Virtual private network (VPN) contains the word "private network" and "virtual". During the time of the writing of this article, a public network is just another term to the Internet while private networks are outside of the Internet. Example nodes residing in the public network are Google and Youtube. Example nodes residing in the private network are clients or users accessing Google and Youtube. This situation exists because the current Internet infrastructure is too small to host all the computers in the world. Therefore, clients and users are mostly outside of the Internet where they need to go through mediaries to communicate with those in the Internet, I like to call them gateways (see my simple introduction to computer network to understand the basics).
While the Internet or public network is like the streets and outside world where we can go out and travel, a private network is like our house where it is private and only us can enter. A vritual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Analogically, it is like an open house where other people can enter but ofcourse with the permission of the house owner. For example, when we are at home or outside but we need to access our office's internal network, we usually need to run back to our office, but with VPN, we can access on the spot.
When we enter a VPN, we are subjected to different rules. It is unfortunate that most Internet connection today have enforcers. When we want to access a website, we always ask that enforcer and the result is whether we are granted access or not. The role of VPN other than privacy is censorship resistance. When we go to a VPN, our enforcer changes or if we are lucky, we have our enforcer removed. For example in Indonesia, access to anime, manga, and reddit are prohibited, but if we access from Japan, it is granted. Then what is the difference between VPN and proxy server? Proxy server is just one server while VPN is a whole network which contains routes and servers.
Setting VPN Client
Interestingly, setting a VPN can either be easier or harder than setting dns and proxy. That is because there are different choices unlike dns or proxy where simply just inputing numbers. It is easier because there are many ready applications available where the steps are just installing and run. It is harder if you choose to set the configuration manually which can involve more than just setting the VPN server's IP address.
Ready VPN Application
As the word "ready", these kinds of VPN applications only needs to be installed and run to enjoy bypassing censorships. In Windows, you can try finding from Microsoft Store. In Linux, check your own package manager. In Android and IOS you can search their respective stores. Generally, you can find portable archives or go for installable files. Ready VPN application are also available in form of browser extensions.
There are many ready applications out there. Leave a comment you know a good onw. To prevent this article from becoming to long, I can only advice you to search the search engine such as Google to find the VPN the you want. Example search terms: "vpn", "free", "Windows", "Linux", "Android", "United States", "Japan", "Indonesia", "Europe", "China", etc.
Manual VPN Clients
If you search for "free vpn list" on search engine, you may stumble upon a website that give a list of open vpns for example https://www.freeopenvpn.org. If they provide you a profile that you can use with just a click, that's great. However, if you are given configuration details that you have to write yourself, or use default or other vpn clients, you need to set them correctly. Usually, there are more than just IP address and port for example, transport protocol, compression, and certificates.
When you try free VPN, you may find disatisfaction. A VPN can be slow because your browsing perception is based on the slowest part of the whole network connection. If the VPN is slower, that you will perceive a slow connection eventhough your main connection is fast. On the other hand, you will also feel slow if your main connection itself is slow even if you use a fast VPN.
Another factor, is the privacy and security which I'm skeptical about for most free VPN. Sure that VPN may provide no or different censorship, and privacy from the main surveilance but you maybe monitored deeply by the administrators of the VPN themselves. If not, who knows if their security is low that other people can easily monitor and steal your private data. Therefore, it is not recommended to expose private data such as inputing username and password on a login form.
Therefore, there are premium or paid VPNs where they generally provide quality at a price. If you are a skilled technician, then you can test whether the VPN is good quality or not. If not, then you have to research yourself such as see if there are licenses or certificates on their VPNs, read people's reviews, and how long have the VPNs been running.
Building OpenVPN Server Linux
If you want a single script building which is the simplest way, you can try pivpn. I built openvpn server a few times but I just cannot completely remember the steps, maybe because I have not repeated it enough. I will be honest, the reason I wrote and record my computer tutorials is mainly for myself to remember when I need to do them again. But, why not share them with everyone else by publishing them online and I was surprised that I can monetize them. Now, going back to OpenVPN server on Linux, the detailed steps may seem overwhelming for beginners but the overview is actually only a few which are:
- Install openvpn server and certificate authority creator.
- Create certificates, server key, and client keys.
- Configure the openvpn server which includes linking the certificates, use compression or not, allow clients to access the Internet through the VPN or not, etc.
Installing OpenVPN Server and Certificate Authority Creator
I was using Debian based Linux like Ubuntu:
sudo apt install openvpn easy-rsa
Become an administrator for example using the command:
Create an certificate directory for openvpn, work there, and configuration samples from easy-rsa share directory:
mkdir /etc/openvpn/easy-rsa/ cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/
Edit "/etc/openvpn/easy-rsa/vars" and fill in at least the lines that are not commented and edit the names and information as you see fit. There are instructions you can read within the file. Then generate certificate authority (CA).
cd /etc/openvpn/easy-rsa/ source vars ./clean-all ./build-ca
Generate a private key for the server. Name it whatever you want but keep it consistent through out the installation.
Generate Deffie Hellman
Generate client certificates and keys for as many clients as you want. After generating, you can copy the "ca.cert" and all client certficate and keys to the clients. I'm not sure whether you can use the same cert and keys for the multiple clients but you can generate them by repeating the following commands:
source vars ./build-key client1
All keys and certificates are in the "keys/" subdirectory. You can leave them there but remember to specify the correct paths in the configurations. If not, then just copy to "/etc/openvpn" subdirectory:
cd keys/ cp myservername.crt myservername.key ca.crt dh2048.pem /etc/openvpn/
Configuring OpenVPN server
Configuration examples of both client and server are available on "/usr/share/doc/openvpn/examples/sample-config-files". You can reuse and edit the example server configuration:
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ gzip -d /etc/openvpn/server.conf.gz
Edit "server.conf" as you see fit, explanations of how to edit them are available within the file. Just make sure the configuration is consistent to your inteded client configuration. For example, if the server does not use compression while the client uses compression then communication will not work and vice versa. Here's an example of my server configuration:
port 1194 proto udp dev tun ca ca.crt cert myservername.crt key myservername.key dh dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist /var/log/openvpn/ipp.txt keepalive 10 120 cipher AES-256-CBC persist-key persist-tun status /var/log/openvpn/openvpn-status.log verb 3 explicit-exit-notify 1 push "route 192.168.0.0 255.255.255.0" client-to-client push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 220.127.116.11"
The last four lines are my own additional where I want the VPN to find the local network 192.168.0.0 attached to it and allows connection between clients. The last two lines are probably the ones you want to add which is to allow the use of Internet connection of the VPN and add 18.104.22.168 Google DNS. Next is to edit "/etc/sysctl.conf" to allow port forwarding by setting "#net.ipv4.ip_forward=1". Finally, reload sysctl and start or restart openvpn server:
sysctl -p /etc/sysctl.conf systemctl start openvpn@server
OpenVPN in Client
At first I used tunnel bear in Indonesia to access my entertainments which are manga, manhua, manhwa, and anime but eventually, I ran out of quota. Luckily, my appartment in Japan provides a dynamic public IP address in my apartment and I was able to install an openvpn server during those periods. So, I connect to that server which is suprisingly, more reliable then tunnel bear, probably because I was the only one using it.
OpenVPN client Linux
You can either use the network manager or install openvpn just like you install on the server (only "apt install openvpn"). If you use the network manager, input the keys and certificates, username and password if you set, and go to advance and make sure you match the configuration to the server. One difference will make it unconnectable. If you install openvpn, just copy the sample client configuration to the openvpn configuration subdirectory:
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
Match the client configuration to the server with the differences are declaring the configuration file as client along with the client certificates and keys and inform the hostname or address of the remote openvpn server:
ca ca.crt cert client1.crt key client1.key client remote 0fajarpurnama0.ddns.net 1194
Then start the openvpn client:
systemctl start openvpn@client
OpenVPN client Windows
It's more convenient to rename the "client.conf" to "client.OVPN" where for some reason, the extension must be in capital letter to work. You can keep it in the same directory as the certificates and keys, but it is more convenient to have them embeded into "client.OVPN":
client dev tun_c_ovpn proto udp remote 0fajarpurnama0.ddns.net 1194 resolv-retry infinite keepalive 5 10 nobind persist-key persist-tun verb 3
-----BEGIN CERTIFICATE----- MIIFXDCCBESgAwIBAgIUbZAu8yajhVulFYZ4CWNqGc8xWncwDQYJKoZIhvcNAQEL BQAwgccxCzAJBgNVBAYTAkpQMQ8wDQYDVQQIEwZLeXVzaHUxETAPBgNVBAcTCEt1 bWFtb3RvMRcwFQYDVQQKEw4wZmFqYXJwdXJuYW1hMDEXMBUGA1UECxMOMGZhamFy cHVybmFtYTAxGjAYBgNVBAMTETBmYWphcnB1cm5hbWEwIENBMRcwFQYDVQQpEw4w ZmFqYXJwdXJuYW1hMDEtMCsGCSqGSIb3DQEJARYeZmFqYXJAaGljYy5jcy5rdW1h bW90by11LmFjLmpwMB4XDTE5MTIwMTE2NDQ1M1oXDTI5MTEyODE2NDQ1M1owgccx CzAJBgNVBAYTAkpQMQ8wDQYDVQQIEwZLeXVzaHUxETAPBgNVBAcTCEt1bWFtb3Rv MRcwFQYDVQQKEw4wZmFqYXJwdXJuYW1hMDEXMBUGA1UECxMOMGZhamFycHVybmFt YTAxGjAYBgNVBAMTETBmYWphcnB1cm5hbWEwIENBMRcwFQYDVQQpEw4wZmFqYXJw dXJuYW1hMDEtMCsGCSqGSIb3DQEJARYeZmFqYXJAaGljYy5jcy5rdW1hbW90by11 LmFjLmpwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6HwIppc9/Kwl Hkd+yUpEk8UveacjcGvEsvBdSLzn1IeUgDNkvKy8uuFcptV3sqg89+lagaM3z1MI Ere2GFHQFPHX1of78v2XY9r31KSArtN2tqpIWS8EMpt7xOLaFXTJiSBgG0LwVy/7 DppaloPiFwYXu/itzZXjN26fuHvbFQEfYlh1MdcxpHj9Reswjk3+EOrtnLchHdQ+ E/xIR5WzA2vlpw1ie4fy1SLPulUZf7ZG/SIPTrXcWvTljti2LJgxt3xHElD/KmTN 6t5KIHv7Mx9BY2Q98YgwmzPzkG0FQ03NygEan4HXJ85RIK5rJVmbR2+9hWqFDV54 RQL42Nq6hwIDAQABo4IBPDCCATgwHQYDVR0OBBYEFMvHUSxayCjwg9n4z8NzHNQ1 e8zBMIIBBwYDVR0jBIH/MIH8gBTLx1EsWsgo8IPZ+M/DcxzUNXvMwaGBzaSByjCB xzELMAkGA1UEBhMCSlAxDzANBgNVBAgTBkt5dXNodTERMA8GA1UEBxMIS3VtYW1v dG8xFzAVBgNVBAoTDjBmYWphcnB1cm5hbWEwMRcwFQYDVQQLEw4wZmFqYXJwdXJu YW1hMDEaMBgGA1UEAxMRMGZhamFycHVybmFtYTAgQ0ExFzAVBgNVBCkTDjBmYWph cnB1cm5hbWEwMS0wKwYJKoZIhvcNAQkBFh5mYWphckBoaWNjLmNzLmt1bWFtb3Rv LXUuYWMuanCCFG2QLvMmo4VbpRWGeAljahnPMVp3MAwGA1UdEwQFMAMBAf8wDQYJ KoZIhvcNAQELBQADggEBAJS159tPUrmnPjVffVZi5fvRBishiuaB91EUH5MEbqkk hrootBEQSNSxCGh3nOlGVFherpyla1a+G1F0pnyobrnzLTpcf28fQdKN6ZbV5psA /+CSwBYO1BLnarwu+VYnZeQxHYc/3v3xMNNZV5oE9uil7VAxMJV5zGUSxQi7fQZS Wo4AV8AHpKKdpdOXr8UyirXqDgiZY7nZpmnJaTPYacKbCk/pziTEjSkwGiYIE8q4 EWaAD+3WnjpE7K2ky7TWGuK/a0G+Jx2YZCkirXnc9znWELa7B5M7RLJrDhTC0Whz 4zNpn5HClk+XzTu850So9xxPQ73L0Veob7sBfNZlBu8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFoTCCBImgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBxzELMAkGA1UEBhMCSlAx DzANBgNVBAgTBkt5dXNodTERMA8GA1UEBxMIS3VtYW1vdG8xFzAVBgNVBAoTDjBm YWphcnB1cm5hbWEwMRcwFQYDVQQLEw4wZmFqYXJwdXJuYW1hMDEaMBgGA1UEAxMR MGZhamFycHVybmFtYTAgQ0ExFzAVBgNVBCkTDjBmYWphcnB1cm5hbWEwMS0wKwYJ KoZIhvcNAQkBFh5mYWphckBoaWNjLmNzLmt1bWFtb3RvLXUuYWMuanAwHhcNMTkx MjAxMTY0ODExWhcNMjkxMTI4MTY0ODExWjCBvTELMAkGA1UEBhMCSlAxDzANBgNV BAgTBkt5dXNodTERMA8GA1UEBxMIS3VtYW1vdG8xFzAVBgNVBAoTDjBmYWphcnB1 cm5hbWEwMRcwFQYDVQQLEw4wZmFqYXJwdXJuYW1hMDEQMA4GA1UEAxMHY2xpZW50 MTEXMBUGA1UEKRMOMGZhamFycHVybmFtYTAxLTArBgkqhkiG9w0BCQEWHmZhamFy QGhpY2MuY3Mua3VtYW1vdG8tdS5hYy5qcDCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAJ2GVHKPqK/xfCCjK0+bVI07BTpbM4dCE3IElGBmKALY28D43zGF 74OjAWo+ifTru2ThlpOkfa9PtBaMxqY/EWj6sjY6Bt1fm3QmcnasOeFWMSH5ZTV3 PiNcb8QJeusWL0EtDjz1anbe2H1UqYepAHhmFxTKap6oqQnXDTO/gQuDBvC/LgfF S07GxGfjTUSM6CyPKAmWOJIIqM7KRR0UA3cLiIDbbmQy4RicBAF6jfKUSa6SeFQn 7YTNrnOOrbK0r78JcDJ+OU0whnr1dW7PZdByzRFxXxzlHZM1m9Me/4I8VcNFeh0Z Y3ATmIGaIcfQmfC4nO14W4k1XULvzF5pGA0CAwEAAaOCAZ4wggGaMAkGA1UdEwQC MAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 ZTAdBgNVHQ4EFgQUxH6LrB12M55RSYC4FGcVZaWp5kkwggEHBgNVHSMEgf8wgfyA FMvHUSxayCjwg9n4z8NzHNQ1e8zBoYHNpIHKMIHHMQswCQYDVQQGEwJKUDEPMA0G A1UECBMGS3l1c2h1MREwDwYDVQQHEwhLdW1hbW90bzEXMBUGA1UEChMOMGZhamFy cHVybmFtYTAxFzAVBgNVBAsTDjBmYWphcnB1cm5hbWEwMRowGAYDVQQDExEwZmFq YXJwdXJuYW1hMCBDQTEXMBUGA1UEKRMOMGZhamFycHVybmFtYTAxLTArBgkqhkiG 9w0BCQEWHmZhamFyQGhpY2MuY3Mua3VtYW1vdG8tdS5hYy5qcIIUbZAu8yajhVul FYZ4CWNqGc8xWncwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBIG A1UdEQQLMAmCB2NsaWVudDEwDQYJKoZIhvcNAQELBQADggEBABzfVo8l4yUplgrb wi3TT3nZnfz9j+5bHHvy2NRIGGmLlcZGrr+qJ+zwvDF6aPuaJ1goB9nSuPfcHEnR HTVsHIcUQ+yOSiNIrUIFuasQlWiZ5TA0CIChVWrKaWpvuZUgBUIra4Qj8qrHypj0 M2X551F6vspNA8to+oNpH6/wDtRIo6y3wac/hnv2vrpCg5TmVcAqammk02GMxITh wa/zMWZsCccbt/jmeJ7QVX33nZGWykep2vf3CbROxmK0L9amPkMCOPvG7evCuLE4 UMOA7q2KARVeoSq6xVVi65h+KCzXvhUQ/Z2W+9g88L+w0Jcr666CgHUjYc0pBHCW LKvLkjs= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCdhlRyj6iv8Xwg oytPm1SNOwU6WzOHQhNyBJRgZigC2NvA+N8xhe+DowFqPon067tk4ZaTpH2vT7QW jMamPxFo+rI2OgbdX5t0JnJ2rDnhVjEh+WU1dz4jXG/ECXrrFi9BLQ489Wp23th9 VKmHqQB4ZhcUymqeqKkJ1w0zv4ELgwbwvy4HxUtOxsRn401EjOgsjygJljiSCKjO ykUdFAN3C4iA225kMuEYnAQBeo3ylEmuknhUJ+2Eza5zjq2ytK+/CXAyfjlNMIZ6 9XVuz2XQcs0RcV8c5R2TNZvTHv+CPFXDRXodGWNwE5iBmiHH0JnwuJzteFuJNV1C 78xeaRgNAgMBAAECggEBAIdKmvb1uXy7W8+wNH+fugO+gCP5tozhzE+t7T3KH20q kbrwRMmE7gxSEOIOKnCHkh/3vFq7+RJ70wFXEToxiqNuRWdbeQ/ikGI2rzKLgv6t B2/Vgf5klqLKPlfRiJemKxnAN61VXoYPqUIjV6NjHDtL+2Do5J+13dDMudMLFCss meMzGCchAQ3Lm2zybdRUNOsVCIQIgIGpVAsmn80lCr+DWWsdee6PIknn/76Wc2Ie phi0tAruQAGxxDnMJMPG03yRQ6xmllVRoNncNVEr3gRk4NiKBWn2R26ia7Llw6K0 Z3abIO1qJj3SoRzb1ZIevPoYPqH8GE1EceXD5RfqwCECgYEAzMMQExmXvImbYoi7 dxQQiUPwt1FDIr9mYZHmhd6z2DDF3T8bOU5Z8DG5oMrIIofQK0flesvULastuheB wmbId4KUBl6STEg4uOXCTZeYNp3pTQu2MDOvICgVcrQSnkOuZTckasvq+5l2jE/7 DL2i4ZQE4FwlSEE4a+Nr8/IgfJUCgYEAxPFGpZ18CN/dKanchVWDC9crAZ5F2Qb/ RT0yJKie1WF4LkI+E4we+BegDginy5pGjaRUueUB5IRtCefvb4dp+6rFFhSMluIM Na64FAJYM+5J227iYjo8rtYhQVWCjkcXUcJDQTUfoogtXBj3X3TP+VCHwxawtMYw v+8gnFIIV5kCgYAMzCQ1DWRuZCtR/Tm6N4bRDW3+BxYrFctQTc4aj9Ctsl6rdUY+ TqdQW8s+QW5AujxIeDXfdt3L/ObeuplhjQr6bS7TNxXtrpXc+H8sWk0pHLV4G0NH v/MyD09H2/lN6uz7ZnbgNd552x2Np3IJWdDUSGwFmby6x1i/ZXdZx8hAAQKBgQCS FDEFuRl+b6ZZOAA0+ieYycHBkodWokUIM4sU++nMdl6xWTs4Po/eD5ANuMfVUpqQ h1q9BCtyN/O1DE9iV3v6S0Gizh018XeC/hTV6qNH6bDozYenunC2cmf6URXkuMCI SWKfZGsRoJacoHwkVr3IvL3mq9boT7VrOFDlAkfjyQKBgECDXo/MJoB22loxjFX9 1PycP92ZLYHUnIDHhAkgzmd65+qCrhk10d0BIiBcgfgL3Z0Kv/G/xNhEbZu20tua cEKPaqUD5xUjZyZKXLzQ8k7pLCRN6XQ26UhnUPNZS8BxqkJIAu2x0SbIZjnXblF3 GZ+xa6lVwhHCq7EKcDvGHvLe -----END PRIVATE KEY-----
You can now carry that .OVPN file anywhere with you. Next is to download the openvpn client for Windows if your Windows default client does not support.
OpenVPN client Android
Same method as Windows, get your .OVPN file and download openvpn client for Android.