A VPN (virtual private network) server sits between you and the internet. This means anyone looking at your activity does not see your identity, but that of the server. We will set op an OpenVPN server for our private use.

Compatible-with-min-min

In essence I’ll show you how to set up a VPN server using these steps:

  1. Buy a $5/month server
  2. Configure the server to act as a VPN
  3. Connect to the VPN server you created

Stuff you need to know:

  • Anyone who has a basic understanding of the internet can do this
  • This takes between 5 and 30 minutes depending on you
  • This server will use AES-256 encryption and has no bandwidth limitations

Buying a VPS

2015-05-07 21_43_42-SSD Cloud Server, VPS Server, Simple Cloud Hosting _ DigitalOcean

Creating an account

A VPS is a Virtual Private Server, not to be confused with a VPN which is a Virtual Private Network. In essence:

  • A VPS is a server, so a computer you hire in a datacenter
  • A VPN is a server configured to act as a connection for you

A VPS costs $5/month. You will be billed per second used, so if you cancel your server after a day, you will pay next to nothing. No contracts.

I recommend using Digital Ocean as your VPN provider. Simply:

  1. Go to DigitalOcean
  2. Create an account
    1. Either use the big form on the front page
    2. Or use the ‘sign up’ button in the right top corner
  3. Fill in your payment details (remember, you can cancel any time and you are billed per second)

Creating a server

2015-05-07 21_43_02-DigitalOcean Control Panel

Digital Ocean (DO) calles their VPS servers droplets. We are going to spin up a droplet:

  1. Log into your client panel
  2. Click ‘create droplet’
  3. Give it any name (no spaces)
  4. Choose the $5/month option
  5. Select Amsterdam as your VPS region (better net neutrality laws)
  6. Select Ubuntu 15.04 x64
  7. IF you use SSH keys input them as well. If you have no idea what I’m talking about ignore this

You will receive an email containing the following:

  • Your server IP (a number like 11.11.11.11)
  • Your root password (unless you use SSH keys, in which case you won’t)

Connecting to your server

2015-05-07 21_45_00-root@3640-4_ ~

First we need to log into your server. This is done through something called an SSH connection. This is just a protocol for logging in.

On Mac computers

  1. Open your spotlight/search and type ‘Terminal’
  2. Open the terminal (looks like a black screen icon usually)
  3. In the terminal type “ssh root@your_ip” for example ssh root@11.11.11.11
  4. You will be asked for a password, this is the one that was emailed to you

On Linux computers

  • You probably know your way around a terminal already
  • Use the same instructions as on a Mac

On Windows computers

You need an extra piece of software to do ssh connections. It’s not built in. Sorry.

  1. Download and install Putty
  2. Open Putty
  3. Under ‘Host Name’ put your IP address
  4. Set ‘Connection type’ to ssh
  5. Press ‘Open’
  6. Now a black screen will open asking for a username. Use ‘root’
  7. You will be asked for a password, this is the password emailed to you

Updating your server

2015-05-07 21_46_20-root@3640-4_ ~

I like starting with an updated server. Latest software and security etc. This is not strictly needed (the script in the next section also does it) but it is a nice exercise in case you have not handled a command line before.

Anything you type into the terminal now that you started the ssh connection is a command.

Update your repositories

2015-05-07 21_46_53-root@3640-4_ ~

This is checking if your update sources are up to date. It is step 1 of 2. Type the following:

sudo apt-get update

And press enter. A lot of stuff will start happening. Relax, it’s supposed to happen.

Update your software

This is the updating of your actual software. Step 2 of 2 in the update process. Type:

sudo apt-get upgrade

Answer yes when the terminal asks you whether it is ok to install the new software.

Installing the VPN software

OpenVPN logo

I wrote a script to install OpenVPN. This article actually started as a “copy this and then paste that” kind of thing, but it resulted in chaos. Therefore we will do 2 versions, the simple and advanced. What this script does is:

  • Install OpenVPN
  • Set up a firewall that allows only SSH, 1194 UPD and 443 TCP ports
  • Configure 2 connections for the server
    • Both using AES-256
    • Both using a ta.key handshake
  • Generate 2 client files (used by us to connect)
  • Configure automatic security updates

If you don’t know what you are doing

2015-05-07 21_50_42-root@3640-4_ ~

In your terminal type the following commands, you may copy paste:

  1. wget -O openvpn.sh https://raw.githubusercontent.com/actuallymentor/openvpn-bash-setup-script/master/setup.sh
  2. sudo bash openvpn.sh
  3. // Input your password if you are asked for it
  4. Wait until you get a reboot notice, this will take a while

If you know what you are doing

The script declares a number of variables:

  • vpnclient=”clientudp”
  • vpnclientTCP=”clienttcp”
  • vpncipher=”AES-256-CBC” # BF-CBC
  • verbosity=”0″

The vpnclient names are not interesting. They are just the filenames of your config files. Feel free to change them. The interesting ones are:

  • vpncipher, this determines what encruption your connection will use
    • My default: AES-256-CBC
    • Faster option is blowfish: BF-CBC
    • Other options are
      • DES-CBC
      • RC2-CBC
      • DES-EDE-CBC
      • DES-EDE3-CBC
      • DESX-CBC
      • BF-CBC
      • RC2-40-CBC
      • CAST5-CBC
      • RC2-64-CBC
      • AES-128-CBC
      • AES-192-CBC
      • AES-256-CBC
  • verbosity, this determines how much log information your client will output. Handy for debugging.
    • My default: 0, no logging
    • You can move this up to 9

For extreme personalization you can edit the server and client variables, though I don’t see why you would.

Retrieving your config files

We have nog configured our server, yay! Now we need to download our configuration files from it. These files are what our computers will use to connect to the server.

On Mac and Linux

Type the following commands into your terminal. This terminal should not be connected to your server, open a new one.

  1. sftp root@your_server_ip
  2. Enter your password
  3. cd /etc/openvpn/easy-rsa/keys/
  4. get client.ovpn
  5. get clienttcp.ovpn

If you are a wizard and changed the filenames, make sure to select the correct ones.

Now go find your files in your home folder.

On Windows

2015-05-07 21_51_59-keys - root@Myrat - WinSCP

Microsoft doesn’t make life easy. We need to download stuff again.

  1. Download and install WinSCP
  2. Open the interface
  3. Select File protocol SFTP
  4. Host name: your IP
  5. User name: root
  6. Password: the password that was emailed to you
  7. Browse to /etc/openvpn/easy-rsa/keys/
  8. Drap the client.ovpn and clienttcp.ovpn to your desktop

Configuring OpenVPN on your computer

This part differs again per system, but I’ve got you covered:

That’s it! Don’t forget to share 🙂

7 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *