Monthly Archives: February 2017

VPNSecure.me via OpenVPN

Privacy using OpenVPN and service VPNSecure.me

Let’s poke one’s prying eyes on your Internet traffic and setup VPN client to connect whole your home network (LAN) to Virtual Private Network using VPNSecure.me provider.

Install OpenVPN on your favorite distribution:
apt-get install openvpn

Generate OpenVPN client configs and OpenVPN keys for your VPNsecure.me account:
VPNSecure.me Profile

Copy client configs and keys to /etc/openvpn/username.[ovpn,key,crt],ca.crt

Remove passphrase from private key:

openssl rsa -in username.key -out username.key.new
mv username.key.new username.key

Rename all *.ovpn profiles to *.conf:
rename "s/ovpn/conf/" *.ovpn

Autostart my OpenVPN server and client, edit /etc/default/openvpn:

AUTOSTART="server cz1-username"
STATUSREFRESH=10

Forward traffic through tun0 (OpenVPN):
/etc/ufw/before.rules

-A POSTROUTING -s 192.168.122.0/25 -o tun0 -j MASQUERADE

Route incoming traffic via Internet original IP and gateway (eth0):
Server Fault solution

ip rule add from 172.16.2.19 table 128
ip route add default dev eth0 via 172.16.2.17 table 128

If you forward some traffic, for example port 10000:
-A PREROUTING -i eth0 -p tcp --dport 10000 -j DNAT --to-destination 192.168.122.98:10000

You need to add another routing rule to return traffic to original source interface:

ip rule add from 192.168.122.98 table 199
ip route add default dev eth0 via 172.16.2.17 table 199

Set DNS server to Coolhousing (VPNSecure.me) for DNSmasq in /etc/resolv.dnsmasq:
nameserver 89.187.150.32

Restart services:
/etc/init.d/dnsmasq restart
/etc/init.d/openvpn restart