VPN: Virtual Private Network

January 13, 2022

Lang: cs en de es

If you want to increase security or connect computers in different locations, a VPN is great for both. VPN stands for virtual private network. And in this article, I'll describe what a VPN is and how to create your own VPN using the opensource software OpenVPN. That is, how to install and configure it on Linux or Windows OS as a client and server.

VPN, abbreviated as Virtual Private Network, is a technology that creates a virtual private network between devices, and thus devices, that are on it can access each other directly. Typically this traffic is wrapped in encrypted communication hence more security is provided.

Video what is a VPN

Video where I describe what a VPN is:

OpenVPN

OpenVPN is opensource software that allows you to create a central point=server that other client devices can connect to. And once connected, a network is created between these devices that virtually connects them directly, i.e. without being directly connected by a physical cable.
Moreover, all communication that flows through this connection is encrypted.

The Virtual Private Network is useful, for example, in cases where you don't have a public IPv4 address and so can't easily reach the PCs in question. A VPN will give you easy access.

There are more ways to use OpenVPN, so a more detailed introduction is needed at the beginning.

You can log in to the VPNcei with a name and password or with a certificate. I recommend using a certificate instead. The easy-rsa utility is used to generate authority, keys, and certificates for both the server and clients.

There are also pre-made Linux distributions for routers that include OpenVPN. Such solutions tend to have a web-based administration interface that makes adding and editing VPN users very convenient.
These are, for example, OPN sense, PF sense or Pritunl.

Installing OpenVPN

Because OpenVPN is an opensource solution, it is possible to run this VPN not only on Linux, but also on MS Windows and many other operating systems.
I will describe the installation for Windows and Linux.

Installing OpenVPN Linux

On Linux, it performs the installation easily.
Mageia installation command:

urpmi openvpn
A command for installations in the Debian distribution:
apt-get install openvpn
This will install the complete OpenVPN, which you can run in both client and server mode.

Installing OpenVPN Windows

Download the windows client here. Download the server/complete version of OpenVPN for Windows here. Of course, you need to choose the right installer for Windows, according to your processor architecture. You have the option to download other older versions as well.

I had a problem with certificate generation when I installed OpenVPN on Windows in 2019. It was the OpenVPN installer version 2.4.6-I602. There were some changes in this regard in the windows version. My problem was eventually solved by installing the older version. I used the OpenVPN installer version 2.3.18, which included the complete easy-rsa and openssl in the original version and everything was working. Configuration and certificate generation was as described in the original documentation and everything worked.

It should be noted that Windows OS is not suitable for running any server application and even installing OpenVPN, its operation and subsequent PC management will be more laborious. Therefore, if possible, choose Linux or other Unix.

Configuring OpenVPN

You can configure OpenVPN in server or client mode. A single computer with a public IP address is used as the server, and then other devices=clients connect to this PC. You cannot do without a public IP address. Alternatively, you need to be able to forward the port on the router that has the public IP address.

Whether you are configuring a client or a server you need to have a configuration file with valid content. And ideally place it in the expected directory. On Linux this is typically ,/etc/openvpn.

OpenVPN server configuration

Example server configuration:

port 1194
proto udp
dev tun0
ca easy-rsa/keys/ca.crt # certificate authority certificate
cert easy-rsa/keys/server.crt #server certificate
key easy-rsa/keys/server.key # dial
dh easy-rsa/keys/dh1024.pem

comp-lzo

server 192.168.101.0 255.255.255.0
ifconfig-pool-persist /var/lib/openvpn/ip.txt
client-to-client


log-append /var/log/openvpn.log
status /var/run/openvpn/vpn.status 10

Of course, you need to enable the appropriate port on the firewall.

OpenVPN client configuration

Example of client configuration:

#server address
remote 147.32.117.1 1194

#tls-client
client
dev tun0

pull
proto udp
mute 10

ca ca.crt
cert dog.crt
key dog.key

#compression
comp-lzo
#logging efficiency
verb 3

ns-cert-type server

log-append /var/log/openvpn.log

You can then start the client manually or via systemd.

Generating keys

A video tutorial showing how to generate keys using easy-rsa. Easy-rsa is a set of commands that call the openssl program that allows the generation of keys , certificates, signing etc.... The keys are generated so that they can then be used by the OpenVPN VPN.

Key generation is universal regardless of OS. This guide is also universal. However, since working with Windows is more complicated, I implemented the demo on Windows so that Windows users have a tutorial.

Custom VPN Installation

If installing a VPN is too complicated for you or you need a customized solution, I offer openVPN consultation and installation.

Other Resources

You can use the official OpenVPN website and documentation as your main source of information.

If you're dealing with other things in the area of installing and configuring Linux servers, you can take inspiration from my ebook notes managing Linux servers

Articles on a similar topic

Using the GoTrust hardware encryption key from MojeID on Linux
Bitwarden Password Manager

Newsletter

If you are interested in receiving occasional news by email.
You can register by filling in your email news subscription.


+