Are you feeling unsecured about your data transmitting over Internet? Want to access blocked content in your country? (Please comply with your country's law, failing to which you may land in jail) This article will guide you to set a OpenVPN Server on your server for accessing content over Internet securely.

To start with lets see what is a VPN. A virtual private network (VPN) extends a private network across public networks like the Internet. It enables a host computer to send and receive data across shared or public networks as if they were an integral part of the private network with all the functionality, security and management policies of the private network.

Why you need VPN?

  • Concerning Privacy: Accessing free WiFi Internet from Airport/cafe/Malls? Well there may be chance that your data can be intercepted. A secured connection by VPN make sure that your data is not getting intercepted.
  • Accessing Blocked Content: I live in a country where I cannot access premium content like Pandora or TV channels due to licence restriction. A VPN Server set up in abroad where these content are available make sure I can access these.
  • Security: Using VPN make sure you and your data transmitted are away from praying eyes.
  • Setting Private Network over Internet: It can be used to set up a Gaming LAN network over internet when you cannot access each other due to port blocking. It can be used for accessing other services which are exclusively used by your firm.

In this article we have used a US based Virtual Private Server(VPS) and Ubuntu 12.10 with root access.

Make sure TUN Adapter is enabled on your hosting

To know if TUN Adapter is enabled or not pass following command:

cat /dev/net/tun

If output is "cat: /dev/net/tun: File descriptor in bad state"

In case it is different ask your hosting provider to enable the TUN.

Getting Started:

 Installing Package:

Install the "openssl" and "openvpn" Package

apt-get install openssl openvpn

 

Copy Configuration Files:

cp -avr /usr/share/doc/openvpn/examples/easy-rsa/2.0   /etc/openvpn/easy-rsa

 

Edit variables:

Edit the /etc/openvpn/easy-rsa/vars  file

Find the line which has export EASY_RSA="`pwd`"

Edit it as

export EASY_RSA="/etc/openvpn/easy-rsa"

now change directory

cd /etc/openvpn

 

 

Pass following commands :

. ./easy-rsa/vars

./easy-rsa/clean-all

 

 

Building Certificate Authority File:

./easy-rsa/build-ca OpenVPN

 

Building Server Key:

./easy-rsa/build-key-server server

Several question will be asked, leave it as default. After that two Yes/No question will be asked, put y and proceed

Building Client Key:

./easy-rsa/build-key user1

Several question will be asked, leave it as default. After that two Yes/No question will be asked, put y and proceed. Repeat the above command with user2, user3 and so on to add number of user.

Creating Diffie Hellman Parameters:

./easy-rsa/build-dh

When done, a new directory called "keys" will be created in "/etc/openvpn/easy-rsa"

 

Creating OpenVPN Configuration File:

Assumptions :

  • UDP port number 8080 used
  • 8.8.8.8 and 4.2.2.2 is used as DNS server

Create and edit configuration file "/etc/openvpn/openvpn.conf" with following content:

proto udp
port 8080
dev tun0

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem

server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 4.2.2.2"
push "dhcp-option DNS 8.8.8.8"

keepalive 10 190
user nobody
group nogroup
persist-key
persist-tun
client-to-client
comp-lzo
verb 3
log-append /var/log/openvpn
  Enable Packet Forwarding: edit the "/etc/sysctl.conf"  file and uncomment the following line
net.ipv4.ip_forward=1

[/codesyntax]

Adding IPTable rule 

[codesyntax lang="text"]

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -0 eth0 -j SNAT --to YOUR.EXTERNAL.IP

In this, replace eth0 with your external adapter (venet0 if you have OpenVZ based server) and Your.External.IP with your external IP address.

Restart Services:

/etc/init.d/openvpn restart

And if you configured everything correctly, your OpenVPN server is running 🙂

Client Side Configuration:

Copy the following files from "/etc/openvpn/easy-rsa/keys"

  • ca.crt
  • user1.crt (copy user2.crt and so on if you created multiple certificates)
  • user1.key(copy user2.key and so on if you created multiple certificates)

Create user1.ovpn file on your machine with following content

 

dev tun
client
proto udp
remote YOUR.VPS.IP 8080
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert user1.crt
key user1.key
comp-lzo
verb 3
fast-io
pull
remote-random
route-delay 2
redirect-gateway

Replace YOUR.VPS.IP with your server IP

replace "cert user1.crt"  and "key user1.key" file with your certificate and key file.

Now import the profile into your OpenVPN client and get connected to your VPN 🙂