OpenVPN

After getting my business Internet account the first thing I did was setup a virtual private network (VPN) server. VPN servers have a million and one uses but the most important feature they offer me is the ability to have a secure tunnel when connected to networks that aren’t mine. I settled on L2TP/IPSec since that was the more secure of the two options offered by OS X Server (as you can tell the running theme with my network has been migrating away from OS X Server).

L2TP/IPSec served its purpose, it gave me a secure tunnel to my home network, but there were several notable downsides. The biggest of which was the way it was handled by iOS. iOS disconnects from an L2TP/IPSec VPN server when the device is turned off and doesn’t automatically reconnect when it is turned on again. That means I had to go into the settings and manually turn it on whenever I wanted to use it (which is often). I know, first world problems.

Last week I began setting up a replacement VPN server, this one using OpenVPN. This ended up being a phenomenal leap forward. OpenVPN uses OpenSSL for encryption and authentication. That gives you a lot of options. For my purposes I restricted my OpenVPN server to only use TLSv1.2 (the latest), forward secrecy, and known strong encryption and authentication algorithms. Instead of using a pre-shared key, which is an option, I’m using certificates. Using certificates offers several advantages but the most important one to me is that iOS will automatically reconnect to a VPN server if authentication is performed with certificates. OpenVPN has a great, albeit ugly as sin, client for iOS that can import OpenVPN profiles. Best of all the app doesn’t need to be running for the VPN connection to remain connected (so you don’t have to worry about the tunnel closing after 10 minutes since that’s the longest amount of time an app can run in the background on iOS). Now when I turn my phone on it automatically connects to my VPN server.

Since OpenVPN utilizes TLS it’s supposedly difficult to distinguish from HTTPS traffic, which means it’s less likely a network filter will block you from connecting to your VPN server. I don’t have access to a network that hostile so I can speak to the effectiveness of this but it’s something to keep in mind if you regularly find yourself connecting devices to a heavily filtered network.

If you’re interested in setting up a VPN server I highly recommend OpenVPN. It’s fairly simple to setup and clients are available for most operating systems.