A Virtual Private Network (VPN) provides a confidential and secure connection between two or more remote locations over public networks such as the Internet. Having a VPN allows you to control who has access to what on your network and potentially increase your security by encrypting all traffic, including browsing history, that passes through your network.
VPNs can be configured to work with all major broadband providers and are compatible with all major operating systems including macOS, Linux, and Windows. This article will guide you through the steps necessary to connect to a VPN using the Open VPN plug-in for the open source web server, Nginx.
Step 1: Create a Network
The first step in setting up a VPN is to create a secured network using the IP protocol. A network is a collection of devices (such as computers, smartphones, and tablets) that can communicate with one another. Devices on your network communicate using IP addresses, which are numerical labels assigned to devices on a network that ensure all communications are unambiguous. Because IP addresses are assigned to devices dynamically by your Internet service provider (ISP), you will need to register your device with the ISP so it can be assigned an IP address. Once you are assigned an IP address, you can create a network with any name you choose.
To create a network on macOS, open Network Preferences and click the + button to add a new network interface. A window will pop up where you can enter a name for your new network and choose the type of security you wish to use (IPv4 or IPv6) and whether you’d like the network to be private (yes) or public (no). Once you click OK, the network will be created and you can proceed to Step 2.
On Linux, type the following command to generate a private network with the IP address 192.168.1.1:
ip addr add 192.168.1.1/24 dev eth0
Step 2: Install the VPN Client
Next, you will need to download and install the Open VPN software on your device. OpenVPN is a free and open source VPN solution available for macOS, Linux, and Windows. The VPN software maintains active communication with a server providing you with a secure connection to a remote network (typically during setup, your device will automatically connect to a server offering you a secure connection to a remote network). You can download and install the Open VPN client from the OpenVPN website. Once you download and install the Open VPN client, you can connect to your server.
On macOS, you can use the OpenVPN GUI tool to connect to your server and begin setting up your VPN. From the menu, choose Preferences, then click the + button to add a new VPN server. You will need to provide a name for your VPN server (ex: server1) and a secret key (generated randomly during setup) to connect to it. When you are done, click OK to save your changes and continue to the next step.
On Linux, you can use the command line to connect to your VPN server. You will need to use the following command to connect to your server:
openvpn --config server1.ovpn
You can download and install the OpenVPN client on virtually any device including macOS, Linux, and Windows. You should download the VPN client for the platform you are using and install it on a device that will be used to access your network.
Step 3: Configure Nginx
The next step is to configure your server, Nginx, to use the Open VPN plugin. First, you will need to download and install the Nginx open source web server on your device. Nginx is a free and open source web server that supports multiple protocols, including the most commonly used protocols, such as HTTP and HTTPS. If you are running Apache on your device, you can install Nginx alongside it (simply point your browser to the Apache install directory on your filesystem and click the Install button). Once you download and install Nginx, you can configure it using its web-based interface:
sudo apt install php7.2
Navigate to http://localhost/index.php in your favorite web browser to access the Nginx interface.
On the main page of Nginx, click the + button to display the plugin options. Near the top of the page, you will see a section identifying all currently available plugins. Search for OpenVPN in the search bar and click Install Plugin to continue.
A new page will open with a summary of all the necessary information including the OpenVPN plugin and its version. You will need to Accept the terms and conditions to continue. Once you accept the terms and conditions, a link will appear below the acceptance dialog labeled Continue to Plugin Info. Click this link to display the plugin’s configuration instructions.
To use the OpenVPN plugin on Nginx, you need to add a few lines to your /etc/nginx/nginx.conf file. Find the following lines in this file and replace them with the code below (line breaks and indentations are for readability only):
# OpenVPN Server Configuration
Add the following lines to the end of the file and save it:
listen 443 ssl;
# optionally, configure Nginx to require certificates with a common name:
# enable HSTS (HTTP Strict Transport Security) which helps prevent cross-site request forgery attacks by forcing browsers to always connect to your site via HTTPS:
#...more SNI (Server Name Indication) information as above...
Then simply restart the server to load the updated configuration:
sudo systemctl restart nginx
You will need to ensure that all devices on your network are set up with IP addresses belonging to your sub-network (192.168.1.0/24) so they can properly communicate with your server. To finish setting up your network, visit the DNS settings section of your device's settings area and ensure the DNS servers provided by your ISP (220.127.116.11 and 18.104.22.168) are enabled. You can download and configure DNS through the Settings app (in iOS, Android, and Windows) or directly from the command line (MacBook and Linux)
As a security measure, VPNs require you to identify yourself (user name and password) whenever you access a website that's over a secure connection. Your ISP may require you to verify your identity with additional authentication factors which could include entering a challenge or using one-time passwords (OTPs).
To configure your OpenVPN client to use a certificate instead of a password, visit the Authentication section of the plugin's configuration interface and choose Client Authentication from the list of available options.
If you are using a TOTP (Time-based One-time Password) strategy with your OTPs, you can generate a one-time password (also called a "secret key" or a "token") for your VPN by following the instructions provided by the TOTP plugin's configuration interface. A TOTP strategy with a one-time password makes it much easier for users to log in to your VPN since there's no password to remember.
Step 4: Test Connection
Now that your VPN is configured and you're able to connect to it using your OpenVPN client, you can test your connection with a website available over the public Internet. Type the following URL in your browser window: