Deploying OpenVPN inside a cloudspace
A virtual private network or VPN, is an encrypted connection over the internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely.
How does VPN work ?
VPN hides your IP address by letting the network redirect it through a specially configured remote server run by a VPN host. This means that if you surf online with a VPN, the VPN server becomes the source of your data. This means your Internet Service Provider (ISP) and other third parties cannot see which websites you visit or what data you send and receive online.
Organizations, governments and businesses of all sizes use VPNs to secure remote connections to the internet, work securely, avoid their internal systems to be compromised and prevent data interception.
OpenVPN
OpenVPN is an open-source VPN protocol allowing secure online access from point to point in a network. In short, OpenVPN is arguably the most secure VPN protocol in use today
Network Routing
Network routing is the process of selecting a path across one or more networks. The routing process usually directs forwarding based on routing tables. Routing tables maintain a record of the routes to various network destinations.
Check the Network Routes section in the concepts documentation to learn more about how to add/delete network routes.
In this tutorial, we will go through a step-by-step guide on how to use the Network Routes feature to make our cloudspace network available over the VPN tunnel.
Download Whitesky.cloud OpenVPN Script
To access a private network using Network Routes and VM that has OpenVPN installed on it, you can use the Whitesky.cloud OpenVPN Script to create a VM in your cloudspace that has OpenVPN installed on it.
Steps to install and configure our OpenVPN VM
- Download the repository on your machine either by:
- Using the
git clone git@github.com:gig-tech/OpenVPN.gitcommand to clone the repository on your machine. - Downloading the repository as a ZIP file from the code dropdown menu.
- Using the
- Follow the README.md file to create the docker image.
- Update the
env_listfile with your environment variables (JWT, CustomerID, CloudspaceID, etc). - Open the
openvpn_installerdirectory. -
Run the
openvpn_installer.pyscript in your terminal and you will have two options to choose from:create-user- Creates a new user and downloads the client config file for you.deploy-server- Creates a VM with an OpenVPN server installed on it and deploys this VM on whitesky.cloud BV portal.
Use the
--helpparameter to learn more about the required parameters for each command. -
Enter the required parameters for creating a new VM.
Parameter Description VCO_DOMAIN The domain of the whitesky.cloud BV portal. CUSTOMER_ID Your customer ID on whitesky.cloud BV portal. CLOUDSPACE_ID The cloudspace ID of the cloudspace where the VM will be created. IMAGE_ID The image ID to be installed on your VM. PUB_SSH_PORT Your public SSH port. PUB_OPENVPN_PORT Your public OpenVPN port. PUB_KEY Your public key. 
-
For example, if we want to create a VM, we can use a command like this:
python3 openvpn_installer.py deploy-server test_domain.com test_1 YmotTtgtMzo0Mjg2Nz 67 9022 1194 <PUB_KEY> - The script will create and deploy the VM for you.
Checks before VM Creation Checking if public ssh port 9022 is unused on the cloudspace 9022 is available continuing with the deployment Checking if public openvpn port 1194 is unused on the cloudspace 1194 is available continuing with the deployment [1] Creating VM ... Creating VM complete [2] Creating Port Forwards ... SSH Port Forwards created. OpenVPN Port Forwards created. VM creation complete, please wait for a few minutes for the OpenVPN server to completely install before creating a user. -
Enter the required parameters for creating a new user on the VM that we have created before.
Parameter Description VCO_DOMAIN The domain of the whitesky.cloud BV portal. CUSTOMER_ID Your customer ID on whitesky.cloud BV portal. CLOUDSPACE_ID The cloudspace ID of the cloudspace where the VM will be created. EXTERNAL_IP The external IP of your cloudspace. VM_ID The ID of your virtual machine. PUB_SSH_PORT Your public SSH port. USER_NAME The desired username to be added to your VM. 
-
For example, if we want to create a new user named omar, we can use a command like this:
python3 openvpn_installer.py create-user test_domain.com test_1 YmotTtgtMzo0Mjg2Nz 10.101.109.42 10148 9022 omar -
After the user is successfully created, we can
lsin our directory and we will find a new omar.ovpn configuration file.[1] Creating user - omar user omar creation complete [2] Downloading omar client user config file. omar.ovpn downloaded successfully ~/home# ls Pipfile README.md cmds_server omar.ovpn run_install Pipfile.lock cmds_client env_list openvpn.py ~/home# exit exit -
You can test your VM on the whitesky.cloud BV portal or
sshto your VM from your local machine and try to ping another VM using its IP address. - After successfully deploying and testing your VM with the OpenVPN client, open the Network Routes from the More dropdown menu in your cloudspace details page.
- Click ADD NETWORK ROUTE at the top of the page.
- Enter your Destination route and Gateway.
- Destination route - is a manually configured route entry that determines the next routing hop based on the destination IP address. This reflects the destination that you want to send your packets to.
- Gateway - it points to the gateway through which the network can be reached.
- Add a metric for your network route and select a routing table.
- Metric - indicates the associated cost of using the indicated route. This is useful for determining the efficiency of a certain route from two points in a network.
- Routing table - is a set of rules, often viewed in a table format, that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed to. All IP-enabled devices, including routers and switches, use routing tables.
- Click ADD NETWORK ROUTE.