vertner.net

How to Install OpenVPN on Your Home Server Part 1

Open to Nobody!Open to Nobody!

One of the original goals of this server was using it as an OpenVPN server for securing my WiFi/hotel internet connections while I’m on the road. I used OS X Server’s baked-in IPSec over L2TP VPN for a couple of years, running off of my wife’s iMac, despite Moxie Marlinspike’s 2012 warnings regarding most IPSec over L2TP/ all PPTP VPN solutions. My previous attempts at installing and operating OpenVPN via their outdated MacPorts installation and accessing it using the Tunnelblick client had failed miserably. Of course, upgrading to OS X 10.9 Mavericks caused previous versions of the Server.app to break and the newest version cost another $20 and had a lot of reported VPN errors. Talk about a lose-lose situation. After reading about the latest iteration of OpenVPN vis-a-vis the Access Server configuration and its easy multi-platform access applications, I was ready to try and take the plunge once again.

Requirements

First things first, I needed a Linux computer and a way to refer to its IP address from the internet. I pressed my old Dell XPS M1530 laptop into service, installing elementaryOS, which is a parallel fork off of Ubuntu 12.04 LTS. I know it’s overkill, but I like having a nice GUI if I want to use one. I’ll probably end up rolling it back to Ubuntu Server before long. Secondly, I needed a way to access it no matter what my ISP set my home’s IP address to. For that, I used my Dyn account to give a hostname for my home IP address. Then I ran the following commands to download and install ddclient to constantly check my home IP address and pushing it to Dyn.

1
sudo aptitude install ddclient

After it downloads and installs, follow the series of prompts with the hostname (whatever.whatever.com), account username, account password, and the interface (probably eth0 if you’re using an ethernet port). Next, edit the configuration file:

1
sudo nano /etc/ddclient.conf

Let’s add some lines to ensure that you have a secure connection with your dynamic DNS provider. Make sure you change the username, password, protocol, and server fields appropriately and list as many hostnames as you have pointing to your server, separated by spaces.

1
2
3
4
5
6
7
8
9
10
11
12
13
# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf

daemon=300
pid=/var/run/ddclient.pid
ssl=yes
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
login=username
password=password
protocol=dyndns2
server=members.dyndns.org
hostname.dyndns.org

Next, make sure that ddclient is set to run as a daemon.

1
sudo nano /etc/default/ddclient
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# Configuration for ddclient scripts
# generated from debconf on Tue Dec 9 19:52:12 EST 2008
#
# /etc/default/ddclient
# Set to “true” if ddclient should be run every time a
# new ppp connection is established. This might be useful,
# if you are using dial-on-demand
run_ipup=”false”

# Set to “true” if ddclient should run in daemon mode
run_daemon=”true”

# Set the time interval between the updates of the dynamic DNS name in seconds.
# This option only takes effect if the ddclient runs in daemon mode.
daemon_interval=”300″

Finally, enter the following to ensure that it’s running as a daemon:

1
sudo /etc/init.d/ddclient restart

Next, make sure that you have forwarded UDP port 1194 and TCP port 443 on your router if you have Network Address Translation (NAT) enabled. If you don’t know if you have NAT enabled, then you probably do; that’s the default of most home routers. You may need to consult your router’s documentation and/or google for instructions specific to your router. Next, we’ll discuss how to download and configure your OpenVPN Access Server!

Here’s what port forwarding looks like on my Apple AirportHere’s what port forwarding looks like on my Apple Airport

UPDATE: Finishing things up on Part 2!

Comments