Getting, setting-up and testing a VPN accountIn all the VPN systems, there is one computer set up as a server (in an unrestricted location), to which one or more clients connect. The set up of the server is out of the scope of this manual and the set up of this system is in general covered by your VPN provider. This server is one of the two ends of the encrypted tunnel. It is important that the company running this server can be trusted and is located in an area you trust. So to run a VPN, an account is needed at such a trusted server. | |
Please keep in mind that an account can often only be used on one device at a time. If you want to use a VPN with both your mobile and laptop concurrently, it is very well possible you need two accounts. | |
An account from a commercial VPN providerThere are multiple VPN providers out there. Some will give you free trial time, others will begin charging right away at an approximate rate of €5 per month. Look for a VPN provider that offers OpenVPN accounts - it is an Open Source, trusted solution available for Linux, OS X, and Windows, as well as Android and iOS. | |
When choosing a VPN provider you need to consider the following points: | |
There are several VPN review oriented places online that can help you make the right choice: | |
http://www.bestvpnservice.com/vpn-providers.php | |
Setting up your VPN client
„OpenVPN [..] is a full featured SSL VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate GNu/Linux, OSX, Windows and environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/or private cloud network resources and applications with fine-grained access control.“ | |
There are a number of different standards for setting up VPNs, including PPTP, LL2P/IPSec and OpenVPN. They vary in complexity, the level of security they provide, and which operating systems they are available for. Do not use PPTP as it has several security vulnerabilities. In this text we will concentrate on OpenVPN. It works on most versions of GNU/Linux, OSX, Windows. OpenVPN is TLS/SSL-based - it uses the same type of encryption that is used in HTTPS (Secure HTTP) and a myriad of other encrypted protocols. OpenVPN encryption is based on RSA key exchange algorithm. For this to work and in order to communicate, both the server and the client need to have public and private RSA keys. | |
Once you obtain access to your VPN account the server generates those keys and you simply need to download those from the website of your VPN provider or have them sent to your email address. Together with your keys you will receive a root certificate (*.ca) and a main configuration file (*.conf or *.ovpn). In most cases only the following files will be needed to configure and run an OpenVPN client: | |
Based on a particular configuration, your VPN provider might require a username/password pair to authenticate your connection. Often, for convenience, the username and password can be saved into a separate file or added to the main configuration file. In other cases, key-based authentication is used, and the key is stored in a separate file: | |
In most cases, unless otherwise necessary, you don't need to change anything in the configuration file and (surely!) do not edit key or certificate files! All VPN providers have thorough instructions regarding the setup. Read and follow those guidelines to make sure your VPN client is configured correctly. | |
NOTE: Usually it's only allowed to use one key per one connection, so you probably shouldn't be using the same keys on different devices at the same time. Get a new set of keys for each device you plan to use with a VPN, or attempt to set up a local VPN gateway (advanced, not covered here). | |
Download your OpenVPN configuration and key files copy them to a safe place and proceed to the following chapter. | |
Setting up OpenVPN clientIn the following chapters some examples are given for setting up OpenVPN client software. On any flavor of GNU/Linux use your favorite package manager and install openvpn or openvpn-client package. | |
If you want to use OpenVPN on Windows or OSX, have look at: | |
http://openvpn.se (Windows interface) |