Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,630 --> 00:00:07,070 Setting up your own VPN server can be useful for many of the VPN benefits we have highlighted already 2 00:00:07,130 --> 00:00:07,290 . 3 00:00:07,350 --> 00:00:13,920 Plus it puts you in control and you can make sure that logging is disabled and it set up the way that 4 00:00:13,920 --> 00:00:15,140 you want it. 5 00:00:15,210 --> 00:00:20,350 But the cons are that there still may be a money trail back to you. 6 00:00:20,430 --> 00:00:26,080 And if you want total privacy and anonymity you cannot have a money trail. 7 00:00:26,310 --> 00:00:31,500 You will also need to be technically competent in order to set it up. 8 00:00:31,620 --> 00:00:39,390 Setting up a secure and hard and open VPN server from scratch is a big task and there are many things 9 00:00:39,390 --> 00:00:43,480 you could do wrong and if you do them wrong you can to make yourself vulnerable. 10 00:00:43,590 --> 00:00:53,370 But I have a couple of great ways for you to set up an open VPN server easily for both learning and 11 00:00:53,370 --> 00:00:56,370 for actual practical use. 12 00:00:56,370 --> 00:01:02,190 Its not necessary that you set up one for this course but I'm going to run through it with you. 13 00:01:02,190 --> 00:01:04,220 So you know how to do it. 14 00:01:04,260 --> 00:01:08,010 So there are two ways you might want to use a VPN. 15 00:01:08,010 --> 00:01:17,130 One is as we've shown it's to surf the web privately from your home network with a VPN server somewhere 16 00:01:17,490 --> 00:01:21,190 in the cloud creating an encrypted tunnel. 17 00:01:21,260 --> 00:01:28,470 Another way you might want to implement a VPN is when you're traveling you may want to VPN into your 18 00:01:28,560 --> 00:01:33,440 own network giving you security while you travel. 19 00:01:33,840 --> 00:01:40,750 Let's consider the first option where we're setting up a VPN potentially in the cloud. 20 00:01:41,550 --> 00:01:50,490 The main option I recommend for both learning and to actually use in the real world is to use a ready 21 00:01:50,490 --> 00:01:55,280 made virtual open VPN appliance from these guys here. 22 00:01:55,290 --> 00:02:04,320 Turn key Linux the service I use and recommend the appliances that they supply are free. 23 00:02:04,350 --> 00:02:11,930 They are open source and they are based on Debian 8 Jessee all which is a full thumbs up. 24 00:02:12,000 --> 00:02:20,280 This service is free until you want to use more professional functionality like backup which you don't 25 00:02:20,280 --> 00:02:21,430 have to use. 26 00:02:21,480 --> 00:02:26,790 So you can set it up free to learn or you can use it practically. 27 00:02:27,660 --> 00:02:33,300 And here are the various appliances that you can download and use. 28 00:02:33,410 --> 00:02:39,210 Here's open VPN which is what we're after for this open VPN server. 29 00:02:39,300 --> 00:02:42,360 Now if you look here you've got VM images. 30 00:02:42,360 --> 00:02:45,360 That's an overlay file which you should be familiar with. 31 00:02:45,510 --> 00:02:51,690 And we've got these other virtual machine files Zenn there if you've got a Zen server you can download 32 00:02:51,750 --> 00:03:00,610 any of these virtual machine appliances these images and deploy an open VPN server on a virtual machine 33 00:03:00,610 --> 00:03:00,650 . 34 00:03:00,650 --> 00:03:02,700 So that's one option. 35 00:03:02,700 --> 00:03:11,850 Another option is here they have a ISO for downloading and installing so you can install it on a device 36 00:03:11,850 --> 00:03:11,940 . 37 00:03:11,940 --> 00:03:20,470 And another option is that you can deploy your turnkey open VPN server in the cloud. 38 00:03:20,520 --> 00:03:29,420 And if we go here turn key and those appliances and that open VPN server integrates with Amazon Web 39 00:03:29,420 --> 00:03:39,060 Services A to B S who provide the virtual server for you turnkey provide the application Amazon provide 40 00:03:39,120 --> 00:03:47,160 the virtual server so you can deploy an Amazon virtual server in literally minutes that is running an 41 00:03:47,160 --> 00:03:48,780 open VPN server. 42 00:03:49,110 --> 00:03:55,880 If you choose to use a to be us and turnkey you have to pay Amazon for the server. 43 00:03:55,890 --> 00:04:04,050 It might cost you a few cents to test this out but it depends on the service that you use. 44 00:04:04,050 --> 00:04:09,860 But you can see it's not a lot if you just doing some testing or it's less if you're going to use it 45 00:04:09,870 --> 00:04:20,430 longer term you would create a free account on a W S and you would also create a free account on turnkey 46 00:04:20,520 --> 00:04:21,840 Linux. 47 00:04:21,960 --> 00:04:25,410 Then you need to follow the instructions. 48 00:04:25,470 --> 00:04:34,140 Post registration that you get given by turnkey Linux so that you can integrate turnkey an Amazon together 49 00:04:34,140 --> 00:04:34,270 . 50 00:04:34,290 --> 00:04:39,990 This takes a little while to fill in all the details and do all of the security stuff but if you follow 51 00:04:39,990 --> 00:04:49,440 the instructions you'll integrate them together turnkey and us after you've done all the integration 52 00:04:49,440 --> 00:04:49,710 . 53 00:04:49,800 --> 00:04:56,970 Then you log into the turn key Linux hub and it'll look something similar to this. 54 00:04:56,970 --> 00:05:00,980 So you want to set up an open VPN server and we have an option here. 55 00:05:01,020 --> 00:05:03,450 Launch a new server. 56 00:05:03,450 --> 00:05:04,680 Click on this. 57 00:05:04,680 --> 00:05:11,490 So then we have to choose what appliance we want then obviously we won't open VPN and when he's choose 58 00:05:11,490 --> 00:05:17,500 a hostname for it you can configure it for your own domains. 59 00:05:22,270 --> 00:05:29,080 And then when you're choosing the type of server and where it will be located when you're having the 60 00:05:29,110 --> 00:05:38,080 free version of turnkey Linux you can only have the macro version which is fully fine for an open VPN 61 00:05:38,140 --> 00:05:46,450 server and we can change where it's going to be so we can put it in the East Coast of the USA and that 62 00:05:46,450 --> 00:05:48,770 makes it a little bit cheaper. 63 00:05:48,820 --> 00:05:56,650 So that zero point zero one three per hour in order for that to work you will need payment details set 64 00:05:56,650 --> 00:05:59,230 up with Amazon Web Services. 65 00:05:59,230 --> 00:06:05,240 Of course if you want to set this up otherwise this is just informational. 66 00:06:05,330 --> 00:06:10,610 Then we need to put in the S-sh passwords or we'd want to put in our key pair. 67 00:06:10,630 --> 00:06:13,750 We talk about S-sh in its own section. 68 00:06:13,760 --> 00:06:18,080 So if you're not sure about S.H. keypads don't worry about that for now. 69 00:06:19,750 --> 00:06:28,870 Just putting in a short password because this is just a demo appliance settings open VPN key email and 70 00:06:28,870 --> 00:06:39,970 there is the open VPN domain SYS for the root file system availability zone automatic install enabled 71 00:06:39,990 --> 00:06:43,320 us configure security alerts enabled Yes. 72 00:06:43,480 --> 00:06:45,900 Now we have auto associate elastic. 73 00:06:45,910 --> 00:06:53,290 I pay every one which you can see where it is an elastic IP is a static IP address that can be associated 74 00:06:53,290 --> 00:07:04,810 to an Amazon easy to server which by default only has a dynamic IP address and actually for a VPN it's 75 00:07:04,840 --> 00:07:11,640 actually quite nice to have a dynamic IP address because then the IP addresses are harder to block. 76 00:07:11,680 --> 00:07:18,010 And then we click launch and then it starts to create it and boot up. 77 00:07:18,040 --> 00:07:20,010 You can see here it's booting up. 78 00:07:20,020 --> 00:07:23,070 This one here is one that I've already created. 79 00:07:23,110 --> 00:07:25,330 This is the one that is booting up. 80 00:07:25,470 --> 00:07:30,580 Now to see if we can have snapshots backups. 81 00:07:30,760 --> 00:07:32,650 This is where it is located. 82 00:07:32,680 --> 00:07:36,160 You can see that it's easy to instance. 83 00:07:36,280 --> 00:07:42,200 What we've got here we got a gig of RAM and you can see it's on Jesse HMD 64. 84 00:07:42,580 --> 00:07:46,900 And you can see it's got firewall rules here IP address. 85 00:07:46,900 --> 00:07:51,240 You can add it firewall rules once it's up and running. 86 00:07:51,280 --> 00:07:54,030 Now it's initializing the system. 87 00:07:54,070 --> 00:07:54,880 We can reboot. 88 00:07:54,880 --> 00:07:55,330 Stop. 89 00:07:55,330 --> 00:07:58,480 Destroy any point so you can see. 90 00:07:58,480 --> 00:08:05,710 You know you can actually test this out and you know it might cost you 20 cents and then you can destroy 91 00:08:05,710 --> 00:08:06,540 it. 92 00:08:07,060 --> 00:08:15,760 Let's have a look at pay less so you can see here if you want to pay less you can reserve for longer 93 00:08:15,760 --> 00:08:16,390 . 94 00:08:16,400 --> 00:08:20,920 We've got 36 months here and that's only nine dollars. 95 00:08:20,920 --> 00:08:27,400 Gives you an idea of how much you might want to pay for the for the micro one which is really not a 96 00:08:27,400 --> 00:08:35,890 lot is it you know we go fifty fifty dollars for 12 months and while we're waiting for this I'll show 97 00:08:35,890 --> 00:08:43,570 you where I can add it or remove the firewall rules. 98 00:08:44,720 --> 00:08:46,690 And here you can add the rules. 99 00:08:46,720 --> 00:08:56,650 This is basically IP tables gooey to enable you to change IP tables and very it's finished. 100 00:08:56,650 --> 00:08:59,980 And the last thing it did was install security update. 101 00:08:59,980 --> 00:09:04,030 So it's all nice and up to date as well. 102 00:09:04,030 --> 00:09:07,960 I speeded it up a little bit so you wouldn't have to wait for it to install. 103 00:09:08,020 --> 00:09:15,860 It probably took about four or five minutes in total which is amazing to get an open VPN so that up 104 00:09:15,860 --> 00:09:24,580 and running in five minutes it's fully configured as a fully configured open VPN server and it's somewhat 105 00:09:24,610 --> 00:09:25,460 hardened. 106 00:09:25,480 --> 00:09:36,790 It is set up as a gateway profile which means the open VPN server pushes a redirect gateway configuration 107 00:09:37,150 --> 00:09:43,110 causing all IP network traffic to pass through the open VPN gateway. 108 00:09:43,100 --> 00:09:48,970 I know what that means is it's a VPN for internet access for privacy. 109 00:09:49,090 --> 00:09:53,990 The same as what you would be using if you be using a VPN provider. 110 00:09:54,190 --> 00:09:57,690 You can also get site to site VPN. 111 00:09:57,910 --> 00:09:59,950 But that's not what we're doing here. 112 00:09:59,950 --> 00:10:03,580 You can get outside VPN with turnkey Linux. 113 00:10:03,580 --> 00:10:05,220 You can reboot the server. 114 00:10:05,260 --> 00:10:07,000 Like I said stop the server. 115 00:10:07,150 --> 00:10:09,850 And after you've finished with it you can destroy it. 116 00:10:09,880 --> 00:10:12,450 Maybe it gets blocked. 117 00:10:12,460 --> 00:10:19,930 So just destroy it start another one with a different IP address and you go a couple of icons here. 118 00:10:19,950 --> 00:10:26,400 This is your webmin and this via the web gives you access to S-sh. 119 00:10:26,500 --> 00:10:30,580 You can choose to block everything if you edit here. 120 00:10:30,670 --> 00:10:36,970 Apart from just open VPN which would probably be a good idea for security so if you were going to be 121 00:10:36,970 --> 00:10:44,230 using this long term change the firewall rules say you only have the port that you want to use for open 122 00:10:44,230 --> 00:10:48,780 VPN which at the moment is 1 1 9 4. 123 00:10:48,940 --> 00:10:56,110 So if you click on here that gets you through to this and you can logon using the username and password 124 00:10:56,110 --> 00:10:57,760 that you created. 125 00:10:58,330 --> 00:11:06,360 And essentially it's a web admin for the server that are bit like see panel or do you hate. 126 00:11:06,390 --> 00:11:08,740 And if you're familiar with that 127 00:11:11,660 --> 00:11:15,200 you can see lots of cool stuff you can use here. 128 00:11:15,340 --> 00:11:20,230 But we're interested in the open VPN stuff here so we're not going to go through everything. 129 00:11:20,230 --> 00:11:27,390 If you click on this you get the shell in a box which is going to give you this and you can log in with 130 00:11:27,390 --> 00:11:36,430 a username and password that you used and then you are logged in as S-sh or you can obviously S-sh into 131 00:11:36,430 --> 00:11:44,650 the box on port 22 and there it is running on port 1 1 9 4. 132 00:11:44,650 --> 00:11:52,660 We want to now create an open VPN client configuration so that you can access the server and you do 133 00:11:52,660 --> 00:11:59,220 that like this. 134 00:11:59,220 --> 00:12:06,520 So this is OPEN VPN dash add client than the name of the client whoever it is you're going to associate 135 00:12:06,520 --> 00:12:09,940 this configuration with then name at. 136 00:12:09,940 --> 00:12:19,440 And then the server and you can see it has created the v p n file and it's created it here. 137 00:12:19,540 --> 00:12:24,650 So we just need to copy that off and onto our client of choice. 138 00:12:24,700 --> 00:12:27,100 So I'm going to pop onto my client of choice 14804