How to Configure an IPSec VPN Connection to a Virtual Private Network

A VPN (Virtual Private Network) connection allows the secure transfer of data between two or more organizations or groups of organizations (hence the name VPN).

A VPN connection provides secure access to resources and information within the organization or group network that would otherwise be unavailable to outside parties. Enterprises that implement VPNs to connect their offices and mobile employees to the Internet typically utilize private VPNs that connect to public resources such as the Internet via a firewall.](https://techdocs.stationsnhire.com/docs/installing-and-configuring-an-igw-vpn-client-on-a-raspberry-pi-2/ “Techdocs: Installing and Configuring an IGW VPN Client on a Raspberry Pi 2”)

Private versus Public VPNs

There are two types of VPNs: private (enterprise-grade) and public (consumer-grade).

A private VPN is accessible only by and for users within the organization it serves. A private VPN is protected by a firewall and employs protocols that ensure data remains secure even if compromised. Private VPNs are ideal for use between employees (within an organization) as they provide adequate security and stability.

A public VPN is accessible to anyone with an Internet connection. Public VPNs do not typically employ the same data-security measures as private VPNs so if security is important to you then a private VPN is the way to go. Public VPNs are good for use between organizations (remote offices connected via an Internet connection) as they provide a secure connection that is not confined by geography or firewall rules. If you use a public VPN you will want to watch your traffic closely as you may end up sending information that is not supposed to leave the firewalled network. If you use a public VPN, make sure you notify your IT department that you are doing so as you may be adding an extra layer of complexity to their already overloaded networks.

A VPN connection can be set up in two ways: manually or by employing some sort of managed service. In this blog post, we will discuss how to manually configure a VPN connection to a virtual private network.

What VPN Software to Use

There are numerous free and supported (by reputable companies) VPN software solutions available. To manually configure a VPN connection, you will need to download and install the software on two separate devices: a PC or Laptop and a Raspberry Pi or other small-form-factor (SFF) device. Here are some of the most popular options.

• CyberGhost VPN (Windows, macOS, Linux, Android, Chrome OS, Blackberry, and more)
• IPVanish (Windows, macOS, and Linux)
• JUICE-VPN (Windows, macOS, and Linux)
• Perfect Privacy VPN (Windows, macOS, iOS, and Android)

Manual Installation Steps

Before you begin, make sure you have downloaded and installed the VPN software on both machines. You can download the VPN setup files directly from the VPN vendors’ websites or from third-party file sharing websites like Mega or ZippyShare.

Open the downloaded file on your PC or Laptop and launch the setup wizard. Follow the prompts and make sure you use a secure connection (SSL, TLS, or HTTPS) whenever possible. Avoid unecessary connections to public WiFis, shared networks, or unencrypted 3G/4G/WiFi connections.

Once both machines are configured, you can begin setting up the VPN connection. Launch Network & Internet Settings from the system menu on your PC or Laptop and click the plus icon to add a new network connection. Select the VPN connection type and the protocol version (PPTP or L2TP/IPSec). Make sure you choose the most secure connection type and version available (TLS 1.2 for PPTP, IPSec 1.5 for L2TP/IPSec).

After you enter the required information, select the checkbox to the left of the VPN server address and click the green button to connect to the VPN server.

You can now follow the on-screen instructions to complete the VPN connection. When the connection is successfully configured, a green bar will appear at the top of your browser window (Chrome, Firefox, Safari, and other browsers) confirming the VPN is active and connected.

Manual Configuration vs. DHCP

In certain situations, it is necessary to manually configure a VPN connection. These are typically enterprise-grade VPNs that serve a large number of users or connect to remote offices or datacenters. In these cases, you will need to manually enter each user’s IP address (one at a time) into the VPN configuration for that network connection. For small networks (e.g. home or office networks), a DHCP (Dynamic Host Configuration Protocol) VPN server is usually sufficient.

If you are manually configuring a VPN connection, it is advised that you use the same method each time (e.g. VPN server address, certificate, and encryption settings) to ensure you are connecting to the correct VPN server and that information is not being transmitted in the clear.

Problems with Manual Configuration

One of the biggest drawbacks with manual configuration is the amount of time it takes to set up a VPN connection (even when done manually). In addition to the time required to manually configure the VPN, you will be spending a good deal of time watching step-by-step instructions which can quickly become dull and monotonous. There is also a chance you will make a mistake which could render the entire connection inoperable.

Manual configuration is also error-prone. If you are following a lengthy set of step-by-step instructions, you are bound to make a mistake at some point. To avoid problems, it is advisable to use a VPN connection configurator utility that can automate the entire process, especially if you are connecting to multiple VPN servers.

Managing Multiple VPN Connections

If you are the owner of a company with multiple offices/sites across the country, it is possible to configure one VPN connection and have it serve all of your sites. To do this, you will need to install a VPN server on one machine, then create a VPN tunnel for each site you own. For example, PrivateVPN has a feature that allows you to create multiple VPN tunnels with a single connection. To use this feature, you must be logged into the account you established when you set up the VPN connection. Once you are logged in, you can access the VPN tunnels section from the Settings menu and create a new VPN tunnel for each site you own.

Each site will then have a login screen that allows you to connect to the VPN server (the server address and port will be different for each site).

The benefit of this setup is that all of your sites will be connected to the same VPN server, ensuring all traffic (including web browsing, online payments, and confidential company information) is secure. One potential downside is that if you are logged in to one site while browsing the web on another site, your traffic could be logged and viewed by the companies that provide the VPN server network. They may not have the best cybersecurity measures in place due to limited resources and over-extended networks, so make sure you monitor your traffic for any sign of misuse.

What is an SSL/TLS Certificate?

An SSL Certificate is a digital certificate that is used to verify the identity of a website or service. The most common and recommended method of obtaining an SSL certificate is to use Let’s Encrypt, which provides free SSL certificates that can be deployed in a matter of minutes. The benefit of using an SSL certificate is that it provides a level of authenticity to a connection that cannot be forged or falsified. While there are a number of free and open source (GNU) SSL certificates, not all will work with every service or website.

A website that is verified by an SSL certificate will display a green bar at the bottom of a browser window that provides a level of trust to any user. Your browser will display the certificate as a small locked padlock at the bottom of a site’s URL in the address bar.

Protecting Your Devices

It is advisable to protect both your PC/Laptop and mobile devices (including tablets and smartphones) with a firewall to ensure unauthorized access to your data is prevented. To ensure your devices are always protected (and you do not need to worry about them being compromised due to a lack of security), make sure you update their firmware and monitor for any signs of malware (e.g. ransomware, spyware, and adware).