP-Secrets field allows you to enter usernames and passwords for the remote users. You can assign as many usernames and passwords as you wish so long as you only put one per line. To assign a user a username and password type the username first. The password will have a special format shown in the example below. Suppose we want to grant your mother access to your carefully constructed network, and her name is “Mom”. Suppose her favorite password is “Dad”. To properly allow her to connect to your network you would enter:

Mom * Dad *

It is very important to leave a space on either side of the password between the two asterisks’.

The rest of the setting should be fine by default. Click “Apply Settings” to save your changes. Shown below in Screen 1-3 is an example page with the server settings properly configured. Just in case you have changed something in the past and forgotten, you need to allow the PPTP VPN to pass through. Navigate to the “Security” tab and then to the “VPN” sub tab, Screen 1-4, and make sure the radio button for “PPTP” is set to “Enable” as shown below. After you have made these changes hit “Apply Settings” and reboot the router (not RESET!).

Screen 1-1

Screen 1-2

Screen 1-3

Screen 1-4


Step 2: Create a new VPN connection on the remote computer.

Start by navigating to the “network and sharing center” (Screen 2-1) and click on “set up a connection or network.” A new window will appear (Screen 2-2) and you should select “Connect to a workplace” and hit Next. You will be asked how you want to connect (Screen 2-3). Select “Use my Internet Connection and hit next. Another screen will appear prompting you for the internet address and the name of the connection (Screen 2-4). Enter your windows home server custom domain name into the Internet address. It could be in the form xxxx.homeserver.com or mycustomedomain.com which ever is applicable. Mine is quantum.homeserver.com so that is what I use. I have chosen the name "Backup Server" but you can pick whatever you wish. Hit next to continue the setup. The next screen will ask you for a username and password (Screen 2-5). Remember the username and password entered in CHAP-Secret? That is what you enter here. Continuing with the example, I have entered Mom as the username and Dad as the password. Click “Connect” to connect to your network for the first time. If all goes well you should see a screen like Screen 2-6.

Now you should have all the tools you need to perform a initial backup of the remote computer. Install the remote connector software and connect to your network via VPN. It may take the remote computer a few minutes to see the server depending on the speeds of the two networks. To connect to the new VPN click Start, and “Connect To” on the right of the menu bar. This will bring up a screen similar to Screen 2-7 with all your present connections. You should see the new connection you just created. Double click on it to connect. You will be asked to enter your credentials again as in Screen 2-8. You can select to save the username and password for your user or all users of the computer, select this option and hit “Connect” to connect to the VPN. After you are connected you can use the console to perform a manual backup of the computer. This will take some time, even up to several days if the computer has a lot of data or a slow connection from their ISP. It may be a good idea to move the computer to your LAN and perform the initial backup if possible.

Screen 2-1

Screen 2-2

Screen 2-3

Screen 2-4

Screen 2-5

Screen 2-6

Screen 2-7

Screen 2-8

Step 3: Automate the Process.

To automate the process we will need to create a batch file that “dials” the VPN connection, waits a desired amount of time, and then disconnects. We will then make this an automated task by creating a scheduled task with a newly created batch file. To do this in Vista we will use the “Rasdial” command and the “Timeout” command.

Open notepad and type the following: (Do NOT cut and paste!)

Rasdial “Backup Server” “Mom” “Dad”
timeout /T 21600 /nobreak
Rasdial /disconnect

You will need to replace “Backup Server” with the name of your VPN connection, “Mom” with the username you created in CHAP-Secret and “Dad” with the password that goes with the username. The number 21600 represents the number of seconds in 6 hours. If you need more or less time, change it to the desired length. Save this as “VPN.bat” or something similar and move it to a location where it will not get deleted or moved, say the C: drive.

If you are still using XP you will need the sleep utility which is in the Windows Server 2003 Resource Kit Tools. Download this toolkit and install to the default locations. Then you will have to type the following into notepad and save it as VPN.bat and move it to a safe location.

Rasdial “Backup Server” “Mom” “Dad”
Sleep 21600
Rasdial /disconnect

Now that we have created the batch file we need to make it a scheduled task. Go to Start > All Programs > Accessories > System Tools > Task Scheduler. Click on “Create Task”, Screen 3-1. A new window will open (Screen 3-2) where you need to set some options, mainly, specify the task (the batch file we just created), set the trigger (the time it runs) and set a condition (only to start if an internet connection is already present). In the new task window give the task a name, I chose WHS Backup for obvious reasons but you can choose whatever you wish. I also entered a description that states the obvious. I also selected “Run with the highest privileges" so that there would be no permissions issue. Click on the “trigger” tab which will open a screen similar to Screen 3-3 and click the radio button beside daily if you want to back up each day. I start my backups at 12:00 AM so I am starting my task at 11:30 PM to make sure the computer has enough time to find the server before a backup begins. Make sure “Enabled” is checked and click OK. Click OK to save the trigger and click on the “Actions” tab which will open Screen 3-4. Click on new to create a new action, Screen 3-5. This is where we use the batch file we just created. Select “Start a program” in the pull down menu beside “Action”. Enter the location of the batch file in the “Program/script” location (shown below) and hit OK.

Just to make sure of one more thing, we need this batch file only to run if we are connected to the internet! Click on the “Conditions” tab which will open Screen 3-6 and select the option that says “Start only if a connection is available” and select any connection. Hit OK until you are back at the task scheduler and try out your new task. Right click on it and select “Run” and you should see a command prompt arise and connect you to your network (Screen 3-7).

Screen 3-1

Screen 3-2

Screen 3-3

Screen 3-4

Screen 3-5

Screen 3-6

Screen 3-7

Done

Congratulations! If you have made it to this point and everything has went well, sit back and relax. If not try to follow the steps again and make sure you didn’t miss anything. This seems like a lot longer of a process when written out but it should only take a half hour at the most.

Additional Info

Depending on bandwidth, the initial backup of the remote computer over a VPN can take a very long time, possibly several days. It may be advisable to physically transport the remote computer to the WHS to do the initial backup via a direct connection to the server. Subsequent backups can be done over the VPN since they are incremental and will take a much shorter time.

Credits

This page was originally written by Kyle B and edited by Etoa for We Got Served.

Retrieved from "http://wiki.wegotserved.com/index.php?title=Create_a_VPN_Using_a_DD-WRT_Flashed_Router"
Windows Media Center