A VPN masks the location and builds a tunnel that prevents sharing surfing behavior to, among others, Internet providers. A must in this day and age.
If you are thinking about getting a VPN, you should by no means use providers that are already on the market. Too uncertain what will happen to your data. Better to rent a VPS (Virtual Private Server) and create your own VPN.
So after you have chosen a provider (in my example it is Hetzner) and installed the VPS with Ubuntu 18.04, you can log into the server via the terminal. I have already explained how to do this in the “Passwordless SSH on Mac” instructions.
However, you must NOT activate the ChallengeResponseAuthentication: no and UsePAM: no options. Otherwise the PC / smartphone will not be able to connect to the VPN server.
With the following commands we install MongoDB & the VPN Pritunl. Simply enter the commands into the terminal one after the other, confirm any queries with “y” for Yes and wait:
sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.list << EOF deb https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 multiverse EOF
sudo tee /etc/apt/sources.list.d/pritunl.list << EOF deb https://repo.pritunl.com/stable/apt bionic main EOF
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv E162F504A20CDF15827F718D4B7C549A058F8B6B
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
sudo apt-get update
sudo apt-get --assume-yes install pritunl mongodb-server
sudo systemctl start pritunl mongodb
sudo systemctl enable pritunl mongodb
Please note, however, that these installation instructions only work for Ubuntu 18.04. Problems can arise with newer Ubuntu installations.
Now we have to generate and copy the setup key with the following command line:
sudo pritunl setup-key
Next we can open the IP in the browser with https://<ip-address> and insert the setup key in the field provided. The address for MongoDB remains unchanged.
We also have to generate the password for the first login in the terminal with the following command:
sudo pritunl default-password
After logging in for the first time, a mask with standard settings such as the username, password, URL and port is displayed. The user name should be changed, if possible not to Admin or Administrator. The password should also be well chosen.
Next we create an organization, create our users and a VPN server. An organization must be assigned to the VPN server and then the VPN server must be started.
In order to set up the clients, there is also the option of downloading profiles on the user page in addition to the user names. You just have to load this into the OpenVPN clients and enter the password.
Pritunl also supports 2FA with the Google Authenticator or any other OTP application, which additionally contributes to security and should definitely be used.
Picture: © Daniel Wenzlik