How to implement a VPN

Sometimes you would want to be in your office, because you need to press that very button, just now, and you wish you had not left, you need to come back, start your machine again, start all the environment, double check if it'up. And all this because you moved, you had to be somewhere else.

Without further explanations, because you know the issue, you experienced exactly this same problem many times, let's spend a few words about the solution.

What you need is a VPN. A VPN is a Virtual Private Network, that means it looks like a local LAN, where you can access resources, but it's made of machines distributed over different networks. In order to implement this, you need:

  • A server: can be a physical server, some router, a virtual machine, an EC2 instance on Amazon... whatever
  • Clients: all the machines/pieces of hardware partecipating in this network.

A good setup

Retrieve a sample config Edit the content of openvpn-setup.cfg:

code_country="SE"
code_province="KA"
code_city="SomeCity"
code_organization="YourOrganization"
code_email="some@email.net"
vpn_port="1194"

In order to create the keys, we will be using Git and a product called EasyRsa. All you need to do in order to get things up, is to fetch the setup script and run it, like this:

./setup.sh

How to create the server

You can use the following script to create the server:

./openvpn-create-server.sh

This will create a YourOrganization-server.tar.gz file that you can unpack on the machine that will play as VPN server. That can be a physical machine, a VPS or maybe an AWS EC2 instance that you spawn for this purpose. Typycally you will have an /etc/openvpn directory to copy the configurations to.

Create the clients

You can use this other script to create a client: myclient

./openvpn-create-client.sh myclient

This will create a YourOrganization-myclient.tar.gz file that you can unpack on the client machine. You can iterate this step for each one of your clients:

./openvpn-create-client.sh myclient1
.
.
./openvpn-create-client.sh myclient2

Contact

If you feel like:

  • the above can be important stuff for yourself, but still need some help implementing/deploying

  • you would like to automate the process, for example by integrating into your CI/CD infrastructure

  • you would like to discuss some other aspects

you are encouraged to reach out and [contact us](mailto:contact@kevwe.se?subject=Support Request - VPN): you'll get a focused professional to address your needs.

Resources


[git] [vpn]