OpenVPN install on Proxmox LXC - tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

are you interested in accessing your home network when you're outside of your home one way of accomplishing this is to set up a VPN server on your home network and then use the VPN tunnel to connect back from the outside there are many ways of setting up a VPN service you can have a dedicated Hardware server or you can create a virtual machine and run a VPN server off that in this tutorial I'm going to install an openvpn server in a Linux container in my proxmox virtual environment so just to back up a little bit let's look at why one may need their own virtual private Network or VPN server a VPN allows users to connect two separate networks over the public internet via a secure and encrypted connection an example would be if you're at the Starbucks or in an airport and you using the free Wi-Fi you may want to have a layer of privacy and security to protect your personal information and sensitive data from being exposed to the public internet let's start creating a Linux container I'm first going to click on the create CT button up here to create a lxc for openvpn in the general tab we can set the CTI which I will make 302 and then I'm going to give it a host name of openvpn DCT because that's what this container is going to do and then I'm going to add a password going to make some something long and complicated and then make sure that the unprivileged container is checked and then also that nesting is also checked and I'm going to hit the next button and we see the template tab for the storage pool I'm going to leave it as the only one I have and then for the template I'm going to use the uptu 22.4 template I'm going to hit next and then we're going to get to the diss tab T and I'll be selecting the storage pool and the data size which I'm going to all use the default of 8 gigs I'm going to hit next we see the CPU tab here once again I'm going to take the default of one core for this container hit next and we see the ram Tab and once again the default seem fine of 5 12 Megs of RAM and then 5 12 Megs of swap I don't foresee this lxc taking much resources so I'm going to hit next and now we see the network tab here for this demo I'm going to set a static IP of 192.168.1 77 make sure you put the CER notation of 24 for the subnet I'm going to use 192.168.1.1 and then I'm going to leave the IPv6 as DHCP I'm going to leave the firewall checked as default and then hit next now we see the DNS tab I'm going to type in the router IP for my network which is 192.168.1.1 for both the DNS domain and server all right I'm going to hit next and we have the confirmation page I'm going to read over everything to make sure this is what I want and at the bottom here it says start after created I'm going to leave this unchecked because there's a bunch of things I need to adjust before I actually launch the LXE and then click finish and it's going to go ahead and build out the container and when it's done we go ahead and click off the menu here the next step after we created the lxc is that we need to actually set some configurations uh for using openvpn so what I'm going to go and do is open the console for the proxmox host system right so again this is the host and what we're going to do is we're going to CD into the special folder of etsy slpv SL nodes proxmox lxc and I'm going to do an LS we see that this folder contains all the config files for all of our containers so uh they're all actually named by the numbers so 301 is my snap drop container and 302 is the openvpn that I just created so let's go ahead and uh edit the 302. conf because we need to actually add a tunneling device so that we can actually use it as our VPN tunnel all right so I'm going to v302 docon and then what I'm going to do is go to the end of the file and add a couple of lines so the first line I'm going to add is lxc Doc CG group. devices. allow equals C1 colon2 200 rwm and then second line is lxc do cgroup 2. devices. allow equals c 10200 rwm hit enter the third line is lxc Mount . entry equals slev slet and then devnet none bind comma create equals dur and then enter and the last line is lxc mount. entry equals /dev snet t n space Dev SL net SLT none bind comma create equals file all right so we added these four lines I'm going to hit Escape colon WQ to write and quit all right and now uh in order for this to work we actually need to allow the VPN inside my unprivileged container so I need to change the ownership and group so I'm going to do CH H WN 10,000 colon 10,000 slev slet t n and then to verify that the tunnel has the proper permissions I going to do ls- LH of /dev NE t n and sure enough we can see that the owner and the group is 100,000 all right so now that we've set up the tunneling we are ready to boot the openvpn container so let's come back over here to The Container itself go into the console and then hit start and then once it finishes booting up we can go ahead and type in our username and password to log in all right so now what we're going to do is we're going to do the perun updates and upgrades to make sure that I have the latest and greatest system software so I'm going to do apt update amp amp apt upgrade Dy once we hit enter it is going to go ahead and pull down the latest packages and this takes a little bit so we're going to speed up the video all right so now that it is done with the updates and upgrades we can install our software which is going to be the openvpn software and we're also going to need the git software because that's how we're going to uh pull down the openvpn software so I'm going to do apt install openvpn git and this comes back in no time at all so now that we have git installed we're going to do get clone https colon github.com / capital n yr/ openvpn d install all right so when this is done let's CD into the openvpn D install folder and then do an LS minus L to see what's here and so the file we're interested in is the openvpn install. shell all right so what we're going to do is we're basically going to run this install script by typing Bash space. openvpn install.sh all right the first thing it's going to ask us is we can enter in a public IP or host name and I'm going to go ahead and take the default it actually tells me what it thinks is the public IP so I'm going to go ahead and use uh what it's already discovered and then the second prompt is it wants us to select between UDP or TCP and the default is UDP so I'm going to go ahead and take the default again next question is the port number to use and open VPN uses the port 1194 so I'm going to go ahead and put that in there and keep in mind that some isps actually block this port so if your ISP blocks that Port then you're going to have to pick a different number and then the third one is the DNS uh I'm going to again take the default of current system resolvers and then the last question it is going to ask is the name of the client so here we basically just give it a name of uh whatever client you want so if you have it running on your iPhone or your Android phone you might want to call it you know iPhone or Android or if you have it running on another VM you give it the name of that VM I'm going to call mine first demo okay so once I hit the enter it is going to go ahead and do a whole bunch of stuff including generate some private and public Keys it's going to have some certificate and so forth and when it's done it tells me that the client configuration is available in /root first demo. VPN so I'm going to do CD semicolon ls- LH to see what the files are created and here we see that it created this first demo. ovpn file which is about 5k in size so let's go ahead and take a look at it by doing cat first demo. ovpn so like I said it's got a bunch of keys in there and uh certificates and so forth so this is the file that we need to transport over to your client right so we can use that client when we're outside of your home lab um so you can basically copy and paste this file into your host machine right and then save it as a file and then transfer it via secure copy or some other method in this demo I am I'm going to be using my iPhone as the client I'm going to use snapdrop over my internal Network to transfer the key file to my phone so on my host machine I will launch a browser and then point it to my local snapdrop server I will do the same thing on my iPhone so we see that my iMac is called Teo Tyrannosaurus and my iPhone is named Peach porcupine and the two devices can see each other within the snapshop now I'm I'm going to take the key file that I generated earlier and then drag and drop it onto the peach porcupine icon on Mac and then simultaneously on the iPhone I get a notice that I received a file and if I want to download I will answer the affirmative and it is now saved in the download folder on my phone from here I go to my files folder where I see first demo. ovpn what I'm going to do is I'm going to long press on the file name until the menu comes up and then I select share then I see the options for airdrop open VPN messages Etc I will select openvpn the app now launches and asks me whether I want to add this new profile I will answer yes and then the next screen allows me to change the profile name which is Handy if you have multiple networks that you may want to join from this single device so I'm going to go ahead ahead and rename this profile to be homelab actually I'm going to make it more specific and name it Blue Monkey dhom laab all right at this point you are probably tempted to hit that enticing connect button but wait have some patience we have one more thing we need to do first before we connect to the VPN please click on the thumbs up icon to like this video it cost you nothing but helps me out a lot and while you're at it please hit the Subscribe if you haven't already done so all right now we can continue to make changes to our router configuration before we actually connect to the VPN right the one thing we need to do before connecting to the VPN is that I need to set up port foring on my home lab router to allow traffic to this port to be forwarded to the openvpn server so note two things is that one this is a possible security hole into our Network and number two I'm making the assumption that the external IP will not change and I will address both of these in a different video all right so everybody has a different router uh so this may not apply to you but the idea should be the same for me I have a Verizon router so what I'm going to do is log in and then hit the advance tab at the top and then uh look under here where it says security and farall then uh under there there is something called port forwarding all right so so once we have the port forwarding menu up we can make some changes so first thing it's going to ask you is the application name I'm going to put openvpn and then it's going to ask you for the original Port I have it set as 1194 and then the protocol is UDP and then the 42 address is 192.168.1 77 right that was the IP that I had statically set earlier and then the port to for it to is 1194 which again is the port that we had used in the configuration when we did it earlier and then we want to set the schedule to always so here I'm going to click add to the list and so once I do that you can see it reflected here on the bottom it adds it to the rules list and the last annoying thing for Verizon router is that you also have to click up here here for apply changes otherwise the settings won't actually save this is super annoying now we are ready to click on that connect button on my phone once I hit connect the phone asked me to enter the pin of my phone and then boom we are connected and we can see the various different stats that this particular app open VPN shows you okay and after the connection is made I can verify that I am in fact using the VPN by going to a browser and then going to what's my ip.com and then the IP that pops up is in fact the external IP of my home network so so I definitely know that this work have you ever had issues using a VPN where the streaming service blocks certain content because it knows that you are a VPN well if you use the home VPN then you might be able to get around this uh I'm going to test it out I'm currently in Australia and I'm going to connect to the internet via my hotel Network without a VPN when I go to Netflix and search for something like The Walking Dead that show does not show up because it is not available for the Australian Market but now if I turn on my VPN right so so that I actually go through my home server in the US and I go and search for The Walking Dead the results do come up awesome now I can catch up on my shows let's celebrate by watching my favorite character Glenn from The Walking Dead so in this demo we were able to successfully create and run an openvpn server within an lxc the resources taken up by this lxc is pretty minimal and if we look at the network traffic usage when the VPN is active routing packets it's definitely manageable for a home lab and a home network for more networking nugget videos watch these videos here leave a comment below and make sure you click on the Blue Monkey to subscribe thanks for your time and Happy Hunting

Info

Channel: BlueMonkey 4n6

Views: 2,088

Rating: undefined out of 5

Keywords: Digital Forensics, Incident Response, sysAdmin, network Forensics, cybersecurity, infosec, DFIR, tutorial, bare metal server, hypervisor, MacBook Pro, homeserver, proxmox, virtualization server, homelab, Ubuntu Server, networking, VM, Virtual Machine, LXC, Linux Container, DHCP, snapdrop.net, OpenVPN, Virtual Private Network, VPN, vi, vim, streaming, type 1 hypervisor, how to setup openvpn in linux

Id: nsy9acOKnPo

Channel Id: undefined

Length: 17min 54sec (1074 seconds)

Published: Sun Dec 17 2023