April 17, 2018 at 11:12Useful VPN Features
I didn’t want to write an article about setting up VPN because there are thousands of them without me on the Internet - choose the taste and color.
I just wanted to remind you just a few simple things that cause a lot of misunderstandings and questions. I understand that I am not drawn to the article, but I really want to reach out to you, but there aren’t any other ways in RuNet.
Even at the old point, there is often the opportunity to upgrade or deliver the right package. For example, for my old Zyxel Keenetic Ultra, there was an unofficial update that contains a bunch of useful stuff, including the openvpn client. There may also be firmware for your point - w3bsit3-dns.com is our everything, there are firmware literally for anything. If you have configured all the points for working with VPN, then life in general is already becoming much easier. If so many will, then again the problem is minimized.
You only need to know the address of the subnet to which you want to go through the VPN - then you update the list of these networks on your VPN server, the client receives and starts to drive only the necessary traffic through the VPN. The rest goes directly. This is important - I saw a bunch of instructions, after following which you will drive 100% of the traffic through the VPN - this is slow, expensive, and it is unlikely that you would like it.
For some reason, many believe that VPN works on mobile devices on an all-or-nothing basis. No, this is not so, even on stubs - in the same way you can only drive the necessary traffic through the VPN.
I would also like to add that for reasons unknown to me, everyone forgot about the torus, which also helps in similar tasks, and currently works quickly and stably.
As a home solution, I use the Google Compute Engine, where I have an openvpn server running on the server at the lowest cost. Of course, you can choose any other hosting and vpn server.
The clients for this server are raised on my point (the native client in the delivery of the point), on the laptop (there are clients for every taste and color) and on the phone (Android, the standard client for some reason refused to read the config, but immediately the client from Arne Schwabe started up ) It works just fine, no complaints. And I am much more confident in the security and durability of a personal server than any free or even paid one. Again, I think that it will always be available, there is no reason to believe otherwise (well, except that a huge range of Google addresses will fall into the block, but it is quite easy to change the server IP address).
Just in case, I’ll add my client settings - of course, without keys. The server and clients were raised over the evening, despite the fact that this is my first experience in deploying opnvpn, and actually I'm doing the development.
Client setup (certificates can be added directly to the configuration file to feed it quietly to a phone or a point):
The server setup is almost default - like I added only pushes there - so that only the necessary resources go through the VPN:
I wanted to add links to the OpenVPN setup, but there really are too many such articles, and they are without any problems, and there is one for each distribution.
You stay here, you all the best, good mood and health. It's only the beginning.
UPD You may find this list of IP addresses useful .
I just wanted to remind you just a few simple things that cause a lot of misunderstandings and questions. I understand that I am not drawn to the article, but I really want to reach out to you, but there aren’t any other ways in RuNet.
1. VPN client can be installed on almost any access point
Even at the old point, there is often the opportunity to upgrade or deliver the right package. For example, for my old Zyxel Keenetic Ultra, there was an unofficial update that contains a bunch of useful stuff, including the openvpn client. There may also be firmware for your point - w3bsit3-dns.com is our everything, there are firmware literally for anything. If you have configured all the points for working with VPN, then life in general is already becoming much easier. If so many will, then again the problem is minimized.
2. VPN allows you to selectively drive traffic through yourself
You only need to know the address of the subnet to which you want to go through the VPN - then you update the list of these networks on your VPN server, the client receives and starts to drive only the necessary traffic through the VPN. The rest goes directly. This is important - I saw a bunch of instructions, after following which you will drive 100% of the traffic through the VPN - this is slow, expensive, and it is unlikely that you would like it.
3. Mobile devices
For some reason, many believe that VPN works on mobile devices on an all-or-nothing basis. No, this is not so, even on stubs - in the same way you can only drive the necessary traffic through the VPN.
4. Thor
I would also like to add that for reasons unknown to me, everyone forgot about the torus, which also helps in similar tasks, and currently works quickly and stably.
Example
As a home solution, I use the Google Compute Engine, where I have an openvpn server running on the server at the lowest cost. Of course, you can choose any other hosting and vpn server.
The clients for this server are raised on my point (the native client in the delivery of the point), on the laptop (there are clients for every taste and color) and on the phone (Android, the standard client for some reason refused to read the config, but immediately the client from Arne Schwabe started up ) It works just fine, no complaints. And I am much more confident in the security and durability of a personal server than any free or even paid one. Again, I think that it will always be available, there is no reason to believe otherwise (well, except that a huge range of Google addresses will fall into the block, but it is quite easy to change the server IP address).
Just in case, I’ll add my client settings - of course, without keys. The server and clients were raised over the evening, despite the fact that this is my first experience in deploying opnvpn, and actually I'm doing the development.
Client setup (certificates can be added directly to the configuration file to feed it quietly to a phone or a point):
Client setup
client
dev tun
proto udp
remote YOUR_SERVER_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
PUT YOUR CA CERTIFICATE HERE
PUT YOUR CERTIFICATE HERE
PUT YOUR PRIVATE KEY CERTIFICATE HERE
key-direction 1
PUT YOUR STATIC KEY CERTIFICATE HERE
The server setup is almost default - like I added only pushes there - so that only the necessary resources go through the VPN:
pushies look like this
push "route xxxx 255.255.255.255"
push "route xxx0 255.255.255.0"
push "route xxx0 255.255.255.0"
I wanted to add links to the OpenVPN setup, but there really are too many such articles, and they are without any problems, and there is one for each distribution.
You stay here, you all the best, good mood and health. It's only the beginning.
UPD You may find this list of IP addresses useful .