Turn on the VPN on a rute kinetics. Connection of the device No. 2 (Android smartphone)

Example 2: Home server and smartphone Android

If you first set up your system, then it will probably be important for you to know the sequence of actions that will lead to success.Below is a sequence of steps that will give you confidence that you are on the right track. Most users will spend 15-30 minutes of their time depending on the IT preparation.

Try not to deviate from the sequence so as not to get confused. Do not be distracted from the process, try to understand what exactly you do and what should be the result of each action.

PS: If you read this section after “some experiments”, then it makes sense to clean all the settings on the site in the “Additional” section, as well as on your devices and start all over again.

This example contains fictional data. In your case, the addresses of the devices will be different.

This example is written so that you can compare the scheme and text, and then apply the acquired knowledge to your task.

Initial data

So, we want to access the smartphone to the server located at your home. To do this, we need to connect two tunnels. One from the Keenetic router, the second from the smartphone for Android. Of course, you can connect the tunnel to the VPNKI and directly from the server, but this is a simpler task and we will consider it in another instructions. In the meantime, a complex option.

The device is your home router Zyxel Keenetic.

“Behind him” (if you look from the Internet) is your home network with internal addressing.For example, all devices of your home network have addresses 192.168.one.1, 192.168.one.2, 192.168.one.3 and t.D. with mask, all devices form your unified network of the address of which. 192.168.one.0 with mask For those who are not familiar with terminology, a slight clarification. There are addresses of the devices, and there is also the address of the network itself, which describes all your devices combined. In this example, address 192.168.one.0 with mask describes all your devices.

Suppose address 192.168.one.one. This is the address of your router inside the home network, and 192.168.one.33. server address in the home network to which we want to access.

The device is a smartphone on the Android platform (version 4.2 and above) connected via a mobile network through the PPTP/L2TP protocol.

You will need any utility that sells test functionality. Ping command. For example, we use the Ping DNS utility installed with Google Play.


Take the following condition of the router for the initial data:

Using these initial data, we can provide direct access from the Internet to the router and its services. For example, a demonstration ftp server has always been launched on our router. ftp: // guest: guest@Russianproxy-zyxel.DDNS.Net. Come in and check. You can also provide access to any device in the local network of the router through setting ports of ports on a router, for example, to an IP camera, network storage, database server, etc.D.

Many enterprises and private individuals prefer to provide their devices, services and data of the local network with the maximum level of security, and for this is what the technology of the virtual private network of the VPN is intended for this. Creation of a secure local network on top of a public Internet. All devices, services and data data will not be inaccessible directly from the Internet and only by installing the VPN connection with the VPN server on the router can you get full access from the Internet to the local network of the router.

Compared to direct access from the Internet to the resources of the local network on the allocated IP. one additional necessary condition appears. Establishing a VPN connection with a router on a remote client, but at the same time the safety of access to the resources of the local network. Maximum.

On this page below there is a detailed description of the VPN server settings on a router and a client on Windows for installing a PPTP VPN connection with a router from the manufacturer’s website.

After all the settings, we received a PPTP VPN server with the following access parameters:

PPTP VPN server address: RussianProxy-zyxel.DDNS.User Netam: VPN PAROL:

Now let’s check the resulting VPN network from a laptop connected to the Internet through an access point on a smartphone:

By installing the VPN connection with the VPN server on the router, we get the following picture:

Now working through a VPN connection with a router, we can go to the Internet through the highlighted IP address of the router, as can be seen on the Internet Internet.Yandex.ru in the picture below. Also available to us, for example, a satellite receiver at its IP address in the local network 192.168.0.ten.

All of the above confirms that having just a laptop with a VPN installed on it with a router, you can work exactly as if you were at your workplace or at home. You will not forget anything at home or at work, since you can always be virtually at home and at the workplace. And in general where you need.

Below you can familiarize yourself with the article from the site of the manufacturer of the router http: // zyxel.ru/kb/3984:

How to set up a bypass of locks on Keenetic routers

First of all, you need to get a VPN server who has access to a caring resource. It can be its own server (virtual, allocated), paid VPN or completely free Warp.

Next, you need to configure the VPN tunnel between your router and VPN server. The type of tunnel does not play a special role. Here it is worth starting from the capabilities of the VPN server and your knowledge.

If you set up your own Debian server, then it can be a PPTP or WREGUARD tunnel. The main thing is not to forget to let us use users connected via VPN. https: // Moonback.ru/page/Debian-Vpn-Client-to-Nernet.

Or use the VPN Warp from Cloudflare, which I talked about recently. https: // Moonback.ru/page/keenetic-Warp. In most cases, he copes with providing access to blocked sites, although not intended for this.

The next step is to set static routing in your router. That is, you need to configure the routing table so that the requests for the required resource do not go through your provider, but through the VPN server.

At this stage, we need to find out all the IP addresses of the site of interest. In Windows, this can be done using the NSLOOKUP command. Below is an example for the Yandex website.ru:

Read more how to find out all the IP addresses of the site in this article. https: // Moonback.ru/page/kak-uznat-ip-dress-Sayta.

After you learned the IP address (a) of the necessary site you need to go to the web-panel of the router control to the section “Network Rules Route” and add a static route:

Then the route should appear on the list:

In my example, all addresses and names from the previous article about WARP on the Keenetic router.

  • WARP. connection name (tunnel);
  • The gateway address is the address of your tunnel from its settings;
  • Address address. in my case, this is the IP address M.Video;
  • Description. any description understandable to you;
  • Type of route. if you need a route to one IP address, then select “Route to the Node”.

How To Setup VPN Connection Without Application On Phones

If the site has several IP addresses, then you need to configure static routes for each address.

How to check that routing through VPN works

You can use the Tracert command in Windows. An example of passing packages without using VPN:

After you connect static routing through the VPN list of intermediate nodes will be different, and the equipment of your provider will no longer be in second place, but the address of the device from the VPN tunnel:

Pay attention to the Ping value of the second device after your router. The total response time of the final server through the VPN will also be larger.

After proper tuning, the locked site should calmly open in the window of your browser.

Setting Keenetic

If there is no access to the console, then it must be turned on. To do this, go to the “Management” section. “Users and access”. Check that the SSH control port is installed and the “Connection to the command line by SSH” is activated.

Also make sure you have a user who has the right to enter through ssh. On the same page you have a list of users. Go to the user rights editor, and make sure that he has activated the “Telnet and SSH) access item”.

Now we go to the router control console.

First of all, we need to find out which Inte we assigned to our connection on the router. If this is your first connection with Wireguard, then most likely it is wireguard0. But let’s see this.

To do this, enter Interface Wire and press Tab:

To make sure, get out the information about the integration.

At the name and address we understand that this is the right connection.

You need to add the rule on in, otherwise the requests to the local network will be jerking off. Do not forget to replace Wireguard0 with another meaning if you have another integration.

Now you need to add a static route to the Wireguard network.

Do not forget to replace the values ​​with your. ten.66.67.0 for your subnet Wireguard, and Wireguard0 on your intese.

WG server setup

Now you need to configure the WireGuard server. To do this, edit the configuration file, usually it lies in the/etc/wireguard/wg0 folder.Conf. Go under the Root.

Everything is standard here here. Two feasts, one of them router, second phone. For the router, you must specify your local network in Allowedips, in this case 192.168.one.0/24.

After that, turn off and turn on WG connection.

After that, you should have access to the local network of the router from the phone via wireguard VPN. By analogy, you can configure access to the local network for other devices.

How to configure the VPN server on the Router Zyxel Keenetic?

I welcome the readers of the blog, and more specifically those who are the owner of the Router Zyxel Keenetic. after all, today I will create a VPN connection to the device of this particular manufacturer. After setting up this function, the user has the opportunity to connect with a local network, a tuned house or in the office, remotely through the Internet, without a direct connection on Wi-Fi with this router. For example, they forgot at home some important file that was on a network drive connected to the router-we immediately entered it via VPN and received the necessary data-conveniently!

In order to create a VPN server on the Zyxel Keenetic router, you must first install this component in the firmware. By default, it is not among the base set.

After rebooting in the Zyxel Keenetic settings, a new section will appear. VPN server, which is located in the “Appendix” menu.

Here we put the daw on “turn on” and on “one connection for one user”.

For access to the local network, select at the next paragraph “Home Network”

  • The initial address of the pool is IP, from which the issuance of addresses to connecting clients will begin in order. There should be no coincidences with a manually prescribed by statical IP inside the local network.
  • The size of the pool is how many addresses will be issued for the VPN server, and if in Russian, how many customers can connect to it at the same time.
  • Click on the “Apply” button

How to make WARP work

If WARP has stopped working, and the opportunity to connect to this VPN has disappeared. Then in most cases it is enough to replace Endpoint = Engage in the compound configuration.CloudflaReclient.com: 2408 on Endpoint = 2408.

In the last octet, you can use numbers from 1 to 9. At all these values, the connection had time to establish.

How to change your IP address on ANY device to ANY location

turn, connection, device, android, smartphone

That is, acceptable addresses for Endpoint may be as follows:

  • 162.159.193.one
  • 162.159.193.four
  • 162.159.193.eight

You can also try to use another port instead of a standard 2048. For example 500, 1701, 4500. At the time of writing, they all worked successfully for me.

Automatic configuration file for WARP

In order not to “suffer” with the generation of WARP keys for the Keenetic router, you can use the site https: // CF-WARP.Maple3142.Net/. At every visit to which you will automatically receive a new configuration file.

And then this file can simply be imported in the integration of the Keenetic router.

But do not forget about replacing the address and port of Endpoint if necessary.

Wireguard encryption keys for Warp

“Correct” keys create official customers from Cloudflare (Appendix “1.one.one.1 Warp VPN “). But I do not know how these keys to “pick out” from these applications.

Therefore, we will use the unofficial CLI for Cloudflare Warp. https: // github.COM/VIRB3/WGCF. Which can register accounts in WARP and create profiles indicating the encryption keys for wireguard. The latter we actually need.

Download the WGCF utility for your operating system from this page. https: // github.COM/VIRB3/WGCF/Releases

The utility is console and looks the same in both Windows and in softening systems based on Linux nucleus. Its use comes down to two teams:

Instead of WGCF, you must use the name of the download utility file, in particular in Windows it is called WGCF.EXE.

After completing these commands, you will have a WGCF-Profile file.Conf which will contain all the data for configuration WARP VPN on the Keenetic router.

Setting Warp Keenetic

In the Keenetic router, you need to create a wireguard tunnel, setting the server:

Red color marks the values ​​that must be taken from your WARP VPN WGCF-Profile configuration file.Conf

If everything was done correctly, then the Warp VPN state should look something like this:

Setting up a VPN connection

If all the above conditions are met, we proceed to the VPN setting up on the Zyxel Keenetic router.

  • We go through the main menu to the “System” section, then. “Components”. We note that the activation of the VPN server option is required:
  • Depending on the ZYXEL model, a reboot is required to use the changes made. After that, a new panel “VPN” will appear on the “Appendix” tab:
  • Next, go into it, set the following parameters:
  • We activate the VPN server on Zyxel Keenetic, note that each user has created a new communication channel to increase the reliability of data transmission.
  • Connection occurs with encryption, this raises the level of security of the communication channel. Therefore, the MPPE protocol is used. Accordingly, we miss the third point.
  • Field “Translate customer addresses (NAT)” we activate so that users connect through the external network.
  • The next subsection. “access to the network”. indicates the name of the communication channel, according to which the Internet will be released. As an example, the client’s home network is indicated. PPTP connection will be carried out through it.
  • The following two points are responsible for the list of IP addresses provided by the VPN server for newly connected. The number of participants depends on the router’s model: for example, Zyxel Keenetic Giga allows a maximum of 10 connections.
  • In the first paragraph, select the initial value of the IP address pool, and in the second we indicate the maximum possible amount. Thus, ten addresses that will be issued by PPTP clients will be reserved on the router.
  • The IP address list for VPN should not coincide with the address of the address of the DHCP server of the network device. For example, ZYXEL distributes an IP address in the 192 range.168.0.10. Accordingly, it is recommended to set the pool for VPN, starting from
  • After making all the changes, click the “Apply” button, move on to the next section. “Configuration of user accounts” located below the VPN parameters:
  • Press the left mouse button on the name Admin.
  • Choose the item “Allow access to VPN”. We use changes:
  • Add customers to the list of allowed through the “System” menu, section “Users”:
  • Indicate the name, come up with a password and set access rights:
  • In our case, it is necessary to note the item “VPN server”. Next, click “Save”.

This is the setting of the Roter Zyxel Keenetic completed, it is allowed to install a VPN connection.

Connection priorities

Starting from version 2.0, Built.in the Roters of ZYXEL supports the function of priority distribution. Compared to the first version, there is the possibility of combining compounds in different ways.

turn, connection, device, android, smartphone

The created channels use either physical ports of the network device or virtual intenses. Each communication channel created on the equipment is assigned priority. Its value is edited manually or remains unchanged:

In the screenshot the highest priority is given to the ISP intese. This is a standard setting for Internet access through the network cable.

The next is Yota: connection via a wireless communication channel. If the first option stops working, the router will automatically switch to the specified mode. Thus, reserve communication channels and VPN connections are configured.

Feature 1

To use the encryption connection, you need in the connection settings:. Use the authorization of MS-chapv2 and indicate what encryption will be used (mppe)

You need to connect without encryption:. use Chap authorization and indicate that encryption will not be used.

Be careful, all other combinations of authorization and encryption methods will lead to non.operations.

turn, connection, device, android, smartphone

Feature 2

The work of the PPTP protocol is carried out using the GRE protocol, with which some Internet providers have technical difficulties. These difficulties will not allow you to use PPTP to build a VPN tunnli. Such providers include MGTS (city telephone network), Yota, Megafon. However, such a situation is not in all parts of their networks.

For the user, the situation will look so that the user name and password check will not pass. precisely to this point will not even reach. At the “Security Events” menu item you will see the beginning of a successful connection and the latter will be a phrase that says that we are ready to check the name and password, but.

Access Granted. No Whitelist is set for user. Ready to Check Username / Password.

No connection and further records in the log (despite the fact that you are firmly sure that the login and password are true), most likely, suggests that GRE has not been missed by your provider. You can google on this subject.