A Virtual Private Network (VPN) allows you to surf using “untrusted” networks privately and securely to your server as if you were on a secure and private network. Once you make the secure connection to your server, it then makes the network request (from the server) and returns the results, on the secure line, back to the destination.
OpenVPN is a full-featured open source Secure Socket Layer (SSL) VPN solution that accommodates a wide range of configurations. Here you will see how to set up an OpenVPN server then configure access to it from Windows and Android.
Set up your own Certificate Authority (CA)
The first step is to establish a PKI (public key infrastructure). The PKI consists of:
a separate certificate (also known as a public key) and private key for the server and each client
a master Certificate Authority (CA) certificate and key which is used to sign each of the server and client certificates.
Generate Server Config
Create /etc/openvpn/udp1194.conf and add the following
Generate Client Configuration
You will use the generated client.ovpn file on your client machine. The file will used as the client configuration file.
Create /etc/openvpn/client.ovpn with the following
This is a sysctl setting which tells the server’s kernel to forward traffic from client devices out to the Internet. Otherwise, the traffic will stop at the server. Enable packet forwarding during runtime by entering this command:
We need to make this permanent so the server still forewords traffic after rebooting. Open /etc/sysctl.conf in your editor and make sure the following line is uncommented.
To allow connections through the server iptables
Create /etc/network/if-up.d/iptables and enter the following and save.
Make sure its executable with:
Copy the client.ovpn (in /etc/openvpn) to you client and use it in the OpenVPN GUI