Introduction to Running an OpenVPN Server
Virtual Private Networks (VPNs) can be utilized for a number of very useful applications. You can securely connect to any public WiFi hotspot. You can overcome geo-blocking restrictions on your favourite websites. And you can even connect to your home or office network from anywhere in the world, as if you were sitting right at your desk. This guide will walk you through the process of setting up your own OpenVPN server, and connecting to it with your copy of Viscosity.
Running your own OpenVPN server will allow you to encrypt everything you do on the internet, so that you can safely do your online banking on the free WiFi at your favourite cafe. If you connect to a public WiFi hotspot without using a VPN, then you are at risk of anyone else connected to that hotspot seeing everything you do, including reading any login details you may use (including your password!). However, with an OpenVPN server set up at home, you can connect to it from a public WiFi hotspot and protect your confidential details from eavesdropping. Anything you send over the VPN connection will be encrypted from your device until it reaches your OpenVPN server at home, where it will be decrypted and sent out to its destination, as if you were sitting in the comfort of your own home. Any files you access on your home/office network will also be encrypted as they travel through the internet. Setting up your OpenVPN server to access your home/office network gives you full access to all your files on your network. It's like having your own personal cloud, where you control it 100%.
The first step to setting up your OpenVPN server is to decide why you want a VPN Server. We'll cover a couple of popular scenarios below. Which ever way you choose to go, we have a growing list of setup guides for OpenVPN in our setup guides section to help you get started.
Securing Your Traffic
If all you want to do is secure your traffic when out and about, the easiest thing to do is purchase a package from a VPN Service Provider. We have a list of providers that support Viscosity here. The advantage is you don't need to worry about setting up or maintaining the security of your own server, plus a provider has many locations to ensure you get the best connection.
If you'd like to go it alone, you have two options. The first is to rent a VPS or server. We won't cover these but there are plenty of suggestions online for reputable VPS or Server providers. A popular one is Amazon Web Services, though you may find this more expensive than simply purchasing a package from a VPN Service Provider.
The second is to use your home Internet connection to dial back to.
There are many reasons you might want to connect home. You can utilise your home internet connection when out and about, creating a secure connection when on public WiFi, or you may like to access files on a home server when not at home.
The biggest thing to keep in mind is that your download speeds while connected via a VPN back home are limited by your home Internet's upload speed. If you are on an ADSL connection for example, this can be quite slow. If you have a fibre connection however, this will usually be more than enough.
Many home routers now have VPN capability built in, we cover some of these routes in our setup guides section. If you don't have a home server, another option is to run up a Virtual Machine on your home computer with something like Virtual Box or even pick up a cheap computer like a Raspberry Pi.
You will also need to make modifications to your router, usually in the way of Port Forwarding. Check your home routers user manual for more information about how to do this for your model of router.
You can find some setup guides for OpenVPN in our setup guides section.
Where To Host Your VPN Server
The most cost effective way to setup your VPN server is at home on an existing PC or server you already have. Many routers also have inbuilt VPN support, check your router to see if it supports OpenVPN.
This also allows you to connect home to access files or resources within your home network. There are a few things to consider though:
- Your Internet Speed - When a client is connected to a VPN server, it's upload and download speeds are the opposite of your home Internet. For example if you are on ADSL, and only have 1mbit of upload speed, then the maximum speed a client can download at when connected to your server is 1mbit.
- Carrier Grade NAT - To be able to run a home VPN server, you need to have your own public IP address. Many Internet Service Providers (ISPs) save on costs by using Carrier Grade Nat, where multiple users share a single public IP address. You will need to query your ISP if they offer you a public IP address or you share one. If you are sharing an IP address via NAT, you cannot setup a VPN server at home.
- Dynamic IP Address - Many ISPs provide Dynamic IP addresses. This means that your public IP address for your internet can change regularly. There are a couple of ways around this. Many companies offer Dynamic DNS, which allows you to use a DNS address which is updated with your IP address when it changes. Another option is to request a static IP address from your ISP, though for many this will incur an additional cost.
The other option is renting a VPS or server space from a provider. The options are endless for where you can host your server and who with. Shop around and find one that suits your needs. We do recommend an absolute minimum of 512mb of RAM though to get decent performance out of your server.
If you set up your OpenVPN server at home, you are most likely behind NAT on your home router and/or it has it's own firewall, you will need to configure your router to permit VPN traffic. Due to the many different models of router and network configurations, we cannot provide a step by step guide on how to set up your router to allow VPN traffic. However there are a few settings you are likely to need to change, so we will outline them here.
As the the router will be directing all traffic to and from your OpenVPN server, you will need to set up port forwarding so that the OpenVPN server is externally accessible. Port forwarding may be under the section in your router management interface named 'Virtual Servers'. In general, you will want to forward any traffic incoming to the router on the OpenVPN port (1194). You will need to setup a rule to send any UDP traffic on these ports to the local IP address of your OpenVPN server (which is probably something in the range 192.168.0.x).
If you have set up port forwarding please also make a note of your external WAN IP address. This is the IP address assigned to your router by your Internet Service Provider (ISP). This address will be needed when configuring your connection in Viscosity below.
The other main router setting you will need to consider is static routing. Because you will have a VPN set up, there will be traffic sent to your router with a source or destination IP in the range 10.8.0.x. This traffic will need to have static routing in place to ensure that when a host recieves a request from the VPN client (on the 10.8.0.x subnet) and sends a response to that address, the router knows how to convert the 10.8.0.x IP address into an address it understands (i.e. 192.168.0.x). Thus you will need to setup a static routing rule that has the following properties:
Destination: 10.8.0.0 Subnet mask: 255.255.255.0 Default gateway: your-server-IP
where your-server-IP is the IP address of your OpenVPN server on the local network (something in the range 192.168.0.x).
Accessing Network Resources
Once connected to your VPN server back to your home network, you can access your files or other services by using the LAN IP address you would use if you were connected to them via your home/office local network.
Connect via Mac
To connect to a shared network directory from your Mac connected to the VPN:
- Open a Finder window
- Click Go on the menu bar and select "Connect to Server..."
- In the Server Address, type the LAN IP address of your network resource (something like 192.168.0.x) and click
- Enter the username and password for the network resource
- Select the shared volume you want to access and click
Network resources you would normally find appearing in the Finder sidebar will not appear when connected to via the VPN. You can find connected network resources in the Computer directory. In a Finder window, press
c to jump to the Computer directory.
Connect via Windows
To connect to a shared network directory from your PC connected to the VPN: