Loading...

Setup your VPN

Omer Citak

Many useful websites like Wikipedia have blocked access in Turkey but there are multiple ways to access such blocked sites in our country. One of these is using VPN.

However, VPNs in our country aren’t implemented correctly or what they are and how they work isn’t known properly. Therefore, when we’re trying to access banned sites on the internet, we’re delivering all our traffic to people or organizations that aren’t trustworthy.

In this article, I will not only describe what VPN is and how it works but I will also show you how to setup your VPN and be safe on the internet.

What is VPN?

VPN stands for Virtual Private Network. VPNs are internal networks established by individuals or organizations. In some cases, these internal networks are allowed to be accessed from a connection outside.

Here’s a scenario to make it clearer. Let’s say you signed up for an Internet Service Provider (ISP) and brought internet connection home. You get the IP address X.X.X.X from the ISP. This IP address is assigned specifically to your connection. Therefore, when you access the internet from your home through any device, your IP address will appear as X.X.X.X.

However, at the same time, you have an internal network where your modem is broadcasted to devices like smartphones, computers, smart TVs, and more. Every device connected to this network gets an IP address from your modem only valid in the local network. These IP addresses must be in the same subnet mask as your modem. Generally, if the IP address of the router is 192.168.1.1, it gives out IP addresses like 192.168.1.2, 1.3, 1.4 and so on to the devices in the network.

The modem serves many roles such as acting as a router or a DHCP server. The broadcast is a communication method where all devices are equal. So it is a request/response protocol. The modem is the rule maker here due to its functionalities like router and DHCP server.

The IP addresses that your modem assigns to the devices in the internal network are used by your device in the local network only. The TCP/IP packets your device sends out when it connects to the internet initially visit your modem and then readjust the IP address as the one given by the ISP (public IP) before it’s delivered to its recipient. So the IP addresses of your smartphone and computer are the same on the internet.

So far, I tried to summarize how the network at home works. Note that we haven’t reached the VPN part yet.

Now, suppose you installed a web server such as Apache on a computer at home and made it responsive to HTTP requests. Your computer is now both a ‘client’ and a ‘server.’ It is a client because before you set up a web server on it, it didn’t have the mechanism to respond to requests. It became a server because it can now respond to requests.

In time, you added many files and contents to your web server. In fact, you weren’t satisfied with one, so you installed 2 or 3 more servers in your local area network. To make it clearer, let’s assign sample IPs to your servers in the local network:

  • 1st server: 192.168.1.21
  • 2nd server: 192.168.1.22
  • 3rd server: 192.168.1.23

Now you can access your servers and the data found in them by typing in the IP addresses of your devices in the address bar of your browser.

The 3 servers you had grew in number and in time became 5, 10, and 15. Now you’re beginning to forget which server kept which information. But you get the brilliant idea to assign domain names to these servers.

You can now access your servers by typing domain names such as ‘school,’ ‘family,’ ‘game’ instead of typing the IP address in your browser’s address bar. What a beautiful system, right? Just like the internet! The Internet is a network where servers are connected and where each server and client has an IP address. You have created a network at home just like a miniature internet. Since this network belongs to you, it is a ‘private network’ – also called VPN.

Let’s say a similar event happened at your workplace. The IT guys told you, “Well, we built a server for you with work files. Here is it’s IP address. But remember, it will only respond to requests from your home IP address.” So your workplace has set up a server that you can only access from the IP address that the ISP assigned you.

But what if you have to go abroad for an extended period. But your school, family, game files were all on the servers on your local network. Since these servers are on the local network, you do not have remote access to them. What are you going to do? Are you going to open servers to the internet with port forwarding (NAT) from the modem? No, this won’t work. If you do so, you will declare all those files accessible to the internet, meaning everyone can reach them!

Are you going to set up additional software for remote access to each server? No, not that either. You can access your school, family and game servers but you can not access the remote server at your workplace since it requires access from home. Here’s what you need to do: access your local network remotely. You can use an open source software to do this. For example, the most popular free VPN software is OpenVPN. You can remotely connect to your local network through OpenVPN. Every request you make to connect to the local network of your servers will reach this local network before it goes out to the internet. This way you will be able to access your server at work via VPN.

This is what VPN simply is. You set up a local network and connect to the network which has the contents you need. Thus, when you join that network, every request that needs to go out on the internet comes out of the connected local area network (VPN).

We use this architecture to access blocked sites. First, we rent a server located at a place where Wikipedia is not prohibited, then we install the necessary software and connect to the network. If we want to access Wikipedia later on, our requests will go through the VPN we are connected to and thus access Wikipedia without a problem.

What is “Güvenli Bağlantım” (My Secure Connection)?

“Güvenli Bağlantım” is a website that teaches you how to setup your VPN securely without speed loss to prevent interferences to your internet access. It helps you to setup a VPN entirely using open software and helps connect to the VPN you setup to surf the web safely and freely.

Now I’m going to describe how to setup your VPN with “Kendi Bağlantım” (My Connection). This section will consist of three subtitles:

  1. Server Rental
  2. Server and OpenVPN Installation
  3. Connection and program settings for PCs

By the end of these steps, you will be free and safe on the internet. We live in a geographical area where even a free encyclopedia like Wikipedia is blocked. It is very likely that we’ll wake up to a morning where a new source of information is blocked. Use and teach VPN to tackle these obstacles and censorship on the internet.

Server Rental

In this section, I will simply describe the steps to rent a server. For the sake of simplicity and reliability, we will rent the server from DigitalOcean.

As the first step, you must sign up to digitalocean.com and enter your credit card information. My recommendation is to use a virtual credit card that has the limit $0 and which can only be increased when shopping.

Next, click on the ‘Create’ button with the green background on the top right of the site as pictured above. Select ‘Droplets’ from the drop-down menu. ‘Droplets’ in DigitalOcean literature corresponds to ‘server.’ When the name of the hosting provider is the Ocean, we have to be a drop in it.

In creating a new droplet page, select the Linux version to be installed on the server. Select the 14.04.5 x64 version of Ubuntu on the far left.

Then, choose the package for the server’s capacity. At $5 a month, the package on the far left will be enough for us.

In this next step, choose the location of the server. Among the options, Frankfurt is the smartest location for us. Because compared to others, Frankfurt is the closest location to Turkey so we’ll be able to navigate faster on the Internet.

Finally, in the very bottom section, leave the left side as ‘1 Droplet’ indicating to open 1 server and write the name of your server on the right side. I chose the name ‘frankfurt-vpn.’

So the server is created in a matter of a few seconds, and the access information was sent by email!

Server and OpenVPN Installation

First, we need to establish a remote SSH connection to our server using the information in the email from DigitalOcean. To do this, we need a terminal and an SSH software on our computer. Linux and MacOS users can use the in-built terminals, but Windows users must use “Powershell.”

If you type “Powershell” in the Windows search bar, it’ll come up. After you launch Powershell, type the following command and press Enter

ssh [email protected]{IP_sent_in_the_email}

With the command above we will make an SSH connection to our server. After writing and executing the command, it will request a password from us. Your password is available, again, in the mail sent by DigitalOcean. If you copy the password from the mail and right click on your mouse on Powershell, your password will be pasted. But beware in this and the next password prompts, the password you type is invisible. You have to do the right-click just once. Don’t paste it multiple times assuming it’s not there. 🙂

In the first step, it requested the server password. In the following two steps, it requests to set up a new password since it’s a first time login. Put a difficult password that no one can guess.

And we’re finally connected to our server.

First and foremost, we will update the repository and software on the server.

apt-get update && apt-get upgrade

You will have to wait a while after executing the command above. At the end of this wait, all applications and repositories will be updated.

Time to install OpenVPN.

Typically, the installation of OpenVPN is a bit complicated, but a Free Software volunteer wrote the code to ease these steps and shared it on GitHub. We’ll take advantage of the tool this friend wrote.

GitHub link: https://github.com/nyr/openvpn-install

There is a command we need to run to use this tool also found on the GitHub page.

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

When we write this command to the terminal and apply, we will encounter an output like the one below.

  1. IP Address: The server is asking for the IP address. Press Enter as it is automatically filled in.
  2. Select Protocol: UDP.
  3. Port: Type 443 in case the VPN port on the network you are trying to connect may be blocked. No one blocks 443.
  4. DNS: Select Google DNS.
  5. Client Name: Enter the name of the device you’re connecting with. For example, ‘ev-bilgisayarim’ (home-pc).

As a result, you will see an output similar to the following.

As you can see from the image above, you have created the file ‘ev-bilgisayarim.ovpn’ under the ‘/root’ directory to connect to your VPN from your home computer.

If you want to connect to your VPN from more than one device, you can run the command above again and create a connection file with ‘.ovpn’ extension for as many devices as you want.

Now we need to transfer the ‘.ovpn’ connection file to your computer. We will use ‘PuTTY SCP Client’ software for this.

You can download the software from the ‘Download’ page on putty.org. Make sure to download the correct version of ‘pscp.exe’ as shown below.

After downloading, we will go to the ‘Downloads’ directory of Windows and write the command we need to copy the file from the server on Powershell.

cd .\Downloads\

Go to the ‘Downloads’ directory with the command above.

.\pscp.exe [email protected]:ev-bilgisayarim.ovpn C:\Users\omer\Desktop\ev-bilgisayarim.ovpn

Download the ‘ev-bilgisayarim.ovpn’ file from the server to the Desktop directory of the computer using the command above.

Once you write this command, press ‘y’ to confirm to keep the key in the cache.

Immediately after that, you will be asked for your server password, and when you enter the password, the ‘ev-bilgisayarim.ovpn’ file will be downloaded to your computer.

ATTENTION: I wrote the command above according to my computer. If the language of your computer is different, the directory names may differ. Also I wrote the IP address of my server. You should write the IP address of your own server.

Connection and Program Settings for Computers

We need the OpenVPN client to connect to the VPN we have installed on our Windows device. To download the OpenVPN client we need to go to the ‘Downloads’ page of openvpn.net (https://openvpn.net/index.php/open-source/downloads.html).

When you go to the Downloads page, you will be welcomed with a similar table above. You have to download the most up-to-date version of the client, 2.4.4. the ‘Windows Installer,’ i.e, the 4th option above.

Then run the Installer you downloaded and click on the ‘Next,’ ‘I Agree,’ ‘Next,’ ‘Install,’ and ‘Finish’ buttons, without making any configurations.

That’s all for the client setup. Now, to connect to the VPN you have created, you need to mount the ‘ev-bilgisayarim.ovpn’ file to the OpenVPN client.

Copy the ‘ev-bilgisayarim.ovpn’ file on your computer to “C:\Users\{username}\OpenVPN\config” directory. For example, on my computer, the username is ‘omer’ and the directory “C:\Users\ omer\OpenVPN\ config” looks like this:

Once you’ve done this step, you can launch the ‘OpenVPN GUI’ shortcut on your desktop. After you run it, you will have the OpenVPN icon on the bottom right of our computer. All you need to do is to right-click on the icon and click ‘Connect’ as shown below.

And then you get a notification from Windows that it is connected to the VPN.

If you want to check for one last time, right-click on the OpenVPN icon on the right side of your taskbar. When you click ‘Show Status’ you must see the message ‘CONNECTED, SUCCESS’ as shown in the figure below.

It’s that simple to setup a VPN! “Kendi Bağlantım” and Arka Kapı magazine wish you plenty of free and safe roaming on the internet in the new year!