Computers‎ > ‎

Creating a VPN server for secure browsing

posted 6 Aug 2010, 04:03 by James Gibbard   [ updated 8 Aug 2010, 17:42 ]
While connected to a public network, such as a free wifi hotspot, it is worryingly easy to intercept other user's web traffic including login details, sites visited and the contents of emails. I will shortly be writing a post describing how to actually perform this attack, but first here is how to protect yourself .

The idea behind a virtual private network (VPN) is to securely connect a remote user to a company's network, in order to access to resources and offer the security of browsing the web behind the organisation's firewall. This is of course a a simplistic description, if you are interested wikipedia is a good place to start.

By setting up a VPN server at home you can remotely connect to this over the internet, allowing you to encrypt all your web traffic between your current location and your home computer.

Note: This does not encrypt the traffic between you and the internet, only between you and your home network, where the data is then sent on like normal. A quick example of where this would be useful is if you were in a coffee shop, where there is free wifi, you can browse safely, even if someone else at the coffee shop is trying to intercept web traffic.

Setting up the server
There are many ways to set up a VPN server, using both windows and linux. For this tutorial I will use a linux operating system running OpenVPN access server. The first step is to install linux on a computer, almost any distribution will do. For this tutorial I have chosen to use Ubuntu Server 10.04 (32bit) which at the time of writing is the most recent version. If you do not have a spare computer to use as a server you can use a virtual machine, [LINK TO VIRTUAL MACHINE PAGE]

Note: Installing Ubuntu using the method described below will wipe the computers hard drive. Please ensure that there is nothing saved on that computer that you wish to keep. There are ways to dual boot with linux and windows, however this is outside the scope of this article.

Installing Ubuntu server is pretty straight forward. How to Forge have a great guide but only follow Page 1 and Page 2 as the rest of the tutorial is surplus to requirements for the server we are creating.

Once the server is up and running it is time to give it a static IP address. Log in to the account you created during the setup and type:
sudo nano /etc/network/interfaces
You will be asked for your password and then you will be shown the contents of a text file which will look roughly like this:

auto eth0
iface eth0 inet dhcp


Change the file so that it is like the example below, remembering to replace the values for address, netmask and gateway with the correct ones for your network.

auto eth0
iface eth0 inet static
address 192.168.1.11
netmask 255.255.255.0
gateway 192.168.1.1


Save the file by pressing Ctrl-x, then typing y to confirm the changes and finally pressing enter.
Next restart the networking by typing:
sudo /etc/init.d/networking restart

Type ifconfig to check that you now have the IP address that you set.

Ubuntu server is now correctly set up so it's time to install OpenVPN access sever. First go to their website and register for an account. This will give you a licence key that allows 2 concurrent users to connect to your VPN server. More user licence can be purchased if required however if it's only you using the server, it's completely free.

Once registered download the software to your server by typing:
wget http://swupdate.openvpn.net/as/openvpn-as-1.5.4-Ubuntu9.i386.deb
(This is the latest version at the time of writing, visit here to check for updates)

Next install the software by typing:
sudo dpkg -i  openvpn-as-1.5.4-Ubuntu9.i386.deb
After it finishes it should look look similar to the screen below (Click to enlarge).

The next step is to run the configuration program by typing:
sudo /usr/local/openvpn_as/bin/ovpn-init

Accept the terms and conditions by typing yes and then pressing enter, as shown below.
Press enter to set as the primary server.
Press enter to select default network interface.
Press enter to select the default port of 943.
Press enter to select the default tcp port of 443.
Press enter to allow client traffic to be sent through the VPN.
Press enter to allow private subnets to be accessible.
Press enter to use 'root' as the login.
Type in the licence key that you got when you registered and press enter.

Once you have done this you should see a screen like the one below.


This completes the installation, before we can login to the VPN's web interface we need to set up a root password. (This is because in Ubuntu you can't log in to the root account by default.)
This is done by typing: sudo passwd root
Type in your normal password, hit enter, then type the new root password, hit enter and type it in again. (Make sure it's very secure!)

Got to another computer on your network and go to https://YourServer'sIPAddress:943/admin
You will probably told by your web browser that the connection is untrusted, or words to that effect. This is because we are using a self signed ssl certificate. It is fine to continue through since we own the server and we know it is safe to connect to.

Log in using the root account and you will be presented with the web interface of the VPN server. From here you can configure the VPN server just the way you want it.

For this tutorial the only setting that needs changing is the "Hostname or IP Address" setting, which can be found under the "Server Network Settings" section. This should be changed to your external IP address (this can be found by visiting here). If you have a dynamic IP address visit http://www.dyndns.com/ which is a service that provides you with a web address which always points to your correct IP address. Once this is entered go to the bottom of the page and click "Save Settings".

Finally go back to the "Status overview" page and click "Start Server".

The server should now be fully operational.

In order to access the server from outside you home network you will need to forward the correct ports to the internal IP address of your server. By default the OpenVPN uses:
TCP 443
UDP 1194
TCP/UDP 943
http://portforward.com/ has instructions on how to do this for most routers.


Connecting to the VPN
Now the server is all set up you are ready to connect to the VPN from a remote client. Using your web browser got to https://YourIPAddress:943 and login with your user name and password (not the root account). You will then be presented with a page that allows you to download a client for your operating system. If you are using a Windows computer to connect to the server, download the file openvpn-client.msi in the "Auto Login" row of the table.


Run the openvpn-client.msi installer and once that has finished start the client by clicking on the desktop shortcut. Click on the grey square, with the IP of your server written inside of it, to start the VPN connection.

Your web traffic is now being securely tunnelled between the client and the server.

You can now browse the internet on untrusted networks and public wifi hotspots in relative safety.
Comments