Virtual Private Network (VPN) creates a secure data tunnel to the internet by routing your traffic through a VPN provider which will forward it on your behalf. This limits your exposure to the internet as your IP address will be concealed from internet services such as Google, Netflix, and Facebook.
With increasing demand for internet privacy, this has led to an explosion of VPN providers such as NordVPN, ExpressVPN and etc. which charges you a monthly fee for their service.
You might be thinking… since VPN is such a useful technology and lucrative business, it must be hard to setup right? The short answer is no, as long as you have basic networking and PC knowledge, this should be a piece of cake.
So if you have spare windows computers or cloud virtual machines, why not create your own VPN server?
Steps to setup OpenVPN
- Installation of OpenVPN Software (Server)
- Generate Certificates and Keys (Server)
- Setup Open VPN (Server)
- Setup Open VPN (Client)
- Setup Port Forwarding
Installation of OpenVPN Software (Server)
- On the server, download the OpenVPN community software from this link
- Activate the installer and click the “customize” button
- Ensure that the OpenSSL Utilities is included in the installation and leave other settings as default.
Generate Certificates and Keys (Server)
- On the server, open command prompt with administrator rights
- Change to easy-rsa directory:
cd "C:\Program Files\OpenVPN\easy-rsa"3. Launch easy-rsa:
EasyRSA-Start.bat4. Create a PKI folder to keep the certificates and keys:
./easyrsa init-pki5. Generate Certificate Authority (CA)
./easyrsa build-ca nopass6. Generate server certificate and key
./easyrsa build-server-full server nopass7. Generate client certificate and key (Repeat this step for new client by replacing client1)
./easyrsa build-client-full client1 nopass8. Generate Diffie-Hellman parameters
./easyrsa gen-dh9. Check that the certificates and key are successfully created in the following locations.
10. Copy the highlighted files to “C:\Program Files\OpenVPN\config” on the server
Setup Open VPN (Server)
- On the server, open command prompt with administrator rights
- Change directory to OpenVPN bin folder
cd "C:\Program Files\OpenVPN\bin"3. Create TLS authentication file
openvpn --genkey --secret "C:\Program Files\OpenVPN\config\ta.key"4. Create a file named server.ovpn and copy the following content into it. Save the file in “C:\Program Files\OpenVPN\config\server.ovpn”
# Define OpenVPN port and protocol
port 1194
proto udp4# Paths to certificates and key (Please check the path)
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh.pem"
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 0# Define Tunnel Type
dev tun# Server's virtual IP network and subnet-mask
server 10.8.0.0 255.255.255.0# Keep alive value
keepalive 10 120# Encryption setting
cipher AES-256-GCM# Route all client traffic through the server
push "redirect-gateway def1"# Setup preferred DNS Server
push "dhcp-option DNS 8.8.8.8"# Default setting
persist-key
persist-tun
verb 3
explicit-exit-notify 1
ifconfig-pool-persist ipp.txt
status openvpn-status.log
5. Here is the snapshot of all the files in the C:\Program Files\OpenVPN\config folder on the server
6. Open up your OpenVPN settings and check if the configuration file path is correct
7. Once everything is set, you can click connect!
Setup Open VPN (Client)
- On the client, download the OpenVPN community software from this link
- Activate the installer and click the “install now” button
- From your server, copy the ca.crt, client1.crt, client1.key, and ta.key to the client PC. Place these files in the C:\Program Files\OpenVPN\config folder on the client PC
- Create a file named client.ovpn and copy the following content into it.
client# Define OpenVPN port and protocol
proto udp4
remote <Server Public IP Address> 1194# Paths to certificates and key (Please check the path)
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\client1.crt"
key "C:\\Program Files\\OpenVPN\\config\\client1.key"
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1# Define Tunnel Type
dev tun# Keep alive value
keepalive 10 120# Encryption setting
cipher AES-256-GCM# Route all client traffic through the server
redirect-gateway def1# Default setting
resolv-retry infinite
persist-key
persist-tun
verb 3
nobind
remote-cert-tls server
5. Change the <Server Public IP Address> to your server public IP address. (On the server, you can check with https://whatismyipaddress.com/)
6. Save the client.ovpn file in “C:\Program Files\OpenVPN\config\client.ovpn” on the client PC
7. Here is the snapshot of all the files in the C:\Program Files\OpenVPN\config folder on the client PC
8. Open up your OpenVPN settings and check if the configuration file path is correct
9. Once everything is set, you can click connect!
Setup Port Forwarding
As our Open VPN server does not have an internet IP address, it cannot establish a VPN connection over the internet. Hence, we have to perform port forwarding on our router to map the incoming internet traffic on port 1194 to our server’s internal IP address so that a VPN connection can be established.
The exact steps to configure port forwarding will be different as we are not using the same router, ip address, and port. However, the configuration workflow is largely similar.
- Access your router configuration page.
2. Go to firewall settings and click port forwarding
3. Fill up your server internal IP address, Port number, and Protocol used for openVPN connection.
4. After saving the port forwarding configuration, you should be able to access your VPN anywhere in the world!
Conclusion
Congratulations! You have successfully created your own VPN server at home. While it may not be useful to create your own VPN within your home network, the skills your learned from this tutorial is definitely applicable to large enterprise network. I hope you enjoyed this mini project as much as I do. Cheers! :)
