Recently, everyone has been worried about the issue of setting up a VPN. If earlier system administrators, programmers and advanced users knew about the existence of VPN (Virtual Privat Network), now this abbreviation is on everyone's lips. Everyone wants to set it up, use it to access blocked services or social networks. And some are just wondering what kind of animal it is. What exactly is this mysterious VPN? In a nutshell, VPN a section of the network is created to which only you have access. All information passes through the provider or some other third access point, but in encrypted form via a virtual channel specially created between the server and your computer. Then the server on behalf of the user begins to surf the Internet.

Thus, a "tunnel" is created between the computer and the server, in which all information is encrypted, and the provider does not understand which site the user is going to. Hackers will not be able to steal your data even if you connect to public wifi, and the history of visiting sites will be available only to you.

What is it needed forVPN

First of all, it is necessary for anonymous activities on the Internet, to hide your real IP address. For example, I do not like that any system administrator of my provider can, if desired, find out which sites I visit, what I buy, and most importantly, how and with what I pay. Everyone is also concerned about file security and privacy. VPN protocols use several encryption protocols (MD5-HMAC, RSA) and 2048-bit keys allow paranoid encryption of all data.

VPN services can be used to bypass blocking by the provider or system administrator at the work of various sites and social networks. Some services restrict access in your country or provide discounts/perks/bonuses only in specific countries. A VPN connection will help you become a resident of this country and use the service to your heart's content. But most of all I am pleased with the possibility of effective traffic compression, which allows you to compensate for losses, and sometimes even speed up the connection.

Why did I choose OpenVPN?

When the question arose that I needed a paid VPN connection protocol, I decided to read a little about such a service, looked around sites and forums, asked around friends, acquaintances, system administrators. Most of them praised OpenVPN.

After almost 2 years of use, I was convinced that they were right. VPN connection protocol works smoothly, stable and secure. An important advantage is the presence mobile applications client for Android, iOS, Windows 10 Mobile. There is even an option to use it without installing the client, using standard settings VPN on Windows 10. The most important thing is the encryption of my files. OpenVPN has never let me down yet. And if available home server- this is one of the main advantages when choosing a VPN client. And yes, the price is quite reasonable. High quality technical support.

Setting up an OpenVPN client for Windows 10

We'll need setup file a client that is easy to find by .

It is important to choose an installer with your system bitness.

After your PC downloads the installer, launch it and follow the simple instructions. The installation itself is very simple and straightforward. Enough basic knowledge of English.

A shortcut to the program will appear on the desktop of your device. Click on it right click mouse and go to Properties. And then click on the Advanced option. We need to allow the client to run as administrator. A couple of manipulations and you're done.

Now you need to go to Explorer. Walking the path C:\programFiles\openvpn, open folder config and extract from the email received when purchasing a subscription, or downloaded from personal account archive files with extension .ovpn

Now all that remains is to start the OpenVPN client again and connect to the desired server. A few seconds and you will have a VPN connection to, for example, a location in Luxembourg.

As you can see, nothing complicated. But many probably asked themselves questions: “Where can I get the files? How to buy them? Is it expensive?

To do this, you need to register on the site, which is very easy and simple to go through.

Then you should go to the section My licenses

and make a purchase. True, you can buy at least 10 OPenVPN clients, which will cost you only $150 per year. Agree, it's not that expensive.

It is worth noting that there is also a free version of OpenVPN. Go to freeopenvpn.org/.

Choose the VPN server you like from the list, download it in the format .ovpn. Launch the OpenVPN client and connect to the server of your choice. Just be prepared that the free VPN server is ads, insecure and there is no encryption.

What are the alternatives to OpenVPN?

Recently, there are a lot of VPN solutions on the market, both paid and free. Before OpenVPN, I used Hotspot Shield, which also has a free version and a browser extension. Google Chrome. I didn't like the free version, because it always pestered me with messages that they have an Elite version, which is supposedly the best in the world, etc. Although from personal experience I will say that this VPN service often slowed down in operation, there was very little protection and poor encryption. The base of available IP addresses is insignificant.

You should also pay attention to NordVPN. It has a fairly high speed and security. NordVPN operates in the jurisdiction of Panama, its network includes 559 servers located in 49 countries around the world. Servers support a number of settings for encryption and special uses such as file sharing or streaming media content. The service supports up to 6 simultaneous connections, so you can connect all your devices at once.

Quite popular among advanced users VPN service Zenmate, which is of German origin. Pretty high quality, fast in the paid version, convenient protection and encryption. There is a free extension for browsers, but there are only 5 free channels. Therefore, it is inconvenient to use it. Plus, it requires registration, and then gets a mailing list with advertising and offers to buy a commercial version.

Probably many in last days heard and read about the TunnelBear VPN service with a funny bear logo. He also has free version, though with limited traffic of only 500 MB per month. Very easy to operate, easy to turn on and off with one touch. But a friend has a paid version of TunnelBear, and he always complains that the connection speed drops dramatically, sometimes by 5 or more times. I contacted the support center, where they answered that it was because of the protection they provide.

In the dry matter

As you can see, there are quite a few VPN services on the market. If you need to somehow hide your IP address in order to use services that are prohibited or restricted in access from us, then feel free to buy a VPN protocol. It all depends on your desire and financial capabilities. When it comes to free VPNs, remember that you have to pay for everything. As one of my friends says: “Free doesn’t mean free.”

Very often, our clients send us requests for installing and configuring OpenVPN on our VPS servers. But many other users are not even aware of the benefits of using it. In this article, we will considerwhy you need OpenVPN and describe the areas of its application .

openvpn – free implementation of technologyopen source to create encrypted point-to-point or server-to-client channels between computers.

OpenVPN makes it possible to establish connections between computers located behind a NAT-firewall, without the need to change their settings. The technology was developed by J. Yonan and is being released under free license GNU GPL. The tool is used in many popular and widely used operating systems:Solaris, OpenBSD, FreeBSD, NetBSD, GNU/Linux, Apple Mac OS X, QNX and Microsoft Windows .

First of all, OpenVPN is used for security. True, there are many ways to solve this problem. But OpenVPN is rightfully considered the most suitable option in terms of security. Let's look at why next.

Applications of OpenVPN technology : to securely combine networks or servers using the Internet, to bypass local firewall blocking or provider restrictions, to control the use of network traffic within one network, as a secure access to a server or to the Network, and more.

OpenVPN is mainly used as a security mechanism for a private network. You can use a similar open source tool to fully develop an encrypted channel. They work with OpenVPN in the modes: point-to-point or server-clients. It is rightfully considered quite a useful method of encryption between computers in a particular network.

For the user of this technology, a couple of types of authentication are provided:

The first, using a preset key, is essentially the easiest way.

The second is certificate authentication, which is very flexible in the configuration process. And finally, the third one: using a login and password (it can work without creating a client certificate, but a server certificate is still needed).

OpenVPN uses static, pre-shared keys or dynamic key exchange based on TLS. There is support VPN connections with dynamic remote hosts (DHCP or dial-up clients), tunnels over NAT, or with a full firewall.

Free and paid VPN services.

How is security and encryption achieved in OpenVPN? This is primarily provided by the OpenSSL library and the Transport Layer Security protocol. But instead of OpenSSL, new releases of OpenVPN may use the PolarSSL library. The TLS protocol is an improved version of the Secure Socket Layers secure data transfer protocol.

OpenVPN is well aligned and linked to the OpenSSL libraries, so the encryption mechanisms are mostly based on it.

Features of using OpenVPN on different operating systems . Depending on the OS you choose, there are some nuances in working with a private network. For example, fast-io mode, which speeds up UDP connections, can only work on GNU/Linux. IN Windows system quite often there are problems with route changes, for such solutions I use the route-method option.

OpenVPN has been ported to MacOS X - there is a freely distributed project tunnelblick. There is no support for the TCP_NODELAY option by the kernel of this OS. A commercial project viscocity for this OS has been developed. OpenVPN is often used on routers from some manufacturers: Linksys and Mikrotik and others.

used on one server virtual network, so there is no way to communicate directly between clients. For such a solution, a completely different technology is used, called CloudVPN.

In addition to all the above advantages, the use of OpenVPN standard protocols TCP and UDP makes it possible to become an alternative to IPsec in cases where the ISP blocks some VPN protocols.

openvpn is a fairly versatile software that provides many customization options in the experienced hands of the user. How to install VPN from HyperHost on Android OS. More details. If you need help setting up and installing this product on our, please contact technical support Hyper Host™. We will be happy to help you as soon as possible and at any time of the day!

How to ensure online security? to work on the web.

12247 time(s) 15 times viewed today

The Internet is like the sea. Anything can happen to the transmitted data, just like with a ship during a voyage: it can be damaged, drowned in the flow of information, or become the prey of “pirates”. Help protect especially valuable data from theft and loss (VPN, VPN) - systems of closed channels (tunnels) that are built inside another, larger network. One type of VPN is OpenVPN.

Want to learn how to create virtual private networks quickly and easily? Let's talk about the advantages of the OpenVPN protocol, as well as the settings for the server and client parts of its software under Windows and Ubuntu.

Scope and benefits of OpenVPN

Application area

• Creating Protected corporate networks. The distance between the nodes of such networks does not matter.
• Protection of information in open public networks.
• Connecting multiple hosts to the Internet through a common gateway.
• Access to prohibited web resources.

Advantages

• Everything is free. Most of us will not refuse free Wi-Fi in a cafe or in a park, but the traffic transmitted over such a connection is in no way protected from interception. The free OpenVPN software will direct it to a closed tunnel, so your logins, passwords, and other sensitive information will definitely not leak into the wrong hands.
• To make your network secure, you do not need to buy additional equipment.
• All transmitted traffic is compressed, which ensures high communication speed (higher than when using IPSec).
• Flexible software settings allow you to configure a VPN of any complexity.
• The use of several strong encryption algorithms provides a very high degree of data protection.
• No need to reconfigure or disable firewalls (firewalls) and NAT (IP address translation technology in TCP / IP networks).
• The protocol is supported by all major OS.
• For installation and configuration software deep knowledge is not required network technologies, and even for a non-specialist it takes a few minutes.

Setting up OpenVPN on Windows

Installing and configuring the server part

Since most of us use Windows, let's start our acquaintance with OpenVPN technology with it. So, a suitable distribution kit and run the installation.

In the list " Select components to install» (select components to install) check all.

Agree to install the virtual driver network adapter TAP Windows Adapter V9.

Installed? Now let's create VPN keys and certificates.

• Go to the %ProgramFiles%/OpenVPN/easy-rsa directory and run the batch file init-config.bat- it will copy the file to the same folder vars.bat.sample as vars.bat. In the future, the command package vars.bat will set variables for generating certificates.

• After creation vars.bat open it with notepad and write in the selected lines (after the "=") any data. We save the changes.

• Next run as administrator command line and execute the jump instruction in /easy-rsa ( cd %ProgramFiles%/OpenVPN/easy-rsa). After that, we sequentially run vars.bat And clean-all.bat(load variables and delete previously created keys).

• Execute a batch of commands build-ca.bat- this will create a new master certificate in the %ProgramFiles%/OpenVPN/easy-rsa/keys directory. It is not necessary to fill in the data about the name of the organization and other things that are circled in the screenshot - just press Enter.

• We launch build-dh.bat- with this we create a Diffie-Hellman key. A file will appear in the /keys folder dh1024.pem.

• Next in line is the server key: execute the instruction build-key-servermyVPN("myVPN" is the name of the server, you can specify any other). The block of questions starting with "Country Name" is skipped by pressing Enter. To the last two questions - "Sign the certificate?" and the next, we answer "Y".

• Next, we need to get the client key: execute build-keyuser1(user1 is the name of the client, you can change it to something else). If there are several client computers, repeat the operation for each, not forgetting to change the name. The framed block, as before, is skipped.

• Next, copy from the folder / easy-rsa/keys V / OpenVPN/config the following files: dh1024.pem, ca.crt myvpn.crt, myvpn.key, user1.key,user1.crt. The last four may be called differently for you. Why, I think, is clear.

• Next, in the same folder, create a server configuration file. Copy the directives below into notepad and, if necessary, change their parameters to your own. Save the document with the extension . ovpn and the name " server».

# Interface (L3 tunnel)
dev tune
# VPN operation protocol
proto udp
# Port to use (you can specify any free one)
port 1234
# List of certificates and keys (note the names)
ca ca.crt
cert myvpn.crt
key myvpn.key
dh dh1024.pem
# Type of data encryption
cipher AES-256-CBC
# Select a range of IP addresses
server 10.10.10.0 255.255.255.0
# Debug information level
verb 3
# Use compression
comp lzo
persist key
persist-tun
msfix
# Set the maximum number of repeating events
mute 25
# Number of simultaneously connected clients (5)
max clients 5
# Client session lifetime
keep alive 10 120
# Visibility of clients to each other (allowed)
client-to-client
# Allocate 1 address for each user
subnet topology
# Set a delay before adding a route
route-delay
# Specify if we want to distribute the Internet. We write DNS addresses those that are registered in the Internet connection settings.
push "redirect-gateway def1"

push "dhcp-option DNS x.x.x.x"

Read more about server config directives.

Next, to distribute the Internet, go to the catalog network connections, open the properties of the interface looking in global network, go to the tab " Access", put a checkmark in front of" Allow other users to use this connection...” and select the TAP-Windows adapter V9 virtual adapter network from the list - in my mind it is Ethernet 3.

• Create a client configuration file. We copy the following text into notepad and save the document with the .ovpn extension under the name "Client".

client
dev tune
proto udp
# IP or Domain name VPN servers and connection port.
remote x.x.x.x 1234
ca ca.crt
certuser1.crt
key user1.key
cipher AES-256-CBC
comp lzo
persist key
persist-tun
verb 3

See other client config directives.

Client side setup

Install the application on the client computer. Next, go to the server, open the %ProgramFiles%/OpenVPN/config directory and copy the files from there ca.crt, Client.ovpn, user1.crt,user1.key V network folder or on a flash drive. We transfer them to a similar folder on the client machine.

Connection

To start the server, click on the "OpenVPN GUI" icon on the desktop. The tray icon will appear gray color. Right-click on it, select " server" And " connect».

If the connection is successful, the icon will change color to green. If unsuccessful, click on the menu " View magazine': it will indicate the error.

Client connection is performed in the same way, only instead of " server» select in the menu « client».

Setting up OpenVPN under Ubuntu

We start by installing the OpenVPN package on the server and client machines, just like on Windows. The directive for installing the console version of the software through the terminal is as follows: sudo apt-get install openvpn. If you wish, you can install graphic versions packages from the Ubuntu Software Center.

However, the most important component - the easy-rsa module, designed to generate certificates and keys, is not included in the Linux distribution. It will have to be installed separately by running the command: sudoapt-getinstalleasy-rsa.

Server side setup

• After installing the program and additional module create directory " easy-rsa» in the /etc/openvpn folder: sudo mkdir /etc/openvpn/easy-rsa. Copy the contents from the installation location into it: cp -r /usr/share/easy-rsa /etc/openvpn/easy-rsa.
• Then we move to the new directory: cd /etc/openvpn/easy-rsa/ and proceed to create certificates and keys.

• Open with console editor nano file vars variables (analogous to vars.bat in Windows) and import the same data into it as in vars.bat, with changed values:

KEY_COUNTRY=RU
KEY_PROVINCE=CA
KEY_CITY=SanFrancisco
KEY_ORG=OpenVPN
[email protected]
KEY_CN=changeme
KEY_NAME=changeme
KEY_OU=changeme
PKCS11_MODULE_PATH=changeme
PKCS11_PIN=1234

• Copy the openssl cryptographic package: cpopenssl-1.0.0.cnfopenssl.cnf.
• Loading variables from vars: source ./vars.
• Delete previously created data: ./ clean-all.
• Create a new master certificate: ./ build-ca. We skip the block of questions in the frame.

• Next is the Diffie-Hellman key: ./ build-dh.
• Behind it is the server certificate: . / build-key-servermyVPN(myVPN, as you remember, is the name, it may be different for you). We skip the selected block (it is abbreviated in the screenshot), answer “Y” to the last 2 questions.

• Lastly, create a client certificate: ./ build-keyuser1(instead of "user1" you can think of another name). At the same time, we again skip the block highlighted on the screen and answer the last two questions with “Y”.

All generated keys and certificates are stored in a subdirectory / etc/openvpn/easy-rsa/keys. Move them to the /openvpn folder: cp -r /etc/openvpn/easy-rsa/keys /etc/openvpn.

At the final stage, we create a server configuration file in the /etc/openvpn folder: nano /etc/openvpn/server.conf and fill it out in the same way as we filled out a similar document on Windows. The only difference is other ways:

ca /etc/openvpn/keys/ca.crt

cert /etc/openvpn/keys/myvpn.crt
key /etc/openvpn/keys/myvpn.key

Finally, we create a directory for the configuration of client machines: mkdir /etc/openvpn/ccd, and start the server: service openvpn start.

If the server does not start, there is probably a configuration error. Information about the problem can be viewed in the /var/log/openvpn.log document using the command tail -f /var/log/openvpn.log.

Client side setup

After installing the application on the client machine, we transfer the key and certificates generated on the server to it and create the config.

Key and certificates - ca.crt, user1.crt And user1.key, are located in the /etc/openvpn/keys folder. We copy them to a USB flash drive and paste them into a folder of the same name on the client's computer.

We create a configuration file using nano: nano /etc/openvpn/client.conf, and fill in according to the Windows sample. Don't forget to write the correct paths in it:

ca /etc/openvpn/keys/ca.crt
dh /etc/openvpn/keys/dh2048.pem
cert /etc/openvpn/keys/user1.crt
key /etc/openvpn/keys/user1.key

All is ready. To connect to the server, use the same command: service openvpn start.

The instructions turned out to be long, but in fact, these steps take 5-10 minutes to complete. More detailed information about working with OpenVPN can be found in the "" section of the application's official website. Try it and you will succeed!

More on the site:

Setting up OpenVPN on Windows and Ubuntu: what, why and how updated: April 24, 2016 by: Johnny Mnemonic

OpenVPN is a technology that allows based on open source code build a VPN network between client and server, site and site, over the Internet itself. Created by James Yonan on April 10, 2002, OpenVPN is still widely used by users to encrypt traffic and safe use world wide web. Moreover, the popularity of technology is growing from year to year.

Operating over TCP/UDP ports and SSL/TLS protocols, OpenVPN is exceptionally lightweight and easy to set up and install. Cross-platform makes it possible to install the client on any Windows versions(including 2000 and XP), Linux, Mac OS, Solaris, Open, Net and FreeBSD without fundamental changes in configuration and architecture.

How OpenVPN works:

• Using the client/server architecture, where OpenVPN is installed on each virtual private network node, provided that one of the nodes is a server, the rest are clients
• Encryption of traffic that passes through a tunnel created with the participation of one of the TCP or UDP ports
• Three types of authentication - static keys, certification, login / password

The first option in the setup is quite simple, but it implies that the only key will encrypt and decrypt the traffic. This means that if the key is lost, an attacker can easily decrypt the data. In the case of certification and login / password, the SSL technology built into OpenVPN is used to protect information. More difficult to set up and a little slower to work, because. the server waits for confirmation when transmitting packets, but it is extremely reliable.

The use of VPN in a private user environment is facilitated by a special OpenVPN GUI client. What is OpenVPN GUI? This GUI, a tool that allows you to work with VPN on a personal device. The GUI client is a small installable program that allows the user to select a server to connect to, establish a connection to a virtual private network, view the connection log, and so on. During operation, the GUI hides in the tray and does not load the system at all.

A little more about OpenVPN, SSL and IPSec

Before the advent SSL protocol IPSec was the only means by which it was possible to encrypt data in site-to-site and client-server networks. Fortunately, in the 90s, the monopoly disappeared, because. Netscape introduced the first version of the SSL protocol, the modern version of which is more commonly referred to as TLS. With its help, users had the opportunity to encrypt data with the participation of the above-mentioned public keys(authentication or login\password). And today we can say for sure that due to the relative simplicity OpenVPN SSL the protocol is used not only to protect data over HTTP, but also to build a client-server VPN.

What is a VPN in a nutshell? It's virtual private network, which is a tunnel between two devices (client-server or point-to-point) and running over another network (for example, the Internet). The defining factors for a secure VPN are confidentiality and encryption, the integrity of the transmitted information, as well as authentication - objects must be sure of the identity of each other before traffic can be transmitted. The IPSec and SSL libraries are responsible for encryption and authentication. However, despite the similar tasks, the protocols have fundamentally different ways of solving problems.

• On operating systems, OpenVPN and SSL behave like standard applications which makes it easy to set up. IPSec requires updating the OS kernel, which leads to obvious difficulties - to work with the protocol, it is necessary to modify the operating systems on each device used
• Since IPSec is closely tied to the kernel, failure or software hacking can lead to dire consequences. The system can be critically damaged, and the hacker can get administrator rights. This is not possible with OpenVPN, because the client runs in user space and does not affect the operating system
• SSL is much easier to work with in terms of FireWall. IPSec requires changes to filtering rules and a host of other issues
• OpenVPN is easy to migrate - in many cases, a simple copy is enough, which cannot be said about the complicated IPSec

All this has long led to the fact that in the segment VPN Services the OpenVPN client-server type finally supplanted the IPSec protocol. We can say that IPSec is one of the stages in the development of VPN technologies and this moment an order of magnitude inferior to the more secure, modern and convenient OpenVPN. In the bottom line, IPSec simply does not have any significant advantages at the moment compared to OpenVPN. Setting up the OpenVPN client takes no more than a minute, and creating connections takes just a few seconds - you just need to download the client configs and place them in the appropriate program folder. In addition, when using OpenVPN, you do not need to configure antivirus programs and firewalls for a stable exchange of traffic with a VPN server, which cannot be said about IPSec. All users who are concerned about the privacy of their data should understand this and give preference to more reliable solutions.

And a little more about OpenVPN and PPTP

Next to OpenVPN is the technology developed by Microsoft in 1999 - PPTP, which translates as “Point-to-Point Tunneling Protocol”. This is another type of VPN connection available today. However, it is immediately worth noting that the technology is considered vulnerable and more unstable compared to OpenVPN:

• PPTP has a 128 bit key while OpenVPN has 1024 to 2048
• PPTP requires GRE47 protocol support, while OpenVPN works with any internet connection
• PPTP, like IPSec, requires the configuration of firewalls, antiviruses and firewalls for stable operation.
• PPTP over GRE does not work correctly under NAT, while OpenVPN works flawlessly

Many are tempted by the fact that PPTP in a Windows environment does not require additional software, but in fact, due to working through a GRE connection, connection stability is much lower than in the case of OpenVPN. The reason for this is NAT. GRE is a network layer protocol, which is why firewalls block most of the connections, which forces the use of gadgets such as PPTP Passthrough through the so-called Port Forwarding, or port forwarding. As mentioned above, PPTP is an outdated technology and was not originally designed for use under NAT, while in OpenVPN these nuances are taken into account and there are no problems. As a result, the user may need to configure the router and ultimately take more time than installing the OpenVPN client.

Given the above, it is obvious that OpenVPN is many times superior to “competing” VPN solutions, since it is developed not by companies, but by people for people through OpenSource, and therefore deserves special attention from users. What hindered you in other cases here, for sure, has already been decided.

You may have a variety of reasons for using a VPN: untrusted networks, various kinds of restrictions, or simply a reasonable desire not to distribute your data once again. In this article, I will tell you how to make yourself a personal VPN on a rented server and configure OpenVPN and stunnel in such a way that even deep packet inspection does not give anything.

About services and blocking

There are countless services that VPNs provide, including free ones. Here are a few reasons why a free VPN is a bad idea.

1. Quality. Those who have used a free VPN know that in most cases the service is simply terrible: slow speed, constant interruptions. This is not surprising, because, besides you, a couple of hundred more people can use it at the same time.
2. Safety. Even if the quality is more or less tolerable, you don't know what's really going on with your traffic. Whether it is stored and analyzed, who and for what purposes operates the service. free cheese, as the saying goes...
3. A small number or complete absence of options and settings: it is not possible to select a cipher, protocol and port. It remains only to use what was given.

WITH paid services things are better: you can expect some guaranteed quality and customization. But you still can't know for sure whether your logs are stored directly on the server or not. In addition, your provider may be blocked.