Jump to content

How To: Access Remote Systems at Home/Work Securely from Anywhere with Pritunl

 Index

Spoiler

Introduction

1. Requirements/Prerequisites

    1.1 - The Operating System

    1.2 - The Hardware

2. Getting Started

    2.1 - Debain Distributions

        2.1.1 - Debian 10

        2.1.2 - Ubuntu 18.04

        2.1.3 - Ubuntu 20.04

    2.2 - Arch Distributions

        2.2.1 - Arch Linux

    2.3 - Red Hat Enterprise Linux Distributions

        2.3.1 - CentOS 7

        2.3.2 - CentOS 8

3. Creating an Organization/Users

4. Creating a Server

    4.1 - Create the Server

    4.2 - Attaching Organizations

    4.3 - Configuring Static Routes

5. Connecting w/ Our Client

    5.1 - Installing Client Software

        5.1.1 - Windows

        5.1.2 - GNU/Linux

            5.1.2.1 - Debian Distributions

                5.1.2.1.1 - Ubuntu 18.04

                5.1.2.1.2 - Ubuntu 19.10

                5.1.2.1.3 - Ubuntu 20.04

                5.1.2.1.4 - Debian 10

            5.1.2.2 - Arch Distributions

                5.1.2.2.1 - Arch Linux

            5.1.2.3 - RHL/RHEL Distributions

                5.1.2.3.1 - CentOS 8

                5.1.2.3.2 - Fedora 32

        5.1.3 - MacOS

        5.1.4 - Android

    5.2 - Import Profile

        5.2.1 - Windows/MacOS/Linux

        5.2.2 - Android

    5.3 - Port Forwarding

    5.4 - Connecting for the First Time

6. Conclusion

 

Introduction

Spoiler

At times you may find yourself with servers or services that you host either at home or at work that you don't want to or shouldn't publish to the Internet but wish you could still have access to remotely and securely. Examples include but are not limited to weakly encrypted or completely un-encrypted services such as HTTP, SMB, NFS, FTP, Telnet, or other services you don't/shouldn't publish to the Internet such as IPMI/iDRAC/iLO, your Routers WebUI, or SNMP(v1/v2).

 

A VPN or Virtual Private Network encapsulates and encrypts your network traffic inside of a "pipe" so-to-speak. This pipe connects you to your VPS (Virtual Private Server) and from there connects you to whatever networks/services you've configured on the VPS. This is useful when sending/receiving data over insecure connections such as Public Wi-Fi. How the VPN works is dependent on how the VPS is configured. This tutorial will cover how to use a VPS to create an encrypted tunnel enabling secure communication between your remote/off-site client device(s) and a private network be that your home, an office, or other location.

 

There are many Public VPN services out on the market today that enable safe & secure web browsing for whatever you're doing wherever you are. However, the goal here isn't to re-direct traffic we send to our VPS back out into the public domain. We want our VPS to forward our requests to our LAN so we can talk to our systems & servers securely regardless of our location.

 

Linus Media Group published a video on how to use VPS software known as Pritunl to create your own VPN service as oppose to using a public one. You can find out more about that here.

 

447022582_Screenshotfrom2020-05-1014-43-30.png.1abbbac708125387392de0f4d32adeff.png

 

In it's default configuration Pritunl fundamentally works like any other VPN service. You connect to the server, it redirects your traffic back out to the public. We are going to change that to suit the purpose of this tutorial.

 

1. Requirements/Prerequisites

Spoiler

1.1 - The Operating System

Spoiler

First and foremost you need to be comfortable with GNU/Linux (if that scares you off, don't let it. It's use in this tutorial will be almost painless) as that is what the VPS software is available for. You can however use your choice of Windows, Linux, MacOS, Android, or iOS client devices to connect to said GNU/Linux VPS. I highly discourage attempting to run Pritunl on a Windows machine be that through Oracle VM Virtualbox, Hyper-V, or WSL2 due to Microsoft's relentless system update/restart schedule. There would be no guarantee that the VPS would be online/available when you need it. An exception to this would be if you are using a workstation or server distribution of Windows such as Enterprise, Server 2016, or Server 2019. These distros allow the flexibility to differ updates until you're ready. Windows distros such as Home & Pro only allow differing updates for finite periods of time without resorting to service/registry edits.

 

1.2 - The Hardware

Spoiler

The Pritunl VPS software is very lightweight, for the configuration that will be demonstrated here. A system with as little as 2 cores, 4GB of RAM, and 16GB of storage (thumb drive) will suffice. This could be any office computer, NUC, or old PC. They will handle the task fine for a simple setup.

 

If desired this can be virtualized on servers running ESXi, UnRAID, or PROXMOX. Do note though in the event of PROXMOX the service will not run correctly in a LXC Container. You must create a full VM.

 

 

2. Getting Started

Spoiler

With your hardware or hypervisor server decided you need to choose a GNU/Linux distribution. Pritunl is available on Debian, Arch, and Red Hat Enterprise Linux.

 

NOTE: This tutorial will not cover how to install your GNU/Linux distro of choice. It is assumed you either already know how or can figure it out on your own. If you need advice on which distro to go with a simple option that serves the purpose well is Ubuntu Server 20.04. If you do need further instructions, comment below for assistance.

 

The following is a list of the most popular install instructions. These instructions are also available on the Pritunl website. Run each command one line at a time for your GNU/Linux distro.

 

2.1 - Debain Distributions

Spoiler

2.1.1 - Debian 10

Spoiler

 




sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.list << EOF
deb https://repo.mongodb.org/apt/debian buster/mongodb-org/4.2 main
EOF

sudo tee /etc/apt/sources.list.d/pritunl.list << EOF
deb https://repo.pritunl.com/stable/apt buster main
EOF

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv E162F504A20CDF15827F718D4B7C549A058F8B6B
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo apt-get update
sudo apt-get --assume-yes install pritunl mongodb-server
sudo systemctl start mongodb pritunl
sudo systemctl enable mongodb pritunl

 

 

2.1.2 - Ubuntu 18.04

Spoiler

 




sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.list << EOF
deb https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 multiverse
EOF

sudo tee /etc/apt/sources.list.d/pritunl.list << EOF
deb https://repo.pritunl.com/stable/apt bionic main
EOF

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv E162F504A20CDF15827F718D4B7C549A058F8B6B
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo apt-get update
sudo apt-get --assume-yes install pritunl mongodb-org
sudo systemctl start pritunl mongod
sudo systemctl enable pritunl mongod

 

 

2.1.3 - Ubuntu 20.04

Spoiler

 




sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.list << EOF
deb https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.2 multiverse
EOF

sudo tee /etc/apt/sources.list.d/pritunl.list << EOF
deb https://repo.pritunl.com/stable/apt focal main
EOF

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv E162F504A20CDF15827F718D4B7C549A058F8B6B
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo apt-get update
sudo apt-get --assume-yes install pritunl mongodb-org
sudo systemctl start pritunl mongod
sudo systemctl enable pritunl mongod

 

 

 

2.2 - Arch Distributions

Spoiler

2.2.1 - Arch Linux

Spoiler

 




sudo tee -a /etc/pacman.conf << EOF
[pritunl]
Server = https://repo.pritunl.com/stable/pacman
EOF

sudo pacman-key --keyserver hkp://keyserver.ubuntu.com -r 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo pacman-key --lsign-key 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo pacman -Sy
sudo pacman -S --noconfirm pritunl
sudo systemctl start mongodb pritunl
sudo systemctl enable mongodb pritunl

 

 

 

2.3 - Red Hat Enterprise Linux Distributions

Spoiler

2.3.1 - CentOS 7

Spoiler

 




sudo tee /etc/yum.repos.d/mongodb-org-4.2.repo << EOF
[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
EOF

sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/centos/7/
gpgcheck=1
enabled=1
EOF

sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp
sudo yum -y install pritunl mongodb-org
sudo systemctl start mongod pritunl
sudo systemctl enable mongod pritunl

 

 

2.3.2 - CentOS 8

Spoiler

 




sudo tee /etc/yum.repos.d/mongodb-org-4.2.repo << EOF
[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
EOF

sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/centos/8/
gpgcheck=1
enabled=1
EOF

sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp
sudo yum -y install pritunl mongodb-org
sudo systemctl start mongod pritunl
sudo systemctl enable mongod pritunl

 

 

A complete list of alternative supported distributions can be found on the docs.pritunl.com page.

 

With the install complete point your computer's web-browser to the IP you assigned the server with:


https://SERVER_IP/

Your browser may give you a security warning. This can be ignored. Once you bypass the security dialog you'll be greeted by the Pritunl setup-key page:

 

initial_setup_page.thumb.png.cc676cd0358cefb71e2b77e6119c7dad.png

 

As the initial setup box indicates run the command sudo pritunl setup-key. Then copy the output into the setup-key field and click Save. The web page will reload after a while and you'll be presented with the Login Page:

 

initial_login_page.thumb.png.006d920f5bdb679a70f7ec73c7da0309.png

 

As the instructions indicate you can run the command sudo pritunl default-password to get the default login credentials. After this you will be presented with the Initial Setup page:

 

initial_setup.thumb.png.f7fe0549cc15cf104bb0fc2f1db43e22.png

 

Here you can:

  • Change your username (recommended)
  • Pick a new password (recommended)
  • Alter your Public IPv4/IPv6 config (optional)
  • Change the Web Console port number (optional)
  • Add a Let's Encrypt Domain (optional)

Once you're done click Save. You'll be brought to the Dashboard:

 

the_dashboard.thumb.png.10e9e11bd5ae77ec47f1831729071844.png

 

 

3. Creating an Organization/Users

Spoiler

For our purposes here an Organization is simply a user group. First we create our Group(s), then we create our User(s) in the Group(Organization) we want them to belong to. To start click on Users in the navigation bar at the top:

 

1086500956_Screenshotfrom2020-05-3112-31-00.thumb.png.745f7d8ee49961b771beaf5d40c2061f.png

 

To create an organization click on Add Organization. A small pop-up box will appear where you will enter the name of your organization. When you're done click Add. The server will then show you the Organization you created:

 

948840512_Screenshotfrom2020-05-3112-43-45.thumb.png.a0f3bd8bc1cdbd7655c80619024ab4e6.png

 

Now click Add User. Another pop-up window will appear:

 

26289364_Screenshotfrom2020-05-3112-49-10.thumb.png.8a8080a5df427ccd7fd00f796022d63f.png

 

Here you will:

  • Create a name for the user
  • Choose the organization the user belongs to (if you created multiple Organizations)
  • E-mail (optional)
  • PIN (this should be unique to each user)

When you're done click Add.

 

90134557_Screenshotfrom2020-05-3112-55-17.thumb.png.9f4cb26f562ef3e2a8f8eb8fe92e0801.png

 

Repeat this for each user you'd like to add or use the Bulk Add Users option.

 

4. Creating a Server

Spoiler

With our user(s) created we now need to setup the server our user(s) will connect to remotely.

 

4.1 - Create the Server

Spoiler

Start by navigating to the Servers page from the menu option in the navigation bar:

 

558341499_Screenshotfrom2020-05-3116-54-35.thumb.png.493edfdbd95f7070dab838d3f254a235.png

 

Now click on Add Server. At the top of the pop-up menu click Advanced. You'll see the following options:

 

1714259534_Screenshotfrom2020-05-3116-57-47.thumb.png.ae32c185497a14a88ecd445b7a57763d.png

 

The primary options we want to focus on are:

  • Name
    • Pick a name for your VPN Server
  • Port
    • If you'd like to designate a specific port in your Router for Pritunl to use
  • Protocol
    • For our application here make sure you change this from UDP -> TCP

Recommended optional settings include:

  • DNS Server
    • If you want to use one other than Googles
  • Virtual Network
    • This must be different from your LAN but can otherwise be whatever you wish
  • ☑️ Allow Multiple Devices
    • If you plan to have more than one device connect to this VPN
  • ☑️ Inter-Client Communication
    • Allow multiple devices to talk to each other while connected to the VPN

All other options can be left alone unless you have reason to change them. Click Add to add the server. You'll be greeted by your new servers configuration page:

 

771490001_Screenshotfrom2020-05-3117-10-30.thumb.png.50a5dde64254357929a21ef98ad217e1.png

 

Before we can start our server we need to make a couple of changes.

  1. We need to add our Organization(s)
  2. We need to configure a Static Route

 

4.2 - Attaching Organizations

Spoiler

Start by pressing Attach Organization (upper-right corner). From the pop-up window you will select which organization you wish to add to which server. If you only have one organization and one server these fields should already be populated with the appropriate values. From here you can click Attach:

 

909840844_Screenshotfrom2020-05-3117-27-47.thumb.png.f39635738b02f63c73a85d1a87a6714e.png

 

4.3 - Configuring Static Routes

Spoiler

In it's default configuration Pritunl gives us two Static Routes.

  • 0.0.0.0/0
    • This is the Default Route. This basically says to take all incoming traffic and to direct it out to the Internet.
  • 192.168.222.0/24
    • This is the Route to our VPN network.

As is, our server would act as a proxy between us and the open web. For this tutorial we don't want that so start by clicking Remove Route right of 0.0.0.0/0. It will ask you if you're sure. Click Remove:

 

993027944_Screenshotfrom2020-05-3117-48-24.thumb.png.eb0fe253496dba9769fbbf993cfe6399.png

 

Now click on Add Route (upper-right corner). From the pop-up menu there's only two values you need to pay attention to:

  • Network
    • Designate the LAN being broadcasted by your Router. Be sure you verify what network yours is before moving forward. The following are examples of common home networks:
      • 192.168.0.0/24
      • 192.168.1.0/24
      • 192.168.100.0/24
  • Select a server
    • Provided only one server has been setup as has been done in this tutorial this field should be automatically populated.

From here click Attach:

 

777826739_Screenshotfrom2020-05-3117-55-59.thumb.png.8aef032a9be917b004a723ff4d9b61b4.png

 

You can now start the server via the Start Server button. If all is well you should see a Server Output similar to this:

 

2106447355_Screenshotfrom2020-05-3118-00-34.thumb.png.702190bd85c84b010ce862fcd11e7e15.png

 

If you see anything red in the Server Output feel free to discuss it below.

 

 

5. Connecting w/ Our Client

Spoiler

5.1 - Installing Client Software

Spoiler

 5.1.1 - Windows

Spoiler

On Windows installing the Pritunl Client can be done by visiting the client.pritunl.com page and scrolling down to the Windows Installer.

 

5.1.2 - GNU/Linux

Spoiler

5.1.2.1 - Debian Distributions

Spoiler

5.1.2.1.1 - Ubuntu 18.04

Spoiler





sudo tee /etc/apt/sources.list.d/pritunl.list << EOF
deb https://repo.pritunl.com/stable/apt bionic main
EOF

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo apt-get update
sudo apt-get install pritunl-client-electron

 

 

5.1.2.1.2 - Ubuntu 19.10

Spoiler





sudo tee /etc/apt/sources.list.d/pritunl.list << EOF
deb https://repo.pritunl.com/stable/apt eoan main
EOF

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo apt-get update
sudo apt-get install pritunl-client-electron

 

 

5.1.2.1.3 - Ubuntu 20.04

Spoiler





sudo tee /etc/apt/sources.list.d/pritunl.list << EOF
deb https://repo.pritunl.com/stable/apt focal main
EOF

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo apt-get update
sudo apt-get install pritunl-client-electron

 

 

5.1.2.1.4 - Debian 10

Spoiler





sudo tee /etc/apt/sources.list.d/pritunl.list << EOF
deb https://repo.pritunl.com/stable/apt buster main
EOF

sudo apt-get install dirmngr
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo apt-get update
sudo apt-get install pritunl-client-electron

 

 

 

5.1.2.2 - Arch Distributions

Spoiler

5.1.2.2.1 - Arch Linux

Spoiler





sudo tee -a /etc/pacman.conf << EOF
[pritunl]
Server = https://repo.pritunl.com/stable/pacman
EOF

sudo pacman-key --keyserver hkp://keyserver.ubuntu.com -r 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo pacman-key --lsign-key 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo pacman -Sy
sudo pacman -S pritunl-client-electron
sudo pacman -S pritunl-client-electron-numix-theme

 

 

 

5.1.2.3 - RHL/RHEL Distributions

Spoiler

5.1.2.3.1 - CentOS 8

Spoiler





sudo tee -a /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Stable Repository
baseurl=https://repo.pritunl.com/stable/yum/centos/8/
gpgcheck=1
enabled=1
EOF

gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp
sudo yum install pritunl-client-electron

 

 

5.1.2.3.2 - Fedora 32

Spoiler





sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Stable Repository
baseurl=https://repo.pritunl.com/stable/yum/fedora/32/
gpgcheck=1
enabled=1
EOF

gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp
sudo dnf install pritunl-client-electron

 

 

 

 

5.1.3 - MacOS

Spoiler

On MacOS downloading the Pritunl Client Pkg can be done by visiting the client.pritunl.com page and scrolling down to the macOS Pkg.

 

5.1.4 - Android

Spoiler

On Android there is no Pritunl Client. Instead you can use OpenVPN Connect from the Google Play Store.

 

 

5.2 - Import Profile

Spoiler

5.2.1 - Windows/MacOS/Linux

Spoiler

From the computer you just installed the Pritunl Client on login to the VPN Web Management Console and navigate to the Users page from the top navigation bar. On this page look to the right of the user you created. Next to the red Offline indicator click the Download button to download your profile:

 

596890210_Screenshotfrom2020-05-3120-59-03.thumb.png.dc47dfdb3e3e93765c091320b5220d1d.png

 

Now from the Pritunl Client click Import Profile and search for the .TAR file that was downloaded. Click it and hit Open.

 

5.2.2 - Android

Spoiler

With OpenVPN Connect you need to download the .OVPN file from the VPN Web Management Console. Login to the console from the Android device and navigate to the Users page from the top navigation bar. On this page to the right of the user who's profile you wish to download, next to the red Offline indicator click the chain-link icon:

 

26346512_Screenshotfrom2020-05-3122-41-27.thumb.png.ee042a153d8671809dc12b9142fb0951.png

 

From here you will want to click on the Open profile link of the 3rd item in the pop-up list:

 

1624673236_Screenshotfrom2020-05-3122-44-06.thumb.png.3815ca78cb1401426f448fe704853fcc.png

 

When you do this you'll be brought to the User Profile. From here click Show More, then Download Profile (name-of-server). This will download the .OVPN profile:

 

1261395271_Screenshotfrom2020-05-3122-49-55.thumb.png.8a74a22768f241be012a30b769d93fd3.png

 

Now from the OpenVPN Connect App you can import the profile by clicking Import Profile -> File, then searching for where the .OVPN file was saved. Then hitting Import.

 

 

5.3 - Port Forwarding

Spoiler

Now that both our server and our client(s) are setup all that remains is setting up our Router. It needs to be understood that everybody's router is different. I cannot provide step by step instructions on how to setup your specific router for Port Forwarding but general rules apply:

  1. Make sure the IP assigned to the server is static
  2. Make sure the IP assigned to the server is either:
    1. Not in the DHCP pool
    2. Is reserved
  3. Make sure you use the correct Port Number
  4. Make sure you set the TCP or UDP rule to TCP.

 

5.4 - Connecting for the First Time

Spoiler

From a remote location be that a friends house, relatives house, any form of Public Wi-Fi, place of work, or any other source such as Cellular, enable the VPN on your device.

 

Pritunl Client

  • To connect using the Pritunl Client click the 3 bars in the upper right corner of the window then Connect. You will be prompted for you PIN. After you enter your PIN and the connection is completed you will be shown the servers address and the Private IP assigned to you by the VPN server.

OpenVPN Connect

  • To connect using the OpenVPN Connect App click the sliding bar next to the .OVPN profile you downloaded. You will be prompted for a profile password then to enter your PIN. Afterwords you will be connected to the VPN.

Now that you're connected to your VPN try entering the IP of the VPN Management Web Console. If you can reach it then you know the Static Route we configured to your home/office LAN works. From here if you login and go to Users in the top navigation bar you'll see that the user you logged in as will be reported as green Online:

 

996127601_Screenshotfrom2020-05-3123-11-39.thumb.png.d556fc934e8245fb3eb5ff3934b3832a.png

 

You can then also go to the Servers page and click on Bandwidth Graphs to see a running statistic of the traffic going over the VPN we just setup:

 

256057500_Screenshotfrom2020-05-3123-15-17.thumb.png.a20eaaf4b4a08c560f91c58940864249.png

 

 

6. Conclusion

Spoiler

From here what you do is entirely up to you. Regardless of where you are in the world you now have an encrypted tunnel into your home or place of work and a route to access any devices or services you host on that network. This could be used for accessing game servers, web servers, file servers, IPMI/iDRAC/iLO, your PC, a printer, your IoT devices, the options are virtually limitless and it's all encrypted over the public internet so it's safe to use on Public Wi-Fi.

 

If you feel any steps could use better clarification or if anything looks like it's missing do let me know.

 

Link to comment
Share on other sites

Link to post
Share on other sites

Holy !!!

 

That is some amazing in dept guide !!!!

 

Do you mind if I link to it in my own VPN thread ?

If you need help with your forum account, please use the Forum Support form !

Link to comment
Share on other sites

Link to post
Share on other sites

46 minutes ago, wkdpaul said:

Holy !!!

 

That is some amazing in dept guide !!!!

 

Do you mind if I link to it in my own VPN thread ?

You think this is in-depth? You haven't seen the VFIO guide have you? :D The Index ALONE would require a 1080p display flipped to portrait mode just to see the whole thing. I loved writing this because it was an easy one.

 

And go ahead. I wrote it so people may find it helpful.

Link to comment
Share on other sites

Link to post
Share on other sites

@wkdpaul On a related note. I didn't know you had a VPN thread. How does that work? Do you track all the publicly available ones or do you help people build their own? Or both, and possibly more?

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Windows7ge said:

@wkdpaul On a related note. I didn't know you had a VPN thread. How does that work? Do you track all the publicly available ones or do you help people build their own? Or both, and possibly more?

It's a simple guide on how to make a simple VPN home server ;

 

If you need help with your forum account, please use the Forum Support form !

Link to comment
Share on other sites

Link to post
Share on other sites

On 6/4/2020 at 2:35 AM, wkdpaul said:

Holy !!!

 

That is some amazing in dept guide !!!!

 

Do you mind if I link to it in my own VPN thread ?

How does this compare to your VPN guide? Does this make you appear like you're using your home connection, which is what you did in your VPN guide.

Link to comment
Share on other sites

Link to post
Share on other sites

5 minutes ago, carrickwater said:

How does this compare to your VPN guide? Does this make you appear like you're using your home connection, which is what you did in your VPN guide.

I'm not familiar with Pritunl, but the short answer is yes, if you're using your home connection, then when using it as a VPN (either with the software on my guide, or Pritunl), sites ans services will see your residential IP as the "exit node" for the VPN.

 

The only way to really hide your home IP is to use a "real" VPN service that will show the "exit IP" as the IP from that service, and not your home IP.

 

This is really so that you can have your own "home VPN", but if you need obfuscation or geolocation VPN, then a paid VPN service is pretty much the only solution, sadly! :(

 

Though, one could set this up for a friend somewhere else on the planet, and that would work (I'm using my VPN only when in China, so I'm not stuck behind the GreatFirewall).

If you need help with your forum account, please use the Forum Support form !

Link to comment
Share on other sites

Link to post
Share on other sites

@carrickwater @wkdpaul

Remember, in step 4.3 - Configuring Static Routes we removed the Default Route 0.0.0.0/0. This is what would take our traffic bound for the VPS out it's Default Gateway making us appear to be on its network and subsequent Public IP. Without this route your Public IP will remain that of where you are physically located.

 

You do however have access to the IP of the Router on the remote network.

 

Now I have not tested it but you may be able to enable both Static Routes. If it works this would give you access to both appearing under a different Public IP and the Private LAN behind it.

Link to comment
Share on other sites

Link to post
Share on other sites

On 6/5/2020 at 7:09 PM, Windows7ge said:

@carrickwater @wkdpaul

Remember, in step 4.3 - Configuring Static Routes we removed the Default Route 0.0.0.0/0. This is what would take our traffic bound for the VPS out it's Default Gateway making us appear to be on its network and subsequent Public IP. Without this route your Public IP will remain that of where you are physically located.

 

You do however have access to the IP of the Router on the remote network.

 

Now I have not tested it but you may be able to enable both Static Routes. If it works this would give you access to both appearing under a different Public IP and the Private LAN behind it.

Thanks. I mainly want to use it to appear as if I'm still in the US when I travel. Seems like it would work.

Link to comment
Share on other sites

Link to post
Share on other sites

9 hours ago, carrickwater said:

Thanks. I mainly want to use it to appear as if I'm still in the US when I travel. Seems like it would work.

If you'd like to host your own at home and to use it in a traditional VPN configuration you can follow the LMG guide mentioned in the Introduction. Instead of using a web hosted VPS though you can setup yours at home and leave the routing configuration alone.

Link to comment
Share on other sites

Link to post
Share on other sites

On 6/7/2020 at 11:37 AM, Windows7ge said:

If you'd like to host your own at home and to use it in a traditional VPN configuration you can follow the LMG guide mentioned in the Introduction. Instead of using a web hosted VPS though you can setup yours at home and leave the routing configuration alone.

If you host from a VPS, what difference does it make. Does it make your IP appear like it's coming from the VPS?

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, carrickwater said:

If you host from a VPS, what difference does it make. Does it make your IP appear like it's coming from the VPS?

If you leave the 0.0.0.0/0 route in place, yes. There are 1 year free trials with quite a few web hosted VPS companies where you could get this done for you rather inexpensively depending on your upload/download usage. Kind of like a cellphone data plan.

Link to comment
Share on other sites

Link to post
Share on other sites

On 6/11/2020 at 1:17 PM, Windows7ge said:

If you leave the 0.0.0.0/0 route in place, yes. There are 1 year free trials with quite a few web hosted VPS companies where you could get this done for you rather inexpensively depending on your upload/download usage. Kind of like a cellphone data plan.

Thanks. Very sorry for the late replies. I'll contact you privately soon for how to go about that. 

Link to comment
Share on other sites

Link to post
Share on other sites

  • 3 months later...

Hi everyone,

 

I know I'm very late. Hoever, I have a problem.

 

I setup my VPN server on a VM with no issue. But I never manage to connect to it from the client app.

 

My setup:

 

Host:

IP: 192.168.2.75

OS: Debian 10

 

Pritunl Server

Network: 192.168.243.0/24

Port: UDP, 16090

routes: tried, 0.0.0.0/0 and 192.168.2.0/24

 

On the BELL router:

Portfoward:

internal/external port:16090

IP: 192.168.243.0

 

The IP range on my router is 192.168.2.10 - 192.168.2.254

 

 

I tried everything including starting a new VM, resseting the router and remove the password of the user, but still nothing. My connection always times out without event reaching the server

 

Am I missing something?

Link to comment
Share on other sites

Link to post
Share on other sites

8 hours ago, lunalang said:

Hi everyone,

 

I know I'm very late. Hoever, I have a problem.

 

I setup my VPN server on a VM with no issue. But I never manage to connect to it from the client app.

 

My setup:

 

Host:

IP: 192.168.2.75

OS: Debian 10

 

Pritunl Server

Network: 192.168.243.0/24

Port: UDP, 16090

routes: tried, 0.0.0.0/0 and 192.168.2.0/24

 

On the BELL router:

Portfoward:

internal/external port:16090

IP: 192.168.243.0

 

The IP range on my router is 192.168.2.10 - 192.168.2.254

 

 

I tried everything including starting a new VM, resseting the router and remove the password of the user, but still nothing. My connection always times out without event reaching the server

 

Am I missing something?

What are you using as a hypervisor?

 

192.168.243.0/24 is the Pritunl VPN network yes? You don't Port Forward that. The IP of the Pritunl server is 192.168.2.75 yes? You need to enter this into your Router. And make sure the IP is reserved in your router as well.

 

Pritunl uses a special network protocol that encapsulates the VPN network data inside of another network packet. This is part of what makes it a VPN. When the server receives the packet it strips the IP header, decrypts the payload data which exposes the VPN network data which is basically just another network packet but this time bound for 192.168.243.0/24. From here Pritunl knows where to send the request. Your VPN network is not exposed publicly.

Link to comment
Share on other sites

Link to post
Share on other sites

I use XCP-NG.

 

I tried what you said. Reserve the IP for the of the host directly on my router.

I also foward the port to the sais IP (192.168.2.75)

 

However I still get the UDP link local (not bound) on the logs and the connection keeps timing out.

 

Is there anything else that I am missing?

 

Thank you for your help!

Link to comment
Share on other sites

Link to post
Share on other sites

29 minutes ago, lunalang said:

I use XCP-NG.

 

I tried what you said. Reserve the IP for the of the host directly on my router.

I also foward the port to the sais IP (192.168.2.75)

 

However I still get the UDP link local (not bound) on the logs and the connection keeps timing out.

 

Is there anything else that I am missing?

 

Thank you for your help!

Have you verified that you're not behind a Double NAT or NAT64-CGN? Have you successfully forwarded other services before?

Link to comment
Share on other sites

Link to post
Share on other sites

Everything works perfectly now.

It seems that I had to be outside the local network to fully connect.

 

@Windows7geYour help was extremly helpful and I thak you for that! :)

Link to comment
Share on other sites

Link to post
Share on other sites

25 minutes ago, lunalang said:

Everything works perfectly now.

It seems that I had to be outside the local network to fully connect.

 

@Windows7geYour help was extremly helpful and I thak you for that! :)

That was the next thing I was going to ask. A lot of Router equipment doesn't allow for a function known as NAT Loopback where a request from an IP on one side of a router goes to the IP assigned on the routers opposing network interface then back. You have to be on a separate network to connect which means a friends house, cellular Wi-Fi, Parents, Grandparents, public Wi-Fi, school Wi-Fi, Wi-Fi at work, etc.

 

That's why it wasn't working. You can't really test if the VPN is working from inside your network anyhow since you're connection is originating at the source.

 

Out of curiosity, what are your plans with the VPN?

Link to comment
Share on other sites

Link to post
Share on other sites

I wasn’t expecting that since alot of people didn’t seem to have that kind of restriction.
 

I have a homelab server at home. I use it to learn a lot.

When I told some friends they wanted to learn aswell so I want them to be able to use it to.

also I want my brother to be able to use my NAS.

And some other projects.


Once again, thank you for your help.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, lunalang said:

I wasn’t expecting that since alot of people didn’t seem to have that kind of restriction.
 

I have a homelab server at home. I use it to learn a lot.

When I told some friends they wanted to learn aswell so I want them to be able to use it to.

also I want my brother to be able to use my NAS.

And some other projects.


Once again, thank you for your help.

My old router from my ISP didn't have that restriction. Upgrading the Internet plan had us changing out the router. After that NAT Loopback no longer worked. Supposedly it's a setting you can enable/disable but from the WebUI of ours that was not the case so...

 

In either case for a setup like this to verify proper functionality you really do want to be on a separate network anyhow.

 

Neat. There's a lot you can do & learn from a virtualization server.

 

You're welcome.

Link to comment
Share on other sites

Link to post
Share on other sites

  • 2 years later...

Can you please make a new guide to configure a local VPN on Raspberry Pi OS, Android or even Windows 10 and to be used by a client/user on Android (for Smart TV's)?

I'm asking this because of the recent Netflix agressive password sharing rules that are completly absurd.

If there is any way to get a raspberry pi or some low cost android/windows device to create a fixed IP (as a VPN) and connect another device like a smartTV (from another house) to that same IP (from the main house) it would be lovely!

Link to comment
Share on other sites

Link to post
Share on other sites

6 hours ago, Morfo2 said:

Can you please make a new guide to configure a local VPN on Raspberry Pi OS, Android or even Windows 10 and to be used by a client/user on Android (for Smart TV's)?

I'm asking this because of the recent Netflix agressive password sharing rules that are completly absurd.

If there is any way to get a raspberry pi or some low cost android/windows device to create a fixed IP (as a VPN) and connect another device like a smartTV (from another house) to that same IP (from the main house) it would be lovely!

I don't have experience with Raspberry Pi's and I don't know how well a server for this purpose would run on an cellphone of any variant. I'm not aware of server side software like this for Windows. Only the client software, so that's something you'll need to cope with and you'll need to put into consideration what your upload speeds are. For example where I live our downloads are fine but our uploads are atrocious. Around 10mbps. Do you have the bandwidth to proxy stream a video to an alternate location? I expect with the VPN overhead buffering and compression will be in full force.

Link to comment
Share on other sites

Link to post
Share on other sites

15 hours ago, Windows7ge said:

I don't have experience with Raspberry Pi's and I don't know how well a server for this purpose would run on an cellphone of any variant. I'm not aware of server side software like this for Windows. Only the client software, so that's something you'll need to cope with and you'll need to put into consideration what your upload speeds are. For example where I live our downloads are fine but our uploads are atrocious. Around 10mbps. Do you have the bandwidth to proxy stream a video to an alternate location? I expect with the VPN overhead buffering and compression will be in full force.

Yes that's the only good thing in most countrys of Europe, we have 1Gbps download and upload. It's not cheap but almost everyone have at least 500mbps or 200mbps in the oldest cheapest monthly packs.

Right now there's a big boycote in Portugal and Spain against Netflix, even the government is on it now because of the legality in tracing users as they intend to do. In the European Union we have a very big law enforcement called "Protection Data Rights" if you wan't to know more. In the current votes more than 60% of the current users are going to cancel Netflix. They started with us, Canada and New Zeland probably because they think we are pacifists and they can use us as lab rats lol. 😂

Anyway I digress, the main idea just for test purpose is to use a cheap device like a raspberry pi to be permanently connected to the main home internet, create a VPN with static IP and acess that same VPN with another device in a different internet connection, for example Wi-Fi from House Number 2. This would be used mainly by SmartTV's Android OS or Android TV Box's or even Google Chromecast TV.

I'm going to test this out. Thanks for the help! 🤗

Link to comment
Share on other sites

Link to post
Share on other sites

5 hours ago, Morfo2 said:

Yes that's the only good thing in most countrys of Europe, we have 1Gbps download and upload. It's not cheap but almost everyone have at least 500mbps or 200mbps in the oldest cheapest monthly packs.

Right now there's a big boycote in Portugal and Spain against Netflix, even the government is on it now because of the legality in tracing users as they intend to do. In the European Union we have a very big law enforcement called "Protection Data Rights" if you wan't to know more. In the current votes more than 60% of the current users are going to cancel Netflix. They started with us, Canada and New Zeland probably because they think we are pacifists and they can use us as lab rats lol. 😂

Anyway I digress, the main idea just for test purpose is to use a cheap device like a raspberry pi to be permanently connected to the main home internet, create a VPN with static IP and acess that same VPN with another device in a different internet connection, for example Wi-Fi from House Number 2. This would be used mainly by SmartTV's Android OS or Android TV Box's or even Google Chromecast TV.

I'm going to test this out. Thanks for the help! 🤗

I get where you're coming form.

 

Hmn...it's been a long while but IIRC with Pritunl specifically they want you to pay a fee to use the Site-to-Site VPN feature. That's what you're trying to do. You could work around this by enabling inter-client communication on the VPN then have all clients join the VPN network. For clients that don't have the capability to use the client software (SmartTV's, etc)...I'm really not sure...might have to do something janky.

 

Heres Pritunl's documentation on the process if you're interested though.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×