Let’s say that you need a run-of-the-mill VPN for your own purposes and you aren’t worried about using VPN-detecting services like Netflix then OpenVPN is a great option. Unfortunately it’s also a configuration nightmare; so lucky us then that the folks over at Streisand VPN have taken care of that.
Step 0 : Unattended Upgrades
The preparation step is to install unattended upgrades as an un-patched web-server is a really bad thing
sudo apt-get update && sudo apt-get upgrade sudo apt-get install unattended-upgrades apt-listchanges
Now to ensure /etc/apt/apt.conf.d/20auto-upgrades exists
dpkg-reconfigure -plow unattended-upgrades
Lets give it a test run to ensure things aren’t configured wrong
sudo unattended-upgrade -d
Step 1 : Setup of OpenVPN through Streisand VPN
Streisand is a VPN setup script that automatically installs and configures many popular VPNs including OpenVPN and WireGuard
First we need to generate an SSH keypair for Streisand to use (back these up since they will be necessary to login from SSH after a reboot)
ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Now we need to install the dependencies and clone the github (note we don’t use the official github address here since there is a bug-fix we would like)
sudo add-apt-repository ppa:ansible/ansible-2.8 sudo apt-get update sudo apt-get install ansible python git clone https://github.com/akumaburn/streisand.git && cd streisand
Now execute the setup script, and be sure to enter your server’s IP address when prompted.
Also do NOT USE the default install, you can use all the default values in the custom install EXCEPT do not install wireguard and shadowsocks.
./streisand
At a certain point you may get an error about some tunnelblick issue, simply hit Ctrl +C and then C to continue
Once it is finished you will have your documentation available to you in the ~/streisand/generated-docs/tunnel.html file
Save it somewhere and open the file in a web-browser and follow the instructions
Step 2 : Configuration of OpenVPN
By default, OpenVPN is configured by the installation script to not allow multiple clients to use the same common-name (mentioned in the certificate), if you wish to change that you can by
sudo nano /etc/openvpn/server.conf
Find and un-comment this line so that you won’t need to generate a unique certificate for every VPN client
duplicate-cn
And hit Ctrl+o and Ctrl+x to save and exit
Now simply restart the OpenVPN server
sudo systemctl restart openvpn@server
Now you need to download the OpenVPN Connect Application and import the config file (you can pick any from the list on your website after following the tunnel.html instructions)
Now you should be able to connect
That’s it 🙂
Comments