Now that I have my remote access machine up and running it is time to install the VPN modules into it to get remote access to my network. In my previous post I mentioned that I was going to use IPSEC/L2TP VPN.
After some thought and investigation I decided to change that to OpenVPN. There are a number of reasons for my change. Firstly the general consensus on the internet seems to be that OpenVPN is more secure then IPSEC/L2TP VPN’s. My original investigations into OpenVPN looked like the setup and maintenance of the system was going to be very time consuming and difficult to maintain due to the requirements of generating certificates for each device etc.
I found that OpenVPN has a product called OpenVPN Access Server. This made the setup and maintenance of OpenVPN very easy so I decided to switch.
So now to the install.
All there is to do to install this is to run
apt-get update apt-get install openvpn-as passwd openvpn
The last line updates the openvpn password, which you will use to access the admin console. Once installed open your web browser and point to http://ipaddress:943/admin
Configure the VPN Settings you would like, in particular the Server Network settings as they need to be right. (Make sure you get the external address right)
Then I changed the default port from 443 as I intend to use that elsewhere and NATed the ports through the modem.
To configure my clients I simply log onto https://vpn.domain.com:943 and then download and install the client. For android devices I Installed OpenVPN Connect. Start the application, select import from access server and provide the following details
- https://vpn.domain.com:943
- Username
- Password.
I have also created two new profiles which I can apply to the server. One to send all internet traffic via the VPN and one that doesn’t. The default one that I will use will not send all traffic down the connection due to the connection speed. When I am traveling I can switch it over to send all my traffic via the connection.
So far I have found it to be very quick, quicker then IPSEC/L2TP, the only downside is that you need to have the agent installed which so far, hasn’t been a big deal (Touch wood)