As we know, trusting the public networks might be hard at some point, we never knew who’s eavesdropping our packets and for what. I will be helping you to configure a simple OpenVPN server with decent bandwidth in the cloud.
- * At the time when I was writing the article, Oracle Cloud was running a tier called “Alway Free” which allows us to span 2 instances for free.
Get an account from https://www.oracle.com/cloud/ and get it verified by giving your card details.
Choose a region which feels comfortable to be, like specific geo that you need to access service,
Span an ubuntu minimum config instance
upload or paste your pub-key and create the instance
Once the machine is created, goto
Virtual Cloud Networks (VCN) -> Security List -> Default Security List (Looks similar to AWS, more alike reverse hierarchy )
Create an ingress rule for OpenVPN port
The protocol should be TCP/UDP which you are planning to configure the OpenVPN, I prefer to use TCP since I am looking more into reliability rather than performance, make your choice.
Yeah, Half did… almost there.
SSH to your new instance (username will be ubuntu, grab the IP from the instance page)
The next part is clean-up the iptables rules (i prefer)
#run as rootiptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
The hardest part for some may be the OpenVPN configuration/manageability, But I find something specially crafted against this problem from the Github community,
This script will let you set up your secure VPN server in just a few seconds,
and by default OpenVPN-install script enables to have secure configurations from known “good” practices
curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh#run as root./openvpn-install.sh
for the first time, it will prompt you for the configurations
For the IP address param, either Instance public IP can be given or any DNS name if you have any,
select the default port (1194 which you opened in security groups)
either TCP/UDP (which you configured in security group)
Once it is done, the script drives you to create a client profile (password and password-less).
Profile file will be saved in ubuntu home directory, either cat the file-content or SCP to your host machine
If you wish to have some “control’s” over the VPN like restricting from accessing certain IP’s, you can have your own iptables forward policies which do, like
iptables -I FORWARD -s 10.8.0.1 -i tun0 -d 22.214.171.124/25 -o eth0 -j DROP
Import the profile. Done
You can create additional clients and distribute them to your “loved” one’s.