If you want to increase security or connect computers in different locations, a VPN is great for both. VPN stands for virtual private network. And in this article, I'll describe what a VPN is and how to create your own VPN using the opensource software OpenVPN. That is, how to install and configure it on Linux or Windows OS as a client and server.
VPN, abbreviated as Virtual Private Network, is a technology that creates a virtual private network between devices, and thus devices, that are on it can access each other directly. Typically this traffic is wrapped in encrypted communication hence more security is provided.
Video what is a VPN
Video where I describe what a VPN is:
OpenVPN is opensource software that allows you to create a central point=server that other client devices can connect to.
And once connected, a network is created between these devices that virtually connects them directly, i.e. without being directly connected by a physical cable.
Moreover, all communication that flows through this connection is encrypted.
The Virtual Private Network is useful, for example, in cases where you don't have a public IPv4 address and so can't easily reach the PCs in question. A VPN will give you easy access.
There are more ways to use OpenVPN, so a more detailed introduction is needed at the beginning.
You can log in to the VPNcei with a name and password or with a certificate. I recommend using a certificate instead. The easy-rsa utility is used to generate authority, keys, and certificates for both the server and clients.
There are also pre-made Linux distributions for routers that include OpenVPN.
Such solutions tend to have a web-based administration interface that makes adding and editing VPN users very convenient.
These are, for example, OPN sense, PF sense or Pritunl.
Because OpenVPN is an opensource solution, it is possible to run this VPN not only on Linux, but also on MS Windows and many other operating systems.
I will describe the installation for Windows and Linux.
Installing OpenVPN Linux
On Linux, it performs the installation easily.
Mageia installation command:
urpmi openvpnA command for installations in the Debian distribution:
apt-get install openvpnThis will install the complete OpenVPN, which you can run in both client and server mode.
Installing OpenVPN Windows
Download the windows client here. Download the server/complete version of OpenVPN for Windows here. Of course, you need to choose the right installer for Windows, according to your processor architecture. You have the option to download other older versions as well.
I had a problem with certificate generation when I installed OpenVPN on Windows in 2019. It was the OpenVPN installer version 2.4.6-I602. There were some changes in this regard in the windows version. My problem was eventually solved by installing the older version. I used the OpenVPN installer version 2.3.18, which included the complete easy-rsa and openssl in the original version and everything was working. Configuration and certificate generation was as described in the original documentation and everything worked.
It should be noted that Windows OS is not suitable for running any server application and even installing OpenVPN, its operation and subsequent PC management will be more laborious. Therefore, if possible, choose Linux or other Unix.
You can configure OpenVPN in server or client mode. A single computer with a public IP address is used as the server, and then other devices=clients connect to this PC. You cannot do without a public IP address. Alternatively, you need to be able to forward the port on the router that has the public IP address.
Whether you are configuring a client or a server you need to have a configuration file with valid content. And ideally place it in the expected directory.
On Linux this is typically ,
OpenVPN server configuration
Example server configuration:
port 1194 proto udp dev tun0 ca easy-rsa/keys/ca.crt # certificate authority certificate cert easy-rsa/keys/server.crt #server certificate key easy-rsa/keys/server.key # dial dh easy-rsa/keys/dh1024.pem comp-lzo server 192.168.101.0 255.255.255.0 ifconfig-pool-persist /var/lib/openvpn/ip.txt client-to-client log-append /var/log/openvpn.log status /var/run/openvpn/vpn.status 10
Of course, you need to enable the appropriate port on the firewall.
OpenVPN client configuration
Example of client configuration:
#server address remote 188.8.131.52 1194 #tls-client client dev tun0 pull proto udp mute 10 ca ca.crt cert dog.crt key dog.key #compression comp-lzo #logging efficiency verb 3 ns-cert-type server log-append /var/log/openvpn.log
You can then start the client manually or via systemd.
A video tutorial showing how to generate keys using easy-rsa. Easy-rsa is a set of commands that call the openssl program that allows the generation of keys , certificates, signing etc.... The keys are generated so that they can then be used by the OpenVPN VPN.
Key generation is universal regardless of OS. This guide is also universal.
However, since working with Windows is more complicated, I implemented the demo on Windows so that Windows users have a tutorial.
Custom VPN InstallationIf installing a VPN is too complicated for you or you need a customized solution, I offer openVPN consultation and installation.
You can use the official OpenVPN website and documentation as your main source of information.
If you're dealing with other things in the area of installing and configuring Linux servers, you can take inspiration from my ebook notes managing Linux servers
Články na podobné téma
If you are interested in receiving occasional news by email.
You can register by filling in your email news subscription.