Running Your Own VPN
Virtual Private Networks (known as VPNs) are becoming prevalent on the internet these days, particularly due to the news coverage of encryption and privacy.
There are many providers of consumer VPNs charging anything up to about £8 / month. Why should you pay this, when you can run your own for much cheaper?
I’ve mentioned before the VPS provider Low End Spirit. Using one of their virtual machines you can run your own VPN, connect as many devices as you want, and not have to worry about sending your traffic through a commercial provider.
Setup Your Box
Sign up to Low End Spirit and choose a VPS that meets your needs and location. You might want to have a VPS in your home country to “pretend” you are at home when you are travelling, or you might want a VPS in another country to get around some Geo-IP restriction on a website you are accessing.
The default OS image installed on my Dallas Texas VPS was a minimal installed of Debian 7 32-bit. This is all you need.
In the VPS admin console, enable TUN/TAP for your VPS:
That’s all you need to do, let’s install the VPN.
This step is easy: there is a pre-configured script ready to do all the hard work.
In your console, type:
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
The script will prompt you for various bits of information. If you are running on a Low End Spirit VPS, or another such service behind a NAT, you will have to provide the public IPv4 address of your VPS. You should have received this in your email. You will also have to choose a port number in your private allocation range.
The script automatically generates a OVPN configuration file, which you will need to copy to any devices you wish to connect to the VPN. The configuration file will be in your user directory, with the name you specified in the script (such as MyUser.ovpn).
Configuring Your Devices
Your VPN is now setup to use. You can connect from a variety of devices.
To use an iPhone, download the OpenVPN Connect iOS application from the App Store. It’s free and works fine – it just looks quite old fashioned!
Email the OVPN configuration file to yourself. Click on the attachment in your email application and choose to open it with OpenVPN Connect. Add this configuration to the app.
You can use the OpenVPN Connect application to manage your connection to the VPN. Once installed you can also use the VPN toggle in your iOS Settings menu directly.
It’s possible to use the VPN on a desktop PC too. The OpenVPN GUI applications for Windows is very stable.
Configuring Further Devices
If you wish to connect other devices, simply re-run the configuration script on your VPS and generate a new configuration file.
Alternatively you can use the same configuration file on multiple devices. By default this will assign the same IP address to each device that tries to connect and may confuse your devices if you connect more than one.
To configure OpenVPN to assign each device that connects with a different IP address, modify the settings on the VPS:
- enable client-config-dir in the /etc/openvpn/server.conf file
# Client config directory client-config-dir /etc/openvpn/ccd
- now make a directory named ccd, as specified above
sudo mkdir /etc/openvpn/ccd
- In the ccd folder, make a file named with the “common name” you gave the certificate.
- if you dont know the common name, its in the ovpn file with line Subject: CN=.
- Add the following line to the file:
- ipconfig-push IP_ADDRESS_TO_ASSIGN SUBNET_MASK_TO_USE
- So for example:
ifconfig-push 10.1.32.10 10.1.32.1
- Fix the user permissions, so that OpenVPN can read the file:
$ sudo chown -R nobody:nogroup /etc/openvpn/ccd
- Then reserve this IP Address for this user. Add the following line to the file
- And finally restart OpenVPN
$ sudo service openvpn restart
That’s it, you’ve now got a fully functional personal VPN. (HT http://dnaeon.github.io/static-ip-addresses-in-openvpn/)
[…] previously written about running your own VPN using a very low end tiny VPS. That post worked well for OpenVZ “tiny” virtual machines, but was not very […]