- Get Microsoft Azure
- Create an EC2 instance
- SSH into the remote server
- Setup OpenVPN Access Server
- Download ovpn files
- Connecting to the VPN on client devices
- Budget Control
- Authors
- Avail the Github Student Developer Pack.
- Now navigate to the benefits page and apply a filter for
cloudor just click here. Follow the steps to sign up for Azure, and you will receive $100 credits.
Note Although, we could have done it directly using Institute ID on Microsoft Azure. But the afore-mentioned method exposes you to various other possibilities which you might have not even thought of. We chose Microsoft Azure here, if you want you can also choose DigitalOcean or any other cloud platform of your preference.
-
Goto Azure portal
-
Click on the
hamburgermenu >Create a resource>Compute>Ubuntu Server 22.04 LTS. Fill in the necessary details in theBasicssection.
-
Create a new
Resource Group& give your virtual machine a name.
-
Now about region & disk size.
First select the cheapest size and then select the region from the available options. A standard B1s size is going to be good enough and will last around 11 months using free credits. Now choose the closest region where the said size is available, which in our case will beSouth-East Asia. A bigger (aka more costly) size would probably be available in Indian regions.
-
Now choose an Authentication method according to your preference.
-
Using
ssh keysis more secure but hard to follow.Using SSH keys
-
Select
SSH public keyas the Authentication Method and fill in the required fields.
-
Choose HTTPS(443) in
Select inbound ports.
-
Leave the rest of the settings as default in other sections and click
Review+Create. -
Now you will be prompted to
Generate a new key pair, selectDownload private key and create Resource. This step will download a.pemfile onto your local machine.
-
-
Using
passwordis easy to follow but less secure.Using password
-
Select
Passwordas the Authentication Method and fill in the required fields.
-
Choose HTTPS(443) in
Select inbound ports.
-
Leave the rest of the settings as default in other sections and click
Review+Create.
-
-
-
-
Now, wait for the VM to be deployed. Once the VM is deployed
-
Click
Goto Resource.
-
Click
Configurefor the DNS option underNetworking.
-
Type in any DNS name like your username in the
DNS name labelfield and pressSave.
-
Warning
For this step you will need to switch to a network other than that of campus as PORT 22(default port for SSH) IS BLOCKED ON CAMPUS NETWORK.
SSH steps are drastically different for a Windows client & a Linux/MacOS (*nix) client.
Click on the following links to read about the steps for the client of your interest:
-
To make sure your PC has
SSHclient and server both installed, run the following command on Command Prompt as Administrator.Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
- Windows also has Powershell and the new Windows Terminal which combines all the different shell environments. So, you can choose one from these as well, but it doesn't matter in this context.
-
Now
sshinto the remote serverUsing SSH keys
ssh -i C:\path\to\privatekey user@host_address
-
You can ssh via the following methods
Using SSH keys
ssh -i path/to/privatekey user@host_address
Note
The afore-mentioned method has a long command to type in, the recommended method will not be an alias but utilize something which SSH itself provides us.
We can add the config details to the ssh config file (~/.ssh/config). The format is given below, replace the content inside<_>with your values and save it into the config file.
Then you can ssh directly by usingssh MyAzure.Host <MyAzure> HostName <Host Address> User <Username> IdentityFile </path/to/privatekey> IdentitiesOnly yes
Note make sure you have set the correct permissions on the private key or else you will get an error during ssh. You can fix this by changing the permissions using the following command:
chmod 400 path/to/privatekey
path/to/privatekey1
After we have ssh'ed into the machine, we have to set up the OpenVPN Access Server.
- Before that, it's a good practice to update and upgrade your system via
sudo apt update sudo apt upgrade
- Execute the following command
It will download and execute a script that automates OpenVPN server configuration.
wget https://git.io/vpn -O openvpn-install.sh && sudo bash openvpn-install.sh - Keep in mind to update the following options during the setup process & leave the rest in their default state:
IP address: Your Public IP for the azure machine.UDP or TCP: Enter 2 for TCP as UDP ports are blocked on campus network.PORT: 443DNS RESOLVER: Enter 4 for OpenDNS.CLIENT: One configuration for one client/device. Name it like pc, mobile, etc.
- The
.ovpnfile will be stored inside/rootdirectory, copy it into your user's home directory using the following commandsudo cp /root/client_name.ovpn ~/client_name4
Note Run the same script to generate new clients (you will need a unique client for each device that’s going to be connected to the VPN), i.e., one
.ovpnfile one connection.
Use the TCP_NODELAY option if you are planning to use this VPN for gaming. Execute the following command on the remote VPN server
sudo echo "tcp-nodelay" | sudo tee -a /etc/openvpn/server.confNow restart the OpenVPN service using
sudo systemctl restart openvpn.service && sudo systemctl restart openvpn-server@server.serviceNow we have to transfer the .ovpn files generated on the remote server to our local machine. The steps to achieve this are different for *nix (Linux or MacOS) & Windows, refer to the following links to read about the steps for your platform of interest:
-
Download WinSCP a GUI implementation for
scp (secure copy)on windows. Open it. -
Click on
New Session
-
Now refer to the procedure mentioned below based on your authentication method.
Using SSH keys
-
Download PuTTY for converting the
.pemfile to.ppkvia PuTTYgen. Open it.-
From the
Start menu, chooseAll Programs>PuTTY>PuTTYgen. -
Choose
Load.
-
By default, PuTTYgen displays only files with the extension
.ppk. To locate your.pemfile, choose the option to display files of all types.
-
Select your
.pemfile for the key pair that you specified when you launched your instance and chooseOpen. PuTTYgen displays a notice that the .pem file was successfully imported. ChooseOK.
-
To save the key in the format that PuTTY can use, choose
Save private key.
-
PuTTYgen displays a warning about saving the key without a passphrase. Choose
Yes.
-
-
Now head back to the
WinSCPwindow & enter the following login configurationFile Protocol: SCP.Host Name: Your remote machine's Public IP address.Port: 22 (Default).Username: username which you set for the remote machine.
-
Navigate to
Advanced>Authentication -
Browse and select your
.ppkfile.
-
Press
OKthenLogin& finallyYES.
Using Password
-
Enter the following login configuration
File Protocol: SCP.Host Name: Your remote machine's Public IP address.Port: 22 (Default).Username: Username which you set for the remote machine.Password: Password which you set for the remote machine
-
Press
LoginthenYES.
-
-
Select and download all the
.ovpnfiles you created which will be shown on the interface.
-
Now shut down the
WinSCP session
Using SSH keys
Run the following command, the key will be downloaded in the Downloads directory.
scp -i path/to/privatekey user@host_address:client_name.ovpn ~/Downloads/path/to/privatekey1 • user2 • host_address3 • client_name4
You can skip the -i (identity file) parameter if you have added the ssh config earlier.
Using Password
Run the following command, the key will be downloaded in the Downloads directory after you enter the correct password set by you earlier.
scp user@host_address:client_name.ovpn ~/Downloads/To start/stop/check status of the OpenVPN server using systemctl:
sudo systemctl start/stop/status openvpn@server.serviceAndroid: Follow either of the aforementioned methods and then transfer the downloaded
.ovpnfile to your Android device via Telegram/Bluetooth/Mail or whatever to your android device.
-
Android: Download Open VPN Connect app from Play Store. Open the app and after going through the first screen, go to Files tab, there import the
.ovpnfile, and connect. -
Linux: In most of the distros, you can go to the network manager and import the
.ovpnfile. If not then install OpenVPN withsudo apt install openvpnand connect usingsudo openvpn --config /path/to/config.ovpn. -
MacOS: You can either download the GUI tool tunnelblick for importing the
.ovpnfile or download the CLI tool for openvpn via MacPorts or HomeBrew usingsudo ports install openvpnandbrew install openvpnrespectively; then executesudo openvpn --config /path/to/config.ovpn. -
Windows: Download the official OpenVPN Connect client for Windows, import the
.ovpnfile, and toggle it ON to finally connect - video guide.
Warning This is a very important step, to ensure the long-term usability of your credits
- Use only one instance.
- Bandwidth is free up to $100 credits, so it's better not to waste resources on the VPN.
Note If in any case, you have to stop an instance forcibly, do it; to be on the safer side.
- Arpit Bhardwaj (@proffapt)
Created with lots of </> and ♥
Nice work mate, can you also add networking inbound port rules?