Seven Minute Server

Apr 12, 2017 - 3 minute read - News

First of the 7 Minute Server Series: VPN Servers

I’ve been using a proxy server for awhile, Squid and Privoxy, for fun and also because I saw too many cable and mobile ISPs acting shiftily (why, when I’m connected to Google, do all my connections go to an AT&T server, hmmm?).

But the difficulty of setting up a proxy on a cellular connection was annoying — who wants to get Apple Configurator up and running and is that really a feasible solution for a non-technical person who should be able to control their phone’s outbound connections? What about a VPN? A lot of VPN services seem kind of sketchy — there are definitely a few good ones — but there are a heck of a lot of shady characters out there. Not to mention how much less expensive it would be to implement and manage a family VPN server instead of subscriptions for each family member.

So I jumped in and set up OpenVPN and discovered it was a lot faster & easier than even I thought it could be. About 20 minutes for a first pass attempt at a basic VPN setup. Ten minutes to add a locked down instance of Apache to serve VPN client configs to our phones securely so that we didn’t have to email configs and private keys around (ack!) or sideload. And I thought…anyone could do this…they just need the right information and tools to get started.

I dug my heels in deeper and wrote it all down, providing a hardened configuration that works, instructions for a bunch of different clients (including Chromebook, which due to its lack of real OpenVPN support is…quite the adventure), documenting common issues and pitfalls, and wrote some automated scripts to make it easier.

Things I learned along the way:

  • Read your own troubleshooting section when you get stuck. Falling into the same quicksand pits you’ve already mapped is silly; there’s a reason you mapped them!

  • Writing atrocious Python code and bash scripts is truly like riding a bike — it all comes rushing back quickly, much to the chagrin of anyone who looks over your shoulder.

  • I started writing in LibreOffice and converted everything to Markdown about 10 days in. In retrospect, I wasted some time, but was infinitely happier after the conversion.

  • Pandoc, an awesome little utility that can convert everything to everything (Libreoffice ODT, epub, Markdown, HTML, LaTeX, DocBook, man(!), docx, etc) will get you cursing, but it’s really supercool. Also a huge fan of the Atom text editor now.

  • Kindle publishing is not for the Type A. It will never look the way you want. Amazon will chew your CSS up, spit it out, and cackle. Note that it will spit out different types of mouthfuls depending on whether you’re using its web previewer, native previewer, or downloaded the finished book from the site after publication (which is different than the preview it shows you before publication…oy).

  • You can use up 1000 hours of EC2-time in just two weeks! The PRC must have the most accurate map of the known Internet in real-time than any other nation state, no fooling…

Anyway, the book is here and I’ve also posted a couple of scripts that’ll auto-deploy an OpenVPN instance with auto-created client configs in less than seven minutes (five minutes in most tests I’ve run, seven because I always fat-finger opening the right port) on GitHub.

Now off to help Steve finish up his highly-anticipated sequel to Making Games for the Atari 2600! It’s the second in his 8bitworkshop series – very cool stuff, it’s about making 8-bit arcade games in C. :)