Your own VPN in minutes: easy, safe & cheap


Everytime I had to setup a VPN, I used to do manually, with guides like these:

To make it easier, I was going to write a shell script to automate. However, before I did any movement, I went to Google to find if there is already an existing script.

For my luck, I found a great one, called "OpenVPN road warrior installer". So far so good, right? Just run the follow command, catch the .ovpn file and I am good to go:

wget -O && bash

Actually, no. I tried to connect to the OpenVPN server I created:

Mon Sep 5 14:25:22 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Sep 5 14:25:22 2016 TLS Error: TLS handshake failed

Something wasn't right. So, I went to my CentOS 6 VPN and tried to find what was wrong:

[root@vpn ~]# service openvpn status
Status written to /var/log/messages

Ok, OpenVPN writes its status into /var/log/messages. So, let’s "tail -f" it:

[root@vpn ~]# tail -f /var/log/messages
Sep 5 13:18:08 vpn openvpn[7996]: ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)
Sep 5 13:18:08 vpn openvpn[7996]: Exiting due to fatal error

That’s was the problem. I forgot to ask my host provider to allow TUN/TAP. I am using a 128MB OpenVZ VPS from RamNode ($15/year) and they allow you to modify TUN/TAP setting from their panel. After enabling it and restarting the VM, the OpenVPN client from my notebook connected right away.

That’s it, I had a VPN in a matter of minutes. But wait.. It is a virtual machine. The script does not install a firewall or change the SSH port, not safe.

Let’s make it right. First, let’s update:

yum -y update

Ok, let’s install CSF:

wget -O && bash

According to OpenVPN docs, we have to open 443 TCP, 943 TCP and 1194 TCP-UDP on CSF:

vi /etc/csf/csf.conf

I am going to use my VPN just to browse safely on public networks and later I will use port 2222 to SSH, so my “IPv4 Port Settings” configs would look like this:

And of course, I have to change TESTING to "0". To finish CSF configurations, we have to create /etc/csf/ file with the follow instructions:

Change with your server IP and save it.

Before I restart CSF, I have to change SSH port to 2222:

sed -i 's/#Port 22/Port 2222/g' /etc/ssh/sshd_config
service sshd restart

Ok, now I can restart CSF with “csf -r”. That’s it, I have a safe VPN for $15/year.

Note: my VPN is used to access from public network, so I use 443 port, not 1194 (the default).