Solution for Using a Server/VPS as your own virtual private network

From Ubiquity Server Wiki

Virtual private networks accomplish a lot of useful things.

1. Provide you a consistent static IP addresses for accessing the Internet regardless of where you're located
2. Allow a private and encrypted interface by which to interact with potentially sensitive servers and/or data
3. In many cases, significantly improve latency performance, especially when browsing/gaming from overseas

Time to complete: Under an hour
Skill level: Moderately High

Contents 1 Step 0: Get a VPS and Get Ready! 2 Step 1: Connect to your Linux VPS 3 Step 2: Assure that TUN is enabled 4 Step 3: Install OpenVPN on your Linux VPS 5 Step 4: Configure OpenVPN 5.1 Step 4a: Initial OpenVPN Configuration 5.2 Step 4b: Create VPN user accounts/keys 5.3 Step 4c: Finalize Configuration 5.4 Step 4d: Some reference information 6 Step 5: Connect to your new VPN 6.1 Windows Client

Step 0: Get a VPS and Get Ready!

This tutorial assumes that you are a Windows user with an CentOS 5 Linux VPS from UbiquityServers.com. All software used in this free, which includes OpenVPN (http://www.openvpn.net/). The OpenVPN software will run on as little as a Ubiquity's $18 Baby VPS, however you will likely notice performance benefits of using a power powerful virtual provision / system ranging all the way up to a dedicated server for this.

Step 1: Connect to your Linux VPS

• You'll first need to download Putty if you don't have it yet. Putty is a free program for connecting to a Linux system and is available here. Just click the link for putty.exe.

• In your welcome email from Ubiquity Servers, you received two IP addresses. Open your SSH client (Putty). In the Host Name field, enter the first IP listed in your welcome email. At the login prompt, type the word root and hit enter. Now type your password (also listed in your welcome email).

You won't be able to see anything, but rest assured it's being typed. When you're done typing your password, hit enter. You're now logged into your server and ready to begin.

Step 2: Assure that TUN is enabled

The kernel module tun will be needed to complete this task on your VPS. To save you potential headaches down the line, let's make sure it's there. Type:

cat /dev/net/tun

If it's working correctly, you'll get a verify specific error (it may seem odd, but you do want to see an error here), which reads:

cat: /dev/net/tun: File descriptor in bad state

If you see anything other than this message, please contact support to request that the tun module be enabled on your container, as some new containers may not contain this module by default.

Step 3: Install OpenVPN on your Linux VPS

Copy/paste and enter each of these commands in putty (hint: use the right mouse button to paste using PuTTy). Press Y each place you are prompted.

apt-get update;
apt-get upgrade;
apt-get install openvpn bridge-utils;
cp -R /usr/share/doc/openvpn/examples/ /etc/openvpn/;

Step 4: Configure OpenVPN

Step 4a: Initial OpenVPN Configuration

Enter the following command in shell. Here you will customize your VPN (if desired). vi can be tricky. All that is recommended is changing your contact details at the bottom of the file. To exit and save, press ESC, then type :wq, and hit Enter.

vi /etc/openvpn/examples/easy-rsa/2.0/vars

Now run the following commands in this order (required):

cd /etc/openvpn/examples/easy-rsa/2.0/
source ./vars
./clean-all
./pkitool --initca
./pkitool --server server
./build-dh 
openvpn --genkey --secret ta.key

Step 4b: Create VPN user accounts/keys

If you would like to add a VPN user that requires a password in addition to a key:

./build-key-pass username  

If you would like to add a VPN user that requires only a key:

./build-key username 

Step 4c: Finalize Configuration

We're almost there, good job. Now we need to create a server.conf file. This is a little tricky, since OpenVPN does not provide us one, however we'll be nice and give you a nice completed sample that should work with the rest of this guide.

wget http://www.ubiquityservers.com/src/openvpn-server-conf.txt
mv openvpn-server-conf.txt /etc/openvpn/examples/easy-rsa/2.0/server.conf

Now finally, let's start OpenVPN:

openvpn /etc/openvpn/examples/easy-rsa/2.0/server.conf

Step 4d: Some reference information

For reference, the following table explains every file that's so far been created:

Filename	Needed By	Purpose	Secret
ca.crt	server + all clients	Root CA certificate	NO
ca.key	key signing machine only	Root CA key	YES
dh{n}.pem	server only	Diffie Hellman parameters	NO
server.crt	server only	Server Certificate	NO
server.key	server only	Server Key	YES
ta.key	server+ all clients	Server TLS Auth Key	YES
client1.crt	client1 only	Client1 Certificate	NO
client1.key	client1 only	Client1 Key	YES
client2.crt	client2 only	Client2 Certificate	NO
client2.key	client2 only	Client2 Key	YES
client3.crt	client3 only	Client3 Certificate	NO
client3.key	client3 only	Client3 Key	YES

Step 5: Connect to your new VPN

Windows Client

• Find My Network Places in Windows 95 - Windows XP or simply Network in Windows Vista or later.
• Right click on this option, and choose Properties
• Choose Set up a new connection or network
• Choose Connect to a workplace
• Choose Use my Internet connection (VPN)
• Enter in the connection details that you have set in Step 4
• Choose Connect