Arrow
«

»

Multi-user VPN behind a single static IP

First published on January 25, 2014

I needed to set up a connection whereby multiple users in different locations could simultaneously connect to a VPN with a single static IP. We needed to access a third-party network through a single IP. I looked into many paid and free external VPN services, but they almost all had restrictions on multiple simultaneous connections (from different locations); or they didn’t provide a static IP; or they only provided a simple proxy service (which meant we’d have to configure port forwarding for each HTTP / SSH / other connection). I decided to set up our own VPN on one of our web servers using the free OpenVPN application. It was quite straightforward to set up both the VPN server and the clients. The only requirement is that you must already have a server where you have root access.

I followed this tutorial for installing the VPN server on CentOS. There is also a similar tutorial for installing the VPN server on Ubuntu. I have only a few corrections / modifications based on the CentOS tutorial:

  • The “easy-rsa” key management package no longer comes with OpenVPN. You have to install it separately; for example: yum install easy-rsa. Then you’ll find the “easy-rsa” files in /usr/share/easy-rsa.
  • There is a useful comment below the tutorial about how to set up TLS authentication for better security.
  • If you want to use the same key for multiple clients, use the “duplicate-cn” setting in the server.conf file
  • When you create your client.ovpn configuration file, you might want to reference the certificate files instead of pasting them directly into the configuration.

On the client side, there is an OpenVPN GUI client that works well. If you are using Ubuntu on the client side, you can use the built-in Network Manager; just add OpenVPN support — apt-get install network-manager-openvpn — and then import the .ovpn configuration file as outlined here.

Once you’ve set up the server and the clients, when you connect to the VPN, all of your network requests will run through the server.

Arrow

Related posts:

  1. Delete the cPanel backup file from the cprestore folder outside of the user’s home folder
  2. When firewall forwarding rules don’t work from the internal network, behind the router
  3. Connectify alternative: sharing Internet connection wirelessly on Windows 7
  4. Apache mobile redirection and testing user agent strings
  5. Headset adapter: 3.5mm double headphone + microphone jack to single jack

This entry is filed under Computer Stuff and written by Peter Keung. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Speak your mind

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word