OpenVPN Connect- How to setup Digital Ocean droplet as a VPN with static IP

Not strictly WordPress-related, this is nonetheless an issue that faces many web developers: how to access your client’s hosting when the client needs you to have a static IP address… More »

Spread the love

Not strictly WordPress-related, this is nonetheless an issue that faces many web developers: how to access your client’s hosting when the client needs you to have a static IP address but your ISP allocates you a dynamic one that keeps changing.

The answer of course is to use a VPN, which acts as a routing point for all your internet traffic so that services you connect to always see your traffic as coming from a certain IP address (the address of your VPN server) instead of your own IP address that your ISP has allocated to you.

There are hundreds of commercial VPN providers. They often advertise themselves as a way of appearing to be browsing in a different country so you can bypass restrictions on TV show streaming etc. However, out of these hundreds of providers, not many will offer you a static IP address, and those that do often charge quite a premium for it, or have strict limits on the countries that you can choose for your VPN’s IP address.

DIY

So is there a way you can create your own VPN? I’m glad you asked, because yes there is.

The answer lies in using a cloud hosting provider that lets you run a cheap Linux server for a moderate monthly payment. There are quite a few companies that provide this kind of hosting, and the one we are going to use is Digital Ocean, who will let you set up and run a basic Linux server in a number of different locations around the world for USD 5 per month. And of course, once you have set up your server, its IP address won’t change. Bingo – instant potential VPN with static IP.

There’s a little more to it than just logging in to Digital Ocean and setting up a server, but it’s actually a very simple process, and I’ll take you through it. I’m going to assume you have a Mac, because that’s what I have. This tutorial is not really for Windows users.

BIG WARNING TIME: this is NOT the route to take if your main goal in using a VPN is security or privacy. This is simply a useful way of having a static IP address for services that need it, when you can’t get one from your ISP.

1. Create Your Droplet

First of all, you’ll need a Digital Ocean account. Get that here, you’ll get $10 free credit (and I’ll get a little credit myself once you spend a bit more).

Once you have created your Digital Ocean account, you need to set up a Droplet (a droplet is simply the name given to a VPS at Digital Ocean). First, add a little credit to your account – I just added $5 via PayPal which gave me a month to play around.

a. Choose your operating system

So firstly you need to find the button that says ‘Create Droplet’ in your Digital Ocean console, like this:

When you click it, you’ll be shown a series of choices. The first one is which distribution or operating system you want to use. For this tutorial I’ll be using Ubuntu, and the default version I saw was 16.04 x64 which I didn’t change and which turned out to work fine.

b. Choose your droplet size

The next choice you’ll see looks like this:

Go ahead and choose the smallest one, unless you’re sure you’ll be using more than 1Tb traffic a month.

c. Choose the location

Digital Ocean offers droplets in a number of locations around the world.

Here I chose Amsterdam 2, but you should choose the location that is either nearest to you, or nearest to the client hosting that you need to access.

The next choices, Additional Options and SSH Keys, you can leave alone. For our purposes you don’t need any of them.

d. Give it a name

Make sure the number of droplets is set to 1, and then choose a name for your droplet. I just added a few letters to the beginning of the name that was suggested in the box.

That’s basically it! Your droplet will be created and once it is, you’ll be shown its IP address. Remember, this won’t change, so you can write it down somewhere. You will also be emailed the root password of your brand new droplet, or Virtual Private Server if you want to be pedantic.

Before it starts working as a VPN for you, there are some more things to be done.

2. Disarm root

It’s not good practice to keep the root username in regular use. Better to set up another user account that can do the same but has a different username. Let’s do that now. In this article, I’m assuming that your new droplet’s IP address is 12.34.56.78 – so don’t forget to substitute your droplet’s real IP address wherever you see 12.34.56.78.

First, log in by opening your Mac’s Terminal app and typing:

ssh root@12.34.56.78

You might get a warning – answer yes to continue. When asked for your password, paste in the one that Digital Ocean emailed you.

First, let’s change the root password. Type:

passwd

When prompted, paste the existing password, followed by a new password twice.

Now let’s create a new user that you’ll use for all admin tasks on the droplet. Type the following, substituting your own choice of username where it says ‘myuser’:

adduser myuser

You’ll be asked for a password twice, please think of a good one. You will be asked some other questions but you can just press Enter for all of them. To give this new account the necessary privileges, type:

gpasswd -a myuser sudo

Now we have a new admin user, we need to lock down the root user so it can’t be abused. All we have to do is edit one line in a text file. Type:

nano /etc/ssh/sshd_config

and the Nano mini text editor will open, with a config file showing. Use your arrow keys to move down to where it says “PermitRootLogin yes” and change the yes to no. Then hit CTRL-X, Y and Enter to save changes and quit the editor. Then type:

service ssh restart

to restart the ssh service with its new configuration. It’s probably best here to open a NEW terminal window, and log in with your new user credentials before exiting the root session, just to make sure everything works fine.

3. Install OpenVPN Access Server

Now we’re ready to install the software (“OpenVPN Access Server”) that will turn our droplet into a VPN. We need to get the right version of it, so go to this page on the OpenVPN website, and find the button for the Ubuntu 16 64-bit version. Right click that button and copy the link. Now go back to your ssh session (the one where you logged in with your newly created user), and type:

sudo wget

then paste in the link you copied. The whole line will look something like this:

sudo wget http://swupdate.openvpn.org/as/openvpn-as-2.1.6-Ubuntu16.amd_64.deb

That downloads the installer. To do the actual install, type:

sudo dpkg -i openvpn-as-2.1.6-Ubuntu16.amd_64.deb

The bit after the “-i” should be the last part of the link you copied and pasted (i.e. the filename). It might not be identical to what I typed above.

Now OpenVPN Access Server is installed, but we’re not quite there yet. Firstly, let’s set a password for the new “openvpn” user account that the install process created:

sudo passwd openvpn

When prompted, enter a strong password twice.

And finally, the vital step. The installer doesn’t set everything up in quite the right way, so we need to run the config process again and change a certain setting. Type:

/usr/local/openvpn_as/bin/ovpn-init --force

This will go through the entire setup process for OpenVPN Access Server, asking more questions than before. Press Enter to accept the default answers UNTIL you get the question “Please specify the network interface and IP address to be used by the Admin Web UI“. For this question you must answer (1) all interfaces: 0.0.0.0. Then carry on using the Enter key for the remaining questions.

Now your VPN server is running and the final section below shows how you can test it and connect.

4. Set up your client

Your VPN server has two logins available – an admin login, and a client login. You can access them at the following URLs:

https://12.34.56.78:943/admin
https://12.34.56.78:943/

I haven’t needed to use the admin login yet. If you go to the client login, you’ll be asked for username and password – these need to be the openvpn username and the password you set for it earlier. In the dropdown, select Login not Connect. Once logged in you’ll see some links.

Click the Mac download link, and once it’s downloaded, run the installer to set up the ‘OpenVPN Connect’ client on your Mac. Once it’s installed, run it, and log in when prompted (with the same user details), and it will connect to your VPN. You’ll see a little coloured icon in your menu bar. You can hover over it for some stats, or click it for some options.

That’s it! If you go to Google now and type “What’s my IP”, you should find that Google tells you it’s the IP of your new droplet.

With a bit of experimentation I found that with the VPN in use, my upload and download speeds were approximately 85% of what I would normally expect without using a VPN. Not bad really.

Don’t forget that you’ll need to reconnect by clicking the menu bar icon whenever you restart your Mac. Or you could just use the VPN when you are working for a particular client who requires it – it’s totally up to you.

I don’t recommend keeping it connected while downloading torrents though – as I’m not sure how that would sit with Digital Ocean’s terms of use.

And as a reader exercise, note that the OpenVPN Connect app is available for Mac, Windows, Linux, Android and iOS. Have fun!

And finally, if you have ideas for improving this tutorial, feel free to get in touch.

References

Share Button
Facebook Comments
Spread the love

Posted by News Monkey