Part 1 – the basics
In addition to using third party VPN providers, we have shown you how to turn your own PC into an OpenVPN server using free Hamachi and Privoxy software. Another popular VPN option is to rent a VPS, and run that as a VPN server.
A Virtual Private Server (VPS) is more or less exactly what it sounds like – you rent some of the resources on a physical server run by a VPS company, which provides a closed environment that acts as if it was a complete physical remote server. You can install any operating system on a VPS (as long as the provider allows it), and basically treat the VPS as your own personal remote server.
In Part 1 (basics) of this tutorial we will show you how to install OpenVPN Access Server software onto a VPS running CentOS 6 (a popular Linux distribution offered pre-installed by most VPS providers), and how to connect to it using the OpenVPN Connect client.
In Part 2 (advanced) we will show you how to build OpenVPN certificates so that peers can securely authenticate with each other, and you can connect to the server using the regular OpenVPN client. We will also explain how to change the encryption ciphers used.
Advantages of VPN on a VPS
- Acts as a proxy server, so great for accessing georestricted services as long the VPS is located in the country you wish to access the services from
- The VPS provides a private IP address, so the IP address will not be blocked by services such as Hulu, or by most firewalls. This makes it a great anti-censorship option (and will work against IP blocks in China, although will not defend against other censorship measures such as packet sniffing)
- All traffic between your computer and the VPS goes through an encrypted VPN tunnel. As long as the VPS is located outside an adversary’s area of influence (for example if someone in Iran wishes to evade government censorship and so sets up a VPS server located in Europe) it will provide a high degree of privacy
- VPN on VPS also protects against hackers when using public WiFi hotspots
- Can be cheaper than VPN.
- Because the VPS provides a static IP address that belongs to you, a global adversary (such as the NSA or police forces with an international reach) can easily trace internet activity back to you
- Not suitable for copyright piracy – copyright holders will send DMCA notices (and similar) to your VPS provider. Unlike VPN providers who often keep no logs and use shared IPs to shield customers from these, VPS providers almost all take very dim view of piracy, and will likely shut down your account (and very possibly pass on your details to the copyright holder)
- Not for the technically fainthearted – we hope to make the setup process as painless as possible with these tutorials, but it does require a reasonable degree of technical know-how, and will require getting our hands dirty with a command line.
What you will need
- A VPS server with CentOS 6 (32- or 64-bit) installed, and a minimum of 218MB RAM. We may review suitable VPS services in the future, but for this tutorial we have chosen VPSCheap.net – mainly because it offers VPS plans from $1.99 per month
- An SSH client – OSX and Linux users have one already, in the form of Terminal. Windows users can download the excellent PuTTY (which we use for this demo).
Installing OpenVPN Access Server on the VPS
1. Open your SSH client and connect to your VPS server using the IP address supplied by your VPS provider.
2. Login as root and enter the password you were given by your VPS provider. Note that in PuTTY the typed password remains hidden, so just type it and hit <enter>.
If tap/tun is enabled you should receive the response: cat: /dev/net/tun: File descriptor in bad state
4. Next we need to download the OpenVPN Server Access package. Enter:
wget http://swupdate.openvpn.org/as/openvpn-as-2.1.4-CentOS6.i386.rpm (CentOS 6 32-bit) or
wget http://swupdate.openvpn.org/as/openvpn-as-2.1.4-CentOS6.x86_64.rpm(CentOS 6 64-bit)
Note that these links may change as the OpenVPN software gets updated. Please see the official OpenVPN CentOS downloads page for the latest links.
You should see the response pictured below.
rpm -i <package name>
e.g. rpm -i openvpnas-1.8.5-1.centos6 x86_64.rpm
6. Setup a password. Enter passwd openvpn, and whatever password you want at the prompt (and again to confirm it).
7. Paste the Admin UI address into your web browser (from step 5 above), and enter Username: ‘openvpn’ and whatever password you selected into the Admin Login (you may need to ‘Agree to end User License Agreement’ the first time you login).
Connecting to your VPS using OpenVPN Connect
We now need to setup OpenVPN at your end. OpenVPN Connect is a VPN client that creates a simple OpenVPN connection between your PC and the VPS server, without the need for certificate authentication.
By default, the connection is protected by 128-bit Blowfish Cipher-Block Chaining (BF-CBC) encryption. The Blowfish cipher was created by Bruce Schneier, who has since recommended switching to stronger standards such as AES. However, for most purposes it is fine (and in part two of this tutorial we show you how to change encryption ciphers.)
1. Paste the Client UI address into your web browser (from step 5 above), ensure that ‘Connect’ is selected from the dropdown menu, and enter your Username (‘openvpn’) and password.
The correct client for your OS should download automatically. If this does not happen for any reason, reload the page and you will be offered a choice of OpenVPN connect clients (including for iOS and Android.)
We popped along to ipleak.net to test everything was working properly, and our IP address appears to be that of our VPS. Yay!
Once you are finished here, check out Part 2 of this tutorial, in which we learn how to add other users, and improve security by changing the encryption cipher and building our own OpenVPN certificates.