Skip to content

Hosting OpenVPN

Jump to bottom
TKperson edited this page Jan 25, 2022 · 1 revision

Introduction

As everyone that have used school WiFi knows that it blocked A LOT of the websites that we want to access. Most of the websites are actually useful. For example, the school WiFi blocked all of the Top-level domains and raw IPs, and those are the domains that the APCS students used for accessing their websites. In addition, there are so many ways that students have found to bypass the web domain restrictions -- I just don't get a point of why the school network administrators are still blocking the useful websites. Basically, the school WiFi restrictions are being very annoying than helping students.

The most common ways are using LTE/hotspot or VPN like betternet. But those ways all have some limits. So right now, I'm going to show you another way to bypass the school WiFi by hosting your own VPN using OpenVPN-server on your server.

Requirements

I'll be using AWS EC2 Amazon linux (Red Hat distro) with the package manager yum. Although you still can set up your VPN with any Operating System that openvpn supports (that includes Arch and Debian). You can also put the openvpn server on a separate laptop or RaspberryPI you have, but you need a Top-Level domain that can be accessed through the school WiFi.

Steps to setup openvpn

Host machine refers to the server where the openvpn server will be running on.

  1. Connect to your host machine through whatever methods that you want to use.
  2. Download openvpn server with your package manager onto your host machine. yum install openvpn
  3. This is easy-to-understand auto configure script made for helping users to skip configuring openvpn server with a text editor and many google searches `sudo sh -c 'curl -L "https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh" | sh'
  4. You can leave almost everything default.
  • When you are at the step where it says "Public IPv4 address or hostname:" you need to enter the raw public IPv4 or domain name that you want the VPN to use. In my case, my school blocked any all IPv4 direct requests, so I have to use the Top-level domain for the machine. Basically, you want to host your VPN using a domain that the WiFi did not block.
  • When the installer asks you to enter a port number for openvpn server, you can leave it as the default port, but for some WiFi they block a few ports. For example, my school WiFi blocked port 1194, which is the default port for openvpn and I had to change the port to 8080 or some common ports that I know the school WiFi won't block. You can check which port is blocked by hosting a temporary python webserver, and try to access that port using your school wifi.
  • Take a screenshot of the port number that your openvpn will be using, so you can remember it.
  • Everything else can be left as default.
  1. If you have done everything correctly, you will see a file appear in the home directory that ends with YOUR_OPENVPN_SERVER_NAME.opvn. Copy that file onto another machine and you can start using it.
  • To use the .opvn file you need an openvpn client
    • On Windows xp/vista/7/8/8.1/10/11, you can download the client here.
    • On linux, the openvpn client should be available in your distro's default package manager. If not, you can refer to this link.
  1. Now you have completed setting up for your openvpn server. All you have left is to port-forward the port that your openvpn server is hosted on.
  • On AWS, you have to add a new inbound and outbound rule to let the vpn port to pass through. Refer to the section below to see how to add inbound/outbound rule to your EC2 virtual machine.

Adding inbound/outbound rule

  • Log into your AWS dashboard from here.
  • After logging in you will see something similar to this:

AWS dashboard

  • Click on Service at the top left > Compute > EC2

Service button

  • In the menu bar, click on EC2 dashboard and then click on "Security groups"

  • In the top right, there's an orange button saying "Create security group" click on that
  • For the Security group name you can call it "VPN for school"
  • For the description you can say that you created this VPN because you stand up for your freedom
  • In the Inbound Rule section, you want to click on "add rule" and a new row will show up above the "add rule" button
  • Inside of the new row there will be a type column. In the type column change the "custom TCP" to "custom UDP". If you did exact what I showed above, your openvpn should be configurated to be using UDP.
  • Enter the port that you used for your openvpn into Port range (if you forgot, use the screenshot that you have taken earlier)
  • For the Source column enter 0.0.0.0/0
  • Do the same thing for outbound rule. Add rule > Set to custom UDP > set to the same portrange > set source to 0.0.0.0/0
  • Scroll to the bottom of the page and hit create security group.
  • Go back to your EC2 instances page and edit the security group for your EC2 machine

  • In the search bar, under the "Associated security groups," find the security group you made. Then click on Add security group.
  • Hit save at the bottom.
  • Done :)

How to connect?

Windows

  1. Open openvpn client that you downloaded from the link above
  2. click on the + button
  3. go to the "FILE" tab
  4. drag and drop the .opvn file that was generated in the host machine.
  5. Click "connect"

Linux

  1. There are unofficial GUI openvpn client for linux, but I'm not going to use those. If you have downloaded openvpn from your package manager, all you have to do is sudo openvpn YOUR_OPENVPN_SERVER_NAME.opvn
  2. There you go, you are connected to your VPN.

Be ready for more code code code :-)

Clone this wiki locally