Using home internet at work, bypassing content limitations

Introduction

Hello comrades!
I must say right away that the article is not intended for professionals, but it is not designed for blondes, but rather is intended for people who need full access to the Internet with direct hands and enthusiasm.
It all started with the fact that at my work I introduced restrictions on resources that you can go to. And I naturally want to visit all kinds of sites, and I don’t want to pop into the logs.
There are several solutions to the problem:

• Thor network
• Purchase VPN service
• Setting up a home OpenVPN server to bypass the limitations of a working network.

The last option will be discussed, who I am interested in, I ask for cat.

Installation, configuration and verification

What we need

Since the load on our mini-server will not be large, all of my server part is located on a virtual machine in VirtualBox .
Debian operating system, all configuration will be carried out for it (I won’t give a description of the installation, there are so many manuals).
In case you use a router, you must configure port forwarding on the IP OS in VirtualBox.
Note: In order for the server IP to ping from the local network in the VirtualBox settings, in the Network tab you need to specify Connection type: Network bridge
An external static IP is desirable, but not required, you can use DynDNS or one of the methods presented in this article .

Installation and setup

Server

We assume that you have installed clean, bare Debian in terminal or graphical mode to your taste.
Then the first thing to do is install the necessary packages: OpenVPN, OpenSSL, LibLzo for traffic compression and MC is a convenient file manager.

sudo apt-get install openvpn openssl liblzo2-2 mc

Copy the examples of creating keys to the root folder and go to it:

cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa

We create keys and certificates, simultaneously answering the asked questions:

. ./vars
./clean-all
./build-ca

Then you need to create the server key:

./build-key-server servername

Again, the questions and as a result we get two files: server.key and server.crt
Now we need to create the keys for the clients:

./build-key clientname

And again, a bunch of questions, repeat this operation according to the number of people you are going to allow to your server.
Clientname and Servername can be any.
Now you need to create the Diffie Hellman key:

./build-dh

The process may take a long time.
As a result, after all these manipulations in the keys folder we should have the following keys: ca.crt, servername.crt, servername.key, clientname.crt, clientname.key, dh1024.pem . Everything except the client ones, we safely copy to the / etc / openvpn / folder :

cp ./keys/ca.crt /etc/openvpn
cp ./keys/server.crt /etc/openvpn
cp ./keys/server.key /etc/openvpn
cp ./keys/dh1024.pem /etc/openvpn

With the creation of keys over, it remains to configure the server. To do this, in the / etc / openvpn / folder, create the server.conf file

port 1194
proto tcp
dev tun # используем тип тунеля для интернет, tap для eternet
ca ca.crt # наши сертификаты
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0 # собственно наша виртуальная сеть
ifconfig-pool-persist ipp.txt
keepalive 10 120 # пинг каждые 10 секунд для поддержания канала связи
comp-lzo # сжатие трафика
persist-key
persist-tun
status openvpn-status.log #лог
push "redirect-gateway" # Перенаправлять default gateway на vpn-сервер. Если не нужно - закомментировать.
client-to-client
route 10.8.0.0 255.255.255.0
verb 3 # уровень болтливости записей в логи
push "dhcp-option 8.8.8.8"

It remains the case for small, let the Internet through our server:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
/etc/init.d/openvpn restart

All! Our server is ready to use.

Client

Let's set up the client part.
Everything is set up the same for me on Debian, but under Windows you can also redo the instructions.
We repeat the first steps to installing OpenVPN, you no longer need to create keys, you need to copy the already created keys ca.crt, clientname.crt, clientname.key to the / etc / openvpn folder /
Now it remains to create the client.conf configuration file and it will work:

port 1194 # ip и порт нашего сервера
client
dev tun
ping 10
comp-lzo
proto tcp 
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client1.crt
key /etc/openvpn/client1.key
ns-cert-type server
push "dhcp-option DNS 8.8.8.8"
route 10.8.0.0 255.255.255.0
verb 3
pull

If you have a dedicated IP, then it can also be written in the configuration file, I have a dynamic one, so I enter it when I connect.
We save the file and try to connect:

sudo openvpn --remote Ваш домашний IP --config /etc/openvpn/client.conf 

All! You can work! In addition to Internet access, you also have access to your home LAN.
I hope someone found this useful.