Virtual private network (VPN) contains the word “private network” and “virtual”. During the time of the writing of this article, a public network is just another term to the Internet while private networks are outside of the Internet. Example nodes residing in the public network are Google and Youtube. Example nodes residing in the private network are clients or users accessing Google and Youtube. This situation exists because the current Internet infrastructure is too small to host all the computers in the world. Therefore, clients and users are mostly outside of the Internet where they need to go through mediaries to communicate with those in the Internet, I like to call them gateways (see my simple introduction to computer network to understand the basics).
While the Internet or public network is like the streets and outside world where we can go out and travel, a private network is like our house where it is private and only us can enter. A vritual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Analogically, it is like an open house where other people can enter but ofcourse with the permission of the house owner. For example, when we are at home or outside but we need to access our office’s internal network, we usually need to run back to our office, but with VPN, we can access on the spot.
When we enter a VPN, we are subjected to different rules. It is unfortunate that most Internet connection today have enforcers. When we want to access a website, we always ask that enforcer and the result is whether we are granted access or not. The role of VPN other than privacy is censorship resistance. When we go to a VPN, our enforcer changes or if we are lucky, we have our enforcer removed. For example in Indonesia, access to anime, manga, and reddit are prohibited, but if we access from Japan, it is granted. Then what is the difference between VPN and proxy server? Proxy server is just one server while VPN is a whole network which contains routes and servers.
Setting VPN Client
Interestingly, setting a VPN can either be easier or harder than setting dns and proxy. That is because there are different choices unlike dns or proxy where simply just inputing numbers. It is easier because there are many ready applications available where the steps are just installing and run. It is harder if you choose to set the configuration manually which can involve more than just setting the VPN server’s IP address.
Ready VPN Application
As the word “ready”, these kinds of VPN applications only needs to be installed and run to enjoy bypassing censorships. In Windows, you can try finding from Microsoft Store. In Linux, check your own package manager. In Android and IOS you can search their respective stores. Generally, you can find portable archives or go for installable files. Ready VPN application are also available in form of browser extensions.
There are many ready applications out there. Leave a comment you know a good onw. To prevent this article from becoming to long, I can only advice you to search the search engine such as Google to find the VPN the you want. Example search terms: “vpn”, “free”, “Windows”, “Linux”, “Android”, “United States”, “Japan”, “Indonesia”, “Europe”, “China”, etc.
Manual VPN Clients
If you search for “free vpn list” on search engine, you may stumble upon a website that give a list of open vpns for example https://www.freeopenvpn.org. If they provide you a profile that you can use with just a click, that’s great. However, if you are given configuration details that you have to write yourself, or use default or other vpn clients, you need to set them correctly. Usually, there are more than just IP address and port for example, transport protocol, compression, and certificates.
When you try free VPN, you may find disatisfaction. A VPN can be slow because your browsing perception is based on the slowest part of the whole network connection. If the VPN is slower, that you will perceive a slow connection eventhough your main connection is fast. On the other hand, you will also feel slow if your main connection itself is slow even if you use a fast VPN.
Another factor, is the privacy and security which I’m skeptical about for most free VPN. Sure that VPN may provide no or different censorship, and privacy from the main surveilance but you maybe monitored deeply by the administrators of the VPN themselves. If not, who knows if their security is low that other people can easily monitor and steal your private data. Therefore, it is not recommended to expose private data such as inputing username and password on a login form.
Therefore, there are premium or paid VPNs where they generally provide quality at a price. If you are a skilled technician, then you can test whether the VPN is good quality or not. If not, then you have to research yourself such as see if there are licenses or certificates on their VPNs, read people’s reviews, and how long have the VPNs been running.
Building OpenVPN Server Linux
If you want a single script building which is the simplest way, you can try pivpn. I built openvpn server a few times but I just cannot completely remember the steps, maybe because I have not repeated it enough. I will be honest, the reason I wrote and record my computer tutorials is mainly for myself to remember when I need to do them again. But, why not share them with everyone else by publishing them online and I was surprised that I can monetize them. Now, going back to OpenVPN server on Linux, the detailed steps may seem overwhelming for beginners but the overview is actually only a few which are:
- Install openvpn server and certificate authority creator.
- Create certificates, server key, and client keys.
- Configure the openvpn server which includes linking the certificates, use compression or not, allow clients to access the Internet through the VPN or not, etc.
Installing OpenVPN Server and Certificate Authority Creator
I was using Debian based Linux like Ubuntu:
sudo apt install openvpn easy-rsa
Become an administrator for example using the command:
Create an certificate directory for openvpn, work there, and configuration samples from easy-rsa share directory:
cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/
Edit “/etc/openvpn/easy-rsa/vars” and fill in at least the lines that are not commented and edit the names and information as you see fit. There are instructions you can read within the file. Then generate certificate authority (CA).
Generate a private key for the server. Name it whatever you want but keep it consistent through out the installation.
Generate Deffie Hellman
Generate client certificates and keys for as many clients as you want. After generating, you can copy the “ca.cert” and all client certficate and keys to the clients. I’m not sure whether you can use the same cert and keys for the multiple clients but you can generate them by repeating the following commands:
All keys and certificates are in the “keys/” subdirectory. You can leave them there but remember to specify the correct paths in the configurations. If not, then just copy to “/etc/openvpn” subdirectory:
cp myservername.crt myservername.key ca.crt dh2048.pem /etc/openvpn/
Configuring OpenVPN server
Configuration examples of both client and server are available on “/usr/share/doc/openvpn/examples/sample-config-files”. You can reuse and edit the example server configuration:
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gzip -d /etc/openvpn/server.conf.gz
Edit “server.conf” as you see fit, explanations of how to edit them are available within the file. Just make sure the configuration is consistent to your inteded client configuration. For example, if the server does not use compression while the client uses compression then communication will not work and vice versa. Here’s an example of my server configuration:
server 10.8.0.0 255.255.255.0
keepalive 10 120
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 220.127.116.11"
The last four lines are my own additional where I want the VPN to find the local network 192.168.0.0 attached to it and allows connection between clients. The last two lines are probably the ones you want to add which is to allow the use of Internet connection of the VPN and add 18.104.22.168 Google DNS. Next is to edit “/etc/sysctl.conf” to allow port forwarding by setting “#net.ipv4.ip_forward=1”. Finally, reload sysctl and start or restart openvpn server:
sysctl -p /etc/sysctl.conf
systemctl start openvpn@server
OpenVPN in Client
At first I used tunnel bear in Indonesia to access my entertainments which are manga, manhua, manhwa, and anime but eventually, I ran out of quota. Luckily, my appartment in Japan provides a dynamic public IP address in my apartment and I was able to install an openvpn server during those periods. So, I connect to that server which is suprisingly, more reliable then tunnel bear, probably because I was the only one using it.
OpenVPN client Linux
You can either use the network manager or install openvpn just like you install on the server (only “apt install openvpn”). If you use the network manager, input the keys and certificates, username and password if you set, and go to advance and make sure you match the configuration to the server. One difference will make it unconnectable. If you install openvpn, just copy the sample client configuration to the openvpn configuration subdirectory:
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
Match the client configuration to the server with the differences are declaring the configuration file as client along with the client certificates and keys and inform the hostname or address of the remote openvpn server:
remote 0fajarpurnama0.ddns.net 1194
Then start the openvpn client:
systemctl start openvpn@client
OpenVPN client Windows
It’s more convenient to rename the “client.conf” to “client.OVPN” where for some reason, the extension must be in capital letter to work. You can keep it in the same directory as the certificates and keys, but it is more convenient to have them embeded into “client.OVPN”:
remote 0fajarpurnama0.ddns.net 1194
keepalive 5 10
verb 3-----BEGIN CERTIFICATE-----
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
-----END CERTIFICATE----------BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
You can now carry that .OVPN file anywhere with you. Next is to download the openvpn client for Windows if your Windows default client does not support.
OpenVPN client Android
Same method as Windows, get your .OVPN file and download openvpn client for Android.