I have a Cisco 2691 router running IOS 12.4 series at home currently, and I've been planning to cook up a VPN setup on it that allows me to connect back home, and also to "trombone" my way back out from home. I wanted toe setup to be as short and simple as possible, but still include encrypted communication. Finally, I wanted this to be available using "standard setup" client software on my XUbuntu+NetworkManager laptop, as well as Windows 7.
The "kicker" that made me finally cook this up, was the need to easily demonstrate to a colleague as well as a few students a simple way to do road warrior VPN using a Cisco IOS router as the termination point.
My setup uses Microsoft PPP Extensions to get encrypted communication, and as such it is a form of PPTP VPN.
The important bits to understand this setup is:
- I use the IPv4 range 10.0.5.0/24 (or rather a subset of it) for the VPN clients.
- VPN clients connect to my "Internet" facing address, located on FastEthernet0/0
- All my internal networks, including VPN clients, use NAT with overload (PAT) for IPv4 communication with "the world"
I suppose it should be possible to use a Mac as a client for this setup too, but to be honest, I can't be bothered to check 🙂
aaa authentication ppp VPDN_AUTH local
ip name-server 10.0.2.2
! Default PPTP VPDN group
username vpntest privilege 7 password 7 053D1601114D5D1A0E550516
ip nat outside
ip unnumbered FastEthernet0/0
ip nat inside
peer default ip address pool VPNPool
ppp encrypt mppe auto
ppp authentication ms-chap-v2 VPDN_AUTH
ip local pool VPNPool 10.0.5.2 10.0.5.31
ip nat inside source list NAT interface FastEthernet0/0 overload
ip access-list standard NAT
permit 10.0.5.0 0.0.0.255