OpenVPN is a full-featured open source Secure Socket Layer (SSL) VPN solution that accommodates a wide range of configurations. In this tutorial, we’ll set up an OpenVPN server on a Droplet and then configure access to it from Windows, OS X, iOS and Android. This tutorial will keep the installation and configuration steps as simple as possible for these setups.
Note: OpenVPN can be installed automatically on your Droplet by adding this script to its User Data when launching it. Check out this tutorial to learn more about Droplet User Data.
Setup VPS instance
First thing first, you need to create a Digitalocean account by clicking this link. Complete the registration by providing your payment method, either with credit card or Paypal account.
After you see the green button “Create Droplet”, click on it to proceed to the next step. Type in your preferred Droplet hostname, whatever you want. Then select size of droplet, in this case you’ll choose the pricing which fit you. In my case, I choose the lowest one, $5 /month droplet with 20GB storage and 512MB RAM. It’s kind of enough for me.
Then select the region you want the droplet located. This time, you may want to choose the nearest region from your country. Then select Image, it is the operating system for your VPS. Choose the Ubuntu 14.04 x64.
And finally, tick the “User Data” in the Available Settings section. When the text input appears, enter the script for creating the VPN server. Get the script by referring to the link at the bottom of this post. Find the “Note” section like above quotation. There you’ll find the link to the script. Just copy and paste it.
And in the last section, you may skip that “Add SSH Keys”. Then you will receive the password required to login to the VPS in your email inbox. Check it later.
If you have a project hosted on Canonical’s Launchpad, then you have a choice to build it as soon as you push its Bazaar commit. The automatic build process is conducted by a “recipe”. Cited from official explanation, there are two options for when recipes get built:
A build will be scheduled automatically once a change in any of the branches used in the recipe is detected.
Built on request
Builds of the recipe have to be manually requested using the “Request build” action.
You can create a recipe from project page, and look for “Create packaging recipe”. Then you need to choose the “Built daily” option to automatically build the DEB binary from source when you push the commit.
I’ve got an AWS free tier account for a year recently. The free should mean free of charge, but even before a month, suddenly I got an unpaid bill notification from Amazon.
By looking at above image, I saw that the bill comes from EC2 service, which I use it for setting up a VPS. After deep looking at the bill information, I got the culprit. It was the Elastic IP address that got me to pay the charge.
Briefly, I requested a static IP address to be associated to my VPS. I didn’t aware that the IP has to be bound to any instances. Once it is disassociated, we will be charged at per-hour rate. And unfortunately, I disassociated it for a few hours by unknown reason. As the result, I had to pay Amazon for $0.36.
So, instead of disassociate the ellastic IP address, we just have to release it. Perhaps it will be useful for other people.
Sometimes, we need a proxy to bypass internet filtering. When we work in command line environment, it may not as simple as in graphical environment. But thanks to proxychains, it becomes so simple that we just need to put proxychains command before the commands we want to execute. Proxychains is available in Ubuntu repository. So, we just have to run sudo apt-get install proxychains to install it.
Proxychains can handle several proxy types, including SOCKS5 proxy. It is an SSH tunneling proxy. So we need a remote machine which allows us to login and access internet. That’s usually a VPS. So, we need to connect to SSH and make a tunnel before using proxychains.
ssh -vfCND1080 -l login_name -p port remote_machine_address
v argument makes verbose output, so you may ommit it
f argument makes ssh session run in the background
C argument enables compression for all data
N argument disables remote command to the machine we connect
D1080 means to make local dynamic listening poxy at port 1080
login_name is the username of our remote machine
port is the SSH port of remote machine, usually 22
remote_machine_address is the address of our remote machine, either IP number or domain
Once connected, we can now use proxychains to bypass internet blocking. But first, we need to configure the proxychains in order to use our tunnel proxy. Edit the /etc/proxychains.conf file. Make sure you have these lines uncommented.
If you have an OpenWRT router, sometimes you need to block particular devices from accessing internet yet still can connect to its Wi-fi network. We can do that easily from the LUCI web-UI control panel.
Head for menu Network > Firewall.
There you can make a new firewall rule. Give it a name in New forward rule section. Then click Add and edit.
Then you have to choose the device’s MAC address to block.
Then choose option Reject in the Action dropdown list.
Then click Save and apply. Make sure you have the new rule is listed in the rules list.