Featured Post
The whole point in this post is to run your own VPN service, and allow you to connect remote devices to your home network.
To start off yo…
Showing posts with label vpn.
Showing posts with label vpn.
The whole point in this post is to run your own VPN service, and allow you to connect remote devices to your home network.
To start off you need to choose a server that is going to be always available, or at least you should try to do that. Next thing is to install OpenVPN on the server and configure it, this can be done in no time at all with the help of the following site:
The first command you are going to need to do is as follows:
This downloads and executes the installation script, I had to run this as sudo, so:
This script will take you through a variety of questions where you are prompted for entry, in most cases the default option will be appropriate and filled – however if you are running behind a firewall (which you probably will be, I’d like to point out a couple of gotchas).
The IP address of the local machine should indeed be the local IP, there are other sites that suggest this should be the WAN IP of the server, that’s fine if the server has direct access to the internet – which mine does not, since it is behind the firewall I choose the local IP so it configures the correct interface to be monitoring.
Next major question is configuring your external IP if you are behind a NAT, honestly you should be using a FQDN and not an IP – check out my previous post on dynu.com options []
Once you are finished answering the questions you are ready to make client profiles, run the installer again and you will be prompted a variety of options, you are going to want to add a user:
1) Add a new user
2) Revoke an existing user
3) Remove OpenVPN
4) Exit
Now that you have OpenVPN server installed in Ubuntu, and a client profile created for your device – all you have to do is setup any port forwarding required to the OpenVPN server.
So in my case I setup a rule to forward all 1178 (1194 if you followed the default options) UDP VPN requests from my external IP address to the local IP address of the server running OpenVPN. This was done at my cable modem/router.
That’s it, you’re done. Let me know if you have any questions or comments below – feel free to donate/tip the creator of the script on the following site:
So as you may have read in earlier posts – I did a complete reinstall of my NAS4Free server and setup all services running on it. Here in this post I will describe the steps required to install OpenVPN on your NAS4Free server, and configure it to start automatically on bootup.
First let’s determine an appropriate location to install the temporary files for installation:
setenv PKG_TMPDIR /mnt/Data/tmp/
Next let’s install all the required components: curl, expect:
pkg install openvpn
pkg install curl
pkg install expect
Typing the following command will update yourr shell session with the new commands available based on the installed packages:
rehash
Move openvpn file so it does not get executed every time thesystem is started, otherwise your boot process will stop and you will be prompted for a username/password. NAS4Free executes all the files inside “rc.d” folder on startup.
mkdir /usr/local/etc/openvpn
mv /usr/local/etc/rc.d/openvpn /usr/local/etc/openvpn/
Edit startup settings and add OpenVPN support:
nano /etc/rc.conf
Add the following:
openvpn_enable=YES”
And ONE of the following, this is based on your VPN provider (check the opvn file contents to determine which to use):
openvpn_if=”tun”
openvpn_if=”dev”
Now retrieve the relevant information from your VPN provider: certificates, location, configuration files etc. Rename the certificate (*.crt) and chosen location (*ovpn) to openvpn.crt and openvpn.conf, and copy *.pem file.
Install certificates (.crt) and location (.ovpn) files:
mkdir /usr/local/etc/openvpn
mv openvpn* /usr/local/etc/openvpn/
mv *.pem /usr/local/etc/openvpn/
Make sure the certificate authority configuration line (ca) is set to openvpn.crt by editing the following file:
nano /usr/local/etc/openvpn/openvpn.conf
Now it’s time to test OpenVPN and make sure you have an appropriate IP.
/usr/local/etc/openvpn/openvpn start /usr/local/etc/openvpn/
curl icanhazip.com
The curl command should return your NAS’ new WAN IP, and this should be different to your regular WAN IP – as it should be now based on the location file you provided.
Now we need to configure OpenVP to start and connect on startup, so let’s create an auto-sign-on script, and make it executable:
nano /usr/local/etc/openvpn/autosignon
chmod +x autosignon
Paste the following, and edit username and password to match your details, for your VPN provider:
#!/usr/local/bin/expect -f
set force_conservative 0
spawn /usr/local/etc/openvpn/openvpn start /usr/local/etc/openvpn/openvpn.conf
match_max 100000
expect -exact “Enter Auth Username:”
send “YOUR USERNAME”
send “\r”
expect -exact “Enter Auth Password:”
send “YOUR PASSWORD”
send “\r”
expect eof
Add the following command script PreInit (System|Advanced|Command Scripts) via your NAS4Free web interface:
/usr/local/etc/openvpn/autosignon
Reboot your machine and you should be automatically connected to your VPN service.
Set the temporary directory for the packages, as well as the site to fetch packages from (if you are installing onto a 32 bit system change “amd64″ to “i386″):
setenv PKG_TMPDIR /mnt/Data/Extensions/tmp/
setenv PACKAGESITE “http://ftp6.us.freebsd.org/pub/FreeBSD-Archive/ports/amd64/packages-9.0-release/Latest/”
Install OpenVPN:
pkg_add -rv openvpn
Move openvpn file so it does not get executed every time when system is being started, otherwise your boot process will get stopped and you will be asked for a username/password. NAS4Free executes all the files inside “rc.d” folder on startup.
mv /usr/local/etc/rc.d/openvpn /usr/local/etc/openvpn/
Install Certificates and .ovpn files.
mkdir /usr/local/etc/openvpn
Download your certificates *.crt as well as *.ovpn , rename them to *.crt->openvpn.crt and *.ovpn->openvpn.conf copy them using WinSCP to /usr/local/etc/openvpn/
Once copied edit the openvpn.conf and you should see something like that:
client
dev tun
proto udp
remote 11.170.97.173 443 # – Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca openvpn.crt
auth-user-pass
comp-lzo
verb 3
Add the following line to openvpn.conf, so passwords aren’t stored in memory:
auth-nocache Don’t use auth-nocache, as renegotiation after timeout will fail.
Just make sure after “ca” there is openvpn.crt, also check the 2nd line if you have got dev tun or dev tap
Test OpenVPN connection:
/usr/local/etc/openvpn/openvpn onestart /usr/local/etc/openvpn/openvpn.conf
Download the following torrent to make sure your legal torrents are downloaded privately:
Edit rc.conf to enable OpenVPN. Open up your NAS’ web interface and head to System > Advanced > rc.conf and add the following variables:P
openvpn_enable with a value of YES
openvpn_if with a value of tun or tap depending on the contents of openvpn.conf
Now we need to make it autostart, so back to SSH:
pkg_add -r expect
nano /usr/local/etc/openvpn/autosignon
In the file just insert:
#!/usr/local/bin/expect -f
set force_conservative 0
spawn /usr/local/etc/openvpn/openvpn start /usr/local/etc/openvpn/openvpn.conf
match_max 100000
expect -exact “Enter Auth Username:”
send — “YOUR USERNAME!\r”
expect -exact “Enter Auth Password:”
send — “YOUR PASSWORD!\r”
expect eof
Save your changes and make that script executable by running the following command:
chmod +x autosignon
AUTOSTART OPENVPN
In NAS4Free webGUI, navigate to: “System|Advanced|Command scripts” and insert the following start-up command (PreInit):
/usr/local/etc/openvpn/autosignon
CONFIGURE FIREWALL
So this is a bit hit or miss for me, I almost feel like I am having to restart my NAS4Free box before I see the changes from the firewall applied.
My VPN provider doesn’t have a list anymore for which IPs they assign, so I just have to kinda guess.
The purpose of the firewall is to provide detection if the event of the VPN service going down, and by protection we mean – no external connection.
If you wish to test your NAS4Free box IP directly from command line, install curl.
pkg_add -rv curl
Then enter the following:
curl ifconfig.me
But you can also check your torrent client directly too!
9/15/2014 Update: CHange torrent IP tracking address.
I just bought myself the WNR3500L from Netgear, because it ca be flashed with custom firmware – which is great. My old buffalo router could do the same, and I used Tomato.
I decided, new router, new firmware… not such a stunning idea. My immediate issues with DD-WRT over Tomato:
Other than these inconveniences I like it, I will update this as I find the time and move forward. I am sure DD-WRT will become more user friendly, but I expected more from it – especially the way everyone rave about it. For now I would tell ppl who are looking into these firmwares to go with Tomato.
So I have been thinking a lot about VPN, I want to securely access my home network and VPN is the best way to do that.
As I have mentioned in previous post I use
on my router. This free software allows me to adapt my . One of the variants out there for Tomato firmware allows me to run an
server from the router.
Using this
I would have the ability to connect securely and become part of my network from anywhere in the world. This got me thinking a little more…
I have a small portable
solution, running on Ubuntu, if I had a VPN server up and running on my router I could configure the VPN client on Ubuntu to securely connect and be part of my network – allowing me to stream my content securely/encrypted anywhere in the world!
Subscribe to:
Labels
Blog Archive
Links