Setting up a VPN connection and Windows VPN server. Installing your VPN on VPS hosting from scratch

In addition to a powerful computer and an impressive list of additional programs for convenient surfing and safe work on the Internet, you need a reliable server - a tool that provides communication with people, services, companies and information sites. Among the different types, the best choice would be a VPN server, if only because it is included as an option in the Windows operating system. Read on, and you can launch and configure it on Windows 7 yourself and at no cost.

Connecting and setting up a VPN server

Don't be alarmed. It is not difficult to create and prepare a VPN server for correct operation, but a prerequisite is that you have administrator rights.

What is a VPN server

Literally, VPN (Virtual Private Network) translates as “virtual private network.” Technically, this is a set of protocols and solution architecture that provides secure communication in the digital environment. Essentially, a VPN is a secure add-on on top of the usual virtual network.

Installing and configuring a VPN server will not require much of your time, since it is already built into the Windows operating system. According to experts, the most successful private server configuration is contained on this platform.

This is what a simplified connection diagram via a VPN server looks like:

The server's job is to create tunnels connecting the user to the endpoints he wants to get to. Moreover, the information is encrypted using a complex algorithm, which is almost impossible to decode. No one from the outside can enter the tunnel. The server blocks such attempts, leaving personal information well protected - correspondence, calls, messages, video and audio files.

What is it for?

The essence of the answer is in the tasks that the server performs. It not only combines many devices in the virtual space, such as computer terminals, laptops, tablets and even mobile devices. Its technology provides anonymity, data encryption and protection of confidential information from interception by attackers.

Some will object: we have no need for anonymity and data protection, because there is nothing to hide. Let me not believe you. Encrypted traffic is not only used by attackers; most are not averse to protecting data so as not to “share” access passwords to their bank cards or to avoid becoming an object of blackmail due to leakage of personal information. As they say: it is stupid to leave the door of the house open if the world does not consist of only good and kind people. Anonymity also adds a nice detail - the ability to visit resources that were previously inaccessible for various reasons.

One of the most common reasons for using a VPN is the reluctance to be tied to a workplace

It’s also a good idea to mention the benefits of using a VPN:

• scalability - no additional costs are required when connecting another participant;
• flexibility - it doesn't matter where you access from;
• A valuable opportunity to work anywhere.

A VPN server is also extremely necessary when creating corporate networks, when for the safe operation of a company or enterprise it is necessary to limit access to information circulating among employees by unauthorized persons. Using VPN technical solutions, it is not difficult to organize the confidentiality of clients located outside the company.

How to create and configure on a computer with Windows 7: step-by-step instructions

The sequence of actions that need to be performed to launch and configure a VPN server on the Windows 7 platform is as follows.

1. Open the Start menu and go to the Control Panel tab.

   Go from the Start menu to Control Panel

2. In Computer Settings, select Network and Internet.

   Open the “Network and Internet” section

3. In the window that opens, click “Network and Sharing Center.”

   Select "Network and Sharing Center"

4. Then click “Set up a new connection or network.”

   Select “Set up a new connection or network”

5. Select “Connect to Workplace” in the new window.

   Click on the “Connect to Workplace” button

6. Then click on “Use my Internet connection (VPN)”.

   Select "Use my Internet connection (VPN)"

7. When prompted to establish an Internet connection immediately or defer this action, select “Delay setting up an Internet connection.”

   Select “Delay Internet connection setup”

8. Next, write the server address, destination name and come up with a name for the connection.

   Enter the VPN server address and write the name of the connection in the “Destination name” field

9. In the next window, enter the username and password that are registered on the VPN server. In the "Remember this password" field, check the "tick" so that you do not need to enter it every time you connect. Be sure to save.

   Enter the username and password registered on the VPN server. Check the box "Remember this password"

10. The connection has been created. Click the "Close" button. For convenience, create a shortcut to the program on the “Desktop”.

    Close a window

11. Go back to the "Start" menu, then to "Control Panel", "Network and Internet", "Manage Networks and Sharing", where select "Change adapter settings".

    Go to “Change adapter settings”

12. Find the VPN connection in this window and right-click on it, then go to its “Properties”.

    In the VPN connection window, right-click on it and go to its “Properties”

13. Next, select “Security”, where in the “VPN Type” field select “Point-to-Point Tunnel Protocol (PPTP)”, and in the “Data Encryption” field click on “Optional”.

    Open “Security” and in the “VPN Type” field select “Point-to-Point Tunnel Protocol (PPTP)”, in the “Data Encryption” field select “optional”

14. In the same window, only on the “Network” tab, uncheck the boxes next to “Client for Microsoft Networks” and “File and Printer Sharing Service for Microsoft Networks”.

    On the “Network” tab, uncheck the boxes next to the items: “Client for Microsoft Networks” and “File and Printer Sharing Service for Microsoft Networks”

15. Then, without closing the window, go to the “Options” tab and uncheck the box next to “Include Windows login domain”, then click “OK”.

    On the “Options” tab, uncheck the box next to “Include Windows login domain”, then click “OK”

Before starting, the VPN will ask for a location. The best choice is “Public Place”, then the greatest privacy in the digital space will be ensured. If desired, in the “Connection” menu, configure the settings for encryption and use of other devices.

If you still have questions about installing and configuring a VPN server in Window 7, watch the video.

Video: how to set up and configure a VPN connection in Windows 7

Setting up for multiple clients

The process of connecting new private network participants is as follows.

1. Go to “Control Panel” => “Network Connections” => “Create a new connection”.
2. Start working with the “New Connection Wizard” => “Direct connection to another computer” => “Accept incoming connections”.
3. The “Wizard” will prompt you to specify those devices with which you plan to receive incoming connections, but they are not suitable, so click on “Next”. When the “Wizard” asks a question about VPN, stop at the “Allow virtual private networks” item.
4. Entering authorization parameters. The “Wizard” prompts you to select those users who are allowed to log into the virtual private network. Select and click the “Add” button. When prompted by the Wizard, enter the new username and password.
5. Configure TCP/IP protocols. Select the appropriate item in the list of protocols and click on the “Properties” button. To allow the client to access the local network, activate the “Allow callers access to the local network” option. Next, designate the range of IP addresses that connected participants can use.

Troubleshooting installation and operation problems

Launching a VPN is often accompanied by errors. The machine reports them in three digits. Thus, errors with a digital value of 6** report the working status of the network, but you need to check the entered information. This refers to the communication protocol type, password and name. Code 7** provides information about the presence of errors in the connection settings. Code 8** hides problems with network settings or those related to a simple lack of Internet connection.

Let's look at common mistakes and how to fix them.

Error 807

This error indicates that the network connection has been interrupted. A common reason is problems with traffic transmission due to poor Internet quality or server overload.

This is how the system reports error 807

There are many options to solve the problem. Try re-creating the VPN connection. Did not help? This means remove the KV958869 system or, better yet, restore it to its previous state. Didn't work out again? Then change the connection type from automatic to “PPTP”. Please note that error 807 also occurs when blocked by a firewall/firewall, so try disabling them.

Error 868

We are talking about the incorrect operation of VPN ports. Often the termination occurs due to an incorrect DNS server name. Therefore, first of all, look at the TCP/IP protocol. The DNS address is either entered incorrectly or not entered at all.

This is what error message 868 looks like

Determine the status of the local network connection. In the “Network Connections” tab, follow these steps: “Start” => “Control Panel” => “Network and Internet” => “Network Center” => “Change adapter settings”. The detected defect will dictate further actions.

So, if there is no local network connection, connect via VPN. No result? Check if the cable is working. When you disable it, you will see blue screens with a red cross on the corresponding icon. Try using the right key to first disconnect and then reconnect the connection. Nothing happened again? Then do the same “disconnect/connect” operation with the cable (manually).

Is the error still there? Check your connection. Open it with the right button and see how many packets have been sent - there should be at least 5-7. If the shipment received less or is completely empty, then find out how the equipment works. Go to “Administration” in this way: “Start” => “Control Panel” => “System and Security” => “Administration” => “Services”. Find the DHCP client in the list of services. Restart it with the right button. Then restart your PC.

A non-working state can also be caused by blocking port 53. Your excessive caution simply played a cruel joke - you yourself programmed the security system in such a way that it does not allow absolutely everything. In this regard, it is recommended to check whether port 53 is blocked. Even if “Port is open” is written, this does not mean that the connection is working. Here we only mean readiness to connect. Just create an allow rule for port 53 in TCP and UDP protocol. No result? Then you will have to resort to a last resort, that is, reinstall Windows.

Be sure to watch the video with detailed instructions on opening the port. It also shows ways to correct port connection errors.

Video: opening a port on a local network

Errors 734 and 741

Error 734 occurs when the "PPP Link Control Protocol" is interrupted, and error 741 is due to the machine not recognizing this kind of encryption.

Error 734 can be resolved using a simple algorithm

Simple steps will help correct the situation. Double-left-click the VPN and open Properties, then Security, and uncheck “Require data encryption.” Confirm your intentions.

This is only a small part of the problems that arise when launching a VPN, but almost all of them can be solved quite simply and without much time.

What is OpenVPN

The most popular solution for organizing a private network is OpenVPN. The main advantage is economy, since the traffic is compressed. Among the shortcomings of the program is the complexity of the settings, which we will now deal with.

OpenVPN is a special program for setting up a VPN connection. Naturally, you first need to install it on your computer. It is better to take the download file from the official website of the program:

The installation process is quite simple, except that you will need to temporarily disable the antivirus. When the program is loaded, the virtual network adapter TAP-Win32 Adapter V9 and the driver for it are introduced into the system. OpenVPN's task is to set the IP address and mask of the local add-on.

First of all, you need to copy the configuration file that the provider should provide you. Save the data in the C:\Program Files\OpenVPN\config folder. Once in it, click on the “Insert” item.

OpenVPN should only be run with administrator rights, otherwise the program may not work correctly. Be sure to change the compatibility properties in the OS. On OpenVPN, open Properties, find Compatibility, and check Run this program as an administrator. Next, confirm your actions by clicking on “OK”. A connection log window should appear.

If you followed all the steps correctly, then setting up a VPN via the OpenVPN protocol for Windows 7 was successful. Still having difficulties? Watch screenshots of step-by-step instructions for setting up Open VPN and a short video.

Setting up the program step by step (photo)

Copy the configuration file to the C:Program FilesOpenVPNconfig folder

Confirm your access request

Run Open VNP as an administrator: go to “Start” and right-click on the OpenVPN shortcut, select “Properties”

Open the program menu in the tray (right corner) and select “Connect”

A window will open with the contents of the connection log

Video: Installing OpenVPN GUI

Setting up IPSec VPN

The IPSec standard is specifically designed to enhance the security of the IP protocol. Allows you to confirm authenticity (authentication), and also checks the integrity and encryption of IP packets. IPsec contains protocols for secure key exchange:

• RFC 2401 IPSec
• RFC 2402AH
• RFC 2406 ESP,
• RFC 2409 IKE.

How you can set up a VPN using IPsec is outlined in the step-by-step guide below.

1. In the Control Panel, click View: Small Icons, then go to Control Center.
2. Next, find “Set up a new connection” on the “Change network settings” tab.
3. Complete the action by clicking on “Connect to Workplace”. Go to it via the “Connection or network setup” tab.
4. What you do next depends on whether a VPN was previously installed on your machine. If yes, then in the pop-up window click “No, create a new connection and continue with your actions.” If not, select “Use my Internet connection.”
5. Don't forget to add your VPN address, and in the "Destination Name" line, write the server name. Don't forget the mark. Select the “Installation for future connection” column and continue with your actions.
6. Next, add your password and login registered on the VPN server. In the window that opens, agree to connect.
7. Then, in the Network and Sharing Center, change the adapter settings.
8. Finally, select VPN Type. This will be an IPsec VPN. Of course, note that encryption is optional. IPsec VPN channel is ready!

To conclude the topic about IPsec VPN, I would like to emphasize the usefulness of the program, given the two disadvantages that VPN has. The first and most serious is the vulnerability of the PPTP protocol. We are talking about the insufficient reliability of single-factor authentication. In other words, when we confirm our access rights only using a login and password. In this case, the login or user name is usually known, and the password quite often falls into the hands of a hacker (for example, when a Trojan virus is introduced into your OS). Then the unauthorized person gets full access to the local network. The second drawback is that there is no way to verify that the connection was made by a trusted user and not by the same attacker who gained access to the account.

Video: setting up an IPsec tunnel between two Mikrotik routers

Now, user, you know, if not all, then the basic steps for creating and setting up your own, full-fledged and completely secure virtual network based on a VPN connection in Windows 7. You also learned how to correctly configure the OpenVPN and IPsec VNP programs. Rest assured, a private server guarantees the same full connection as a regular one. Your computer will not notice the difference between a VPN and a channel without encryption, but the security of your work in the digital space increases several times.

Please note that the task here is not to explain everything thoroughly and technically correctly, the task is to explain it “on the fingers” so that even novice users can understand. Hope it worked out. If you have any questions - ask them in the comments.

The essence of the VPN server is as follows. For example, you want to go to the site yandex.ru. More precisely, connect to a server with IP 77.88.21.11 (residents of the eastern regions of Russia may be sent to a server with a different IP, but that’s not the point). When working without a VPN, your computer sends a packet (you could say a request) directly to the server with the address 77.88.21.11 and receives a response from it. When working via a VPN, your computer sends a packet to the VPN server, the VPN server sends the exact same packet to 77.88.21.11, 77.88.21.11 sends a response to the VPN server (because it was the VPN server that originally sent the request), and the VPN server sends this packet to your computer.

What do we have? Requests to the address 77.88.21.11 are sent not by your computer, but by the VPN; accordingly, the server 77.88.21.11 records the IP address of the VPN server, and not your computer.

One possible reason for using a VPN is need to hide your IP address.

Other uses – the need to reroute traffic. Let's take an example from life. The author of this article lives in the city of Orel (Central Russia) and wants to connect to the yunpan.360.cn server located in Beijing. The author uses (more precisely, used at that time) the services of the Beeline Internet provider. As shown by the tracert yunpan.360.cn command entered at the Windows command line, outgoing Internet traffic to this Chinese server goes through the United States. How the traffic goes back, the trace does not show, but, judging by the ping, it goes about the same route. Below is a screenshot from the VisualRoute 2010 program.

Such routing is due to the fact that Beeline did not pay backbone Internet providers for a more direct channel to China.

With this route, large packet losses occur, the speed is low, the ping is huge.

What to do? Use a VPN. Such a VPN server, to which we have a direct route, and from which a direct route to yunpan.360.cn. I (the author of the article) searched for an acceptable solution for a very long time and eventually found it. A virtual server was rented (what it is, we will discuss later) in Krasnoyarsk (immediately imagine where the city of Krasnoyarsk is located) from a hosting provider. Tracing to the server showed that the traffic is going through Russia, the ping is 95 ms (I had a mobile LTE (4G) Internet, on a wired Internet the ping will be 5-10 ms lower).

Ping- This is the delay of the Internet signal. The delay for the passage of Internet traffic in both directions (there and back) is measured. It is impossible to measure the delay in only one direction by standard means, since your computer sends a request to the pinged server and detects the time it takes for the response to come.

In traces, ping to each point (to each route point, otherwise called a hop - jump) is also shown for traffic in both directions.

It often happens that the route is different in different directions.

Next, a trace was made from the Krasnoyarsk server to yunpan.360.cn. Ping is around 150 ms. The tracing showed that traffic from the Krasnoyarsk server to the Chinese one goes through direct peering (internetwork interaction) between the Transtelecom and China Telecom providers.

Here is the trace (made from under Linux):

tracepath yunpan.360.cn
1?: pmtu 1500
1: srx.optibit.ru 0.361ms
1: srx.optibit.ru 0.381ms
2: border-r4.g-service.ru 0.392ms
3: kyk02.transtelecom.net 0.855ms asymm 5
4: 10.25.27.5 112.987ms asymm 8
5: ChinaTelecom-gw.transtelecom.net 125.707ms asymm 7
6: 202.97.58.113 119.092ms asymm 7
7: 202.97.53.161 120.842ms asymm 8
8: no reply
9: 220.181.70.138 122.342ms asymm 10
10: 223.202.72.53 116.530ms asymm 11
11: 223.202.73.86 134.029ms asymm 12
12: no reply

What do we see? The Krasnoyarsk server is hosted by optibit.ru (hosting is a service for placing and renting server capacity) and is connected to the Internet provider “Igra-Service” (g-service.ru). Igra-Service, in turn, sends traffic to yunpan.360.cn through the large Russian backbone provider Transtelecom (for which it pays him money). TTK directs traffic through its direct connection to the network of the Chinese backbone provider China Telecom, the ChinaTelecom-gw.transtelecom.net hop domain tells us this.

Let's remember what our problem was. Our traffic to that Chinese server went through the USA, the speed was low. What I've done? I installed a VPN on this Krasnoyarsk server. And configured my computer to work through this VPN server. What happened? Now the traffic to yunpan.360.cn did not go along the old Orel-Moscow-USA-China route, but like this:

first to the VPN server – Orel-Krasnoyarsk,

then from the VPN server to Beijing - Krasnoyarsk-Beijing.

Did you get the point? We have changed our route. What did it give? The speed of the outgoing connection from me to yunpan.360.cn has increased. Ping has been reduced. The result was achieved.

How to determine your route? For beginners, the easiest way to do this is to use the VisualRoute program, which can be found on the Internet in both licensed and hacked forms.

You need to run this program and set the following settings:

It will turn out like this:

Using this table you will see which countries the traffic passes through. Once again, I draw your attention to the fact that the trace shows the route of outgoing traffic only (that is, traffic from your computer to the server). The route in the opposite direction can only be shown by a trace made from the server to your computer. VisualRoute has a small glitch: it often shows Australia(?) as a country when it cannot determine the real geoposition of the node.

VPN– Virtual private network – a virtual private network is, one might say, your own network on top of the Internet, all traffic within which is encrypted. You can study this technology in detail. To explain it very simply, then:

• your computer and VPN server connect over the Internet
• all traffic between you and the VPN server is encrypted
• The VPN server sends it to the destination
• your IP is hidden and the IP address of the VPN server is visible instead

It is recommended to use a VPN when working through free (or simply someone else's) WiFi, since it is possible to intercept all traffic passing through the WiFi router. And when using a VPN, all traffic will be encrypted. Moreover, if you go to yandex.ru, vk.com and google.ru without a VPN, then connections to yandex.ru, vk.com and google.ru will be recorded at the level of the router and your Internet provider. When using a VPN, all connections go to the VPN server address.

There are many paid VPN services available. Their advantages include only ease of use. Disadvantages include high cost and lack of 100% confidentiality (you can write a lot, but what actually happens on the VPN server, whether traffic is intercepted, cannot be guaranteed). The inability to change the IP address in a couple of clicks should also be considered a disadvantage of paid services.

Let's compare the cost of our self-configured solution and paid VPN services. The latter cost around 300 rubles. per month. Our solution will cost $0.007 per hour. If we don’t use VPN right now, we don’t pay. If used for 2 hours every day for 30 days, this pleasure will cost us 30-50 rubles.

We will do the following:

1. We rent a server for VPN.
2. Let's set up a VPN on it.
3. We will use them and pay only for each hour of actual VPN use.

Step #1. Server rental.

No, we will not rent a full-fledged server. We rent virtual server – VPS(virtual private server). In many cases, hosting websites on the Internet or for other purposes (including organizing a VPN) does not require large server capacities, but you need to customize the server operating system. Several operating systems cannot run simultaneously on one computer (including a server, because it is the same computer, only usually more powerful). What should I do? Virtual machines come to the rescue. This technology allows you to run an operating system within an operating system, which is called virtualization. In the case of servers, analogues of virtual machines are also created - virtual servers.

There are several common virtualization technologies. The most common are OpenVZ, KVM, Xen. Roughly speaking, Xen and KVM create their own “hardware imitation”, their own OS, etc. for each virtual machine. In the case of OpenVZ, a common OS kernel is used, as a result of which some functions (for example, making changes to the OS kernel) become unavailable, or they can be enabled or disabled only for all VPS at once. VPS on Xen and KVM are, as a rule, more stable in operation, but the difference is significant only for large projects for which server fault tolerance is critical.

VPS on OpenVZ is always cheaper, since one virtual server requires fewer resources. Due to the lower price, we will turn our attention to VPS based on OpenVZ.

Attention! Some hosting companies (companies that provide server rental services) deliberately block VPN operation on OpenVZ-based servers! Therefore, before renting such a server, you need to check with the support service (with a good hosting they should respond within 15 minutes, maximum an hour) whether the VPN will work.

To work on a personal VPN server, a minimum configuration is enough - 256 MB of RAM and a 0.5-1 GHz processor. However, not all hosting providers provide VPS with 256 MB of RAM: many have a minimum tariff of 512 MB of RAM. Such a VPS will be more than enough for us.

What other criteria for choosing a VPS exist? As you already understand, Internet traffic will constantly “walk” from you to the VPS and back. Therefore, the main canals must have sufficient capacity in both directions. In other words, the speed of the Internet connection between your computer and the VPS must be sufficient to perform the tasks you require. For everyday comfortable work, 15 Mbit/s is enough, and if you are going to download torrents via VPN, then you may need all 100 Mbit/s. But! If you and the VPS are on the networks of different Internet providers (especially in different cities), it is unlikely that the backbone networks will “stretch” more than 70 Mbit/s within Russia (or your country) and more than 50 Mbit/s with servers in Europe.

Most hosting services require monthly payments. It is worth noting right away that the price range is very large with approximately the same quality. We will use services with an hourly rate: $0.007 per hour of our server’s work. Thus, if we use VPN for 2 hours every day, then we will pay about 30 rubles per month. Agree, this is not 350 rubles/month for a paid VPN service!

First of all, you need to go to the website and register:

Next, a page will open on which you need to provide your bank card details. Without this, the system will not work and will not allow you to take advantage of the bonus 10 dollars (more on this later). You can specify any data, the system will “eat” fake data.

In this case, an amount of several rubles may be blocked on your card, which will then be returned. Charges from your card will only be based on the fact of using the servers.

What to do if you don’t have a bank card? Get yourself one, it automatically gives you a virtual card, the balance of which is equal to the balance of your wallet. You can top up your wallet almost anywhere, see.

However, if you enter your Qiwi card details into DigitalOcean, the system will spit it out, citing the fact that DigitalOcean does not work with prepaid and virtual cards. In this case, you need to top up your balance by $5 via PayPal by paying with a Qiwi card.

After all this, on the same page in your DigitalOcean personal account, enter the promo code DROPLET10, which credits us with 10 dollars, which we can fully use on the servers without fear of additional charges from our card.

Ready! Now let's move on to creating a VPS. Watch the video tutorial:

When creating a server, choose Ubuntu OS version 14.04, and not any newer one, incl. do not select 16.04.

Server location		Domain for ping
Frankfurt, Germany	http://speedtest-fra1.digitalocean.com/	speedtest-fra1.digitalocean.com
Amsterdam 1, Netherlands	http://speedtest-ams1.digitalocean.com/	speedtest-ams1.digitalocean.com
Amsterdam-2	http://speedtest-ams2.digitalocean.com/	speedtest-ams2.digitalocean.com
New York-1, USA	http://speedtest-ny1.digitalocean.com/	speedtest-ny1.digitalocean.com
New York-2	http://speedtest-ny2.digitalocean.com/	speedtest-ny2.digitalocean.com
New York-3	http://speedtest-ny3.digitalocean.com/	speedtest-ny3.digitalocean.com
San Francisco, USA	http://speedtest-sfo1.digitalocean.com/	speedtest-sfo1.digitalocean.com
London, Great Britain	http://speedtest-lon1.digitalocean.com/	speedtest-lon1.digitalocean.com
Singapore	http://speedtest-sgp1.digitalocean.com/	Speedtest-sgp1.digitalocean.com

Note. For most residents of Russia and the CIS countries, Amsterdam or Frankfurt will be suitable (ping to Frankfurt in most cases will be slightly less than to Amsterdam). I recommend that residents of the Russian Far East test Singapore and compare the performance with European servers.

The location of servers abroad will allow using VPN to bypass government bans on visiting certain sites (if this is relevant for you).

DigitalOcean includes 1 terabyte (1024 GB) of traffic in the price (see). For most people this will be enough. Other hosting providers have formally unlimited traffic, but it becomes unprofitable for them once the threshold of 1-2 TB/month is reached.

That's it, we ordered a VPS. Congratulations. Now it's time to move on to setting it up.

Step #2. Setting up a VPN.

Don't be intimidated, the process of setting up your own VPN is as easy as two-twos!

In the video tutorial above, we connected to our server using Putty. Now let's continue.

Copy and paste (by right-clicking the mouse, as we did in the video tutorial) the command:

Now copy and paste the following into the file editing window that opens:

Press Ctrl+O, then Enter.

Press Ctrl+X.

Copy and paste the command:

Enter 1 and press Enter. We wait. According to the system requests, enter the desired login and press Enter. Likewise with a password. For the questions “[Y]/[N]”, enter Y and press Enter. After completing the setup, our login and password and server IP address will be shown.

Ready! VPN is configured!

Now open the Windows Network and Sharing Center:

Select the settings for a new connection:

Select “Connect to a workplace”:

We're waiting a little. We now work via VPN! To make sure of this, go to and make sure that our IP address shown to us matches the IP address of our VPS.

Now attention! Through our DigitalOcean personal account, we can turn off our VPS (droplet in DigitalOcean terminology), however, even for a server in the off state, funds are written off at the standard rate. So we'll backup our server, delete it, and when we need the VPN again, we'll restore it from the backup!

Let's move on to server management (the DigitalOcean control panel is located at cloud.digitalocean.com, you can enter it through the Sign In button on the main page of digitalocean.com in the upper right corner).

We need to create a backup (snapshot) of our VPS. But to do this, you first need to turn it off.

We wait about a minute until the server turns off. Then go to the Snapshots section, enter a custom name for the snapshot and create it:

For each gigabyte of “weight” of our VPS, 2 cents will be charged when creating a snapshot. Creating a backup (snapshot) will take a few minutes.

Now we remove the server:

All! No more money will be deducted from us for anything.

What to do when you need a VPN again

We need to create a new VPS from the backup we made before.

Click “create droplet”:

Now, as before, enter any server name in Latin letters without spaces, select the first minimum tariff, the region must be the same, the same as the one in which we previously had a server.

Just below, click on the name of the picture that we took (was gray, but should turn blue):

...and click the big green “Create droplet” button.

We wait about a minute.

Let's see if the IP address of our server matches the previous one. If yes, then in Windows we simply resume the previously created connection:

If not, then right-click on the name of our connection and change the IP address to a new one:

Enter the new IP and click “OK”:

Attention! Now, to turn off the VPN, we do not need to make a backup, we just delete the server right away, and next time we will restore everything from the old snapshot. It is not necessary to shut down the server before deleting. Just in case, this is the procedure in the screenshots:

We removed the VPS while not using the VPN. Now let’s restore it from the old snapshot:

Again we check whether the old IP is still there and continue working.

On the same server (or another one) you can raise your personal proxy, for example, to the 3proxy software base, but this is not the topic of this article.

Found a typo? Press Ctrl+Enter

To understand setting up a VPN, you need to understand what it is. VPN (Virtual Private Network) is a virtual private network. It includes a group of protocols that can be used to organize a visual network over an unprotected network. It is used to gain access to the Internet, access to the corporate network and unification of its segments.

What types of VPNs are there?

VPNs are shared on the:

• PPTP (Point-to-point Tunneling Protocol) – point-to-point tunnel protocol. This protocol secures the connection. To do this, a tunnel is created over the standard network. This type of protocol is currently not recommended because it is considered the most insecure protocol. How to organize such a protocol? For configuration, 2 network sessions are used: PPP and TCP session. To establish a PPP session, the GRE protocol is required. This session is established for data transfer. A connection to the TCP port is used for control. Because of this “structure” of the protocol, problems may arise in hotel and mobile operators.
• L2TP (Layer 2 Tunneling Protocol). This protocol is better than the previous one. It is based on two protocols: PPTP and L2F. It combines data and control channels, and also adds encryption, which makes it more secure. In addition, there is another advantage of L2TP over PPTP - L2TP is much easier to understand by most firewalls, unlike PPTP.
• SSTP(Secure Socket Tunneling Protocol)) – secure socket tunneling protocol. It is based on SSL, which is a secure socket layer and is built on a cryptographic system using a public and private key. SSTP allows you to create a secure connection from anywhere using HTTPS and an open port 443. Its most important advantage is the efficient use of network resources.

What are VPNs used for?

Let's take a closer look at the most common uses of VPNs:

• Access to the Internet. Often used by city network providers. But this method is also quite popular in enterprise networks. Its main advantage is its high level of security. This fact is facilitated by access to the Internet through two different networks. This allows you to set different security levels for them. The classic solution involves distributing the Internet to a corporate network. In this case, it is almost impossible to maintain security levels for local and Internet traffic.
• Access to the corporate network from outside. It is also possible to combine the networks of all branches into one network. This function is the main goal of VPN developers - the ability to organize secure work in a single corporate network for users whose locations are outside the enterprise. It is widely used as a connector for geographically dispersed units, providing access to the network for employees who are on a business trip or on vacation, and opens up the opportunity to work from the comfort of their own home.
• Consolidation of corporate network components. Most often, an enterprise network includes a certain number of segments that have different levels of security and trust. In this situation, a VPN can be used to communicate between segments. This solution is considered the most secure when compared with a simple connection. By doing this, you can organize access for the warehouse network to individual resources of the sales department network. Due to the fact that this is a separate logical network, it can be assigned the necessary security requirements without interfering with the functional process of individual networks.

Features of setting up a VPN connection

There is a high probability that VPN clients will be workstations running the Windows operating system. But it is necessary to highlight that the server can easily perform its basic functions both under Windows and under Linux or BSD. In this regard, we will begin to consider Windows 7. Do not stop your attention on the basic settings. There is nothing complicated about them, and they are understandable to absolutely every user. We need to focus on one subtle nuance:

• When connecting a standard VPN connection, the main gateway will be specified for the VPN network, in other words, the Internet on the client machine will completely disappear or will be used through connections in some remote network. Such an inconvenience can lead to significant financial costs - double payment for traffic (the first time the remote network is paid, and the second time the provider’s network). To prevent such situations, you need to go to the “ Net", in the protocol properties TCP/IPv4 press the button " additionally" and in the new open window, uncheck the "". In the figure you can visually familiarize yourself with this action.

This issue did not require detailed consideration, if not for the widespread occurrence of problems and ignorance of the reasons for such strange behavior of the VPN connection among many system employees.

What is routing? If we don’t go into too much detail about temrinologies, we can say that this is a set of rules that determine the route of data in connected networks. They can be compared to road signs and markings. Imagine the situation: you find yourself in a city that is completely foreign to you, where there are no signs or markings at the intersections. You become confused. A similar situation occurs in networks. Any network packets travel according to a certain set of rules - routing tables. It is thanks to them that you can send a document to a network printer to print it, and the email will reach the exact recipient.

If you want to use a VPN connection for remote clients on a corporate network, then it becomes necessary to configure routes. If you do not carry out this process, then how will the package independently determine that it needs to get into your corporate network through the tunnel? You don’t indicate in a postal letter or telegram that it needs to be delivered to “grandmother in the village.”

Today there are several known ways to build a virtual network. Each of them implies its own unique routing scheme. Let's look at them in more detail:

This option only works with external support. Proxy ARP, which allows you to combine two unconnected networks into one whole. It is assumed that all hosts are located on the same physical network and exchange traffic without additional routing.

The main advantages of this method are simplicity and full access to the network of remote clients. However, in this case, you get a low level of security and the inability to differentiate access between local network users and VPN clients.

As a result, clients may receive addresses from a range that is not part of the local network, but which is routed from it.

In this case, remote clients are allocated to a separate subnet (in the picture it is 10.0.1.0/24). At the same time, the figure shows that both subnets can be components of a common network - 10.0.0.0/23. Thus, the structure can be controlled using routing or a subnet mask.

The first option is to move the computers to the 10.0.0.0/23 network (this requires changing the network mask to 255.255.254.0), which will give it access to both subnets.

The second option is to route packets from one subnet to another using a gateway. This method is better suited for this situation, since we will be able to configure rules for different subnets, creating different levels of trust.

In order to gain access from a client computer located on one subnet to another, you should use static routing. The entries will have the following template:

X.X.X.X mask Y.Y.Y.Y Z.Z.Z.Z

In this pattern, the network is X.X.X.X, the netmask is Y.Y.Y.Y, and the gateway is Z.Z.Z.Z. in order to add a route in Windows OS you need to use the routeadd command. The general command entry looks like this:

routeadd X.X.X.X mask Y.Y.Y.Y Z.Z.Z.Z

On Linux, the entry changes its form slightly, but remains essentially the same:

routeadd -net X.X.X.X netmask Y.Y.Y.Y gw Z.Z.Z.Z

It is worth noting that the commands are valid until the first reboot. Although this creates some difficulties, this property can be used if there is an error in creating a route. Once you have verified that everything is working correctly, you should add permanent routes. To do this, add the –p switch to the command we already know:

routeadd X.X.X.X mask Y.Y.Y.Y Z.Z.Z.Z -p

To do this in Ubuntu, after describing the interface in the file /etc/network/interfaces, you should add the line:

uprouteadd -net X.X.X.X netmask Y.Y.Y.Y gw Z.Z.Z.Z

Now let's get back to the routes. In order to provide access to the local network, you should register a route to it for remote clients:

And vice versa: to access remote clients from the local network to a PC, you should register

Remote clients have addresses that are not part of the local network, but can be routed from it.

Please note that this scheme is not designed for routing from a local network to a remote network. It is often used to provide access to low-trust clients. Thus, only resources published in the VPN are available to clients. It is worth noting that this is not enough to access the local network - you must additionally configure the server to broadcast packets from the remote network to the local network and back.

Publishing a resource on a VPN network can be done in the following ways: by placing it on a VPN server and allowing access to it from a remote network, by forwarding a port to a remote network, or by connecting the resource as a network client. Below is a diagram that shows a terminal server with route 10.0.0.2 accessible at address 172.16.0.2 on a remote network.

The above diagram is used to connect several subnets into a single, complete network. Such a network has a more complex structure. However, if you understand the process of routing packets through interfaces, everything immediately falls into place. Under these conditions, X.X.X.X is the IP address of the main office, and branches have gray IP addresses. The office router connects as a client. It hosts a VPN server.

Now let's talk about routing. Clients of the LAN1 subnet transmit packets to the LAN2 subnet to the router’s network gateway. Likewise, the router transmits packets to the opposite end of the VPN tunnel. Exactly the same routing must be done for the LAN2 subnet.

To do this, you need to write a route to LAN2 on clients of the LAN1 subnet:

10.0.1.0 mask 255.255.255.0 10.0.0.1

You also need to register the route of the other end of the tunnel on the LAN1 router:

10.0.1.0 mask 255.255.255.0 172.16.0.2

For LAN2 clients, routes should look like this:

10.0.0.0 mask 255.255.255.0 10.0.1.1

PPTP is an easy protocol to implement. But do not forget that you should not use it when working with critical data, since PPTP is a weakly secure protocol.

A diagram we created in the test laboratory that will help you practically get acquainted with the technology:

We have a local network 10.0.0.0/24, in which there is a router that performs the functions of a VPN server and a terminal server. The VPN was assigned a network with route 10.0.1.0/24. The external appearance of the server has the agreed address X.X.X.X. We need to provide remote clients access to terminal server resources.

Setting up a PPTP server

Install the pptpd package:

sudo apt-get install pptpd

For delivery to clients, we indicate the range of addresses:

remoteip 10.0.1.200-250

Without restarting pptpd, it will be impossible to increase the number of addresses, so you need to set them with a reserve. You must also find and rewrite the line:

There are two options that can be used. This listen And speed. Using listen, you specify the IP address from the local interface. This is needed to listen to the PPTP connection. The second – speed – allows you to accurately display VPN connections in bps. As an example, you can take permission for servers to receive a PPTP connection, but only with the external interface:

In file / etc/ ppp/ pptpd— options There are much finer settings. Accepting the default settings will best suit the required requirements. For a better idea, it’s worth talking about a few of them.

The section is responsible for encrypting the attached data, as well as verifying its authenticity. #Encryption. Any supposedly dangerous protocol such as CHAP, PAP and MS-CHAP, obsolete protocols are prohibited by the options:

refuse-pap
refuse-chap
refuse-mschap

The next step is to apply the authentication protocol (MS-CHAP v2, as well as 128-bit MPPE-128):

require-mschap-v2
require-mppe-128

Next it is worth mentioning the section #Network and Routing. Section to use DNS servers, focusing on the internal network. Why is this likely to become highly profitable? Because it allows you to turn the signal directly to the computer through names, not exclusively through IP. This is possible by keeping all laptop computers in DNS. But in our situation, the above option is completely useless. In this case, you just need to enter the WINS server address through the option ms-wins.

In the same section there is proxyarp option. It includes maintenance using the server Proxy ARP.

Next section #Miscellaneous and contained in it lock option. Limits the capabilities of any client through just one connection.

ivanov * 123 *
petrov * 456 10.0.1.201

The first entry allows a user whose password is 123 to connect to the server, and is also assigned a personal IP address. The second entry creates the next user. She also gives him a permanent address (10.0.1.201).

sudo /etc/init.d/pptpd restart

Please pay attention! In cases where pptpdrefuses V restart, hangs, /var/log/syslog produces the line about long config file line ignored,immediately enter V end file/etc/pptpd.conftransfer lines.

Finally, the server is fully prepared for use.

Setting up a client computer

In most cases, the default settings for a VPN connection are suitable, but it is a good idea to specify a specific connection type and disable encryption protocols that will not be used.

After this, you need to register the addresses of static routes and the main gateway, taking into account the peculiarities of the network structure. These issues were discussed in previous sections.

After establishing a VPN connection, we can ping any computer on the local network, so we can easily access the terminal server:

Attention, one more important note! Often, access to a PC on a local network will be via IP addresses. This means that the path \\\\10.0.0.1 will work, but \\\\SERVER will not work. This option will be very unusual for users and may cause additional difficulties. There are several ways to get rid of these problems:

1. If your network is built on the basis of a domain structure, then for a VPN connection you need to specify the address of the domain controller server using the DNS server address. You can use the function in the server settings ms-dns in /etc/ppp/pptpd-options and the client will receive the settings data automatically.
2. If your network does not have DNS server, then you can create WINS-server and similarly configure automatic data transfer for client computers using the ms-wins option.
3. If the number of remote clients is small, you can configure the hosts files on each computer by writing in them a line like: 10.0.0.2 SERVER. You can find the hosts file in the folder (C:\\Windows\\System32\\drivers\\etc\\hosts).

The basis of our server was a router using WindowsServer 2008 R2. Setting up the server was discussed earlier. The settings are also relevant for servers based on WindowsServer 2003 – 2008 with minor features.

The setup is complete and, as a last resort, during the wizard launch process, you will need to select the desired configuration. When opening server manager, in the roles you need to find " routing and remote access n" go to its properties (opens with the right mouse button). In the window that appears, you need to set the switch " IPv4» in state local network and call on demand and check the box next to "".

After these manipulations, you need to go to the “ safety» select authentication using the MS-CHAPV2 protocol and prohibit connection without verification.

After saving the changes, the service will restart and the VPN server role will be added. The “ports” item should appear in the console (left side), and we need to go to its properties. By default the system creates 5 PPTP and 5 L2TP ports. In the PPTP settings, check the boxes opposite on-demand and dial-up connections. In addition, you must specify the maximum number of ports. It is recommended to disable all unnecessary ports.

At this stage, setting up the server can be considered a completed action. It is only necessary to determine the number of users for whom remote access to the server will be available.

Access is configured in the section local users and groups, where we find “ user properties" And allow access in section "" in " incoming calls».

To make sure that all the settings are correct, we need to connect from the client computer, while selecting the type of access verification we need. The list of connected client computers can be seen in the console, where the “” item is located.

To diagnose connection problems, you first need to study the event log, which records all the most important incidents. In the descriptions you can find complete information to quickly detect and fix the problem.

Video: Setting up a VPN server on Windows 7

In this article we will look at how you can organize your own VPN server on Windows 7 without using third-party software

Let me remind you that VPN (Virtual Private Network) is a technology used to access secure networks over the public Internet. VPN allows you to protect information and data transmitted over a public network by encrypting it. Thus, an attacker will not be able to gain access to data transmitted within the VPN session, even if he gains access to packets transmitted over the network. To decrypt traffic, he needs to have a special key, or try to decrypt the session using brute force. In addition, this is a cheap solution for building an enterprise network over WAN channels, without the need to rent a dedicated expensive communication channel.

Why might you need to organize a VPN server on Windows 7? The most common option is the need to organize remote access to a computer with Windows 7 at home or in a small office (SOHO) when you are, for example, on a business trip, visiting, or generally not at your workplace.

It is worth noting that the VPN server on Windows 7 has a number of features and limitations:

• You must clearly understand and accept all potential risks associated with a VPN connection
• Only one user connection is possible at a time, and it is not legally possible to organize simultaneous VPN access to a computer with Win 7 for several users at once.
• VPN access can only be granted to local user accounts and Active Directory integration is not possible
• To set up a VPN server on a machine with Win 7, you must have administrator rights
• If you connect to the Internet through a router, you need to have access to it, and you need to be able to configure port forward rules to allow incoming VPN connections (the actual setup procedure may vary significantly depending on the router model)

This step-by-step instructions will help you organize your own VPN server on Windows 7, without using third-party products and expensive corporate solutions.

Open the panel NetworkConnections(Network connections) by typing “network connection” in the search bar of the start menu and selecting “View network connections”.

Then hold down the button Alt, click on menu File and select the item New Incoming Connection (New incoming connection), which will launch the Create Computer Connection Wizard.

In the wizard window that appears, specify the user who will be allowed to connect to this Windows 7 computer via VPN.

Then specify the user’s connection type (via the Internet or via a modem), in this case select “Thought the Internet”.

Next, specify the types of network protocols that will be used to service the incoming VPN connection. At least TCP/IPv4 must be selected.

Click the Properties button and specify the IP address that will be assigned to the connecting computer (the available range can be set manually, or you can specify that the IP address will be issued by the DHCP server).

After you press the button Allowaccess, Windows 7 will automatically configure the VPN server and a window will appear with the name of the computer that will need to be used to connect.

That's it, the VPN server is configured, and a new connection named Incoming connections will appear in the network connections window.

There are a few more nuances when organizing a home VPN server on Windows 7.

Setting up firewalls

There may be firewalls between your Windows 7 computer and the Internet, and in order for them to pass the incoming VPN connection, you will have to configure them. Setting up various devices is very specific and cannot be described in one article, but the main thing to understand is that you need to open the PPTP VPN port number 1723 and configure forward (forwarding) connections to a machine with Windows 7 on which the VPN server is installed.

Don't forget to check your built-in Windows firewall settings. Open the Advanced Settings control panel in Windows Firewall, go to the Inbound Rules section and check that the “Routing and Remote Access (PPTP-In)” rule is enabled. This rule allows accepting incoming connections on port 1723

Port forwarding

Below I have posted a screenshot showing the organization of port forwarding on my NetGear router. The figure shows that all external connections on port 1723 are redirected to the Windows 7 machine (whose address is static).

Setting up a VPN connection

To connect to a VPN server with Windows 7, you need to configure a VPN connection on the connecting client machine

To do this, set the following parameters for the new VPN connection:

• Right-click on the VPN connection and select Properties .
• On the tab Security in field TypeofVPN(VPN type) select option Point to Point Tunneling Protocol (PPTP) and in the section Data encryption select Maximum strength encryption (disconnect if server declines) .
• Click OK to save the settings

More and more cafes, hotels and other public places are acquiring their own Wi-Fi networks. But by using unprotected traffic, device owners jeopardize the security of their own data. Therefore, the relevance of private networks is increasing. To protect yourself, you can create a VPN connection. Read our article about what it is and how to configure it correctly in Windows 7.

What is a VPN connection and why is it needed?

This technology involves a secure network created on top of an unsecured network. The VPN client, using a public network, connects to the VPN server through special protocols. The server accepts the request, verifies the client's identity, and then transmits the data. This is ensured by cryptography.

VPN capabilities allow you to use it for the following purposes:

1. Hide your real IP and become anonymous.
2. Download a file from a network in which access is restricted for IP addresses of the user’s country (if you use the IP address of a country that has access to this network.
3. Encryption of transmitted data.

How to set up a connection?

1. Through “Start”, open “Control Panel”, then launch “Network and Sharing Center”.

   Select the “Network and Sharing Center” area

2. Follow the link “Set up a new connection or network.”

   To create a new connection or network, you need to click on the corresponding line in the list

3. Click "Connect to Workplace".

   Select "Connect to a workplace"

4. Select "Use my Internet connection (VPN)."

   Select "Use my Internet connection (VPN)"

5. In the “Internet address” field, enter the address of your VPN server.
6. To find it out, you need to launch the Run tool (Win + R) and enter cmd.

   You need to enter cmd in the line and press “Enter”

7. Then write the ipconfig command, run it and find the “Default gateway” line, which contains the desired address.

   You need the address that is in the “Main gateway” line

8. Now you need to insert the address and tick the “Don’t connect now...” checkbox and click “Next”.

   Enter the received address in the field, check the box next to “Don’t connect now...”

9. Enter the username and password provided by the provider and click “Create”.

   Enter login and password

10. Close a window.
11. Open Network and Sharing Center again and click Change adapter settings.
12. The VPN connection icon appears here. To make a connection, you need to right-click on the icon and click “Connect”. To disable, also right-click on the icon and click “Disable”.

    There is a VPN connection icon here, through which you can connect or disconnect

13. In the window that opens, you need to enter your username and password and connect.

    Enter your username and password (if necessary) and click “Connect”

Video: creating and setting up a VPN

Possible errors and solutions to problems

400 Bad Request

1. Disable a firewall or other program that affects your security and online activities.
2. Update the version of the browser you are using or use a different one.
3. Delete everything that the browser writes to disk: settings, certificates, saved files, etc.

611, 612

1. Restart your computer and check if the local network is working. If this does not solve the problem, then call technical assistance.
2. Close some programs to improve system performance.

629

Check your firewall settings. As a last resort, it can be disabled, but this is undesirable, as the level of security will be reduced.

630

Reinstall the network adapter drivers.

650

1. Check if "Local Area Connection" works.
2. There is a problem with the network card or network cable.

738

1. Perhaps your login and password were stolen by attackers.
2. "Hung" session. After a few minutes, try to connect again.

752

1. The local firewall is not configured correctly.
2. Changed access attributes (international phone number instead of VPN server address).

789

Open the VPN connection settings, go to the “Network” tab and select “Automatic” or “Point-to-Point Tunnel Protocol (PPTP)” from the available VPN types. Then reconnect.

800

The cable, router or router may be damaged. If they are ok, then you need to check the following:

1. LAN connection properties. They may have gotten lost or been deleted. You need to open the properties of the VPN connection, select “Internet Protocol Version 4 (TCP/IPv4)” and open its properties. Then check the correctness of the parameters: IP address, subnet mask, default gateway. As a rule, they are specified in the provider's Internet connection agreement. Alternatively, you can check the boxes next to “Obtain an IP address automatically” and “Obtain a DNS server address automatically.”
2. If you are using a router or router, then the “Default gateway” field is 192.168.0.1 (192.168.0.1). More details about this are described in the router instructions. If it is known for sure that the access point has a default gateway of 192.168.0.1 or 192.168.1.1, then the IP addresses are in the range from 192.168.0.100 (192.168.1.100) and higher.
3. IP address conflict (there is a yellow exclamation mark in the tray icon on the monitor). This means that there is a computer on the local network with the same IP address. If there is no router, but there is a conflict, it means that the IP address is not the one specified in the agreement with the provider. In this case, you need to change the IP address.
4. There may be problems with the subnet mask or DNS server. They must be specified in the contract. In cases where a router is used, the DNS is often the same as the default gateway.
5. The network card is turned off or burned out. To check the device, you need to click “Start”, select the “Run” tool and enter devmgmt.msc in the mmc line. In the window that opens, click on “Network adapters”. If it is turned off (crossed out), then you need to start it. If the card does not turn on, it means that it is burned out or has come out of the slot (the second option is only possible if the card is not built into the motherboard). If the card works, then disable it and start again. As a last resort, you can remove the network card from the configuration and click on the “Update hardware configuration” icon. The system will find the network card and install it.
6. Incorrect VPN server address. It must be indicated in the instructions. If there is no such information, then you need to contact technical service. If the Internet works without a VPN connection, then go to the provider’s website and find the VPN server address. It can be either alphabetic (vpn.lan) or in the form of an IP address. To view the VPN server address, you need to open the properties of the VPN connection.
7. There is no money in your personal account.

Regardless of the error, if you cannot fix it yourself, you will have to contact technical support.

How to enable automatic start?

1. In order for the connection to start automatically, you need to go to “Control Panel” - “Network and Internet” - “Network Connections”.

   Find VPN in Control Panel

2. We find the VPN, open properties, then go to the “Options” tab and uncheck the “Display connection progress”, “Prompt for name, password” and “Include Windows login domain” checkboxes.
3. Then you need to open the Windows Task Scheduler. Go to “Control Panel” - “System and Security” - “Administration” - “Task Scheduler”. Or you can go through the registry: Win + R, enter the line taskschd.msc.

   Open the task scheduler

4. Select “Action” from the menu, then “Create a simple task.”