If you require a secure connection to protect your computer and personal information from dangerous malware, then using a VPN is a good way to start. A virtual private network does not only mask your identity over the web so your internet activity cannot be traced to your device, but it also offers you access to geo-restricted sites such as Netflix. So you can actually enjoy restricted content from around the world, and still have your back covered from spying. Cool, isn’t it?
So you just tried out Linux operating system because of some recommendation from a friend or expert. That was a smart choice, considering that Linux is believed to be more reliable in terms of security and stability, than its Windows counterpart. So you are wondering, how can I setup a VPN for Linux? No worries, we are going to take you right through that.
VPNs come in two solutions; the OpenVPN and the PPTP VPN. We will guide you on how to setup a VPN on Linux, with both OpenVPN and PPTP. We are also going to assume an Ubuntu system though this method should also work with any of its derivatives.
Setting up VPN for Linux with OpenVPN
We can also setup a VPN on Linux with OpenVPN. The OpenVPN is a very flexible VPN daemon. It is portable on major OS, scalable to multiple users, possibly thousands, supports SSL/TLS security, Ethernet bridging, and dynamic IP addresses. Just as we did for PPTP, we shall configure both the server side and client side.
Server side setup
- Firstly, install the OpenVPN package.
$ sudo apt-get install openvpn
Utilize the package manager for your distribution. If yum is your package manager, enter
$ yum install openvpn
- Create a directory in “/etc/openvpn”. Then copy the contents of “easy-rsa” to the directory. This ensures that when the package is upgraded, changes to the scripts will not be lost.
$ sudo mkdir /etc/openvpn/easy-rsa $ sudo cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/*/etc/openvpn/easy-rsa
- Now, assign current user as owner.
$ sudo chown –R $USER /etc/openvpn/easy-rsa/
- Specify /etc/openvpn/easy-rsa/vars for your locality
export KEY COUNTRY=”IN” export KEY PROVINCE=”TN” export KEY CITY=”CHN” export KEY ORG=”tgs” export KEY
- Create the Root Certificate.
$ cd/etc/openvpn/easy-rsa/ $ source vars $ . /clean-all $ ln –s openssl-1.0.0.cnf openssl.cnf $ . build-ca
To enable server and client authenticate each other, create a Public Key Infrastructure to ca.key. You will be prompted to enter your Distinguished Name. Some fields will have default values.
Country Name (2 letter code) [IN] : State of Province name (full name) [TN] : Locality Name (eg, city) [CHN] : Organization Name (eg, company) [tgs] : Organizational Unit Name (eg, section) [changeme] : Common Name (eg, your name or your server’s hostname) [changeme] : Name [changeme] : Email Address [[email protected]] :
The files ca.key and ca.crt can be found inside /etc/openvpn/easy-rsa/keys/, as soon as ./build-ca is completed. The .key files should be kept confidential.
- Create certificate for OpenVPN server
$ /etc/openvpn/easy-rsa/build-key-server vpnserver
You will have the following prompts:
Sign the certificate? [y/n] : y 1 out of 1 certificate requests certified, commit? [y/n] : y
- Create Certificate for Client
You will have to create the certificate for each client. This command also creates key files for the client.
$ ./build-key vpnclient1
The hostname of the client is vpnclient1.
Sign the certificate? [y/n] : y 1 out of 1 certificate request certified, commit? [y/n] y
- Creating Diffie Hellman parameters
- Copy the Root Certificate, Server Certificate and Client Certificates from /etc/openvpn/easy-rsa/keys to respective locations.
$ cd/etc/openvpn/easy-rsa/keys/ $ sudo cp ca.crt vpnserver.crt vpnserver.key dh1024.pem /etc/openvpn/ $ scp ca.crt vpnclient1.key vpnclient1.crt [email protected]:/etc/openvpn
- Configure the Server
You will be provided with a default server.conf from where you can make modifications.
$ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server/conf/gz/etc/openvpn/ $ sudo gzip –d /etc/openvpn/server.conf.gz
- Now, edit the “/etc/openvpn/server/conf”
ca ca.crt key vpnserver.key dh dh1024.pem
- Start the OpenVPN server
$ sudo /etc/init.d/openvpn start $ infconfig tun0
Client side setup
- We have to setup client config files. Copy the client.conf to /etc/openvpn
$ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf/etc/openvpn
- Edit /etc/openvpn/client.conf
ca ca.crt cert vpnclient1.crt key vpnclient1.key
- Start the OpenVPN in client
$ /etc/init.d/openvpn start $ ifconfig tun0
- Test the VPN configuration
Ping the vpnserver to test the VPN
$ ping 10.8.0.1
If the ping is successful, then the setup is properly done.
Setting up VPN for Linux with PPTP
To setup VPN on Linux, we will configure first the server side, and then the client side:
Server Side configuration
Your server will be used to allow IP address to the devices connected to the network. To setup VPN on the server side, do the following:
- Update the repositories, using the command
sudo apt-get update
- Install the PPTP package on the server
sudo apt-get install pptpd
The installation should take a few moments.
The pptpd.conf file resides in the path: “/etc/pptpd.conf”.
- Use “nano” to edit the file from the terminal.
Alternatively, you may edit it with a GUI like Gedit:
- Now, you have to assign a local IP to be used within the server, and remote IPs for clients that will connect to the server. Add the following lines to pptpd.conf:
localip 172.20.0.1 remoteip 172.20.0.100-300
- Next, add new users to the VPN server using nano. Add users following the order: client’s name, server, password and IP address. For example,
client1 pptpd password* client2 pptpd password*
Using the asterisk in place of an IP address allows the server to assign any IP address in the specified range, that is, 172.20.0.100 – 172.20.0.300. Alternatively, you can assign the IP addresses yourself.
- At this stage, we strongly recommend that you assign a DNS server. If you choose OpenDNS, add the following IP addresses to the file
ms-dns 22.214.171.124. ms-dns 126.96.36.199 For GoogleDNS, use the IP addresses 188.8.131.52 and 184.108.40.206.
- Now, start PPTPD and wake the daemon. Use the terminal command:
service pptpd start
Edit the file “/etc/systl.conf” to set up proper forwarding. You should have the line “net.ipv4.ip_forward = 1” in the file. Where this is not the case, copy it and paste into the file. Save and update it with the command
- To setup the clients to communicate with each other, add the following rules:
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save
Replace “eth0” with the internet connection used by the server. To find out the internet connection, you can use the commands, iwconfig and ifconfig.
# iptables --table nat --append POSTROUTING--out-interface ppp0 -j # iptables -I INPUT -s 172.20.0.0/20 -i ppp0 -j ACCEPT # iptables --append FORWARD --in-interface eth0 -j ACCEPT
Just as in the first rule, enter the correct internet connection. Now the server side has been setup.
Client side setup
We are going to assume a Debian-based client.
- Firstly, we install pptp on the client, just like we did for the server.
sudo apt-get update sudo apt-get install pptp-linux
- Load the ppp_mppe module with the command
- Create a file for client configuration in the directory “/etc/pptp/peers/”. You will need the file name to connect to the VPN server.
pty "pptp --nolaunchpppd" name computer1 password password remotename PPTP require-mope-128
Let’s assume your filename is “vpncomputer1”, connect to the server with the following command:
pppd call vpncomputer1
To setup proper routing, enter the line
ip route add 172.20.0.0/20 dev ppp0
The above procedure can be repeated to add other clients to the VPN server. And that’s about all it takes to setup a VPN on Linux, with PPTP.
This article describes how you can setup a VPN on Linux, with PPTP and OpenVPN. If you have a Debian based system such as Ubuntu, you can follow the steps described above to setup VPN on your Linux and watch Netflix on Linuxwatch Netflix on Linux.