drumguy1384

I would like to provide a word of caution. I set this up several weeks ago and it works exactly as advertised. However, I started noticing some instability, inability to connect on occasion, couldn't get to the web interface. I finally did some investigation today and discovered that, despite following all of the directions, my box had been infiltrated. My SSH logs had thousands of failed login attempts, which suggests that this version of SSH is an attractive target. One connection had several red marks on virustotal.com and came from China. Blocking all SSH traffic through the Vultr firewall seems to have stopped the compromise. Once everything is set up I would suggest blocking all SSH and using the web console through the Vultr dashboard, or selectively enabling SSH only when you need to use it. To clarify, none of the login attempts I saw seemed to be successful, however there were still some active connections on port 22. The Chinese IP I saw was one of those. The connections didn't seem to have a user associated, which suggest a flaw in sshd on this version of CentOS. I might try rebuilding it on a different distro instead to see if the same thing happens again.

I think I just found one. OpenVPN only allows 2 concurrent connections without purchasing an additional license. If you want more than that pritunl may be the way to go.

Stage 2 step 6 says "Disable 'Inter-Client Communication'". This will block the individual devices connected to your VPN from talking to each other. However, if you skip this step they should be able to communicate while they are connected. You would just need to figure out what the ip addresses of the devices are inside the VPN, which you probably can see through the pritunl dashboard.

What would be the advantage of using this over just creating an OpenVPN instance on VULTR? I mean, I get that it is probably more configurable, but why reinvent the wheel if you just want a fast VPN that you don't have to share?

Is your server using an internal IP address? (192.168.x.x) If so you will be able to connect locally, but outside connections will not reach it. In order to reach it from the outside you will need to configure your router to forward the VPN port to the internal server IP. Then, when connecting from outside (i.e. your phone) you point it at your external IP address (the one provided by your ISP) and the router should direct the traffic to the internal address.

The IP address assigned to your VPN server is part of your internal network. This will not be reachable from outside your local network. This is why the connection is timing out. It will never find that internal IP address to connect to. In order to make it work you will need to open your router's configuration and forward the desired port to your server. Then when connecting, point your outside device to your public IP address (the one assigned by your ISP). The router should then (if all goes well) forward the traffic to the port you specified and connect to the VPN server.