OpenVPN: How to setup custom and personal VPN

Setup OpenVPN Server on Azure:

https://gist.github.com/proffapt/15cacf6c0abdd5509e5c1b7d2c7a49ce#windows

 

• Get Microsoft Azure
• Create an EC2 instance
• SSH into the remote server
  • Windows
  • Linux & MacOS
• Setup OpenVPN Access Server
  • Gaming Configuration
• Download ovpn files
  • Windows
  • Linux & MacOS
• Connecting to the VPN on client devices
• Budget Control
• Authors

---

Step 1: Get Microsoft Azure

• Avail the Github Student Developer Pack.
• Now navigate to the benefits page and apply a filter for cloud or just click here. Follow the steps to sign up for Azure, and you will receive $100 credits.

Note Although, we could have done it directly using Institute ID on Microsoft Azure. But the afore-mentioned method exposes you to various other possibilities which you might have not even thought of. We chose Microsoft Azure here, if you want you can also choose DigitalOcean or any other cloud platform of your preference.

Step 2: Create an EC2 instance

• Goto Azure portal

• Click on the hamburger menu > Create a resource > Compute > Ubuntu Server 22.04 LTS. Fill in the necessary details in the Basics section.
  

  • Create a new Resource Group & give your virtual machine a name.
    

  • Now about region & disk size.
    First select the cheapest size and then select the region from the available options. A standard B1s size is going to be good enough and will last around 11 months using free credits. Now choose the closest region where the said size is available, which in our case will be South-East Asia. A bigger (aka more costly) size would probably be available in Indian regions.
    
    
    
    

  • Now choose an Authentication method according to your preference.

    • Using ssh keys is more secure but hard to follow.

      Using SSH keys

    • Using password is easy to follow but less secure.

      Using password

• Now, wait for the VM to be deployed. Once the VM is deployed

  • Click Goto Resource.
    

  • Click Configure for the DNS option under Networking.
    

  • Type in any DNS name like your username in the DNS name label field and press Save.
    

Step 3: SSH into the Remote Server

Warning

For this step you will need to switch to a network other than that of campus as PORT 22(default port for SSH) IS BLOCKED ON CAMPUS NETWORK.

SSH steps are drastically different for a Windows client & a Linux/MacOS (*nix) client.
Click on the following links to read about the steps for the client of your interest:

• Windows
• Linux & MacOS

SSHing via a Windows machine

• To make sure your PC has SSH client and server both installed, run the following command on Command Prompt as Administrator.

  Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
  Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

  • Windows also has Powershell and the new Windows Terminal which combines all the different shell environments. So, you can choose one from these as well, but it doesn't matter in this context.

• Now ssh into the remote server

  Using SSH keys
  Using Password

SSHing via a Linux or MacOS machine

• You can ssh via the following methods

  Using SSH keys
  Using Password

Step 4: Setup OpenVPN Access Server

After we have ssh'ed into the machine, we have to set up the OpenVPN Access Server.

• Before that, it's a good practice to update and upgrade your system via

  sudo apt update
  sudo apt upgrade

• Execute the following command

  wget https://git.io/vpn -O openvpn-install.sh && sudo bash openvpn-install.sh

  It will download and execute a script that automates OpenVPN server configuration.
• Keep in mind to update the following options during the setup process & leave the rest in their default state:
  • IP address: Your Public IP for the azure machine.
  • UDP or TCP: Enter 2 for TCP as UDP ports are blocked on campus network.
  • PORT: 443
  • DNS RESOLVER: Enter 4 for OpenDNS.
  • CLIENT: One configuration for one client/device. Name it like pc, mobile, etc.
• The .ovpn file will be stored inside /root directory, copy it into your user's home directory using the following command

  sudo cp /root/client_name.ovpn ~/

  client_name⁴

Note Run the same script to generate new clients (you will need a unique client for each device that’s going to be connected to the VPN), i.e., one .ovpn file one connection.

Configuration for Gaming

Use the TCP_NODELAY option if you are planning to use this VPN for gaming. Execute the following command on the remote VPN server

sudo echo "tcp-nodelay" | sudo tee -a /etc/openvpn/server.conf

Now restart the OpenVPN service using

sudo systemctl restart openvpn.service && sudo systemctl restart openvpn-server@server.service

Step 5: Download ovpn files

Now we have to transfer the .ovpn files generated on the remote server to our local machine. The steps to achieve this are different for *nix (Linux or MacOS) & Windows, refer to the following links to read about the steps for your platform of interest:

• Windows
• Linux & MacOS

Windows

• Download WinSCP a GUI implementation for scp (secure copy) on windows. Open it.

• Click on New Session
  

• Now refer to the procedure mentioned below based on your authentication method.

  Using SSH keys
  Using Password

  • Enter the following login configuration

    • File Protocol: SCP.
    • Host Name: Your remote machine's Public IP address.
    • Port: 22 (Default).
    • Username: Username which you set for the remote machine.
    • Password: Password which you set for the remote machine
      

  • Press Login then YES.

• Select and download all the .ovpn files you created which will be shown on the interface.
  

• Now shut down the WinSCP session

Linux & MacOS

Using SSH keys

Using Password

To start/stop/check status of the OpenVPN server using systemctl:

sudo systemctl start/stop/status openvpn@server.service

Android: Follow either of the aforementioned methods and then transfer the downloaded .ovpn file to your Android device via Telegram/Bluetooth/Mail or whatever to your android device.

Step 6: Connecting to the VPN on client devices

• Android: Download Open VPN Connect app from Play Store. Open the app and after going through the first screen, go to Files tab, there import the .ovpn file, and connect.

• Linux: In most of the distros, you can go to the network manager and import the .ovpn file. If not then install OpenVPN with sudo apt install openvpn and connect using sudo openvpn --config /path/to/config.ovpn.

• MacOS: You can either download the GUI tool tunnelblick for importing the .ovpn file or download the CLI tool for openvpn via MacPorts or HomeBrew using sudo ports install openvpn and brew install openvpn respectively; then execute sudo openvpn --config /path/to/config.ovpn.

• Windows: Download the official OpenVPN Connect client for Windows, import the .ovpn file, and toggle it ON to finally connect - video guide.

Step 7: Budget Control

Warning This is a very important step, to ensure the long-term usability of your credits

• Use only one instance.
• Bandwidth is free up to $100 credits, so it's better not to waste resources on the VPN.

Note If in any case, you have to stop an instance forcibly, do it; to be on the safer side.