今天,我们使用智能手机做各种事情,从阅读新闻、查看银行账户、点餐到给家人和朋友(family and friends)发短信。由于黑客和窥探,您总是读到在公共WiFi 网络(WiFi network)上使用笔记本电脑时要小心,但是您的智能手机呢?如果黑客可以捕获在您的应用程序和Internet之间发送的数据,他们可能会从您的智能手机获取更多关于您的信息。
您在 iPhone 上使用的银行应用程序(banking app)可能会自动加密手机与其服务器之间发送的数据(data sent),这可能是真的,但不能保证。此外,许多应用程序在创建时根本没有考虑到安全性,因此通过Internet以纯文本(plain text)形式发送数据。如果您经常出差,并且经常连接到不安全的WiFi网络,您应该考虑通过(WiFi)VPN隧道传输所有流量。
如果您有一部公司 iPhone,那可能已经为您处理好了,但是如果您想保护您的个人设备怎么办?如果您有时间和耐心(time and patience),您肯定需要,您可以设置自己的个人VPN 服务器,并(VPN server and connect)在您想要保护所有进出 iPhone 的流量时从世界任何地方连接到您的VPN 。
在本文中,我将引导您完成完成此类任务所需的步骤。有很多方法可以解决,最好的方法取决于你已经拥有什么样的硬件。例如,我拥有一台 Synology NAS(Synology NAS),它允许我创建VPN 服务器(VPN server)并使用动态DNS从Internet访问NAS。
为了做到这一点,你需要成为一个极客。不幸的是,对于对技术一无所知的人来说,这太难了。但是,即使没有任何以前的技术知识(tech knowledge),如果您愿意花一些时间阅读和理解(time reading and understanding),也不是不可能完成的。
第 1 步(Step 1) – 了解 IP 地址和 DNS(– Understanding IP Addresses and DNS)
在深入探讨如何在 iPhone 上配置VPN设置的任何细节之前,让我们先谈谈IP 地址(IP address)es 和DNS。在您开始创建VPN 服务器(VPN server)之前,必须了解这两个主题。要开始使用,请阅读我关于静态 IP 地址和动态IP 地址(IP address)之间区别的帖子。
基本上,如果您要在家中运行VPN 服务器(VPN server),则需要设置动态DNS,以便您可以使用诸如 myhomeserver.no-ip.com 之类的DNS 名称从任何地方访问您的服务器。(DNS name)No-IP是一项提供免费动态DNS的服务。
在创建帐户之前,请阅读我关于如何设置免费动态DNS的帖子。它的工作方式是您必须在您的计算机上安装一个软件,该软件会使用您的ISP分配的最新IP 地址(IP address)不断更新服务。
请注意,您不必立即执行此操作。您可以先设置您的VPN 服务器(VPN server),然后设置动态DNS。没有你必须遵循的真正顺序。您只需要确保每个部分都在自己工作。
第 2 步 – 端口转发
下一个需要独立工作的部分是端口转发。动态 DNS(Dynamic DNS)基本上允许您说“嘿,将此VPN的所有流量发送到 myhomeserver.no-ip.com”,它会自动找出您的ISP为您的家庭提供的当前IP 地址并将其发送到那里。(IP address)
但是,如果您的路由器阻止所有流量,则该流量是否即将到来并不重要,所有路由器默认情况下都会这样做。通过VPN发送的数据(Data send)将使用需要在路由器上打开的某些“端口”,以便将数据发送到网络内的计算机。这称为端口转发(port forwarding)。
接下来,阅读我解释端口转发及其使用方式的文章。您必须在路由器上为VPN打开几个端口。当您阅读下面有关设置VPN的文章时,您会被告知实际的端口号。
我还写了一篇关于配置路由器进行端口转发的文章。过程因你的路由器而异,但你可以通过搜索你的路由器品牌(router brand)+“端口转发(port forwarding)”,即netgear端口转发(port forwarding),d-link端口转发(port forwarding)等轻松找到在线说明。
第 3 步 – 设置 VPN 服务器
不幸的是,没有单一的方法来设置VPN 服务器(VPN server)。如果您碰巧像我一样拥有Synology NAS,您可以按照以下说明设置VPN 服务器(VPN server):
http://www.synology.com/en-uk/support/tutorials/459
只需单击(Simply click)左侧的L2TP/IPSec,然后单击启用(Enable)复选框。将所有设置保留为默认设置,只需输入预共享密钥即可。然后单击权限(Privilege)并确保您想要访问VPN的用户被授予适当的权限。
在路由器上,如果使用L2TP(L2TP),您需要转发UDP端口 1701、500 和 4500 。设置大约需要 5 分钟,除端口外,您还需要配置DDNS,这也是Synology NAS产品中内置的。
如果您没有NAS,您可以在路由器中配置VPN设置(如果安装了dd-wrt)。dd-wrt 是一个开源的基于 Linux 的路由器固件。如果支持,您实际上可以用 dd-wrt 替换当前路由器的固件。在 dd-wrt 上设置有点复杂,但他们的网站上有很多文档。
如果这些选项都不适用,那么最好的选择是将Windows 7或 Windows 8 变成VPN 服务器(VPN server)。How To Geek 网站(Geek site)上有一个关于在 Windows 7 中创建 VPN(creating a VPN in Windows 7)的出色指南。您可以按照适用于Windows 8的相同说明进行操作。使用Windows设置VPN时,它可能是PPTP,这意味着它将使用与L2TP不同的端口集。文章还提到了端口号。
第 4 步(Step 4)–通过 iPhone连接(Connecting)到VPN
整个过程的最后一步实际上是将您的 iPhone 连接到您的个人VPN。幸运的是,您无需下载任何应用程序或其他任何(apps or anything)东西,因为它内置于 iOS 中。首先(First)转到设置(Settings),然后点击常规(General)。向下滚动(Scroll)到您会看到VPN的底部。
现在点击添加 VPN 配置(Add VPN Configuration)按钮。
在此屏幕上,您需要输入所有相关信息。这包括服务器名称(server name),它应该是您在注册动态DNS 服务时获得的动态(DNS service)DNS URL。您还需要有权连接到VPN的Synology 帐户或 Windows 帐户的(Synology account or Windows account)用户名和密码(user name and password)。最后,预共享密钥是您在创建VPN 服务器(VPN server)时必须输入的额外密码。当然,您希望启用发送所有流量(Send All Traffic),以便对所有内容进行加密。
现在要连接到VPN,返回主设置屏幕(Settings screen),您将在蜂窝和个人热点(Cellular and Personal Hotspot)下方看到一个新的VPN 选项(VPN option)。继续并点击它进行连接,它将更改为VPN Connecting。
如果一切顺利,你会看到它变绿了!
最后,当您退出并转到任何其他屏幕时,您会在状态栏(status bar)顶部看到现在的小VPN 图标(VPN icon)。
甜的!现在您可以放心,没有人可以监视您的Facebook 跟踪(Facebook stalking)会话或其他邪恶活动!就像我之前提到的,这不是最容易开始工作的事情,在你做对之前需要一些时间、大量阅读、大量调整和测试。但是,一旦设置好,它就很酷了。每当我不在家并且将 iPhone 用于浏览网页以外的任何事情时,我总是先连接到我的VPN。
请随时在此处发表您的问题、疑问和问题的评论。我很乐意提供帮助。此外,如果您使用不同的工具和服务为您的 iPhone 设置不同的设置,请随时让我们参与其中。享受!
How to Pass All iPhone Traffic through an Encrypted VPN
Todаy, we use our smartphones for everything from readіng news to cheсking bank accountѕ to ordering food to texting family аnd friends. You always read about being careful when using a laptop on a public WiFi network because of hackers and snоoping, but what about yoυr smartphone? Α hacker could probably gain more information about you from yоur smartphone if they could capture the data being sent between your apps and thе Internet.
It’s probably true that the banking app you use on your iPhone probably encrypts the data sent between the phone and their servers automatically, but there is no guarantee. Plus, a lot of apps simply aren’t created with security in mind and therefore send data over the Internet in plain text. If you travel a lot and are routinely connected to unsecured WiFi networks, you should consider tunneling all that traffic through a VPN.
If you have a corporate iPhone, that’s probably already taken care of for you, but what if you want to secure your personal device? If you have the time and patience, which you’ll definitely need, you can setup your own personal VPN server and connect to your VPN from anywhere in the world whenever you want to secure all the traffic coming in and out of your iPhone.
In this article, I’ll walk you through the steps that would be needed to accomplish something like this. There are many ways to go about it and the best way depends on what kind of hardware you already own. For example, I own a Synology NAS that allows me to create a VPN server and to access the NAS from the Internet using dynamic DNS.
In order to do this, you’ll need to be a little bit of a geek. Unfortunately, it’s too hard for someone who doesn’t have a clue about technology. However, even without any previous tech knowledge, if you are willing to spend some time reading and understanding, it’s not impossible to accomplish.
Step 1 – Understanding IP Addresses and DNS
Before we delve into any details about how configure VPN settings on your iPhone, let’s talk about IP addresses and DNS. These two topics are essential to understand before you go about creating a VPN server. To get started, read my post on the difference between a static and dynamic IP address.
Basically, if you’re going to be running a VPN server from your home, you’ll need to setup dynamic DNS so that you can access your server from anywhere using a DNS name like myhomeserver.no-ip.com. No-IP is a service that provides free dynamic DNS.
Before you go creating an account, read my post on how to setup free dynamic DNS. The way it works is that you have to install a piece of software on your computer that keeps updating the service with the latest IP address assigned by your ISP.
Note that you don’t have to do this right now. You could go ahead and setup your VPN server first and then setup dynamic DNS. There is no real order you have to follow. You just need to make sure each part is working on it’s own.
Step 2 – Port Forwarding
The next part that needs to work independently is port forwarding. Dynamic DNS basically allows you to say “Hey send all the traffic for this VPN to myhomeserver.no-ip.com” and it will automatically figure out what the current IP address given by your ISP is for your home and send it there.
However, it won’t matter if that traffic is coming if your router blocks all of it, which all routers would do by default. Data send over VPN will use certain “ports” that need to be opened on your router in order for the data to be sent to the computer inside your network. This is called port forwarding.
Next, read my article that explains port forwarding and how it is used. You’ll have to open a couple of ports on your router for VPN. When you read the articles on setting up a VPN below, you’ll be told the actual port numbers.
I also wrote an article about configuring a router for port forwarding. The process is different depending on the router you have, but you can easily find instructions online by searching for your router brand + “port forwarding”, i.e netgear port forwarding, d-link port forwarding, etc.
Step 3 – Setup a VPN Server
There is no single way to setup a VPN server, unfortunately. If you happen to have a Synology NAS like I do, you can follow these instructions for setting up the VPN server:
http://www.synology.com/en-uk/support/tutorials/459
Simply click on L2TP/IPSec in the left-hand side and then click the Enable checkbox. Leave all the settings on default and simply type in a pre-shared key. Then click on Privilege and make sure that the user you want to have access to the VPN is granted the appropriate permission.
On the router, you’ll need to forward UDP ports 1701, 500 and 4500 if using L2TP. It takes about 5 minutes to setup and other than the ports, you need to configure DDNS, which is also built into Synology NAS products.
If you don’t have a NAS, you can configure VPN settings in your router if it has dd-wrt installed. dd-wrt is a open source Linux-based firmware for routers. You can actually replace your current router’s firmware with dd-wrt if it’s supported. It’s a bit more complicated to setup on dd-wrt, but they have lots of documentation on their site.
If neither of these options works for, then your best bet is to turn Windows 7 or Windows 8 into a VPN server. There is an excellent guide by the How To Geek site on creating a VPN in Windows 7. You can follow the same instructions for Windows 8. When setting up a VPN using Windows, it’ll probably be PPTP, which means it’ll use a different set of ports than L2TP. The article mentions the port numbers also.
Step 4 – Connecting to a VPN via iPhone
The last step in this whole process is actually connecting your iPhone to your personal VPN. Luckily, you don’t have to download any apps or anything else since it’s built into iOS. First go to Settings and then tap on General. Scroll down to the bottom where you’ll see VPN.
Now tap on the Add VPN Configuration button.
On this screen, you’ll need to enter all the pertinent information. This includes the server name, which should be the dynamic DNS URL you get when you sign up for a dynamic DNS service. You’ll also need the user name and password for the Synology account or Windows account that has permission to connect to the VPN. Lastly, the pre-shared key is that extra password you had to type in when creating the VPN server. Of course, you want to have Send All Traffic enabled so that everything gets encrypted.
Now to connect to the VPN, go back to the main Settings screen and you’ll see a new VPN option below Cellular and Personal Hotspot. Go ahead and tap on that to connect and it will change to VPN Connecting.
If all goes well, you’ll see it turn green!
Lastly, when you exit and go to any other screen, you’ll see the little VPN icon now at the top of the status bar.
Sweet! Now you can rest assured that no one can spy on your Facebook stalking sessions or other nefarious activities! Like I mentioned before, this is not the easiest thing to get working and it will take some time, lots of reading, lots of tweaking and testing before you get it right. However, once it’s setup, it’s pretty cool. Whenever I’m not at home and use my iPhone for anything other than browsing the web, I always connect to my VPN first.
Please feel free to post a comment here with your problems, questions and issues. I’ll be more than glad to help. Also, if you have a different setup for your iPhone using different tools and services, feel free to let us in on it too. Enjoy!