How to Add/Remove Additional Users to OpenVPN

To continue on from the previous tutorial on setting up OpenVPN on Ubuntu we will now see what is required to add and remove users on our server.

Adding Users

A lot of the steps are the same as creating the initial installation so it should look pretty familiar.  Lets assume our new client is called home_pc.

The first step is to generate the key.

cd $HOME/clientside/easy-rsa/easyrsa3
./easyrsa gen-req home_pc nopass
cd $HOME/serverside/easy-rsa/easyrsa3
./easyrsa import-req $HOME/clientside/easy-rsa/easyrsa3/pki/reqs/home_pc.req home_pc
./easyrsa sign-req client home_pc

After the keys are created copy all the required files to the clientside directory.
cp $HOME/serverside/easy-rsa/easyrsa3/pki/issued/home_pc.crt $HOME/clientside/
cp $HOME/serverside/easy-rsa/easyrsa3/ta.key $HOME/clientside/
cp $HOME/serverside/easy-rsa/easyrsa3/pki/ca.crt $HOME/clientside/
cp $HOME/clientside/easy-rsa/easyrsa3/pki/private/home_pc.key $HOME/clientside/


How to Setup OpenVPN on Ubuntu to Bypass Restrictive Firewalls


Since I will be travelling to China next week I thought now would be a good time to setup a VPN that at least had some chance of working through the GFW. After doing some research I found there are a few possible solutions but the one I settled on was using OpenVPN with the scramble patch.

The goal of this guide is to help those travelling or living in China or other countries that have limitations on their internet access. In my case I am trying to bypass China’s Great Firewall which actively seeks out VPN connections and blocks them.  Using a typical OpenVPN configuration is no longer good enough as the GFW uses deep packet inspection to block OpenVPN connections.  Using an obfuscation technique I hope it will confuse the deep packet inspection and let the VPN function.  Full credit to the author of this thread for designing the scrambling technique.

Choosing a Server

I found a cheap VPN provider that has TUN/TAP enabled and a dedicated IP since I didn’t want to worry about a NAT’d IP. The actual specs of the machine are not that important as long as you get a sufficient amount of bandwidth for what you need it for.  I also selected one in the USA despite the privacy concerns but for the added benefit of being able to use it for US Netflix and other USA only services.  This is not meant to be an extremely NSA-proof server, but something I can use to get around China’s firewall restrictions.  If you have more privacy concerns, I would choose something in another country.

My Server Specs:

  • Ubuntu-12.04-x86_64-minimal
  • OpenVZ
  • 20gb HDD
  • RAM: 768mb / vSWAP: 768mb
  • 2TB Bandwidth
  • 1 IPv4

Lets get to setting up the server.

Day 9: Arrival in Ko Phi Phi

Our stay at Sino Imperial in Phuket Town was nice. There was not much to see or do in Phuket Town, we just used it as an overnight stay for our morning ferry.  The ferry leaving for Phi Phi Island leaves at 11 am but we had to be there an hour in advance to check in. I thought that 1 hour early for a ferry ride was a bit extreme but when we got there we saw why.  There were throngs of people everywhere. I don’t like to generalize but the Chinese tour groups were the worst; they just push everyone to get where they want to go with little respect for others. We are all boarding, there is no reason to try and push past everyone.

The ferry was pretty full with people were laying all over the deck.  We got a place near the front with a nice view which was fortunate.

Once you arrive in Phi Phi you need to pay a surprise 20 bhat tax to enter the island. I feel it would make more sense to include that in the ticket price since this surprise fee creates a lot of confusion at the entrance point.

Our hotel is close to the pier so its no problem to walk from the ferry. The sun is beating down fiercely and I am very sweaty when we arrive even though its only a few minutes walk.  Its lucky our room is ready when we arrive even though we are early for check-in.

After arriving we explored the island a bit and relaxed on the beach.  Some photos below: