Skip to content

Instantly share code, notes, and snippets.

@hagb4rd

hagb4rd/vpnguide.md

Created May 13, 2016 12:31
Show Gist options
  • Save hagb4rd/ea32bf682cee8b51d814a36fecc6d4f9 to your computer and use it in GitHub Desktop.
Save hagb4rd/ea32bf682cee8b51d814a36fecc6d4f9 to your computer and use it in GitHub Desktop.
Download ZIP
Setting up a private OpenVPN server [Linux users only]
Raw
vpnguide.md

Setting up a private OpenVPN server [Linux users only]

This guide is an updated/complete/generalized version of http://azure-openvpn.github.io/ for Linux users. The aim is to get an OpenVPN server up and connect to it from your local machine, thus getting your own "private" VPN server and on-demand fast VPN network access.

Obligatory Theory

This is all important to know, period.

  • VPN is a layer between your PC and the outside world
  • VPN masks your PC from the outside world (it theoretically can't mask you from your ISP, though)
  • A VPN server is a server which accepts requests (from your PC, in this case), sends them to some other place hiding that you made the request initially, collects the response, and sends it back to you.
  • A VPN client is an application which "installs" this layer thus routing all your outbound traffic through this tunnel.
  • This additional layer can and will slow down your internet speed, although the difference might not be observable.
    • Some (read: most) ISPs throttle your traffic based on what exactly you are doing. VPN (at least the way we will set it up) encrypts all that traffic so your ISP won't be able to identify (easily) what exactly you are requesting/receiving. This could actually speed up things for you (like downloading torrents, mostly).
    • If the network of the server you are using as the VPN layer as has network issues, you will face the same network issues. What is blocked/slow for the server will be blocked/slow for you as well. Because common sense.
  • VPN is just the name of a technology, like "drink" is the generic term for all drinks of all brands.
  • OpenVPN is an implementation of that technology, like "Coca Cola" is a specific drink. There are others as well, but OpenVPN is one popular and open-source choice.
  • From my experience and research, setting up a private VPN is often cheaper and faster than getting a VPN connection from most major VPN providers. If you already have a server, this could be awesome. If you don't, you can rent one from Azure/Digital Ocean/Linode/OVH whatever for cheap (which basically gives you another PC, in effect).

What you need

  • A Linux server (we will use Ubuntu 14.04 here as an example) and SSH access to it (or physical access, but that would be kinda silly). If you don't know what this means, please read the original guide above and read up on SSH and VPN in general. Without that, this guide will not work for you.

  • Basic terminal skills.

What we will do

  • Install OpenVPN server (it is like an Apache/NGINX server which sits and listens for connections) on your server.
  • Install OpenVPN client on your local machine.
  • Get the secret .ovpn file from the server to the local machine, which lets you connect to the server establishing a "tunnel" through which all further network requests pass, thus layering your network with another PC (your Ubuntu server).

Steps

  1. SSH into the server.
  2. Download the latest OpenVPN server binary from http://swupdate.openvpn.org/as/ 3. For Ubuntu 14.04 64bit installs, it is http://swupdate.openvpn.org/as/openvpn-as-2.0.24-Ubuntu14.amd_64.deb as of this writing. Please double check against that list for your distro/architecture and the latest release. 4. If no binary is present for your distribution, you need to download the source code and install it from source. This needs basic compiling skills which can be obtained by Googling "install from source on linux".
  3. Install the downloaded binary/source. 5. Say you got the Ubuntu 14.04's .deb package as setup.deb, you can install it as dpkg -i /path/to/setup.deb (need to be root of course).
  4. Open two ports: 7. First is the admin UI port which we access over HTTPS. By default, it listens on port 943 over HTTPS (which is implemented over TCP), so we need to open port 943 from IpTables: 8. iptables -A input -p tcp --dport 943 -j ACCEPT 9. Second is the OpenVPN server's listening port itself, implemented over UDP via the OpenVPN server, listening by default over port 1194: 10. iptables -A input -p udp --dport 1194 -j ACCEPT
  5. By default, the OpenVPN package should create a new user openvpn on your server, and you need to create a password for it: 12. passwd openvpn
  6. Download the user's .ovpn file: 14. Goto https://<server-url-or-ip>:943 and login with the username openvpn and password that you setup above. 15. Download the User Locked profile from the link at the bottom. 16. At this point, you mostly don't need the Admin UI anymore so feel free to close that port from IpTables. 17. You don't need server access anymore either, so feel free to close your SSH session.
  7. Install OpenVPN client on your client machine. This depends on the distro your are using, for Ubuntu, it is really just apt-get install openvpn, and for Arch Linux, it is just pacman -S openvpn.
  8. Create an auth file containing your username and password: 20. The file should have two lines: first line containing the username (which is openvpn), and the second line containing the password that you created for the openvpn user on the server.
  9. The command to connect is: openvpn --config /path/to/.ovpn/file --auth-user-pass /path/to/auth/file (needs root access because it meddles with your network and such)
  10. [Optional] Create a script to do the above step!

That's it. Basic guide. RTFM of OpenVPN for more complicated stuff (like multiple users) etc.

-- FIN --

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment