Virtual private network (VPN) contains the word "private network" and "virtual". During the time of the writing of this article, a public network is just another term to the Internet while private networks are outside of the Internet. Example nodes residing in the public network are Google and Youtube. Example nodes residing in the private network are clients or users accessing Google and Youtube. This situation exists because the current Internet infrastructure is too small to host all the computers in the world. Therefore, clients and users are mostly outside of the Internet where they need to go through mediaries to communicate with those in the Internet, I like to call them gateways (see my simple introduction to computer network to understand the basics).
While the Internet or public network is like the streets and outside world where we can go out and travel, a private network is like our house where it is private and only us can enter. A vritual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Analogically, it is like an open house where other people can enter but ofcourse with the permission of the house owner. For example, when we are at home or outside but we need to access our office's internal network, we usually need to run back to our office, but with VPN, we can access on the spot.
When we enter a VPN, we are subjected to different rules. It is unfortunate that most Internet connection today have enforcers. When we want to access a website, we always ask that enforcer and the result is whether we are granted access or not. The role of VPN other than privacy is censorship resistance. When we go to a VPN, our enforcer changes or if we are lucky, we have our enforcer removed. For example in Indonesia, access to anime, manga, and reddit are prohibited, but if we access from Japan, it is granted. Then what is the difference between VPN and proxy server? Proxy server is just one server while VPN is a whole network which contains routes and servers.
Bypass Censorship through VPN Illustration
Setting VPN Client
Interestingly, setting a VPN can either be easier or harder than setting dns and proxy. That is because there are different choices unlike dns or proxy where simply just inputing numbers. It is easier because there are many ready applications available where the steps are just installing and run. It is harder if you choose to set the configuration manually which can involve more than just setting the VPN server's IP address.
Ready VPN Application
As the word "ready", these kinds of VPN applications only needs to be installed and run to enjoy bypassing censorships. In Windows, you can try finding from Microsoft Store. In Linux, check your own package manager. In Android and IOS you can search their respective stores. Generally, you can find portable archives or go for installable files. Ready VPN application are also available in form of browser extensions.
Although bittube browser extension are primarily about Tube cryptocurrency coin where you can earn Tubes for your time on the Internet, monetization, and as a Tube wallet for storing and staking your Tube coins, it also provides VPN services. All you need to do is go to the VPN menu and choose a VPN you want to connect to and enjoy bypassing censorship. It also have a referral system. Therefore, I will be very thankful you download from this link: https://bittube.app/?ref?2JY4FE0CP if you haven't tried it before.
On my android smartphone, I found tunnel bear. It easy to use where you just have to install and choose your VPN. The animation is also amusing showing a bear popping up on the VPN that you chose. When I was in Indonesia, I rely on tunnel bear to access my entertainments which are manga, manhua, manhwa, comics, and anime which are mostly blocked in the country.
There are many ready applications out there. Leave a comment you know a good onw. To prevent this article from becoming to long, I can only advice you to search the search engine such as Google to find the VPN the you want. Example search terms: "vpn", "free", "Windows", "Linux", "Android", "United States", "Japan", "Indonesia", "Europe", "China", etc.
Manual VPN Clients
If you search for "free vpn list" on search engine, you may stumble upon a website that give a list of open vpns for example https://www.freeopenvpn.org. If they provide you a profile that you can use with just a click, that's great. However, if you are given configuration details that you have to write yourself, or use default or other vpn clients, you need to set them correctly. Usually, there are more than just IP address and port for example, transport protocol, compression, and certificates.
Example Open VPN on https://www.freeopenvpn.org.
When you try free VPN, you may find disatisfaction. A VPN can be slow because your browsing perception is based on the slowest part of the whole network connection. If the VPN is slower, that you will perceive a slow connection eventhough your main connection is fast. On the other hand, you will also feel slow if your main connection itself is slow even if you use a fast VPN.
Another factor, is the privacy and security which I'm skeptical about for most free VPN. Sure that VPN may provide no or different censorship, and privacy from the main surveilance but you maybe monitored deeply by the administrators of the VPN themselves. If not, who knows if their security is low that other people can easily monitor and steal your private data. Therefore, it is not recommended to expose private data such as inputing username and password on a login form.
Therefore, there are premium or paid VPNs where they generally provide quality at a price. If you are a skilled technician, then you can test whether the VPN is good quality or not. If not, then you have to research yourself such as see if there are licenses or certificates on their VPNs, read people's reviews, and how long have the VPNs been running.
Building OpenVPN Server Linux
If you want a single script building which is the simplest way, you can try pivpn. I built openvpn server a few times but I just cannot completely remember the steps, maybe because I have not repeated it enough. I will be honest, the reason I wrote and record my computer tutorials is mainly for myself to remember when I need to do them again. But, why not share them with everyone else by publishing them online and I was surprised that I can monetize them. Now, going back to OpenVPN server on Linux, the detailed steps may seem overwhelming for beginners but the overview is actually only a few which are:
- Install openvpn server and certificate authority creator.
- Create certificates, server key, and client keys.
- Configure the openvpn server which includes linking the certificates, use compression or not, allow clients to access the Internet through the VPN or not, etc.
Installing OpenVPN Server and Certificate Authority Creator
I was using Debian based Linux like Ubuntu:
sudo apt install openvpn easy-rsa
Become an administrator for example using the command:
Create an certificate directory for openvpn, work there, and configuration samples from easy-rsa share directory:
mkdir /etc/openvpn/easy-rsa/ cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/
Edit "/etc/openvpn/easy-rsa/vars" and fill in at least the lines that are not commented and edit the names and information as you see fit. There are instructions you can read within the file. Then generate certificate authority (CA).
cd /etc/openvpn/easy-rsa/ source vars ./clean-all ./build-ca
Generate a private key for the server. Name it whatever you want but keep it consistent through out the installation.
Generate Deffie Hellman
Generate client certificates and keys for as many clients as you want. After generating, you can copy the "ca.cert" and all client certficate and keys to the clients. I'm not sure whether you can use the same cert and keys for the multiple clients but you can generate them by repeating the following commands:
source vars ./build-key client1
All keys and certificates are in the "keys/" subdirectory. You can leave them there but remember to specify the correct paths in the configurations. If not, then just copy to "/etc/openvpn" subdirectory:
cd keys/ cp myservername.crt myservername.key ca.crt dh2048.pem /etc/openvpn/
Configuring OpenVPN server
Configuration examples of both client and server are available on "/usr/share/doc/openvpn/examples/sample-config-files". You can reuse and edit the example server configuration:
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ gzip -d /etc/openvpn/server.conf.gz
Edit "server.conf" as you see fit, explanations of how to edit them are available within the file. Just make sure the configuration is consistent to your inteded client configuration. For example, if the server does not use compression while the client uses compression then communication will not work and vice versa. Here's an example of my server configuration:
port 1194 proto udp dev tun ca ca.crt cert myservername.crt key myservername.key dh dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist /var/log/openvpn/ipp.txt keepalive 10 120 cipher AES-256-CBC persist-key persist-tun status /var/log/openvpn/openvpn-status.log verb 3 explicit-exit-notify 1 push "route 192.168.0.0 255.255.255.0" client-to-client push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 184.108.40.206"
The last four lines are my own additional where I want the VPN to find the local network 192.168.0.0 attached to it and allows connection between clients. The last two lines are probably the ones you want to add which is to allow the use of Internet connection of the VPN and add 220.127.116.11 Google DNS. Next is to edit "/etc/sysctl.conf" to allow port forwarding by setting "#net.ipv4.ip_forward=1". Finally, reload sysctl and start or restart openvpn server:
sysctl -p /etc/sysctl.conf systemctl start [email protected]
OpenVPN in Client
At first I used tunnel bear in Indonesia to access my entertainments which are manga, manhua, manhwa, and anime but eventually, I ran out of quota. Luckily, my appartment in Japan provides a dynamic public IP address in my apartment and I was able to install an openvpn server during those periods. So, I connect to that server which is suprisingly, more reliable then tunnel bear, probably because I was the only one using it.
OpenVPN client Linux
You can either use the network manager or install openvpn just like you install on the server (only "apt install openvpn"). If you use the network manager, input the keys and certificates, username and password if you set, and go to advance and make sure you match the configuration to the server. One difference will make it unconnectable. If you install openvpn, just copy the sample client configuration to the openvpn configuration subdirectory:
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
Match the client configuration to the server with the differences are declaring the configuration file as client along with the client certificates and keys and inform the hostname or address of the remote openvpn server:
ca ca.crt cert client1.crt key client1.key client remote 0fajarpurnama0.ddns.net 1194
Then start the openvpn client:
systemctl start [email protected]
OpenVPN client Windows
It's more convenient to rename the "client.conf" to "client.OVPN" where for some reason, the extension must be in capital letter to work. You can keep it in the same directory as the certificates and keys, but it is more convenient to have them embeded into "client.OVPN":
client dev tun_c_ovpn proto udp remote 0fajarpurnama0.ddns.net 1194 resolv-retry infinite keepalive 5 10 nobind persist-key persist-tun verb 3 -----BEGIN CERTIFICATE----- MIIFXDCCBESgAwIBAgIUbZAu8yajhVulFYZ4CWNqGc8xWncwDQYJKoZIhvcNAQEL BQAwgccxCzAJBgNVBAYTAkpQMQ8wDQYDVQQIEwZLeXVzaHUxETAPBgNVBAcTCEt1 bWFtb3RvMRcwFQYDVQQKEw4wZmFqYXJwdXJuYW1hMDEXMBUGA1UECxMOMGZhamFy cHVybmFtYTAxGjAYBgNVBAMTETBmYWphcnB1cm5hbWEwIENBMRcwFQYDVQQpEw4w ZmFqYXJwdXJuYW1hMDEtMCsGCSqGSIb3DQEJARYeZmFqYXJAaGljYy5jcy5rdW1h bW90by11LmFjLmpwMB4XDTE5MTIwMTE2NDQ1M1oXDTI5MTEyODE2NDQ1M1owgccx CzAJBgNVBAYTAkpQMQ8wDQYDVQQIEwZLeXVzaHUxETAPBgNVBAcTCEt1bWFtb3Rv MRcwFQYDVQQKEw4wZmFqYXJwdXJuYW1hMDEXMBUGA1UECxMOMGZhamFycHVybmFt YTAxGjAYBgNVBAMTETBmYWphcnB1cm5hbWEwIENBMRcwFQYDVQQpEw4wZmFqYXJw dXJuYW1hMDEtMCsGCSqGSIb3DQEJARYeZmFqYXJAaGljYy5jcy5rdW1hbW90by11 LmFjLmpwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6HwIppc9/Kwl Hkd+yUpEk8UveacjcGvEsvBdSLzn1IeUgDNkvKy8uuFcptV3sqg89+lagaM3z1MI Ere2GFHQFPHX1of78v2XY9r31KSArtN2tqpIWS8EMpt7xOLaFXTJiSBgG0LwVy/7 DppaloPiFwYXu/itzZXjN26fuHvbFQEfYlh1MdcxpHj9Reswjk3+EOrtnLchHdQ+ E/xIR5WzA2vlpw1ie4fy1SLPulUZf7ZG/SIPTrXcWvTljti2LJgxt3xHElD/KmTN 6t5KIHv7Mx9BY2Q98YgwmzPzkG0FQ03NygEan4HXJ85RIK5rJVmbR2+9hWqFDV54 RQL42Nq6hwIDAQABo4IBPDCCATgwHQYDVR0OBBYEFMvHUSxayCjwg9n4z8NzHNQ1 e8zBMIIBBwYDVR0jBIH/MIH8gBTLx1EsWsgo8IPZ+M/DcxzUNXvMwaGBzaSByjCB xzELMAkGA1UEBhMCSlAxDzANBgNVBAgTBkt5dXNodTERMA8GA1UEBxMIS3VtYW1v dG8xFzAVBgNVBAoTDjBmYWphcnB1cm5hbWEwMRcwFQYDVQQLEw4wZmFqYXJwdXJu YW1hMDEaMBgGA1UEAxMRMGZhamFycHVybmFtYTAgQ0ExFzAVBgNVBCkTDjBmYWph cnB1cm5hbWEwMS0wKwYJKoZIhvcNAQkBFh5mYWphckBoaWNjLmNzLmt1bWFtb3Rv LXUuYWMuanCCFG2QLvMmo4VbpRWGeAljahnPMVp3MAwGA1UdEwQFMAMBAf8wDQYJ KoZIhvcNAQELBQADggEBAJS159tPUrmnPjVffVZi5fvRBishiuaB91EUH5MEbqkk hrootBEQSNSxCGh3nOlGVFherpyla1a+G1F0pnyobrnzLTpcf28fQdKN6ZbV5psA /+CSwBYO1BLnarwu+VYnZeQxHYc/3v3xMNNZV5oE9uil7VAxMJV5zGUSxQi7fQZS Wo4AV8AHpKKdpdOXr8UyirXqDgiZY7nZpmnJaTPYacKbCk/pziTEjSkwGiYIE8q4 EWaAD+3WnjpE7K2ky7TWGuK/a0G+Jx2YZCkirXnc9znWELa7B5M7RLJrDhTC0Whz 4zNpn5HClk+XzTu850So9xxPQ73L0Veob7sBfNZlBu8= -----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
You can now carry that .OVPN file anywhere with you. Next is to download the openvpn client for Windows if your Windows default client does not support.
OpenVPN client Android
Same method as Windows, get your .OVPN file and download openvpn client for Android.