OpenVPN Server

EXPLOINSIGHTS now has its own VPN service.  As expected, the transfer speeds are much slower then when in the main office or on a trusted network:
But it is at least operational as a beta-service today, and the speeds are more than adequate for simple file transfers/emails.  This provides me with greater end to end data protection as and when I connect via hotels/airports/coffee-houses etc.
I know the service is working because this blog entry is made via the VPN network, and it shows my IP location as being:

And I am not physically near Kingsport now, just as the VPN service should so indicate.
And it works great on my Android devices too:

For the techies: I tried installing this in an LXC container but failed, with all kinds of permission errors that I could not fix, so the service is installed on a completely separate device for now.  I would be grateful for some pointers from anyone on how to overcome the permission-issues of openvpn installation on an unprivileged LXC container.  🙂

2 Replies to “OpenVPN Server”

  1. Note to self: when you setup a VPN server, each client needs an original certificate otherwise the server gets confused and rotates connections between every device that has the same cert, losing connectivity with each rotation.

  2. I used this method to install OpenVPN:
    And I had some trouble with the default settings – I would lose connection on some devices. The installation script employed by the method may be updated or change, but the settings that impacted me were the default encryption level which slowed down the data flow (AES 256, which is overkill unless you are paranoid. I am not, so I changed it to AES 128), and the transfer protocol, which I changed from UDP to TCP. Now UDP is actually ordinarily “better” because all things being equal, it’s faster. This however is true if data are not prone to go missing during transit (which requires a re-transmission, and I had quite a few of those). By comparison, TCP is ordinarily slower because it verifies receipt of a packet of data and this verification step costs a small overhead to max throughput rate. But in my case, the TCP overhead was more efficient than the continued re-transmission of data because I must have an iffy connection somewhere between my VPN server and my current location (thousands of miles today). Moral of the story? Don’t assume the defaults are OK…

Comments are closed.