Are you feeling unsecured about your data transmitting over Internet? Want to access blocked content in your country? (Please comply with your country’s law, failing to which you may land in jail) This article will guide you to set a OpenVPN Server on your server for accessing content over Internet securely.
To start with lets see what is a VPN. A virtual private network (VPN) extends a private network across public networks like the Internet. It enables a host computer to send and receive data across shared or public networks as if they were an integral part of the private network with all the functionality, security and management policies of the private network.
Why you need VPN?
- Concerning Privacy: Accessing free WiFi Internet from Airport/cafe/Malls? Well there may be chance that your data can be intercepted. A secured connection by VPN make sure that your data is not getting intercepted.
- Accessing Blocked Content: I live in a country where I cannot access premium content like Pandora or TV channels due to licence restriction. A VPN Server set up in abroad where these content are available make sure I can access these.
- Security: Using VPN make sure you and your data transmitted are away from praying eyes.
- Setting Private Network over Internet: It can be used to set up a Gaming LAN network over internet when you cannot access each other due to port blocking. It can be used for accessing other services which are exclusively used by your firm.
In this article we have used a US based Virtual Private Server(VPS) and Ubuntu 12.10 with root access.
Make sure TUN Adapter is enabled on your hosting
To know if TUN Adapter is enabled or not pass following command:
If output is “cat: /dev/net/tun: File descriptor in bad state”
In case it is different ask your hosting provider to enable the TUN.
Install the “openssl” and “openvpn” Package
apt-get install openssl openvpn
Copy Configuration Files:
cp -avr /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa
Edit the /etc/openvpn/easy-rsa/vars file
Find the line which has export EASY_RSA=”`pwd`”
Edit it as
now change directory
Pass following commands :
. ./easy-rsa/vars ./easy-rsa/clean-all
Building Certificate Authority File:
Building Server Key:
Several question will be asked, leave it as default. After that two Yes/No question will be asked, put y and proceed
Building Client Key:
Several question will be asked, leave it as default. After that two Yes/No question will be asked, put y and proceed. Repeat the above command with user2, user3 and so on to add number of user.
Creating Diffie Hellman Parameters:
When done, a new directory called “keys” will be created in “/etc/openvpn/easy-rsa”
Creating OpenVPN Configuration File:
- UDP port number 8080 used
- 188.8.131.52 and 184.108.40.206 is used as DNS server
Create and edit configuration file “/etc/openvpn/openvpn.conf” with following content:
proto udp port 8080 dev tun0 ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh1024.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 220.127.116.11" push "dhcp-option DNS 18.104.22.168" keepalive 10 190 user nobody group nogroup persist-key persist-tun client-to-client comp-lzo verb 3 log-append /var/log/openvpn ubuntu@ip-10-245-38-220:~$
Enable Packet Forwarding:
edit the “/etc/sysctl.conf” file and uncomment the following line
Adding IPTable rule
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -0 eth0 -j SNAT --to YOUR.EXTERNAL.IP
In this, replace eth0 with your external adapter (venet0 if you have OpenVZ based server) and Your.External.IP with your external IP address.
And if you configured everything correctly, your OpenVPN server is running 🙂
Client Side Configuration:
Copy the following files from “/etc/openvpn/easy-rsa/keys”
- user1.crt (copy user2.crt and so on if you created multiple certificates)
- user1.key(copy user2.key and so on if you created multiple certificates)
Create user1.ovpn file on your machine with following content
dev tun client proto udp remote YOUR.VPS.IP 8080 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert user1.crt key user1.key comp-lzo verb 3 fast-io pull remote-random route-delay 2 redirect-gateway
Replace YOUR.VPS.IP with your server IP
replace “cert user1.crt” and “key user1.key” file with your certificate and key file.
Now import the profile into your OpenVPN client and get connected to your VPN 🙂