A personal VPN is a nice way of securing traffic between your device and the Internet. Securing your traffic is good for several reasons including safe browsing when one is away from a trusted network like one’s home or office. Untrusted networks would be those at coffee shops, airports, hotels, public libraries, and other places where you do not know who or what is on the network or might be sniffing network traffic. Moreover, it establishes a point of presence on the internet at some place other than where you are physically located because the VPN server is where the traffic enters the public Internet.
OpenVPN is an open source VPN solution that provides both client and server components for creating a VPN. Because it is open source, it has been ported to virtually every platform so there are clients for iOS, Android, MacOS, Windows, and virtually every other operating system known to man. Using OpenVPN on Azure is a great solution for a low cost, private VPN. With Azure, you can use a small B-Series VPN that will cost less than $10 a month if you leave it on all the time, and even less if you shut it down when not using the VPN. The only variable cost is bandwidth, which will depend on what you use the VPN for.
Deploying to Azure
Deploying OpenVPN to Azure is a cinch. All you need is an active Azure subscription and click the button below.
This will take you to a form to fill out.
- For the Resource Group, supply a name.
- For Location, select an Azure Data Center you want to be your point of presence. This is the location you will appear to be located at when using your VPN. For instance, choosing East US will make it appear you are accessing the Internet near Washington DC.
- For Admin Username, type in a user name that can be used to access the virtual machine through SSH.
- For Password, enter a strong password. This will be the same password used to access the virtual machine through SSH and the admin site.
- For DNS Name for Public IP, choose just the first part of the hostname, and the rest will be generated. It is a combination of what is entered, the region, and cloudapp.azure.com. For instance, myvpn and East US would be myvpn.eastus.cloudapp.azure.com.
Lastly, agree to the Terms and Conditions and click Purchase. Wait until the deployment finishes.
What this button does behind the scenes is creates a B-Series VM on Azure and installs OpenVPN on the machine for you. This is performed by automation scripts for Azure Resource Manager (ARM) and shell scripts on the VPN server. If you’re interested in these, check them out here.
Connecting to the VPN
- In the Azure Portal, you’ll need to locate the virtual machine that Azure created to get the host name for the virtual machine. This will be in the Resource Group you created whenever you created the VPN. In the resource group is a virtual machine called openvpnVM. Click on it and you will see the name next to DNS Name. Copy this to the clipboard.
- In the browser address bar, type in https://, then paste in the name you copied, and this will bring you to the admin site. You may get an SSL error. Simply ignore it and proceed to the site.
- You’ll be prompted to logon. Use admin for the user name and the password you supplied when you created the VPN.
- Managing clients is simple. Type in the name of the client and click Add to add a client. To remove a client, click Revoke next to the client’s name.
- Once you’ve added a client, Download the client’s profile wich is an .ovpn file.
- Connect your client:Windows: use OpenVPN GUI. After installing the app, copy the .ovpn to the C:\Program Files\OpenVPN\config folder. Launch the GUI from your Start menu, then right click the icon in the Tool Tray, then click Connect. Disconnect by right clicking and selecting Disconnect.MacOS (OS X): use Tunnelblick. Download and install Tunnelblick. After downloading, double-click on the downloaded .ovpn file and import the configuration either for yourself or all users. Once imported, click the Tunnleblick icon on the menu bar and click Connect. Disconnect by clicking the Tunnelblick icon and selecting Disconnect.Android: use OpenVPN Connect for Android. Download and install the app. Next, go to the admin site and create and/or download a profile. In the app, select Import from the menu, then select Import Profile from SD card. Find the profile in your Downloads folder and import the profile. Once downloaded, click Connect. To disconnect, open the app again and select Disconnect.iOS: use OpenVPN Connect for iOS. Install the app, then browse to the admin site in Safari. Create and/or download a profile. After the profile is downloaded, select Open in Open VPN. Install the profile, then select Connect to connect to the VPN. To disconnect, open the app again and select Disconnect.
Stopping and Starting the VPN
For the ultimate cost savings, shutdown the VPN VM when you’re not using the VPN. Azure only bills for storage when the VM is not running.
You can start and stop the VPN easily in the Azure portal.
For convenience though, using the Azure Mobile App for iOS or Android is simple. Install the App and login. In the list of resources, find openvpnVM and tap on it. On this panel, you can stop and start the VM. You can start the VPN from the app before you logon to the VPN and once you’re done using the VPN, shut it down.
Also, star the VM so it will appear on your list of Favorites for quick access.
That’s it! You private VPN is ready to go. Happy safe browsing!