We’re dusting off our favorite old trademark to introduce the all-new VPN in a Flash™ featuring NeoRouter™ 1.7 Free Server Edition. Last month we showed how to install NeoRouter as an add-on for existing PBX in a Flash™ servers. In sites with 10 or fewer machines to interconnect, this works extremely well. However, for those with major collections of servers and PCs scattered across the universe (up to 256!), you’re going to want dedicated hardware to manage your virtual private network. Thanks to the terrific work of Tom King, you’ve got that choice. Meet VPN in a Flash.
As with PBX in a Flash, the Dedicated Server Edition of VPN in a Flash is offered in 32-bit or 64-bit flavors. How do you get it? It’s now an option in the PBX in a Flash 188.8.131.52.4 ISO featuring the CentOS 6.2 platform for the ultimate in reliability. Just download the new 184.108.40.206.4 ISO from SourceForge, burn it to a CD or DVD or, better yet, make yourself a bootable flash drive, and find some hardware to dedicate to the task of managing your virtual private network. Set up the server behind a dedicated firewall on any private LAN other than the 10.0.0.x network. Answer a few prompts to choose your timezone and set up your NeoRouter credentials. Then configure your hardware firewall to lock down the assigned DHCP address of your VPN in a Flash server and map TCP 32976 to the IP address of your VPN server, and you’re done. In 30 minutes, you get a rock-solid, preconfigured VPN. Not only is it SECURE, it’s also FREE!
After your VPN in a Flash server is installed, you can optionally go to the NeoRouter web site and register your new VPN by clicking Create Standalone Domain. Make up a name you can easily remember with no periods or spaces. You’ll be prompted for the IP address of your server in the second screen. FQDNs are NOT permitted.
When a VPN client attempts to login to your server, the server address is always checked against this NeoRouter database first before any attempt is made to resolve an IP address or FQDN using DNS. If no matching entry is found, it will register directly to your server using a DNS lookup of the FQDN. Whether to register your VPN is totally up to you. Logins obviously occur quicker using this registered VPN name, but logins won’t happen at all if your server’s dynamic IP address changes and you’ve hard-coded a different IP address into your registration at neorouter.com.
Setting Up a NeoRouter Client. There are NeoRouter clients available for almost every platform imaginable, except iPhones and iPads. Hopefully, they’re in the works. So Step #1 is to download whatever clients are appropriate to meet your requirements. The VPN in a Flash install automatically loads the Linux clients into the /usr/src/neorouter directory and installs the NeoRouter client for you. Here’s the NeoRouter Download Link for the other clients. Make sure you choose a client for the Free version of NeoRouter. And make sure it is a version 1.7 client! Obviously, the computing platform needs to match your client device. The clients can be installed in the traditional way with Windows machines, Macs, etc.
CentOS NeoRouter Client. As part of the installation above, we have automatically installed the NeoRouter client for your particular flavor of CentOS 6, 32-bit or 64-bit. In order to access resources on your NeoRouter server from other clients, you will need to activate the client on your server as well. This gets the server a private IP address in the 10.0.0.0 network.
To activate the client, type: nrclientcmd. You’ll be prompted for your Domain, Username, and Password. You can use the registered domain name from neorouter.com if you completed the optional registration step above. Or you can use the private IP address of your server. If your router supports hairpin NAT, you can use the public IP address or server’s FQDN, if you have one. After you complete the entries, you’ll get a display that looks something like this:
To exit from NeoRouter Explorer, type: quit. The NeoRouter client will continue to run so you can use the displayed private IP addresses to connect to any other online devices in your NeoRouter VPN. All traffic from connections to devices in the 10.0.0.0 network will flow through NeoRouter’s encrypted VPN tunnel. This includes inter-office SIP and IAX communications between Asterisk® endpoints.
Admin Tools for NeoRouter. Here are a few helpful commands for monitoring and managing your NeoRouter VPN.
Browser access to NeoRouter Configuration Explorer (requires user with Admin privileges)
Browser access to NeoRouter Network Explorer (user with Admin or User privileges)
To access your NeoRouter Linux client: nrclientcmd
To restart NeoRouter Linux client: /etc/rc.d/init.d/nrservice.sh restart
To restart NeoRouter Linux server: /etc/rc.d/init.d/nrserver.sh restart
To set domain: nrserver -setdomain YOUR-VPN-NAME domainpassword
For a list of client devices: nrserver -showcomputers
For a list of existing user accounts: nrserver -showusers
For the settings of your NeoRouter VPN: nrserver -showsettings
To add a user account: nrserver -adduser username password user
To add admin account: nrserver -adduser username password admin
Test VPN access: http://www.neorouter.com/checkport.php
For a complete list of commands: nrserver –help
To change client name from default pbx.local1:
- Edit /etc/hosts
- Edit /etc/sysconfig/network
- Edit /etc/sysconfig/network-scripts/ifcfg-eth0
For the latest NeoRouter happenings, follow the NeoRouter blog on WordPress.com.
Eating Our Own Bear Food. We’ve actually been at our SOHO cabin this month “testing” VPN in a Flash. It’s provided instant access both to our desktop machines and servers in Charleston as well as Tom King’s Proxmox server in Florida where we’ve been developing Yate in a Flash™, a new, dedicated SIP to Google Voice Gateway for Asterisk. We’ll have more to say about it next week, or you can follow the link and get a head start. The bottom line on VPN in a Flash: It Just Works! VPN in a Flash frees you from ever having to stay in your home or office to get work done. And it’s been rock-solid reliable. Enjoy!
Originally published: Wednesday, June 20, 2012
Need help with Asterisk? Visit the NEW PBX in a Flash Forum.
whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.
3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com. Better yet, download the PIAF5 ISO powered by 3CX. Free version includes support for 8 simultaneous calls with a SIP trunk.
Some Recent Nerd Vittles Articles of Interest…