Today, we use our smartphones for everything from reading the news to checking bank accounts and ordering food to sending text messages to family and friends. You always read about being careful when using your laptop on a public Wi-Fi network due to hackers and surveillance, but what about your smartphone? A hacker could probably get more information about you from your smartphone if he could intercept data transmitted between your applications and the Internet.
It is probably true that the banking app you use on your iPhone will probably automatically encrypt data sent between your phone and their servers, but there is no guarantee. In addition, many applications are simply not designed with security in mind and therefore send data over the Internet in plain text. If you travel a lot and regularly connect to unsecured Wi-Fi networks, you should consider tunneling all that traffic through a VPN.
If you have a corporate iPhone, it’s probably already taken care of, but what if you want to protect your personal device? If you have the time and patience that you absolutely need, you can set up your personal VPN server and connect to a VPN from anywhere in the world whenever you want to protect all your iPhone’s inbound and outbound traffic.
In this article, I’ll show you what you need to do to do something like this. There are many ways to do this, and the best one depends on what hardware you already have. For example, I have a Synology NAS that allows me to create a VPN server and access the NAS from the Internet using dynamic DNS.
To do this, you need to be a bit of a computer geek. Unfortunately, this is too difficult for someone who is not tech savvy. However, even without any technical knowledge, if you are willing to spend some time reading and understanding, this is not impossible.
Step 1 – Understand IP and DNS addresses
Before we dive into the details of how to configure VPN settings on your iPhone, let’s talk about IP addresses and DNS. You need to understand these two topics before you start building a VPN server. First, read my post on the difference between static and dynamic IP addresses.
Basically, if you are going to run a VPN server from your home, you need to set up dynamic DNS so that you can access your server from anywhere using a DNS name like myhomeserver.no-ip.com. No-IP is a free dynamic DNS service.
Before you start creating your account, read my post on how to set up free dynamic DNS. It works like this: you have to install software on your computer that constantly updates the service using the latest IP address assigned by your ISP.
Please note that you do not need to do this right now. You can set up your VPN server first and then set up dynamic DNS. There is no real order that you have to follow. You just need to make sure each part works on its own.
Step 2 – Port Forwarding
The next part that should work independently is port forwarding. Dynamic DNS basically lets you say, “Hi, send all traffic for this VPN to myhomeserver.no-ip.com†and it will automatically detect which current IP address your ISP has provided for your home and send it there / p>
However, it doesn’t matter if this traffic is going if your router is blocking it all, which all routers will do by default. VPN traffic will use certain “ports” that need to be opened on your router in order for the data to be sent to a computer on your network. This is called port forwarding.
Then read my article which explains port forwarding and its use. You need to open a couple of ports on your router for VPN. When you read the VPN setup articles below, you will be given the actual port numbers.
I also wrote an article on setting up a router for port forwarding. The process differs depending on your router, but you can easily find instructions on the internet by searching for your router brand + “port forwarding” ie netgear port forwarding, d-link port forwarding, etc.
Step 3 – Set Up the VPN Server
Unfortunately, there is no one way to set up a VPN server. If you have a Synology NAS like mine, you can follow these instructions to set up a VPN server:
http: //www.synologiy.com/on-uk/support/tutorials/459
Just click L2TP / IPSec on the left and then check the Enable box. Leave all the default settings and just enter the shared key. Then click Privilege and make sure the user you want to grant VPN access to has been granted the appropriate permission.
On your router, you need to forward UDP ports 1701, 500 and 4500 when using L2TP. The setup takes about 5 minutes. In addition to ports, you need to configure DDNS, which is also built into your Synology NAS products.
If you don’t have a NAS, you can configure VPN settings on your router if dd-wrt is installed on it. dd-wrt is an open source Linux based firmware for routers. In fact, you can replace your current router’s firmware with dd-wrt if supported. The setup on dd-wrt is a little more complicated, but there is a lot of documentation on their site.
If none of these options work, your best bet is to turn Windows 7 or Windows 8 into a VPN server. The How To Geek site has an excellent guide on how to create a VPN on Windows 7. You can follow the same instructions for Windows 8. When setting up a VPN using Windows, it will likely be PPTP, which means it will use a different set of ports than L2TP. The article also mentions port numbers.
Step 4 – Connect to VPN via iPhone
The final step in this entire process is actually connecting your iPhone to your personal VPN. Luckily, you don’t need to download any apps or anything else, as it’s built into iOS. First go to “Settings” and then click “General”. Scroll down where you will see VPN.
Now click on the Add VPN Configuration button.
On this screen, you will need to enter all the required information. This includes the server name, which should be the dynamic DNS URL that you get when you register with the dynamic DNS service. You will also need the username and password for the Synology or Windows account that has permission to connect to the VPN. Finally, the pre-shared key is an additional password that you had to enter when creating the VPN server. Of course you want the Send All Traffic feature to be enabled so that everything is encrypted.
Now, to connect to a VPN, head back to the main settings screen and you should see a new VPN option under Cellular and Personal Hotspot. Go ahead and click on it to connect and it will change to “Connect to VPN”.
If all goes well, it will turn green!
Finally, when you exit and go to any other screen, you will see a small VPN icon at the top of the status bar.
Sweet! Now you can rest assured that no one will be able to spy on your Facebook harassment or other nefarious activities! As I mentioned earlier, this is not the easiest thing to work with and it will take some time, a lot of reading, a lot of tweaks and tests before you get it right. However, it gets pretty cool once set up. When I’m not at home and I’m using my iPhone for anything other than browsing the web, I always connect to my VPN first.
Feel free to leave comments here with your concerns, questions and concerns. I will be more than happy to help. Also, if you have a different setup for your iPhone using other tools and services, do not hesitate to let us know. Enjoy!
–