How to Install VPN on Linux?
Installing a VPN on a Linux machine can give you added security and protect private information to be exposed on the internet. Check out how to do so in this article.
Join the DZone community and get the full member experience.Join For Free
A VPN is a way to keep your identity a secret and protect your traffic on the internet. Your internet traffic passes through a tunnel that encrypts your data that no one can see, such as your internet service provider or government when you connect to a VPN server.
Let us list down why you need to use a VPN.
- Using a VPN alters your IP address, which is a special number that distinguishes you and your geographical location. It produces a virtual IP address that sits between your computer and the server from which you're requesting data. You will search the internet as if you were in the United Kingdom, Germany, Canada, Japan, or almost every other country where the VPN service has servers.
- Using a VPN to change your IP address protects your anonymity from websites, applications, and programs that try to monitor you. Thanks to a layer of heavy cryptography, VPNs often block your internet provider, network carrier, and anybody else who may be listening or watching your operation.
- Packet sniffing, rogue Wi-Fi networks, and man-in-the-middle attacks are examples of security breaches that can be prevented by using a VPN. When you go to a coffee shop and find free wifi, this is untrusted wifi, and you never know who is monitoring your online operation. Using VPN, on the other hand, preserves your anonymity.
Using the ways that we have mentioned in this article, you will be able to install VPN on any type of Linux instance whether it be a bare-metal server, a virtual machine, Linux hosted on cloud or a Docker container.
Let’s jump into installing VPN now. In this article, we are going to see two ways of using a VPN -
- Installing the VPN server on your machine.
- Setting a remote VPN server on a Virtual Machine on AWS.
In this article, we'll be using OpenVPN on both our computers and AWS. OpenVPN is an open-source VPN protocol that serves as a bridge between VPN applications and VPN servers. It is not a VPN provider. We will be able to install a VPN on Linux using this tool. We will go over the steps one by one.
It's compliant with a wide range of computers and systems. It uses a client-server architecture, like most VPN protocols. The OpenVPN access server is based on Debian, and the clients can be installed on Linux, Windows, macOS, and mobile operating systems like Android, Windows Mobile, and iOS.
The OpenVPN access server supports incoming VPN connections, which can be initiated by OpenVPN Link clients or other open-source clients that are OpenVPN compliant.
Setting Up The OpenVPN Server
Setting up the server and configuring it is not easy, so we will be using a bash script that will make our lives easy. Download the script using the below command and make it executable by changing the permissions.
$ curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
$ chmod +x openvpn-install.sh
A device configuration file will be written under the current working directory until the VPN installation process is complete. This is the file that you'll use to set up your OpenVPN client in the next portion.
Confirm that the OpenVPN service is running and the daemon is listening on the port specified during the setup. Use the below commands.
$ sudo systemctl status openvpn
$ sudo ss -tupln | grep openvpn
After setting up the server you now need to connect to this server from your client machine
The next step is to install OpenVPN, although in most of the Linux distros it is preinstalled, but confirm using the command.
$ sudo apt-get install openvpn
It is already installed in this case, so it displays something like this:
There are many ways to set up a VPN on a Linux system, but Network Manager is the simplest. Network Manager is an application that allows one to download, edit, and use OpenVPN configuration files. Install it using the command
$ sudo apt install network-manager-openvpn
$ sudo apt install network-manager-openvpn-gnome
Enable and start OpenVPN on the client machine.
$ sudo systemctl enable openvpn
$ sudo systemctl start openvpn
Now you need to download or import the configuration file generated on the server machine. Here, it is named penguin.ovp; this file will be used to set up the VPN using the network manager.
Open settings and navigate to the network manager, you will get the below interface with a VPN option, here we need to click on the add (+) button on the right side of VPN.
When you click on the + button, you will be prompted with a dialog box to add a VPN configuration click on import from file and select the file imported from the server machine.
Here you can name your VPN client and set up a password.
After the above setup, click on apply or save to add the VPN, Now you need to go back to the network manager and you will see the new VPN added in the VPN section. Just toggle the switch to connect to the VPN server on the other machine.
Now you have a VPN active connection, this is one way of doing it. The other way is to set up the server on AWS with a pre-configured OpenVPN ubuntu image without the hassle of running any bash scripts and one more physical machine for running the server.
For our next approach, we need an AWS account with free tier eligibility. AWS (Amazon Web Services) can be described as a stable cloud computing platform that provides computational resources, database storage, content distribution, and a number of other features. It is, to be more precise, a vast collection of cloud-based resources.
You need to sign up for an AWS account to fill in the details and after that the credit card details, but don’t worry we are not going to spend any money on this. You are eligible for free-tier or you can use AWS credit.
The first step is to log in to the AWS console and in the search bar type EC2. In Amazon Web Services jargon, an EC2 instance is simply a virtual server. EC2 is the acronym for Elastic Compute Cloud. It is a web service that allows an AWS subscriber to request and provision a compute server in the Amazon Web Services cloud. An on-demand EC2 instance is an AWS service that allows a subscriber or customer to rent a virtual server by the hour and use it to run their own applications.
Then, you need to click on EC2 to land on the EC2 dashboard, if you're new to AWS take a minute to explore a bit.
You can then click on the launch instance to create a virtual machine, the next page is where you select the type of machine you will be using or want to select.
These are the AMI(amazon machine images) which are nothing but templates for a virtual machine. You need to click on Amazon Marketplace where you get all the AMI, including all the preconfigured templates. We need one of the pre-configured Ubuntu images with OpenVPN to prevent the hassle of us installing and configuring it.
Next, click on select in the above image, now let's talk about the price again for a sec. OpenVPN is free and open-source software but the version here, that is OpenVPN access server, is a paid commercial option. But don’t freak out, this version gives us 2 clients for free. If you need more than that, then this isn’t for you. You can see the hosting cost for this on AWS in the below image. This depends on what size you select and as discussed above, we will be using the free tier.
When you click on continue, you can select the instance type, we are going to use t2.micro(free tier eligible). You are going to look for a free tier eligible in green. Once you have it selected, click review and launch.
Finally, create a key pair, if you don’t already have one. This key is used to ssh into the instance from a remote terminal. After creation, make sure you download it, this is the only chance to get that key.
Click on launch and get back to the EC2 dashboard, you should see the instance state is running.
The next thing is we need to connect to the machine using our terminal. Copy the public IP of the instance and type this command in your terminal:
$ ssh -i "path to the key-pair file" root@public-ip
Type yes to accept the certificate and click enter for everything you’ll be prompted after this you will exit from the instance and it’ll ask you to log in as openvpnas.
It won’t allow you to log in as root, so we’ll use the same command as before, and instead of root enter openvpnas.
There is only one thing we need to do in the terminal and we are good to go, just type the below command. This will change the password for the user OpenVPN, this is the admin user and our client user when we connect to our VPN portal.
$ sudo passwd openvpn
This will prompt us to enter a password, remember this password, this will be your admin password for OpenVPN. You can close the terminal.
Now your server is pretty much ready, but there is one thing you might want to do, go to the AWS console and copy the public IP of the OpenVPN instance and paste it in a browser tab as below.
/admin is to access the admin page, if you get “your connection is private just click on advanced and continue.
If it’s working, the server is working. We are going to log in with the OpenVPN username as the password we just created, and click sign in.
Agree to the terms and conditions and we are on the dashboard it should look like this.
There is one thing we need to change under configurations in the side navbar, go to the VPN settings, to make sure that all our internet traffic is safe and secure and going through this VPN, under Routing see for an option named “should client internet traffic be routed through the VPN?”. Now we want that, so select the option and say yes and save changes.
After saving changes click on the update running server for changes to take effect.
That's it, your VPN server is done.
Now we want clients to connect, we want to connect to it right and use it, how do we do that?
It is really easy, just replace the URL in the browser with the below URL.
This will take us to the user portal. Earlier, it was the admin portal where we made changes. This is for clients, people who want to connect. Enter the same username and password as you used for admin.
After login, choose your flavor, whatever device you have, or whatever device you want to connect to VPN and download that client, we are using Linux and ubuntu particularly.
Once downloaded, we’ll install it using the following instructions in the below image. To install the openvpn3 client on the Linux machine, you can also go to the URL https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux to find installation steps for different Linux distros.
After this download, the configuration file by clicking on the link “yourself profile” for your profile which is used for starting a session.
In your terminal type the command.
$ openvpn3 session-start --config "path-to-config-file-just downloaded"
And voila! That’s it. If you check your IP you can see that it is the IP address of the AWS instance, all your traffic will be passing through that instance.
To stop the session use the below command.
$ openvpn3 session-manage --disconnect --config "path-to-config-file"
In this article, we looked at two approaches to install VPN. The first was using an ubuntu machine to set up a VPN server manually and use the client machine to connect to it and the other is to use the AWS AMI to set up the server on the cloud, the latter part was easier than the first one. You can use these approaches to install VPN on your Linux PC, Linux instance on the cloud, or even an Ubuntu Docker Image.
In today’s world using a VPN is very important to protect your data and privacy, which helps in being anonymous on the internet.
Opinions expressed by DZone contributors are their own.