There are a lot of tutorials, guides, suggestions, so in the end I opted for Open VPN since is well supported for Android, my main remote access to my network.
The concept
The idea is to create a pipe from a client (typically my Android phone) to my entry point to the network, the VPN server.
Normally, without VPN, the client connect directly to internet to connect to a server. Usually using a WiFi connection. There are many critical points in a open connection, even if protected.
The connection from the client to the Wifi Access point is accessible, the connection from the WiFi access point and the internet and every connection is open.
With a VPN the connection from the client to the VPN server is encrypted and thus inaccessible to others.
In this way I can use also open and not protected WiFi access points, like from Starbucks or other public places, and access more safely to internet via my network through my VPN.
And the other big advantage is that the client can access my network like it was directly connected in. So for example I can access directly my server and every machine on my network.
VPN server
Any linux machine is more than suitable to become a VPN server.
I decided to use a small Raspberry Pi for that for some reasons:
- I had some Raspberry Pi catching dust
- Is fast enough for my usage
- Some refresh exercise playing with the Raspberry Pi Linux (Wheezy Debian)
- I didn't want to play too much with the main server since I have some services running with extra protection
- Used OpenVPN for Raspbian
- Used a python program to show on a local webpage the status of the VPN usage
Openvpn-monitor
On the Rasberry Pi I installed also Apache2 in order to serve a webpage, only accessible from the internal network, showing the usage of the VPN.
Follow the instructions on the github repo to install and run the monitor.
Remember to add in the conf file for the website (openvpn-monitor.conf) the coordinates of the starting location for the map.
Certificates
OpenVPN server includes also utilities to generate the certificates the client need to use to be connected to the VPN.
For tracking better the use of the VPN I decided to create a certificate for every client. OpenVPN of course support the use of the same certificate for groups of clients but as my policy I'm trying to avoid that.
For tracking better the use of the VPN I decided to create a certificate for every client. OpenVPN of course support the use of the same certificate for groups of clients but as my policy I'm trying to avoid that.
VPN clients
Every machine that wants to connect to the VPN needs to have installed a VPN client.
Here what I'm using :
- Android (tested) OpenVPN Connect
- Linux (tested) OpenVPN
- Mac (tested) TunnelBlick
- IOS
OpenVPN Connect - Windows TDB
- Chrome OS TBD
Resources
I used different sources/tutorials for that, mainly this one : Building A Raspberry Pi VPN
For this reason I don't describe the installation/configuration procedure.
It is well documented in hundreds resources on the net.
It is well documented in hundreds resources on the net.
However it needs not to be followed without knowing what you are doing and some steps needs to be customized/corrected but for the most part is a good starting point.
No comments:
Post a Comment