How to Set Up Your Own Home VPN Server

How to Set Up Your Own Home VPN Server

Virtual Private Network (VPN) is the best way to increase security to your browsing and also to prevent the network from hackers. The VPN creates an encrypted channel between the client and the server. The encrypted channel carries data that cannot be decrypted without appropriate keys. Besides internet anonymity, the VPN has many other uses. It can connect a user to a LAN even if the user is not anywhere near the network. The steps on how to set up your home VPN server are as follows.

VPN

Step 1: Prerequisites

Update your system to the latest version to successfully create a VPN.

Step 2: Install OpenVPN

OpenVPN is a Powerful and highly flexible VPN software. The OpenVPN uses all the authentication, encryption, and certificates to implement virtual private network methods. The OpenVPN will be used to create certificates and manage private keys.

Step 3: Configure Network Settings

We need to setup a bridge network to our server to allow the VPN to function.

Open a terminal and type:

Sudo/ nano/etc/network/interfaces

This command allows you to edit the interfaces files of the server. The file should have only two lines. If it has more lines in it, ensure to comment those with a hashtag (#). After you finished typing the comments, press Control + O and enter to save changes. Press control + X to exit.

auto lo

iface lo inet loopback

#these commands are used to create a bridge for OpenVPN

Auto br0

Iface br0 inet static

address 192.168.2.50

#the above-specified IP address needs to be replaced by your servers’ IP address

netmask 255.255.255.0

#Thenetmask need not be changed.

Gateway 192.168.101.1

#this refers to the default gateway of your router.

bridge_ports eth0

#this line creates a bridge to your Ethernet connection for OpenVPN

Iface eth0 inet manual

upifconfig $IFACE 0.0.0.0 up

upip link set $IFACE promise on

downip link set $IFACE promise off

downifconfig $IFACE down

 

Step 4: Forwarding

IPv4 needs to be enabled which allows the client on the VPN to browse the internet. Open the terminal and type:

sudonano /etc/sysctl.conf

 

Step 5: Create the server key and certificates

The certificates that are created in this step will allow the server to authorize clients trying to access the VPN.

Create a Easy-rsa folder, Open terminal on the server and type:

sudomkdir /etc/openvpn/easy-rsa/

To get the example certificate files from directory to the newly created directory.

sudocp –R /usr/share/doc/openvpn/examples/easy-rsa/2.0/*/etc/openvpn/easy-rsa/

To change the ownership of the files use the chown command.

sudochown –R $USER /etc/openvpn/easy-rsa/

 

Step 6: Create client certificates

Client certificates allow client devices to access VPN servers. In the terminal enter:

cd/etc/openvpn/easy-rsa/

then prepare the vars script:

sourcevars

to create client certificates:

KEY_CN=client  ./pkitool client

The word client can be replaced by any name the user assigns to the client device.

Press alt+f2 to copy these as root files.

/etc/openvpn/ca.crt

/etc/openvpn/ta.key

/etc/openvpn/easy-rsa/keys/client.crt

/etc/openvpn/easy-rsa/keys/client.key

Step 7: Create server VPN scripts

VPN scripts need to be created to bring up the VPN network. In the terminal enter:

Sudonano /etc/openvpn/up.sh

A blank document will be opened in the terminal copy and paste the following text in the document:

#!/bin/sh

BR=$1

DEV=$2

MTU=$3

/sbin/ifconfig $DEV mtu $MTU promisc up

/sbin/brctladdif $BR $DEV

After finishing press Control + o to save changes and control + X to exit. Now to create the down script, enter the following in the same terminal:

Sudonano /etc/openvpn/down.sh

Copy and paste the following text:

#!/bin/sh

BR=$1

DEV=$2

/sbin/brctldelif $BR $DEV

/sbin/ifconfig $DEV down

Once finished press Control + O to save the changes and to exit press control + X.

We still need to make the script executable. Enter:

Sudochmod 744 /etc/OpenVPN/down.sh

Sudochmod 755 /etc/OpenVPN/up.sh

 

Step 8: configure OpenVPN settings

There are various things to be changed in the configuration line. In a terminal enter:

sudocp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/

sudogzip -d /etc/openvpn/server.conf.gz

open the config line, enter in the terminal:

sudonano /etc/OpenVPN/server.conf

Step 9: Install and configure OpenVPN on Ubuntu Linux

In a terminal on the client server enter:

Sudo apt-get installnetworl-manager-openvpn-gnome

Copy the certificates from step 6 to the home directory.

Open the network manager by clicking system settings > network.

Choose OpenVPN as the connection type and click create.

Name the VPN and enter the server’s domain name.

Open client.crt file, ca.crt file and client.key in the private key field.

Click advanced

Check the use LZO data compression check box

Check the use a tap device check box

In the general tab, uncheck all users may connect to this network check box

Open the ta.key file.

Set the direction of the key to 1.

Click OK to save the advanced settings.

There should be an OpenVPN GUI icon on your desktop. Find the icon in the system tray. Right click and connect. The program will now connect you to your VPN server.

No Comments

Post A Comment