Afrihost PPTP phone home

This service connects you to services on your home IP address. You can use this service if all of the following apply:

• You are an Afrihost fibre client
• You have some device on your home network that you need to connect to (e.g. security system)
• Your service has a private IP address (e.g. 100.99.98.97)
• You have authentication details (which you can change in clientzone, if you need to)
• You are not on the Afrihost network when you want to phone home. (On the Afrihost network, you can connect directly to your router.)

PPTP overview (point to point tunnelling protocol)

You can connect to the PPTP server with these settings:

• Protocol: PPTP (port 1723/TCP, GRE)
• PPTP server name: pptp.afrihost.com
• Authentication type: Username + password (PAP - Password authentication protocol)
• User name: yourusername@afrihost.co.za
• Password: yoursecretpassword (reset in clientzone if you don't have it)
• Advanced settings: Enable PAP (Password authentication protocol)
• Advanced settings: MPP encryption: OFF (this is not a secured link)

Additionally, you need to ensure that your router allows your system to make PPTP connections:

• Router firewall: enable PPTP / GRE application

Operating systems

Android

Recent versions of Android have built-in PPTP support.

• Open the Android Settings Application (the gear icon ⚙)
• Open up "VPN" settings (use the search function, 🔍), or navigate Connections ... More connection settings ... VPN )
• Add a new VPN profile from the context menu (⠇ ... Add VPN Profile)
• Set it up with these settings. You should use your own name and user name:
  • Name: phone home
  • Type: PPTP
  • Server address: pptp.afrihost.com
  • PPP encryption (MPPE): Not selected
  • Show advanced options: Not selected
  • User name: yourusername@afrihost.co.za
  • Password: yoursecretpassword
  • Always-on VPN: Not selected
• Now you can connect to the VPN profile in order to reach your home network.

Note that Android correctly points out "This VPN isn't secure." This VPN is not secure, in the sense that your data can be observed in transit by a sufficiently motivated administrator, and neither is it intended to provide a security benefit.

Windows 10

Windows 10 supports PPTP by default, but you will need to persuade it to connect to this particular PPTP server because there is no encryption.

1. In the menu, use the "Search" function, and type "VPN"
2. Add a VPN connection with these settings:
   • VPN provider: Windows (built-in)
   • Connection name: "Phone home" (or something suitable for your network)
   • Server name or address: "pptp.afrihost.com"
   • VPN type: Point to Point Tunneling Protocol (PPTP)
   • Type of sign-in info: User name and password
   • User name: yourusername@afrihost.co.za
3. Set advanced settings for the VPN
4. Set the "Allow PAP" advanced option, and click "OK"
5. Connect to the VPN, and enter your connectivity password.

Linux

You need pptpd and pppd, and you're almost there:

# sudo apt install pptpd pppd

And then you can dial it up like this:

# sudo pppd noauth name myusername@afrihost.co.za password mysecretpassword \
  pty "pptp pptp.afrihost.com --nolaunchpppd" \
  nodetach defaultroute replacedefaultroute
Using interface ppp0
Connect: ppp0 <--> /dev/pts/7
PAP authentication succeeded
replacing old default route to wlan0 [192.168.0.1]
local  IP address 10.227.0.2
remote IP address 10.227.0.1

You can disconnect with Ctrl+C or killall pppd

If you're a whizz with Linux, you can set it up to route only the RFC6598 IP addresses over the network:

# Do this all as root
sudo -s
# Route rfc6598 IP's over PPP connections:
echo > /etc/ppp/ip-up.d/rfc6598 '#!/bin/sh
ip route add 100.64.0.0/10 dev $1'
# And start up the link, without making it the default ip4 route:
pppd noauth name myusername@afrihost.co.za password mysecretpassword \
  pty "pptp pptp.afrihost.com --nolaunchpppd" nodetach

Limits

The following limitations apply:

• Beta: this service may be discontinued at any time without notice. This service may be modified at any time, without notice. Your access to this service may go away at any time without notice.
• NAT only: You must have a NAT RFC6598 address on your Afrihost link. Your IP address in the range 100.64.0.0 to 100.127.255.255, and reachable only within the Afrihost network.
• Security: this an unencrypted service, with no security benefit. You should use SSL for connections that require security.
• Router limitations: your router may support only one GRE session at a time for your network.
• Filtering: certain ports may be restricted (specifically SMTP)
• Bandwidth: bandwidth and throughput restrictions may apply, especially to non-RFC6598 services