OpenVPN Internet Gateway
Dec 19 2024
I set up a VPN Internet Gateway. VPN means you can login from anywhere with a secure connection. Internet Gateway means you can only use that connection to go to the Internet rather than the internal network you're logged into.
Two use cases:
OpenVPN has two products, an Access Server which runs on your server and CloudConnexa which still runs a client on your server but the cloud connection is more flexible. AS is free for 2 connections (not sure if one is the server itself), CC is free for 2 connections (and one is definitely the server itself).
I decided to use CloudConnexa as that seems to have more documentation and examples.
Sign up for a free account. I had an issue that it wanted a six-digit code but the verification email just had a link. Eventually I had to login via Google login after that I could set the password and add 2FA authenticator app.
You specify a domain which users can then reach via.openvpn.com so it's kind of nice you don't have to maintain a DNS record nor do you care if your server IP changes since clients connect to CloudConnexa and it's up to CC to connect to server when it changes IP address.
Generically we're following Make a Network act as an Internet Gateway and basically method 1 which has specifics to Add a Network for secure internet access.
Users > Users: add gateway users.
Users > Groups: add a group, add gateway user to group. Turn Split Tunnel Off — this is to make it simple that when a client is on VPN he is on the VPN network not in their local network.
Add a Network and choose Secure Internet Access which then goes through a wizard. Use OpenVPN as the protocol because then you use the OpenVPN client which is much easier than setting up IPsec. Add a connector (for server host).
Deploy connector, which is a download link for a custom OpenVPN client configured with your connection details. Start it up on the server machine and login and you're set there.
I didn't add any Applications or Routes/IP Services as I just wanted a plain gateway.
Add Group you created above.
For clients they can now login to.openvpn.com and download a client. For mobile you can download OpenVPN app and on first start it'll have you login to .openvpn.com and will download the configuration file and set up mobile device VPN for you.
That's it for a simple setup. You can't access the VPN network nor even that host machine. You can set the client to restart and reconnect after reboot although not sure if it'll do it without computer user login in. Meanwhile the host can use the internal network and Internet as normal.
Two use cases:
- If you're using a dodgy or untrusted network, such as free WiFi at many places, you can secure your communications so they can't be eavesdropped or someone doing a man-in-the-middle attack.
- If you're traveling you are considered "at home" which is useful if you want to watch a streaming service overseas while on vacation.
OpenVPN has two products, an Access Server which runs on your server and CloudConnexa which still runs a client on your server but the cloud connection is more flexible. AS is free for 2 connections (not sure if one is the server itself), CC is free for 2 connections (and one is definitely the server itself).
I decided to use CloudConnexa as that seems to have more documentation and examples.
Sign up for a free account. I had an issue that it wanted a six-digit code but the verification email just had a link. Eventually I had to login via Google login after that I could set the password and add 2FA authenticator app.
You specify a domain which users can then reach via
Generically we're following Make a Network act as an Internet Gateway and basically method 1 which has specifics to Add a Network for secure internet access.
Users > Users: add gateway users.
Users > Groups: add a group, add gateway user to group. Turn Split Tunnel Off — this is to make it simple that when a client is on VPN he is on the VPN network not in their local network.
Add a Network and choose Secure Internet Access which then goes through a wizard. Use OpenVPN as the protocol because then you use the OpenVPN client which is much easier than setting up IPsec. Add a connector (for server host).
Deploy connector, which is a download link for a custom OpenVPN client configured with your connection details. Start it up on the server machine and login and you're set there.
I didn't add any Applications or Routes/IP Services as I just wanted a plain gateway.
Add Group you created above.
For clients they can now login to
That's it for a simple setup. You can't access the VPN network nor even that host machine. You can set the client to restart and reconnect after reboot although not sure if it'll do it without computer user login in. Meanwhile the host can use the internal network and Internet as normal.