Using VPN To Access All Local Services Without The Need To Open Up Unnecessary Inbound Ports

Before knowing much about VPN, I usually opened up many inbound ports for my computer firewall and the firewall that resided within the router so remote services such as APF (Apple Time Machine) would function correctly.  Obviously, these remote services (e.g., APF, FTP, CIFS, etc…) are also accessible within local area network, therefore one does not need to have to be outside a local area network to use these remote services.  For an example, one can just sit next to the APF server (i.e., APF which hosts on a network attached storage) and locally backup one’s Mac to the Time Machine service.  When using such services locally, one has to use local IP addresses, because one  is within a local area network (e.g., home network, office network, etc…).

The idea is to open up less ports to protect everything within a local area network better.  So, when one travels abroad, one cannot use local IP addresses to access one’s remote services (e.g., APF, FTP, CIFS, etc…), and one has to open up ports for these remote services so remote access would be possible.  Since one has to open up inbound ports for remote connections, one’s local area network might become more vulnerable.  The more open ports there are, the more exploits that hackers can use to test or attack against the services that rely on the open ports.

Luckily, we have VPN.  VPN stands for Virtual Private Network.  Big companies love to deploy VPN for their employees.  If you have ever met one of those employees from one of those big companies, you might see this person logins into a VPN network through a laptop when this person is away from the company.  Since big companies are using VPN, VPN must be for the elites only right?  Wrong!  Just about anyone can use VPN to protect oneself, and it doesn’t take a rocket scientist to do so.  If you watch other videos of mine within my YouTube channel, you will see how easy it’s to set up VPN server/service on Windows 8.  Anyhow, the whole idea is to open up less ports for a network so everything within a network can be somewhat more secure.

Using VPN, one can access local area network as if one never leaves local area network all along.  For an example, one can sit at a Starbucks and yet connect to remote services(e.g., APF, CIFS, FTP, SSH, etc…) with local IP addresses.  How is this possible?  Like I said, using VPN, one never leaves local area network!  This is why VPN is definitely a better option than just opening up whatever inbound ports there are for different remote services.  With VPN, all one has to do is to open up one port which VPN relies on.  Through the connection of VPN, one then can just access all services within a local area network as if one has never leave a local area network all along.  In case you don’t know, VPN encrypts data automatically.  This is just another reason why I think VPN is definitely a better solution for remote access.

Let Run VPN Server On Windows 8 To Allow You Securely Transmit Data At Any Public Place Which Relies On A Public Internet Connection

Using VPN (Virtual Private Network), one can securely transmit data back and forth in a public place which relies on a public Internet connection.  Wait, what is a public Internet connection?  It’s just an Internet connection in which just about anyone who has a computer can tap into and use.  A good example would be at a Starbucks.  Transmitting data in a public location is a very dangerous thing to do (i.e., only if you’re connecting to the public Internet connection), because you never know someone might do something nefarious nearby.  He or she might sniff the network traffics, and this means anything you transmit through a public Internet connection can be intercepted by such a person.  With VPN, it will be a lot harder for such an evildoer to actually get hold of your data in a public place.

Why using VPN can safeguard your data better when you’re connecting to a public Internet connection?  VPN will create a safe connection between your computer and a VPN server, and whatever gets transmitted through a VPN connection will be encrypted.  Nonetheless, VPN isn’t an end to end encrypted connection.  What this means is that when your data leaves VPN server so it can go to a server which hosts the web service on the Internet, the data will become unencrypted.  How come?  The Internet isn’t opening up an encrypted channel with your VPN server!  To put this in another way, it’s only the computer which you use to connect to a VPN server can actually open up an encrypted channel with the VPN server.  This is why you need a VPN client.  Nowadays, you don’t have to install VPN client much, because most operating systems (i.e., Linux, Mac OS X, Windows) come with a VPN client by default.  You might have to install a VPN client if you’re connecting to a non-standard, third party VPN server/service.

You can imagine the VPN encrypted channel as in a VPN tunnel or just a tunnel where cars travel through.  When a car got out of a tunnel, the daylight will hit the car in every direction.  Got the gist?

VPN is definitely a good thing to have when you are using the Internet in a public location.  Even though VPN isn’t an end to end encrypted connection, it’s still going to prevent the hackers in a public location from hacking you.  Of course, he or she can try, but it won’t be easy!  Let say, the hacker cannot magically insert himself or herself between the VPN server and the web service (which locates somewhere on the Internet and you want to connect to).  If the hacker wants to hack you in a public spot when you’re using VPN, he or she must hack your VPN connection first, and then everything else would be secondary.

To be even more secure, you can totally transmit all data within HTTPS protocol (a secure/encrypted hypertext transfer protocol), and this way the hacker is going to work even harder.  This means, a hacker must first hack your VPN connection, and then your HTTPS connection afterward.  VPN connection itself is already a difficult thing to tamper with.

Right after the break, you can check out a video I made on how to allow Windows 8 to host a VPN server/service.  Running a VPN server/service on Windows 8 allows you to go just about anywhere and connect back home for a VPN connection.  Of course, if your home network isn’t secure and already being infected with hackers’ exploits, then your VPN connection might as well be rendered insecure.  So, make sure your home network is actually well guarded.  A well guarded home network will definitely ensure your home devices such as a Windows 8 computer — which runs VPN server — won’t be tampered with.  I think a well guarded network equates to deploying all security elements within a network, and this means something as a strong firewall, strong antivirus software, strong network security policies, and the list would go on.

VPN Can Add Extra Layer Of Defense To HTTPS

Yesterday, I’d written about OpenVPN and how awesome OpenVPN’s Shield Exchange could protect you while surfing public Internet connection (i.e., hotspots), but some of you may want to ask is it necessary to use VPN type of connection even though the websites you’re visiting have already applied HTTPS protocol?  The answer is VPN type of connection will provide another layer of defense for your sessions.  HTTPS will secure your web sessions by providing its unique encryption algorithm, but HTTPS is crackable by some hackers.  When you add an extra layer of defense through the use of VPN connection, suddenly your Internet session will be way more secure; as if you’re encrypting your sessions twice, and VPN has its own unique encryption algorithm which differs from HTTPS.

Also, the big difference between HTTPS and VPN is that HTTPS requires website owners to buy SSL certificates, but VPN is initiating by users.  Perhaps, you might not want somebody to sniff the data that you try to download from your home’s network while you’re sitting at Starbucks, and so VPN is a perfect type of secure network connection.  As long you get a VPN connection going, you can basically forget about it and surf anywhere on the web and transferring any data across the network to wherever, knowing that your sessions will be secure and encrypted anyway.  So, I’ve to say I prefer VPN sort of connection when I’ve to use a public Internet connection.  Plus, VPN is additional layer to HTTPS connection/protocol.

Making Windows 7 As VPN Server And Mac As VPN Client. Surfing On Public Network Safer As VPN Encrypts Your Data!

Having a Windows 7 computer at home or office and you want to allow it to become a VPN server, but how?  Don’t worry, in this very post I’ll address that very question of yours!  First though, for whoever doesn’t know what is VPN server, I’ll quickly give a brief introduction to it.

VPN is virtual private network.  When you allow a computer to act as a VPN server, you basically allow computers outside your network to connect to VPN host and utilize the private network’s capabilities (e.g., accessing Internet, share files, etc…).  To make this a little clearer, you can sit in a coffee shop and access your office’s VPN to browse the Internet using your office’s Internet connection!

By now, you probably have a little question wiggles its way into your brain, wondering why you even need to access your office’s Internet connection even though you already connect to the coffee shop’s Internet connection.  You see, it’s somewhat safer for you to connect to your office’s Internet connection than from the public’s Internet connection such as one belong to a coffee shop.  With a private Internet connection such as your office’s Internet connection, you don’t have to worry about unknown users sniff your Internet traffic (e.g., prying on your Internet activities, stealing your plain text password).  In addition, the VPN connection will automatically encrypt all of your data from and to both ends of VPN (i.e., from the public to the private networks).

If you still don’t know why VPN is better for you while you surf the Internet from a coffee shop or a public Hotspot, then you just need to keep one thing in your mind that VPN helps secure your data by encrypting your data in strong encryption algorithm where hackers will find it very difficult to hijack your sessions.  So, now you know what VPN is capable of, but how to set it up?  Well, read on and I’ll promise you will be able to set up a VPN connection.

You don’t really need to download any special software, because Microsoft’s Windows 7 Home Premium or better allows you to create a VPN type of connection.  In this post, I’ll make Windows 7 computer as a host of VPN connection, and a Mac as a client of VPN connection.  Whenever I mention a VPN host, I mean Windows 7, and whenever I mention a VPN client, I mean a Mac.  Let us begin!

  1. On Windows 7, go to Control Panel >> Network and Internet >> Network and Sharing Center >> Change adapter settings >> hit Alt key on your keyboard >> File >> New Incoming Connection.
  2. A new screen will pop up and show couple available users that you can allow to connect to your new VPN connection.  Make sure you check the boxes of the users you want to allow to have access to VPN connection, and then click the Next button.
  3. A new screen pops up with an empty box next to the description which says Through the Internet.  Just check the box so you will be able to connect to your VPN connection later over the Internet from a public network such as a coffee shop.  Click the Next button.
  4. At this point, you will see a screen with couple features with boxes that had been checked.  Highlight the feature with description as Internet Protocol Version 4 (TCP/IP4).  Click on Properties button.  Make sure the box says Allow callers to access my local area network is checked.  Pick the radio button that says Specify IP addresses — this to fix the problem where Windows 7 fails to assign a proper internal IP addresses which leads to no Internet access for VPN clients.  Enter a starting static local IP address inside the box with the label From (i.e., 192.168.1.10).  Enter an ending static local IP address inside the box with the label To (i.e., 192.168.1.15).  You notice that the IP address in the To box determines how many static IP addresses can be assigned to more VPN clients (i.e., included the host and additional VPN clients).  In the configuration above, it shows that we can have 5 static local IP addresses to be used with our VPN clients and one IP address is used by VPN host.  VPN Host will assign one of these IP addresses to a VPN client of yours so you can connect to the Internet through your private network.  Oh, your internal IP addresses might be different, because it’s depending on how your router assigns the local/internal IP addresses.  Some routers may use local IP addresses starting not with 192.168.x.x but with something else.  It’s up to you to figure that out.  Now you can finish this process by clicking the OK button.
  5. A new incoming connection is now created, and the last screen shows you your computer name.  Remember the computer name so you might have to use it inside your VPN client later.
  6. Open up a command prompt by click on Start button, type cmd inside search box, and then hit Enter key on your keyboard.
  7. Inside the command prompt, enter the command ipconfig /all.
  8. If your Windows 7 computer is currently connecting to the Internet/router through ethernet connection, looks for the IP address that maps to an ethernet connection.  If it’s a wireless connection, look for the IP address that maps to your wireless connection.  Write it down so you can use it later.
  9. Open up your router’s configuration panel (i.e., access it through the browser).  Usually you can get to your router’s configuration panel using a browser.  The address of your router’s configuration panel may not be the same as mine, and so you have to look that up with your router’s manual or router’s official website.  An example of Linksys router’s configuration panel can be accessed at 192.168.1.1.  In the router’s configuration panel, you need to do a port forwarding for port 1723/TCP (PPTP).
  10. It’s time for you to configure your Mac so you can connect it to your VPN.  Go to Settings >> Network >> click on the lock and type in your administrator password so you can add a connection >> click on the plus sign >> choose VPN for Interface and PPTP for VPN Type and type in any name for the new VPN connection in Service Name >> click Create button.
  11. Leave Configuration as default.  Type in the IP address of your Windows 7 machine (i.e., I told you to write down the IP address in step 8).  Type in account name (i.e., username of the user you allow to have VPN access to your Windows 7 machine) in Account Name.  Try to choose Maximum (128 bit only) Encryption for stronger security.  Check the box that says Show VPN status in menu bar.  Click on Advance button, in Option tab, check the boxes of Disconnect when switching user accounts and Disconnect when users log out and Send all traffic over VPN connection.  Go to DNS tab and click the plus sign under DNS Servers box — enter Google’s Public DNS servers (e.g., 8.8.8.8, 8.8.4.4).  Click OK button to exit and save everything!
  12. Don’t you see a little icon on your menu bar?  It looks like a rounded corner mini bar with many smaller vertical bars within.  Anyway, click on it and choose to connect to your VPN connection.  A password prompter will ask you for your password, just enter a password of a Windows 7 machine’s user that you had allowed to use VPN in step 2.  At this point, you either connect or don’t.  If you can’t connect to your VPN connection on Windows 7 machine, then you have to retrace back to previous steps to see what you had done wrong.
  13. How do you know that by now you’re actually tunneling into your VPN and using your VPN’s Internet connection to surf the Internet and not your current Internet connection?  Well, just open up a terminal on your Mac, type in ifconfig, and scroll all the way down where you see something that looks like this:
  14. You can also open up a browser such as Chrome and try to see if you’ll be able to browse the Internet or not.  Also, you can always use one of those IP check service on the web.  How?  Go to Google, and type in what’s my IP.  Click on the first link you see!  If the IP address is of your VPN (e.g., of your office or home), then you know you’re browsing the Internet using your VPN connection!

I think I’d pretty much cover all the steps, but I’m not 100% sure.  After all, I’m writing this post very late in the night!  Nonetheless, I wish you all good luck in creating a VPN connection by following this guide of mine!