In my last post, we set up ZeroTier as a basic mesh VPN, allowing access to any nodes that joined the network via their ZeroTier IP addresses. In this post, we will set be setting up ZeroTier to allow us to access our own network from the wider internet.
Continuing my series of blog posts on VPNs, now we’re going to be installing the ZeroTier self hosted controller! Again we’ll be installing it on Debian 11, but the instructions should work for Debian 12 as well.
ZeroTier is a (VPN) and software-defined networking (SDN) platform in one that enables connectivity between devices and networks across the internet. It creates a virtual overlay network that allows devices to communicate as if they were connected to a physical network (LAN), regardless of their actual location. ZeroTier has many possible configurations, so in this post, we’ll just be configuring ZeroTier to allow remote access to a single node (in this post, the node will be the server that I’m installing it on). In later posts, we will walk through setting up ZeroTier in other configurations.
Onto Part 2 of my series on VPNs, this guide will show you how to set up an OpenVPN server on my Linux distribution of choice, Debian.
Debian is available as an image on a lot of VPS providers, and even services like Amazon AWS and Microsoft Azure, making it the perfect base to start your self-hosted VPN journey on.
You can help keep my site up and running by checking out the VPS providers that I use via the Affiliate links over on the left hand side there!
A Quick Introduction to OpenVPN
OpenVPN is a popular open-source VPN (Virtual Private Network) solution known for its security, flexibility, and cross-platform compatibility with apps for iOS, Android, Windows, and Mac OSX.
In this guide, we will walk you through the process of setting up an OpenVPN server on Debian 11.
In keeping with my last snippet about setting up a VPN server, I’ve decided to run a VPN series, seeing as how EVERY SINGLE YOUTUBER is being sponsored by a VPN nowadays.
I’ll go over the pros and cons of using a commercial VPN such as ExpressVPN or Surfshark vs running your own, and go over a few of the options that you have if you do want to run your own.
It has been a loooong time since I’ve posted…a lot has happened, but finally back on the blog!
I’ve been working a lot with Mikrotik devices lately, and I’ve written up a few bits and bobs to make my life easier.
Below is the snippet I’ve written to quickly set up an OpenVPN server on a Mikrotik router.
#### VARIABLES #### UPDATE BEFORE RUNNING SCRIPT # This variable sets the DNS server that will be used by the clients on the VPN :global netVPNDNSServer 18.104.22.168 # Sets the company and export passphrase that will be used for the cert :global Company "YOUR COMPANY" :global CertExportPassphrase YOURPASSPHRASE # Sets up a user and password for the VPN :global vpnuser joebloggs :global vpnpass bloggsvpn ## Certificate Setup /log info "generating certs" ## You may want to update your country, state, etc, but it's not necessary /certificate add name=CA country=AU state=WA locality=WA organization=$Company unit=IT common-name=CA trusted=yes key-usage=key-cert-sign,crl-sign days-valid=3650 /certificate add name=server country=AU state=WA locality=WA organization=$Company unit=IT common-name=server trusted=yes key-usage=digital-signature,key-encipherment,tls-server days-valid=3650 /certificate add name=client country=AU state=WA locality=WA organization=$Company unit=IT common-name=client key-usage=tls-client days-valid=3650 # If you're copy and pasting this into terminal, paste each certificate sign line separately, and ignore the delay lines /log info "signing certs" /certificate sign CA name=CA /log info "30 sec wait" /delay 30000ms /certificate sign server ca=CA /log info "30 sec wait" /delay 30000ms /certificate set server trusted=yes /certificate sign client ca=CA /log info "30 sec wait" /delay 30000ms /log info "exporting certs" /certificate export-certificate CA /certificate export-certificate client export-passphrase=$CertExportPassphrase ## OpenVPN Config # This is where the IP addresses are set for the OpenVPN Clients. # If you need to change them, this is the spot. /ip pool add comment="OVPN Pool" name=Pool-VPN ranges=10.0.100.10-10.0.100.200 /ppp profile add dns-server=$netVPNDNSServer local-address=10.0.100.1 name=Profile-VPN only-one=no remote-address=Pool-VPN use-encryption=required /interface ovpn-server server set auth=sha1 certificate=server cipher=aes256 default-profile=Profile-VPN enabled=yes require-client-certificate=yes /ppp secret add name=$vpnuser password=$vpnpass profile=Profile-VPN service=ovpn