Setup VPN server and client using OpenVPN

The good thing during the last years is that net access is almost everywhere, and is pretty cheap or even free. A lot of bars, hotels, restaurants offer a free wifi connection, but most of the times that connection is not secured. The biggest security risk with unencrypted connections is the man-in-the-middle type of attack. You are sitting on a bar, checking email, browsing and all your traffic is not encrypted. That means that an attacker can tap into your connection and “listen”, intercept everything you are typing. Like that the attacker can get sensitive data (accounts, passwords, credit card numbers etc.)

Since you don’t have any control over the connection, what one can do to protect himself is to use a VPN. With a VPN, you are creating a secure (encrypted) point-to-point connection between your PC and the VPN server. Translated, that means that all the Internet traffic you are doing, is going through that secure channel, which can’t be hacked that easily.

Here us how to setup a vpn server using openVPN

The server

1. Install openvpn and openssl

sudo apt-get install openvpn libssl-dev openssl

2. Configurations

cd /etc/openvpn/
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

3. Create server certificates

cd /etc/openvpn/easy-rsa/
source vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server server
cd keys
openvpn --genkey --secret ta.key
cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/

4. Create client certificates

cd /etc/openvpn/easy-rsa/
source vars
./pkitool hostname

For each new client that connects to the VPN you’ll need to create new client certificates using step 4

5. Create server configuration file:

cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gzip -d /etc/openvpn/server.conf.gz

After editing your file should look like this:

dev tun
proto tcp
port 1194

ca ca.crt
cert server.crt
key server.key
dh dh1024.pem

user nobody
group nogroup
server 10.10.0.0 255.255.255.0

persist-key
persist-tun

client-to-client

push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

6. Enable routing and MASQUERADE for your VPN by placing the following in your /etc/rc.local

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o eth0 -j MASQUERADE

7. Start the server

/etc/rc.local
/etc/init.d/openvpn restart

The Client

1. Ubuntu (all modern linux?)
I’m using an Ubuntu machine as a client. To use openvpn in Ubuntu just install the openvpn plugin for NetworkManager:

sudo apt-get install network-manager-openvpn

A reboot is recommended.

You can now go and add your connection in Network Manager

2. Windows – to come
3. Mac OS X – to come