Guide / Tutorial to create your own VPN
VPNs, or Virtual Private Networks are a very useful technology that allow us to provide greater security to our connections and facilitate teleworking. Today we are going to explain what they are, how they work, what they are for and how to create your own VPN with Windows.
What is a VPN?
A VPN or Virtual Private Network (Virtual Private Network) is a technology that allows access to a local network through a public network (such as the Internet). Once a computer has connected to a VPN, it will have access to the same resources (usually the company server) that it would have access to if it were physically connected to the local network that gives access to the VPN.
What are VPNs for?
VPNs have two very interesting main utilities. The main one is that a connected computer behaves in the same way as if it were connected in a normal way to the local network. This computer will have access to all the resources on that network (folders, servers, printers, remote access to a computer located on the network …). This is very useful in local work networks since it allows an employee who is not physically on site to work in a completely normal way, using a VPN is one of the main ways to implement teleworking.
Another of its main utilities is security . When connected to a VPN, all the requests made through the network (internet searches, emails …) will be encrypted and will first pass through the VPN server, this process is known as tunneling. Once the requests reach the VPN server, they will be decrypted and the daily process will be carried out on them (send the mail, perform the search …), if any response is expected, the server will encrypt it and send it to the source computer. All this process adds a new layer of security since if you tried to spy on the traffic between the source computer and the server, it could not be accessed when it was encrypted. And if the traffic between the VPN server and the destination computer were spied on, it would be impossible to find out where the request was actually sent from, thus giving greater protection to the user. This is one of the most basic but effective forms of computer security that can be implemented.
How to create a VPN server with Windows 10
Today there are a large number of commercial providers that are able to offer the service to create a VPN that provides you with all the access and security guarantees. However, if you are looking for something simple that allows you to work easily, it is also possible to use a Windows 10 computer with which to set up your own VPN.
To do this, you must follow some steps that we detail below:
- We are going to Control Panel -> Network and Internet -> Center network and sharing
- We access Change adapter settings
- Press the “Alt” key and select “File”-> New incoming connection
- We give access to the users that we want to access the VPN or create new users, these users will be the ones that we will use later to connect to the VPN.
- We make sure that the “over the internet” box is checked and click on the following:
- We select IPV4 and open its properties:
- We check the network access box and specify the IP addresses of the clients who will have access using VPN (it is recommended to use the upper range of IP addresses to avoid problems with which the router distributes).
- We select allow access and close.
With these steps we will have configured a VPN server in Windows 10, however, for its operation to be correct we will have to do even a few more steps.
Firewall configuration.
In order for the connection to the VPN server to be possible, we must allow the firewall of our server to allow access, for this we will carry out the following steps:
- We access Firewall and network protection -> Allow an application through firewall
- Click on Change the configuration.
- We look for Routing and remote access -> We mark both the private and public option -> Click OK.
- We open the PowerShell as administrator (right click powershell and run as administrator)
- We type Get-NetConnectionProfile to see the available networks.
- With the command “Set-NetConnectionProfile -interfaceIndex [Name of the network we want to change – NetworkCategory Private ]” In this way we put the network in private so that the firewall doesn’t problems.
- Finally, we must access our router and open port 1723, which is the one intended for this type of connection, so when we try to connect we will not be rejected.
With these steps we will have configured the security of our system to allow connection to our VPN server.
Configure Automatic Start.
In order for the VPN server to start every time the system is turned on, we must follow these steps:
- We access the Windows Services application.
- Once started, we search for the “Routing and Remote Access” service and access its properties.
- Once we have accessed its properties in the general tab, select the start type “Automatic (delayed start)” and click on OK. In this way the service will wait longer to start and will not give an error.
Configure IP Domain.
To later connect to the VPN server, we will need the IP address of the router to which the system in which we have configured the VPN server is connected. This can be a problem since the IPs of a router are usually dynamic, that is, they will not always be the same. A good way to get around this problem is to assign a domain (a fixed name) to our router, this way, even if the IP changes, the domain will remain the same and we will continue to have access. A good way is to use the web No-IP that allows us to create a free domain that we can later use on our computer.
For this we must follow the following steps:
- We access and register on the web No-IP. Then, establish a name for your domain, try to make it easy to remember.
- Now is the time to install the No-IP client, on the computer that will act as the VPN server. This program will synchronize the IP of your computer and the domain name that you have created in No-IP. That way you can connect to it, even if its IP changes. Access your account on the No-IP website again and, in its control panel, click on the “Dynamic Update Client” option, which you will find on the side panel. Then click on the “Download Now” button to download the No-IP client installer. Install it on your computer and start it.
- Next, enter the email address and password that you used in the No-IP registration. In the No-IP client window, you can see that it has not yet recognized a domain and therefore cannot synchronize your IP. Click on “Edit Hosts”. Check the box of the domain you created in the previous section and click “Save”.
Now the domain is recognized and will assign the correct IP. If you turn your router on and off you will see how the IP changes, but the No-IP client reassigns it to your domain. Even if you close the No-IP client window, it will continue to work in the background.
VPN connection
With all the steps previously carried out, we have correctly configured a VPN server and the possibility of making connections to it. Next, we will explain how to connect to this VPN with a Windows 10 computer connected to the Internet:
- To connect a computer to the server we have created. We look forVPN configuration -> Add a new VPN connection ->
We introduce the dataIn the case of the username and password this corresponds to the user that we created in the previous steps. As for the server or connection name, it corresponds to the IP address or domain of the router to which the computer where we create the VPN server is connected. - We are going to Control Panel -> Network and Internet -> Center network and sharing -> Change adapter settings
- Right click on the VPN connection that we have created and properties
- Generally: we make sure the domain is correct
In safety:Click on Ok.
In networks : uncheck IPv6, dial IPv4, access IPv4 propertiesClick on advanced optionsWe uncheck the option to use the Gateway by defaultWe press Ok several times until we leave. - We are going to Configuration -> Network and internet -> VPN -> Connect
With the lasts steps we will connect to our VPN and we will have access to the same resources that we would have if we were physically connected to the network. To telework safely!
Did you find it useful? Leave us your comments about if you liked this different post!