Safe surfing via your own VPN server

You can surf the internet safely by using a VPN (Virtual Private Network) connection. You enable certain VPN services for this, but it is also possible to set up your own server. We explain how.

Note: setting up and configuring your own VPN server is less easy than part 1 of this course where we show you how to use a VPN service. We consider this second part of the course to be an expert course, where it is useful if the user is a little more technically savvy.

Set up your own VPN server

Another option is to set up a VPN server on your computer instead of a VPN service. Or on your NAS, router or a device such as the Raspberry Pi. There are some conditions for such a setup to work properly. First of all, the device on which you install the server must have a static IP address, so that the clients can easily access the server.

Next, you must set up 'port forwarding' in your router: you must redirect all network traffic that arrives on the network port of the VPN protocol used to the device on which your VPN server is located. After all, without port forwarding you cannot access a server in your network from outside your home network.

And do you want to use an easy-to-remember domain name for your own VPN connection instead of the (occasionally changing) IP address of your internet connection? Then activate something called dynamic DNS (DDNS) on your router.

Only when these three conditions (static IP address, port forwarding and dynamic DNS) are met, the VPN connection will run smoothly. It pays to first look in your router's manual how to do all this and to check whether your router might even be able to function as a VPN server on its own. If so, your router is the best VPN device you can choose, because then you don't have to install anything extra and you don't need separate port forwarding. There is also an open source firmware that you can install on many routers called DD-WRT, which includes a built-in VPN server. On many NAS devices you can install a VPN server as an extra module. And also on a Raspberry Pi (or any other Linux computer) you can install a VPN server, such as OpenVPN.

You can also install a VPN server on your NAS.

A device within your company network can only work as a VPN server for external devices with port forwarding.

OpenVPN server in Windows

Windows 7 and 8 have a VPN server built in, but it uses the PPTP (Point-to-Point Tunneling Protocol) protocol, which, as mentioned, is no longer as secure. Although this is the most supported protocol on many platforms, we prefer a more secure solution, albeit a bit more difficult to install and configure: OpenVPN. Open this link in your browser and download the Windows installer of OpenVPN from this page. Make sure you first check whether you have a 32- or 64-bit version of Windows and choose the same version of OpenVPN to download.

The installation program starts a wizard that guides you through the installation in a few steps. Tick ​​in the window Choose components Certainly OpenVPN RSA Certificate Management Scripts at. And in the next window choose the location C:\OpenVPN instead of the default location, that avoids some problems with the configuration. Once the installation has started, at some point Windows will ask if you want to allow the installation of a virtual network driver. Confirm that question by pressing to install to click.

Install the OpenVPN server on Windows.

Certificates

Now we still need to configure OpenVPN and create certificates. We do this with a series of commands that must be entered accurately, but we walk you through them step by step.

In Windows, go to Start / All Programs / Accessories / Command Prompt (or open Start and tap cmd.exe and press Enter). Perhaps unnecessarily: all commands that you type at the command prompt are closed by pressing Enter. At the command prompt, type the command cd C:\OpenVPN\easy-rsa and then press Enter (from now on we will no longer explicitly call those Enters). Then initialize the configuration with the command init-config. Open the vars.bat file with Notepad using the command notepad vars.bat. In this text file, enter your details behind the lines with KEY_COUNTRY (country code, for example NL), KEY_PROVINCE (province), KEY_CITY (city), KEY_ORG (company or organization, but you can enter anything here) and KEY_EMAIL (a valid e-mail address). email address). Also change what is behind HOME to C:\OpenVPN\easy-rsa. Save the file and close Notepad. In the Command Prompt window, now enter the commands one by one vars and clean all from.

We will then create a certificate and key (for the 'certificate authority' (CA), but you can forget this). That starts with the assignment build-ca. You will be asked to enter a number of things, such as the letter code of your country, your province, your organization and so on. You have already entered most of the data in the vars.bat file and these are shown here as the default value. You accept them by pressing Enter. Top up Common Name enter your name.

Then create a certificate and key for the server with the command build-key-server server. Again, accept the same default values ​​as in the paragraph above, but fill in Common Name this time server in. Behind the questions for a challenge password and a company name you don't have to answer anything, just press Enter leaving the answer blank. On the question Sign the certificate? you answer affirmatively by pressing the Y key (yes), as well as the question after it.

Now create a certificate and key for each client with the command build key client1, where client1 is the name of the client (for example, it could be the name of the PC or a mobile device). Accept the same default values ​​again and top up Common Name this time enter the name of the client, for example client1. Otherwise answer the same as when creating the certificate and key for the server. Now repeat this for all the devices you want to connect to the VPN and make sure you use a unique name for the certificate for each device. Finally, enter the command build-dh off to set up encryption for the VPN connection.

Creating certificates is done in the Windows command prompt.

Recent Posts