Install and configure secured VPN for your VDC

Preface

OpenVPN is an open-source commercial software that implements Virtual Private Network (VPN) techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing Network Address Translators (NATs) and Firewalls. It was written by James Yonan and is published under the GNU General Public License.

Use Case

Some times you need to connect to your Virtual Datacenter over a Secured network. The commercial applications like, Palo Alto are very expensive. OpenVPN is an opensource implementation of IP/VPN server. You can install OpenVPN in your VDC and bring all your virtual machines under this Server. Later you will be connected to your VDC using this server.

Deployment

A high level diagram of the Deployment

Setup

We have Three networks.

  • DB Network - 192.168.1.0/24
  • Web Farm - 172.18.10.0/24
  • VPN Network Out - 10.10.10.0/24

Virtual Machines under First two networks doesnt have a Floating IP Address. The third network, VPN Network Out , in this network we created Our VPN Server. And we will assign a Floating IP Address to this Server.

Installation

  • Create a Virtual Server. Preferrably Ubuntu 16.04
  • Download the Installation Script from Here
sudo bash openvpn-install.sh

The following screen will be Displayed.

  • Script will Automatically Detect the Internal IP Address
  • By default 1194 UDP port will be used. You change this if you need.
  • The preferred DNS, I choose Google DNS, I trust Google very well :)
  • Finally, Enter a name for your Client Configuration file.
  • Hit Enter, and sit back

Script will automatically Download a lot of files and creating Certificates.

Finally it will ask for your Floating IP Address, enter it and Finished.

Client Configuration

  • Download the Appropriate client from here
  • Install it
  • Open the Application
  • Import the File, Choose your Client Configuration
  • It will a Window, saying that You are Connected

Make sure you have added a Security Group rule for 1194 UDP for VPN Server Make sure, 3 Interfaces added for your Router. This is for three Networks