Installing a PPTP-VPN server on a Raspberry Pi
WARNING, PPTP is not safe, consider using L2TP or OpenVPN as an alternative if possible!
This tutorial may help you setup OpenVPN: https://wiki.debian.org/OpenVPN
Introduction to VPN
A lot of Domoticz users have remote access using a "dyndns" service and port forwarding for every local IP device like a Domoticz server. Using a VPN tunnel gives much more security.
This wiki describes the installation of a VPN server on a Raspberry Pi as a termination point. This can be done on the same Raspberry Pi where Domoticz is running on or any other Raspberry Pi in the private network. There is only one VPN server neccessary in the local network!
A VPN server offers a secure tunnel from a remote client to the local network and there to all devices. Once a VPN channel is established between a client (e.g. a Smartphone) and a server (Raspberry Pi, NAS, PC,…) all local devices are accessible by their local IP-address:port from remote without individual port forwarding for each IP-address in the router.
Limitations and hints:
- An iPhone 4S with iOS7 (editors smartphone) will disable a VPN tunnel after some minutes if switched off/sleep mode.
- Therefore a VPN connection has to be established always before getting access to the local network.
- An open VPN tunnel needs additional power from the iPhone which results in less standby time.
- Therefore it is advised to use the "VPN tunnel security feature" only for those users who needs secure access to the local nework only from time to time.
Installation on a Raspberry Pi
The original instruction can be found here: http://jankarres.de/2013/12/raspberry-pi-pptp-vpn-server-installieren/
The blogger (Jan) approved the usage of the commands used in this wiki guide.
It is written in German but more or less only the way and the commands are interesting. The blogger informs that using PPTP VPN server is not 100% save and proposes to install OpenVPN instead. Because OpenVPN is not supported by an iOS device (iPhone) and PPTP VPN is much more save than “nothing” here is the installation guide. Before starting it is strongly recommended to save an image using Win32DiskImager  should be taken from the Raspberry Pi, especially if it is the same one were Domoticz is running on. In case of something is going wrong this is an easy way to fall back.
At first install the latest updates (optional):
sudo apt-get update && sudo apt-get upgrade
or if your Debian installation is very old use:
sudo apt-get update && sudo apt-get dist-upgrade
This will take some minutes.
sudo apt-get install pptpd sudo nano /etc/pptpd.conf
Remove the “#” and place there the IP-address of the Raspberry Pi. It could be that this is still done.
#localip 192.168.0.1 change to localip 192.168.178.28
(use your PI’s IP address!)
sudo nano /etc/ppp/pptpd-options
Add following at the end of the file (DNS-servers):
ms-dns 22.214.171.124 noipx mtu 1490 mru 1490
Instead of 126.96.36.199 also 188.8.131.52 or 184.108.40.206 should work.
Now configure internet traffic forwarding in your Pi to get access to your local network:
sudo nano /etc/sysctl.conf
Remove the “#”:
#net.ipv4.ip_forward=1 change to net.ipv4.ip_forward=1
Change the firewall entry:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Make it permanent in case of a reboot:
sudo crontab –e
Add following line at the lower end:
@reboot sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Now add a user and password in "chap-secrets". Both have to be the same as later on used in the smartphone client configuration. It is recommended to use a passwor longer than 13 characters:
sudo nano /etc/ppp/chap-secrets
willie * fire45storm *
Now restart the VPN server:
sudo service pptpd restart
Client installation on an iPhone4S (R7)
* Settings -> General-> VPN -> Add VPN Configuration * Select PPTP * Description: Give the VPN channel configuration a name * Server: is the dyndns-address of the router * Account: is the user name used in the VPN server configuration * Password is the password used in the VPN server configuration * RSA-SecureID is OFF * Encryption Level: Auto * Send all Traffic ON * Proxy OFF
Save the configuration
One port-forwarding in the router is still necessary. Enter your router menu and configure port-forwarding for your VPN-server IP address:
Raspberry.Pi.IP.address port 1723 to port 1723
Now disable all other port-forwarding configurations in the router where remote access will be done by using VPN in the future.
Disable WLAN (only for testing) on your smartphone and start the VPN client. (Select the stored VPN configuration and switch VPN to ON) If a VPN-symbol appears the tunnel is established. Now from Safari browser type your local Domoticz IP-adress:port e.g. 192.168.1.25:8080
Also all other IP-devices in your local network should now be accessible using the VPN tunnel and the local IP-address:port
Client installation on an Android phone
(Place here an installation guide for a VPN configuration)