One of the original goals of this server was using it as an OpenVPN server for securing my WiFi/hotel internet connections while I’m on the road. I used OS X Server’s baked-in IPSec over L2TP VPN for a couple of years, running off of my wife’s iMac, despite Moxie Marlinspike’s 2012 warnings regarding most IPSec over L2TP/ all PPTP VPN solutions. My previous attempts at installing and operating OpenVPN via their outdated MacPorts installation and accessing it using the Tunnelblick client had failed miserably. Of course, upgrading to OS X 10.9 Mavericks caused previous versions of the Server.app to break and the newest version cost another $20 and had a lot of reported VPN errors. Talk about a lose-lose situation. After reading about the latest iteration of OpenVPN vis-a-vis the Access Server configuration and its easy multi-platform access applications, I was ready to try and take the plunge once again.
First things first, I needed a Linux computer and a way to refer to its IP address from the internet. I pressed my old Dell XPS M1530 laptop into service, installing elementaryOS, which is a parallel fork off of Ubuntu 12.04 LTS. I know it’s overkill, but I like having a nice GUI if I want to use one. I’ll probably end up rolling it back to Ubuntu Server before long. Secondly, I needed a way to access it no matter what my ISP set my home’s IP address to. For that, I used my Dyn account to give a hostname for my home IP address. Then I ran the following commands to download and install ddclient to constantly check my home IP address and pushing it to Dyn.
After it downloads and installs, follow the series of prompts with the hostname (whatever.whatever.com), account username, account password, and the interface (probably eth0 if you’re using an ethernet port). Next, edit the configuration file:
Let’s add some lines to ensure that you have a secure connection with your dynamic DNS provider. Make sure you change the username, password, protocol, and server fields appropriately and list as many hostnames as you have pointing to your server, separated by spaces.
1 2 3 4 5 6 7 8 9 10 11 12 13
Next, make sure that
ddclient is set to run as a daemon.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Finally, enter the following to ensure that it’s running as a daemon:
Next, make sure that you have forwarded UDP port 1194 and TCP port 443 on your router if you have Network Address Translation (NAT) enabled. If you don’t know if you have NAT enabled, then you probably do; that’s the default of most home routers. You may need to consult your router’s documentation and/or google for instructions specific to your router. Next, we’ll discuss how to download and configure your OpenVPN Access Server!
UPDATE: Finishing things up on Part 2!