OpenVPN Quick Setup
Published: February 22nd 2017
Until the death of a motherboard fairly recently I had an SSH tunnel setup to connect to my home network for the purposes of accessing data, checking cameras and solving issues for the family remotely. This week I carved some time out to set up the remote connection again after having rejigged the network the other week.
I was about to head down the path I previously walked when I figured I'd have a quick look at alternatives that would get me going and provide access on multiple devices easily ( for phone, tablet, laptop etc. ) with some degree of easy control.
I stumbled onto OpenVPN ( link to info here ) and found it to be a simple and customisable setup on linux platforms which was just what I required. Whilst not being the most easily client-configurable option there is out there, it met the requirements I had and the openvpn client works on Android, iOS, Mac, Linux, Windows platforms.
The quick three-line command prompt setup generates all the configuration to set up a nice web interface for you to access. My setup uses an older x86 system on my network running Debian with the usual security setup and ufw running. The wget command to grab the correct install package for your own systems you will have to verify with the OpenVPN download area.
dpkg -i openvpn-as-2.1.4-Debian7.amd_64.deb
Set your password up (best to have something nice and random, but easy enough to remember as you'll need this each time you connect to your VPN to log into the web front-end or grab the connection file)
This command set grabs the installation package, installs it on my Debian system and then generates the default password which is used for accessing the web interface.
From this point forward, you can jump into the generated HTTPS interface.
Web Interface Configuration
In your web browser head to https://myvpnboxIPaddress
In the configuration interface you will have to set up your hostname as the DNS entry your home box will be available on, e.g. MySuperSecretHomeVPNConnection.net - and not the IP Address of your local network IP.
If you wish to you can generate and import your own certificates and lock down your interface further now is the time
to go ahead and browse through your available options.
A good option to ensure is ticked is to route all web traffic through your VPN ( instead of split-tunnel traffic ) especially if you want to ensure the open network you might be on cannot easily view what you are accessing on your computer while you have a cup of coffee!
Area to check: Verify the IP address ranges that the system is undertaking NAT with to make sure it doesn't clash with your own range.
To provide access to the VPN service from the outside world you will either have to shove your box into a DMZ on your
router or port-forward TCP 443 and UDP 1194 to your box.
It's a good idea to make sure all your operating system security updates are current and remain fully patched to reduce any unnecessary attack surfaces seeing as you're exposing systems to the Internet.
On most home routers you can configure stronger firewall rules and anti-port-scanning which is advisable as a first-line defence. While you're in your settings you can configure that.
Once you connect to your box from outside you can log in and then download the client settings.
With your client settings you import them into the app and input your username & password.
So there we have it - a quick VPN solution which works pretty well and allows you to create some form of secured web traffic when you are out-and-about.
Plex Media Server and NAS SMB Mount