Using home Internet at work, bypassing the limitations of content

Introduction

Hello comrades!
I’ll just say that the article is not designed for professionals, but it’s not designed for blondes, but rather for people who need to have full-fledged access to the Internet with direct hands and enthusiasm.
It all started with the fact that my work imposed restrictions on the resources to which you can go. And I naturally want to visit all kinds of websites, well, I don’t want to burn in the logs.
There are several options for solving the problem:

• Thor network
• Buying a VPN service
• Setting up a home OpenVPN server to bypass the limitations of the working network.

About the last option and will be discussed, who are interested in please under the cat.

Installation, configuration and verification

What do we need

Since the load on our mini-server will not be large, my entire server part is located on a virtual machine in VirtualBox .
The Debian operating system, the entire configuration will be done under it (I will not give a description of the installation, manuals, and so full).
If you are using a router, you need to configure port forwarding on the IP OS in VirtualBox.
Note: In order for the server IP to respond from the local network in the VirtualBox machine settings, in the Network tab, you need to specify the Connection type: Network bridge
External static IP is desirable, but not required, you can use DynDNS or one of the methods presented in this article .
')

Installation and Setup

Server

We will assume that you have installed a clean, naked Debian in terminal or graphics mode, to your taste.
Then the first thing to do is install the necessary packages: OpenVPN, OpenSSL, LibLzo for compressing traffic, and MC a convenient file manager.

sudo apt-get install openvpn openssl liblzo2-2 mc 

Copy the key creation examples to the root folder and go to it:

 cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa 

We create keys and certificates, simultaneously answering asked questions:

 . ./vars ./clean-all ./build-ca 

Then you need to create a server key:

 ./build-key-server servername 

Again, questions and as a result we get two files: server.key and server.crt
Now you need to create keys for clients:

 ./build-key clientname 

And again, a bunch of questions, repeat this operation by the number of people you are going to allow to your server.
Clientname and Servername can be any.
Now you need to create the Diffie Hellman key:

 ./build-dh 

The process can take a long time.
As a result, after all these manipulations in the keys folder, we should have the following keys: ca.crt, servername.crt, servername.key, clientname.crt, clientname.key, dh1024.pem . All but the client, we safely copy the folder / etc / openvpn / :

 cp ./keys/ca.crt /etc/openvpn cp ./keys/server.crt /etc/openvpn cp ./keys/server.key /etc/openvpn cp ./keys/dh1024.pem /etc/openvpn 

With the creation of keys done, it remains to configure the server. To do this, in the folder / etc / openvpn / create the file server.conf

 port 1194 proto tcp dev tun #     , tap  eternet ca ca.crt #   cert server.crt key server.key dh dh1024.pem server 10.8.0.0 255.255.255.0 #     ifconfig-pool-persist ipp.txt keepalive 10 120 #   10      comp-lzo #   persist-key persist-tun status openvpn-status.log # push "redirect-gateway" #  default gateway  vpn-.    - . client-to-client route 10.8.0.0 255.255.255.0 verb 3 #      push "dhcp-option 8.8.8.8" 

It remains the case for small, start up the Internet through our server:

 echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE /etc/init.d/openvpn restart 

Everything! Our server is ready to use.

Customer

Let's start setting up the client part.
I have everything configured the same on Debian, but under Windows, you can also redo the instructions.
Repeat the first steps to install OpenVPN, the keys are no longer needed, you need to copy the already created keys ca.crt, clientname.crt, clientname.key to the / etc / openvpn / folder
Now it remains to create the configuration file client.conf and it will be possible to work:

 port 1194 # ip     client dev tun ping 10 comp-lzo proto tcp ca /etc/openvpn/ca.crt cert /etc/openvpn/client1.crt key /etc/openvpn/client1.key ns-cert-type server push "dhcp-option DNS 8.8.8.8" route 10.8.0.0 255.255.255.0 verb 3 pull 

If you have a dedicated IP, you can also register it in the configuration file, I have a dynamic one, so I enter it when connecting.
Save the file and try to connect:

 sudo openvpn --remote   IP --config /etc/openvpn/client.conf 

Everything! You can work! In addition to Internet access, you also have access to your home LAN.
I hope someone this proved useful.