To continue on from the previous tutorial on setting up OpenVPN on Ubuntu we will now see what is required to add and remove users on our server.
A lot of the steps are the same as creating the initial installation so it should look pretty familiar. Lets assume our new client is called home_pc.
The first step is to generate the key.
./easyrsa gen-req home_pc nopass
./easyrsa import-req $HOME/clientside/easy-rsa/easyrsa3/pki/reqs/home_pc.req home_pc
./easyrsa sign-req client home_pc
After the keys are created copy all the required files to the clientside directory.
cp $HOME/serverside/easy-rsa/easyrsa3/pki/issued/home_pc.crt $HOME/clientside/
cp $HOME/serverside/easy-rsa/easyrsa3/ta.key $HOME/clientside/
cp $HOME/serverside/easy-rsa/easyrsa3/pki/ca.crt $HOME/clientside/
cp $HOME/clientside/easy-rsa/easyrsa3/pki/private/home_pc.key $HOME/clientside/
Since I will be travelling to China next week I thought now would be a good time to setup a VPN that at least had some chance of working through the GFW. After doing some research I found there are a few possible solutions but the one I settled on was using OpenVPN with the scramble patch.
The goal of this guide is to help those travelling or living in China or other countries that have limitations on their internet access. In my case I am trying to bypass China’s Great Firewall which actively seeks out VPN connections and blocks them. Using a typical OpenVPN configuration is no longer good enough as the GFW uses deep packet inspection to block OpenVPN connections. Using an obfuscation technique I hope it will confuse the deep packet inspection and let the VPN function. Full credit to the author of this thread for designing the scrambling technique.
Choosing a Server
I found a cheap VPN provider that has TUN/TAP enabled and a dedicated IP since I didn’t want to worry about a NAT’d IP. The actual specs of the machine are not that important as long as you get a sufficient amount of bandwidth for what you need it for. I also selected one in the USA despite the privacy concerns but for the added benefit of being able to use it for US Netflix and other USA only services. This is not meant to be an extremely NSA-proof server, but something I can use to get around China’s firewall restrictions. If you have more privacy concerns, I would choose something in another country.
My Server Specs:
- 20gb HDD
- RAM: 768mb / vSWAP: 768mb
- 2TB Bandwidth
- 1 IPv4
Lets get to setting up the server.
I spent some time playing around with the networking and webserver configuration and I have now enabled IPv6 on Scott.StevensonOnThe.Net. I am now ready for the next generation. Please let me know of any issues you run into accessing the site from IPv6.
Our stay at Sino Imperial in Phuket Town was nice. There was not much to see or do in Phuket Town, we just used it as an overnight stay for our morning ferry. The ferry leaving for Phi Phi Island leaves at 11 am but we had to be there an hour in advance to check in. I thought that 1 hour early for a ferry ride was a bit extreme but when we got there we saw why. There were throngs of people everywhere. I don’t like to generalize but the Chinese tour groups were the worst; they just push everyone to get where they want to go with little respect for others. We are all boarding, there is no reason to try and push past everyone.
The ferry was pretty full with people were laying all over the deck. We got a place near the front with a nice view which was fortunate.
Once you arrive in Phi Phi you need to pay a surprise 20 bhat tax to enter the island. I feel it would make more sense to include that in the ticket price since this surprise fee creates a lot of confusion at the entrance point.
Our hotel is close to the pier so its no problem to walk from the ferry. The sun is beating down fiercely and I am very sweaty when we arrive even though its only a few minutes walk. Its lucky our room is ready when we arrive even though we are early for check-in.
After arriving we explored the island a bit and relaxed on the beach. Some photos below:
[Not a valid template]
Today I am leaving the island of Koh Lipe. I booked a ticket from Koh Lipe to Phuket airport from Tigerline. (Cost: 2340 bhat) They have an option for the full transport all in one ticket. This is very convenient to get me right to the airport.
The ferry arrives basically on time and it is big, quite a bit bigger then I expected. Because of the size of the ferry, I need to pay 50 baht to get a transfer from Pattaya beach to the ferry since there is no pier in Koh Lipe.
This is the first ferry of the season and there is tons of free space. Later in the season it may not typically be this empty but I don’t know that for sure. I sleep for awhile and we arrive at some unknown-to-me port. Here, everyone is forced off and we get herded onto other smaller speed boats according to our destination. The entire process is so unorganized and no one knows what is going on. It’s a miracle we all got on the right boats.
The rest of the journey is not nearly as smooth as the big ferry was. The speedboats are quite rough as they hit the ocean chop and we are getting wet. I would suggest sitting as close to the front of the boat as you can to avoid the almost constant spray of water. (more…)