Your home network can be connected to an office network or to another Keenetic's network via a VPN PPTP with any type of Internet access. The built-in PPTP server provides secure access to your home network via the Internet from your smartphone, tablet or computer from anywhere, as if you were at home. PPTP (Point-to-Point Tunneling Protocol) is the most affordable and easy way to connect to a VPN. Up to 10 clients can be connected to the built-in VPN PPTP server simultaneously.
NOTE: Important! Keenetic that will host the PPTP VPN server must be connected to the Internet with a global IP address, and if using the KeenDNS domain name, it must be configured in Direct Access mode. If any of these conditions are not met, it will be impossible to connect to such server from the Internet.
To set up the server it is necessary to install the system component 'PPTP VPN-server'. You can do it on the 'General system settings' page in the 'Updates and component options' section by clicking on 'Component optons'.
Then go to the 'Applications' page. Here you will see the PPTP VPN server panel. Click the 'PPTP VPN server' link.
Configure the server.
The 'Multiple sign-in' parameter controls the ability to establish several simultaneous connections to the server using the same credentials. This is not a recommended scenario due to the lower security level and the disadvantages in monitoring. However, during the initial configuration, or in cases where you want to allow the installation of a tunnel from multiple devices of the same user, you can leave the option enabled.
Multiple clients can be connected with one login and password, but the total number of connections cannot exceed 10.
NOTE: Important! If the 'Multiple sign-in' option is disabled, you can assign a static IP address to the PPTP client. This can be done on the PPTP VPN server configuration page in the 'Users' section.
By default, the 'With encryption only' option is enabled on the server. This means that a tunnel will use the MPPE (Microsoft Point-to-Point Encryption) data encryption protocol. The Keenetic MPPE supports a 40 (default) or 128 bit encryption key length. The MPPE provides secure data transfer for PPTP connection between the VPN client and the VPN server.
NOTE: Important! The default MPPE protocol in Keenetic's PPTP server works with a 40-bit key, then Windows OS PPTP connections by default use a 128-bit key. For more information about connecting to the Keenetic PPTP server from Windows, please see the article 'Connecting to the Keenetic's PPTP server from Windows'.
By default, the 'NAT for clients' option is enabled in the server configuration. This setting is used to allow VPN server clients to access the Internet. In a built-in Windows client, this feature is enabled by default and when a tunnel is established, requests to the Internet will be sent through it.
NOTE: Important! If you disable the 'NAT for clients' function on the server, but do not reconfigure the default routing policy in the Windows client, the Internet access may not work after the installation of the tunnel on the computer.
In server settings in the 'Network access' field you can also specify a segment different from the Home segment, if necessary. In this case, the network of the specified segment will be available through the tunnel.
The total number of possible simultaneous connections depends on the IP address pool size setting. As with the starting IP address, it is not recommended to change this setting unnecessarily.
NOTE: Important! The specified IP subnet must not match or intersect with the IP addresses of other interfaces of the router, as this may result in an address conflict.
In the 'Users' section, select the users you want to allow access to the PPTP server and the local network. Here you can also add a new user by specifying a username and password.
After configuring the server, set the switch to the 'Enabled' state.
By clicking on the 'Connection statistics' link you can see the connection status and additional information about active sessions.
If you want to provide clients with access not only to the local network of the VPN server, but also in the opposite direction, i.e. from the network of the VPN server to the remote network of the VPN client to provide data exchange between the two sides of the VPN-tunnel, refer to the instruction 'Routing networks through VPN'.