Setting up a Simple VPN Server

VPN offer far more security than the proxy servers which most people are used to using, when using commercial paid for services proxy server accounts are normally much cheaper and simpler to set-up for the client which is their only benefits over VPNs.

vpnIf you are just wanting to view content or media in other regions, and will likely have high bandwidth usage, you are better off staying with a proxy service.

I have set-up VPN accounts for clients, mostly because nearly all of my projects have used IP address identification as part of the systems security, it really is a great way to identify users beyond a username/password, but what about the “road warriors”, in their hotel rooms, in the air, clients offices etc. who don’t have a fixed IP.

Of course VPNs themselves are very secure, no-one can see into the tunnel they create, and its not just HTTP (web browser) but all other internet services that are protected from snooping.

Sending single users to VPN/Proxy suppliers such as VPN-S, who if you previously asked nicely would provide you with a fixed IP address which addresses the IP whitelisting access requirement on their VPN accounts, but they have recently started charging $10 a month extra, making it over $20 a month per user account.

Apart from the cost, there is a security issue, do you trust the VPN supplier? much better to have control over your own server if confidentiality and  security are a concern.

I have set up up a couple VPN servers, but that was never simple, either for the initial installation or on going management. This is a well written example of an “manual” VPN Server installation walk through on an Ubuntu 14.04, I have never managed to do this without spending 50% of the time debugging errors.

But that has changed, a VPN can be set-up and configured by running a single “road warrior” script supplied by Nyr. Just run this on the (debian, Ubuntu or Centos) server and follow the assistant.

wget git.io/vpn --no-check-certificate -O openvpn-install.sh; bash openvpn-install.sh

When finished, just re-run the script to add extra users and devices, the required .ovpn configuration files to distribute to the users are dumped by default into /root. It should take no more than 5 minutes, and in the two I have recently set-up on $10 Droplets at DigitalOcean, they can easily handle more than a single concurrent user, and while I have only tested heavily with a single user on one of those VPN instances, I can say it is far better performance than any commercial product I have seen.

You may want to lock down all the unused ports now on your VPN server, run:

ufw allow ssh
ufw allow 1194/udp
ufw allow 53/udp

where 1194 is the chosen VPN port, and 53 is the optional port to be used where VPN ports might be restricted.

To connect, you need some client software as well as your .ovpn files. VPN Client software available for Windows, OS X, iOS and Android. I haven’t found a working Ubuntu Linux client, but installing Open VPN, running:

sudo apt-get install openvpn

Then connecting with:

sudo openvpn --config /somefolder/yourname.ovpn

Works fine, off course I have primarily written this to jog my memory next time I need to set-up a VPN server in 5 mins, but I really welcome any comments and suggestions.

I have a backup of the Nyr’s road warrior script here 

 

Leave a Reply

Your email address will not be published. Required fields are marked *