• Stars
    star
    808
  • Rank 56,429 (Top 2 %)
  • Language
    Shell
  • License
    MIT License
  • Created about 8 years ago
  • Updated over 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Make a self hosted OpenVPN server in 15 minutes

Popup OpenVPN

Make a self hosted VPN in 15 minutes.

If you can 'kind of run a server', then you can manage this.

Give all your non-technical friends a free VPN!

Why?

Companies like verizon, AT&T, and Comcast already have developed tools to sell police bulk access to your data without a warrant. Isn't this illegal spying? Not if your internet provider does it as a service!

Do you want every corrupt government contractor to have access to your browser history? Right now, they often do.

Installation Guide

  1. Make an account and get a $10 free credit at digital ocean

    • skip this step if you have an account already
    • disclaimer: I get some free credit when you use this link. Thanks!
  2. Add your SSH key to Digital Ocean

    1. Enter the digital ocean web interface
    2. go to settings->security->SSH keys
    3. Paste your key, found by default $HOME/.ssh/id_rsa.pub
      • tip: make a key with ssh-keygen
      • danger: ssh-keygen WILL overwrite your current key without warning
    4. On server creation, the key will be added in server's root user's authorized_keys
    5. ansible uses the default SSH key: ~/.ssh/id_rsa.pub
      • you can manually set a key as a command line argument in manage.sh
  3. Create a new server on Digital Ocean

    1. Choose the Ubuntu 16.04.1 x64 base image
    2. Use the $5 option
    3. Choose a datacenter near you for low latency.
    4. Check your preferred ssh key under Add your SSH keys
    5. Choose a hostname like popup-openvpn
    6. Do not check use IPv6
    7. Notes
      • You will have 1 terabyte of monthly transfer
      • They call a server a droplet
  4. Configure this repo for your users

    1. Clone this repository on your local computer
      • git clone --recursive https://github.com/robbintt/popup-openvpn.git
    2. Configuration files:
      • hosts
      • group_vars/all
    3. Add the IP address of the server to your hosts file
      • The IP address is available in your digital ocean dashboard
      • In the [vpnservers] section, replace the default 1.2.3.4 with your server's IP address
    4. Add each of the following to your group_vars/all
      • You need at least one user and password
      • user
        • any username is fine in user
      • password
        • use a strong password
      • openvpn_client
        • any name is fine -- the default is myvpn1 etc.
      • Replace or delete the example users and passwords entirely
    5. You can add as many openvpn_client sections and user/passwords as you wish
    6. IMPORTANT: Delete any extra user lines and unnecessary example certificates, e.g. myvpn3, myvpn4
  5. It's time to automatically set things up!!

    1. Install ansible locally
    2. execute: manage.sh
      • The ansible script should run without any errors
      • (The restarter role fails if it doesn't need to restart or something)
    3. When you run this playbook for the first time, you will need to restart the server before you can connect.
      • todo - just restart the server every time the playbook is run or something
      • future - troubleshoot this issue in stouts or OpenVPN
    4. To reconfigure or update your server you may run manage.sh again
  6. email the .ovpn files to all your users

    • The ansible playbook transferred the .ovpn files to the computer you ran ansible from
    • Each ovpn file is stored in ./openvpn_files/ (inside the popup-openvpn project directory)
    • Each user only needs the ovpn file generated for them. They also need their username and password
    • You will open this file in your OpenVPN Client
  7. Install a client on each of your devices. You will need: user, password, .ovpn file

    1. Client Recommendations
    2. You will need to follow the client specific instructions
      • iOS | OpenVPN
        • You're going to want to go through this set-up process for iOS file syncing for the most secure way to share you .ovpn files. While you can send the file(s) through email, this is not recommended as email is often unencrypted, and will be assuming you don't have a prior end-to-end encryption system set up. The guide for iTunes sync in that VikingVPN link is rather outdated, so please refer to this official support page for file syncing in iTunes 12.x (most recent version as or writing).
        • Note: to connect you'll want to go through the OpenVPN app, sign in, and connect in-app after importing your .ovpn profile(s).
      • TODO: Assemble more links for client instructions
    3. All your users need to do this step for all their devices
    4. Linux
      • Arch has a good guide for this. Find a better way.
  8. Maintaining your server

    • TODO

Requirements

  • Server: Digital Ocean Ubuntu 16.04.1 Release
  • Local ~/.ssh/id_rsa.pub private key deployed to remote root authorized_keys
    • This is done through Digital Ocean on droplet deployment

Future

  1. Use ansible vault to encrypt group_vars/all
  2. Make a workflow for adding a new user and client certificate "for a friend"
  3. Add an automatic updates tool.
  4. Test this guide from very beginning to very end.
    • Beginning: Create a Digital Ocean Account
    • End: Install the ovpn cert and put the password in on all your devices
    • Very End: Maintaining your server
  5. Deploy to the world at large (reddit? digital ocean article?)

Stouts.openvpn

The Stouts.openvpn repo is included as a subrepo in /roles/Stoutsopenvpn.

References

Some useful links and additions.

Using Ansible Vault

You might use this to encrypt your group_vars/all

  • Encrypt a file: ansible-vault encrypt foo.yml bar.yml baz.yml
  • Decrypt a file: ansible-vault decrypt foo.yml bar.yml baz.yml
  • View file contents: ansible-vault view foo.yml
  • Run Playbook w/ Vault password: ansible-playbook site.yml --ask-vault-pass
    • This is managed in manage.sh in this script
Links

More Repositories

1

outlines

Knowledge, training, skills, data, and summaries in markdown format.
7
star
2

patternbook

A number of playbooks and roles for managing computers.
Jinja
5
star
3

pylanthia

A threaded Python Dragonrealms client intended for headless use and eventually to back an electron frontend.
Python
4
star
4

dotfiles

Dotfiles, these are typically deployed via ansible playbook.
Emacs Lisp
3
star
5

wGJF

A tool to find relationships between a Wikipedia Page and the Pages a certain depth from it.
Python
2
star
6

fort_gen

An iterative fort generator for dwarf fortress. Truly in alpha, fresh off the netbook.
Python
2
star
7

smorgasbord

A bunch of concepts for evennia
Python
1
star
8

twilight-imperium-monte-carlo

Simulate battles in Twilight Imperium using Monte Carlo models
Python
1
star
9

chatgpt-wrapper-workdir

Working directory for chatgpt.
Shell
1
star
10

cryptopals

My cryptopals solutions, probably in Python or C.
Python
1
star
11

cpp_samples

sample code sandbox
C++
1
star
12

demo_voice_openai_gist

Some audio demos
Python
1
star
13

inhumanerror

A library for using human brains to fix OCR errors. The script searches for soft spots and gives a human reviewer enough context to fix the passage.
Python
1
star
14

ie_vs_ei

Check ngsl for prevalence of some common patterns in "i before e, except after c"
Python
1
star
15

react-plotly-tutorial

HTML
1
star
16

ngram-analysis

A little suite for ngram analysis.
Python
1
star
17

turing1936

Turing Machines from Turing's 1936 paper.
Python
1
star
18

flask-template

This is a base flask project designed to iterate template generation over a paginated dataset expressed in with sqlalchemy
Python
1
star
19

gungheap.com

GitHub site for gungheap.com
1
star
20

barcode-scanner

Scan barcodes into an sqlite database.
Python
1
star
21

ansible-airflow

ansible role for airflow 1.10 on ubuntu 16.04 (using systemd unit files)
1
star