VPN Setup on DrayTek using L2TP/IPSec

Layer 2 Tunneling Protocol is a secure method of creating a point to point user based VPN. It relies on the Internet Protocol Security standard of encryption which individually encrypts each packet. This is preferable to the main VPN alternative PPTP (Point-to-Point Tunneling Protocol) which has optional encryption which applies to the connection as a whole as opposed to each individual packet making it PPTP more vulnerable.

To configure L2TP on a DrayTek Router go to VPN and Remote Access >> Remote Access Control Setup and make sure that IPSec and L2TP are ticked.

Then go to VPN and Remote Access >> IPsec General Setup. Here we will setup a Pre Shared Key (PSK) to use alongside our L2TP User Name and Password, so type you desires PSK into the fields and make sure the Security Method boxes are ticked.

Finally go to VPN and Remote Access >> Remote Dial-in User and open a user to edit. Input a User Name and Password and make sure that the LT2P box is ticked, the the IPSec Policy is set to "Must".

That's the router configured now we need to set up the VPN connection on a remote computer. The following instructions are for Windows.

Go to Network and Sharing Center and click "Setup an new connection or network"

Then choose "Connect to a workplace" and click next.

Choose "No, create a new connection" and click next.

The choose "Use my Internet connection (VPN)".

Input the WAN IP or DynDNS details of the remote site in the Internet Address field and give the connection a name so that you can identify it in the Destination Name field. then Click create.

Before we can connect for the first time we must first set the security protocols to be used and input our IPSec PSK.
To do this open "Network Connections" by pressing "Windows+X" (Windows 8) or by clicking "Change Adapter Settings" from the "Network and Sharing Center" (Windows 7). Right Click on your new VPN connection and choose properties. You will need administrator privileges to do this.
Click on the "Security" tab and from the "Type of VPN" menu choose L2TP/IPSec, then Click "Advanced settings".

In the "Advanced Properties" window choose the "Use pre-shared key for authentication" radial button and type your IPSec PSK into the Key field then click OK to all of the property windows.

Now you're ready to connect. Simply click the network icon in the bottom right of the screen and choose your remote site from the list. The first time you connect you will be asked for your L2TP User Name and Password. You can choose to save these for future connections or input then each time depending on you security policy.

How to Setup Wi-Fi Like a Pro

These days Wi-Fi networks are all around us, so how do we go about setting our Wi-Fi up so that we can get the best from it?

First a few basic concepts

1. Most Wi-Fi networks use the 2.4GHz frequency as manufacturers do not need to pay a license fee to use the frequency. For that reason the airwaves can get pretty crowded as just about any domestic appliance that is wireless will also be using the 2.4GHz frequency.
2. Some new Wi-Fi devices can use the 5GHz frequency as this has recently been made free to use. At the moment 5GHz is virtually devoid of any Wi-Fi as very few people will have the brand new equipment required to use this frequency.
3. Both the 2.4GHz and 5GHz frequencies are subdivided into channels. There are 12 (13 in Europe) channels in the 2.4GHz frequency and 24 in the 5GHz frequency.
4. Ideally we should avoid overlapping channels. In 2.4GHz only channels 1, 6 and 11 don't overlap each other. In 5GHz all channels are non-overlapping.
5. Each device that transmits a wireless signal is referred to as either a Wireless Access Point (WAP) or Access Point (AP), each device that consumes Wi-Fi e.g. laptop, phone, tablet etc. is referred to as a Client.

There are also two general methods for deploying a Wi-Fi setup, Managed and Unmanaged. Simply put a Managed Wi-Fi network will have a processor which can automatically make performance adjustments to the Wi-Fi transmitters, including channel changes. An Unmanaged Wi-Fi network will stay exactly as originally set up but can have the ability to change channels automatically (though this feature is usually disabled). I am only going to deal with Unmanaged Wi-Fi here as Managed Wi-Fi is quite an in-depth topic.

Ok now let's get down to business.

Setup Unmanaged Wi-Fi

First of all you are going to need some Wi-Fi analysis software, my favorite is inSSIDer from MetaGeek (www.inssider.com), you can find some others here (Free Wi-Fi Tools).

When you run your chosen analyser, you will see  all of the Wi-Fi networks that are in range of your computer; it is best to use a laptop for this as you will need to move around. You will notice that many of the wireless networks overlap and signal strengths move up and down. The more interference there is on a given channel the more the signal strength as perceived by your laptop will fluxuate. Here is where it would help to understand a little about how devices communicate on a Wi-Fi network. If we imagine that the devices are all having a conversation: 

• Those on different channels are having a conversation in a different room, therefore there will be little to no interference from other devices and performance will be best.
• Those on the same channel are having a conversation in the same room but will wait their turn to speak. This will slow down performance but limit interference. This is referred to as Co-Channel Congestion.
• Those on overlapping channels are having a conversation in an adjacent room, with thin walls. They will attempt to speak at the same time and this will reduce performance for both networks. This is referred to as Adjacent Channel Congestion.

A more thorough article on this can be found on the MetaGeek website (Choosing a Wi-Fi Channel). 

Single AP Environment

If you have a single AP environment, i.e. you only have your router transmitting wireless and no other WAP's, then select a channel that is least congested since we don't have to worry about overlap. Dial into your router, choose manual channel selection and choose your desired channel.

Multiple AP Environment

If we have many WAP's then we will need to set each up individually and manually optimise Channels, Security Settings and Signal Strength. This is where it would be best to keep notes so you can refer back later.

Channel Selection

This is where we want to use channels 1, 6 and 11 exclusively. First sit close to the router with your laptop and using your Wi-Fi analyser select which of these three channels is least congested, this will be our starting point. Then start moving from one WAP to another assigning the least congested channel to each one. Try to avoid putting two WAP's on the same channel, if you must put two on the same channel try and select one where the signal from the co-occupying WAP is weakest. Once you have assigned channels to all of your WAPs you may want to go back round ad adjust signal strength to further reduce congestion.

Some WAPs will allow you to select the 20MHz and 40MHz bandwidths, these are great in an single AP environment but in a multi AP environment it will cause interference so it is recommended that you select 20Hz only.

Security Settings

To make your devices or Clients automatically move from one AP to another set the SSID on all of your Access Points to be the same. The SSID (Service Set Identifier) is the name of the wireless network. Try to avoid symbols and spaces as some older devices don't like it; they will still work but my randomly drop their connection.

Next decide on a password or Pre-shared Key (PSK), this should be easy to remember but hard to guess and at least 8 characters long. Some good tips can be found here (How Do I Create a Strong Password?)

Now we need to consider what security protocols to choose. These must set up the same on all WAPs and it is best to use the highest security settings that are compatible with all of your Clients. again MetaGeek have a really good article if you want more information on this topic (Wireless Security Basics). My go-to settings are WPA2/AES and I always switch WPA off.

Other Performance Enhancements

There are several Wi-Fi standards, 802.11 a/b/g/n are the most common. 

• 802.11a has an indoor range of up-to 35m and a max speed of 54Mb/s. It uses the 5GHz range and given recent advances it is not very common to find new devices that are 802.11a compatible.
• 802.11b has an indoor range of up-to 35m and a max speed of 11Mb/s. This the most basic standard to make use of the 2.5GHz range. As most devices these days are 802.11g or better I disable this standard so that i can maintain better speeds.
• 802.11g has an indoor range of up-to 38m and a max speed of 54Mb/s. It is by far the most common standard and makes use of the 2.4GHz range.
• 802.11n has an indoor range of up-to 70m and a max speed of 150Mb/s. This standard can use both the 2.4GHz and 5GHz ranges. To make best use of the speed WPA2/AES must be selected and the security protocol and the 40MHz bandwidth must be enabled. When this standard is used as part of a multi AP environment either setup all WAPs on either channel 1 or channel 11 and avoid channel 6 or disable the 40MHz bandwidth. If you choose to disable the 40MHz bandwidth then the max speed will be limited to 72.2Mb/s.

Some WAPs may allow you to set a Client Limit, this should be left off unless you are in the sort of environment where lots of people may be trying to connect at once (e.g. a Café, free Wi-Fi). Set a limit to avoid one particular WAP becoming clogged up with lots of Clients.

Water + 24Hz in slow motion.

Check out @SciencePorn's Tweet: https://twitter.com/SciencePorn/status/437774437996593152