I’ve enabled SSL by default now on my website. This should enhance your security. I was going to post a guide on how to do this for free but I decided that this guide was already everything you need: https://konklone.com/post/switch-to-https-now-for-free
Lets make the web a safer place for everyone.
To continue on from the previous tutorial on setting up OpenVPN on Ubuntu we will now see what is required to add and remove users on our server.
A lot of the steps are the same as creating the initial installation so it should look pretty familiar. Lets assume our new client is called home_pc.
The first step is to generate the key.
./easyrsa gen-req home_pc nopass
./easyrsa import-req $HOME/clientside/easy-rsa/easyrsa3/pki/reqs/home_pc.req home_pc
./easyrsa sign-req client home_pc
After the keys are created copy all the required files to the clientside directory.
cp $HOME/serverside/easy-rsa/easyrsa3/pki/issued/home_pc.crt $HOME/clientside/
cp $HOME/serverside/easy-rsa/easyrsa3/ta.key $HOME/clientside/
cp $HOME/serverside/easy-rsa/easyrsa3/pki/ca.crt $HOME/clientside/
cp $HOME/clientside/easy-rsa/easyrsa3/pki/private/home_pc.key $HOME/clientside/
Since I will be travelling to China next week I thought now would be a good time to setup a VPN that at least had some chance of working through the GFW. After doing some research I found there are a few possible solutions but the one I settled on was using OpenVPN with the scramble patch.
The goal of this guide is to help those travelling or living in China or other countries that have limitations on their internet access. In my case I am trying to bypass China’s Great Firewall which actively seeks out VPN connections and blocks them. Using a typical OpenVPN configuration is no longer good enough as the GFW uses deep packet inspection to block OpenVPN connections. Using an obfuscation technique I hope it will confuse the deep packet inspection and let the VPN function. Full credit to the author of this thread for designing the scrambling technique.
Choosing a Server
I found a cheap VPN provider that has TUN/TAP enabled and a dedicated IP since I didn’t want to worry about a NAT’d IP. The actual specs of the machine are not that important as long as you get a sufficient amount of bandwidth for what you need it for. I also selected one in the USA despite the privacy concerns but for the added benefit of being able to use it for US Netflix and other USA only services. This is not meant to be an extremely NSA-proof server, but something I can use to get around China’s firewall restrictions. If you have more privacy concerns, I would choose something in another country.
My Server Specs:
- 20gb HDD
- RAM: 768mb / vSWAP: 768mb
- 2TB Bandwidth
- 1 IPv4
Lets get to setting up the server.
I spent some time playing around with the networking and webserver configuration and I have now enabled IPv6 on Scott.StevensonOnThe.Net. I am now ready for the next generation. Please let me know of any issues you run into accessing the site from IPv6.