*** VPN Thread ***

I tried to sign up for NordVPN using TopCashBack as they had a 95% cashback offer. But the purchase tracked at the wrong amount (lower) so I'm not getting the full amount (I realise VAT isn't included in the price cashback is paid on). I've raised a claim but it will take 1-3 months to sort out and I only have 31 days to cancel NordVPN. On top of this the estimate wait for a payout is 10 weeks!
So it looks like NordVPN is getting cancelled!
 
Last edited:
I thought I'd throw this in here as a thought experiment. As a tech savvy but non technical person I asked chatgpt to tell me how to make my own VPN.
Apologies for the length of the post and I have no idea if chapGPT is actually correct in it's instructions. How do you ban this?

Edit: It hasn't copied across correctly but I'll leave it up as its idea of doing it that's the point of discussion.

Edit2: I should just point out this was in the context of another discussion and moved here - it wasn't my intention to start a detailed technical discussion on how to setup a VPN as I'm sure I could find that info here already.


Can you give me detailed instructions on how to write and install a vpn in the cloud?



ChatGPT said:

Writing and installing a VPN (Virtual Private Network) in the cloud involves several steps, from setting up a virtual server to configuring the VPN software. Here's a comprehensive guide on how to do it, broken down into manageable sections:

Step 1: Set up a Cloud Instance

First, you need a virtual machine (VM) in the cloud where you will install the VPN server. Cloud providers like AWS, Google Cloud, and DigitalOcean offer easy ways to deploy these.

1.1

  • AWS: EC2 instances
  • Google Cloud: Google Compute Engine
  • DigitalOcean: Droplets
  • Azure: Virtual Machines
For this example, I'll assume you're using AWS (but the steps are similar for other providers).

1.2

  1. Sign in to AWS Console and go to the EC2 Dashboard.
  2. Click Launch Instance and choose an OS (e.g., Ubuntu).
  3. Choose an instance type (e.g., t2.micro for light usage).
    • VPC/Subnet: Leave default for now.
    • Security Group: Create or select an existing security group with the necessary ports open (usually UDP 1194 for OpenVPN).
  4. Review and launch the instance.

1.3

  1. Download the .pem file for SSH access.
  2. Open a terminal on your local machine and run:

    bash
    CopyEdit
    <span><span><span>chmod</span></span><span> 400 path-to-your-pem-file.pem<br>ssh -i path-to-your-pem-file.pem ubuntu@your-ec2-public-ip<br></span></span>

Step 2: Install VPN Software

Now that you have a cloud instance, you need to install the VPN server software. Let's go with OpenVPN, a popular, open-source solution.

2.1

  1. Update and upgrade the server:

    bash
    CopyEdit
    <span><span>sudo apt-get update &amp;&amp; sudo apt-get upgrade -y<br></span></span>
  2. Install OpenVPN and Easy-RSA (a tool to manage certificates):

    bash
    CopyEdit
    <span><span>sudo apt-get install openvpn easy-rsa -y<br></span></span>
  3. Set up the Easy-RSA environment:

    bash
    CopyEdit
    <span><span>make-cadir ~/openvpn-ca<br></span><span><span>cd</span></span><span> ~/openvpn-ca<br></span></span>
  4. Configure Easy-RSA variables:
    Edit the vars file:

    bash
    CopyEdit
    <span><span>nano vars<br></span></span>
    Modify the following lines to match your organization:

    arduino
    CopyEdit
    <span><span><span>export</span></span><span> KEY_COUNTRY=</span><span><span>"US"</span></span><span><br></span><span><span>export</span></span><span> KEY_PROVINCE=</span><span><span>"CA"</span></span><span><br></span><span><span>export</span></span><span> KEY_CITY=</span><span><span>"San Francisco"</span></span><span><br></span><span><span>export</span></span><span> KEY_ORG=</span><span><span>"MyVPN"</span></span><span><br></span><span><span>export</span></span><span> KEY_EMAIL=</span><span><span>"[email protected]"</span></span><span><br></span></span>
  5. Build the certificate authority (CA):

    bash
    CopyEdit
    <span><span><span>source</span></span><span> vars<br>./clean-all<br>./build-ca<br></span></span>
  6. Generate the server certificate and key:

    bash
    CopyEdit
    <span><span>./build-key-server server<br></span></span>
  7. Generate Diffie-Hellman parameters:

    bash
    CopyEdit
    <span><span>./build-dh<br></span></span>
  8. Generate the HMAC key:

    bash
    CopyEdit
    <span><span>openvpn --genkey --secret keys/ta.key<br></span></span>
  9. Copy the server keys and certificates:

    bash
    CopyEdit
    <span><span><span>cd</span></span><span> ~/openvpn-ca/keys<br>sudo </span><span><span>cp</span></span><span> ca.crt server.crt server.key ta.key dh2048.pem /etc/openvpn<br></span></span>

Step 3: Configure the OpenVPN Server

Now, you’ll configure OpenVPN to actually handle VPN connections.

3.1

bash
CopyEdit
<span><span>sudo </span><span><span>cp</span></span><span> /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/<br>sudo gzip -d /etc/openvpn/server.conf.gz<br></span></span>

3.2

bash
CopyEdit
<span><span>sudo nano /etc/openvpn/server.conf<br></span></span>
Make the following changes:


  • Uncomment and modify proto if needed (usually UDP):

    nginx
    CopyEdit
    <span><span><span>proto</span></span><span> udp<br></span></span>
  • Set the port to 1194 (default for OpenVPN):

    yaml
    CopyEdit
    <span><span><span>port</span></span><span> </span><span><span>1194</span></span><span><br></span></span>
  • Set the server directive to match your desired VPN subnet:

    nginx
    CopyEdit
    <span><span><span>server</span></span><span> </span><span><span>10.8.0.0</span></span><span> </span><span><span>255.255.255.0</span></span><span><br></span></span>
  • Enable IP forwarding by uncommenting this line:

    perl
    CopyEdit
    <span><span><span>push</span></span><span> </span><span><span>"redirect-gateway def1 bypass-dhcp"</span></span><span><br></span></span>
  • Enable DNS forwarding:

    perl
    CopyEdit
    <span><span><span>push</span></span><span> </span><span><span>"dhcp-option DNS 8.8.8.8"</span></span><span><br></span><span><span>push</span></span><span> </span><span><span>"dhcp-option DNS 8.8.4.4"</span></span><span><br></span></span>

3.3

Edit the sysctl configuration:

bash
CopyEdit
<span><span>sudo nano /etc/sysctl.conf<br></span></span>
Uncomment the following line:

ini
CopyEdit
<span><span><span>net.ipv4.ip_forward</span></span><span>=</span><span><span>1</span></span><span><br></span></span>
Apply the changes:

bash
CopyEdit
<span><span>sudo sysctl -p<br></span></span>

3.4

If you're using UFW (Uncomplicated Firewall), allow OpenVPN traffic:

bash
CopyEdit
<span><span>sudo ufw allow 1194/udp<br>sudo ufw allow OpenSSH<br>sudo ufw </span><span><span>enable</span></span><span><br></span></span>

Step 4: Start the OpenVPN Server

Now that everything is configured, start the OpenVPN service.

bash
CopyEdit
<span><span>sudo systemctl start openvpn@server<br>sudo systemctl </span><span><span>enable</span></span><span> openvpn@server<br></span></span>
Check the status:

bash
CopyEdit
<span><span>sudo systemctl status openvpn@server<br></span></span>

Step 5: Create Client Configuration Files

  1. Generate client certificates:

    bash
    CopyEdit
    <span><span>./build-key client1<br></span></span>
    • Set the remote directive to your server’s public IP or domain:

      yaml
      CopyEdit
      <span><span><span>remote</span></span><span> </span><span><span>your-server-ip</span></span><span> </span><span><span>1194</span></span><span><br></span></span>
    • Add the paths to the certificates:

      vbnet
      CopyEdit
      <span><span>&lt;ca&gt;<br>-----BEGIN CERTIFICATE-----<br>(insert ca.crt contents here)<br>-----</span><span><span>END</span></span><span> CERTIFICATE-----<br>&lt;/ca&gt;<br><br>&lt;cert&gt;<br>-----BEGIN CERTIFICATE-----<br>(insert client.crt contents here)<br>-----</span><span><span>END</span></span><span> CERTIFICATE-----<br>&lt;/cert&gt;<br><br>&lt;</span><span><span>key</span></span><span>&gt;<br>-----BEGIN </span><span><span>PRIVATE</span></span><span> </span><span><span>KEY</span></span><span>-----<br>(insert client.</span><span><span>key</span></span><span> contents here)<br>-----</span><span><span>END</span></span><span> </span><span><span>PRIVATE</span></span><span> </span><span><span>KEY</span></span><span>-----<br>&lt;/</span><span><span>key</span></span><span>&gt;<br><br>&lt;tls-auth&gt;<br>-----BEGIN OpenVPN </span><span><span>Static</span></span><span> </span><span><span>key</span></span><span> V1-----<br>(insert ta.</span><span><span>key</span></span><span> contents here)<br>-----</span><span><span>END</span></span><span> OpenVPN </span><span><span>Static</span></span><span> </span><span><span>key</span></span><span> V1-----<br>&lt;/tls-auth&gt;<br></span></span>

Step 6: Connect the Client to the VPN

To connect the client:

  1. Install the OpenVPN client on your local machine.
  2. Import the .ovpn file into the OpenVPN client.
  3. Start the connection, and it should connect to your cloud-based VPN server.

Step 7: Testing and Troubleshooting

  • Ensure the server is running:

    bash
    CopyEdit
    <span><span>sudo systemctl status openvpn@server<br></span></span>
  • Check firewall rules to ensure nothing is blocking traffic.
  • Verify client connection using:

    bash
    CopyEdit
    <span><span>sudo journalctl -u openvpn@server<br></span></span>

Optional: Using Docker for OpenVPN

If you'd prefer to use Docker for easier management, there's a ready-made OpenVPN container:

  1. Run OpenVPN Docker container:

    bash
    CopyEdit
    <span><span>docker run -d -p 1194:1194/udp --name openvpn --cap-add=NET_ADMIN kylemanna/openvpn<br></span></span>
  2. Generate configuration files:

    bash
    CopyEdit
    <span><span>docker run -v /your/config/folder:/etc/openvpn --</span><span><span>rm</span></span><span> kylemanna/openvpn ovpn_genconfig -u udp://YOUR_SERVER_IP<br>docker run -v /your/config/folder:/etc/openvpn --</span><span><span>rm</span></span><span> kylemanna/openvpn ovpn_initpki<br></span></span>
  3. Start the container:

    bash
    CopyEdit
    <span><span>docker start openvpn<br></span></span>

Final Thoughts

  • Security: Always ensure you're using strong certificates and keys. Update the VPN software regularly.
  • Monitoring: Use logging and monitoring tools to keep track of VPN activity.
  • Scaling: If you plan to scale, you might want to use cloud load balancers or VPN clusters.
This guide provides you with the basic steps for setting up OpenVPN on a cloud server. Feel free to modify the steps based on your specific needs (e.g., scaling, multi-server setups, etc.).
 
Last edited:
I tried to sign up for NordVPN using TopCashBack as they had a 95% cashback offer. But the purchase tracked at the wrong amount (lower) so I'm not getting the full amount (I realise VAT isn't included in the price cashback is paid on). I've raised a claim but it will take 1-3 months to sort out and I only have 31 days to cancel NordVPN. On top of this the estimate wait for a payout is 10 weeks!
So it looks like NordVPN is getting cancelled!
Well how much would it have been assuming the cashback paid out and inc VAT?

VPN's pay for themselves for me through the savings they enable
 
Well how much would it have been assuming the cashback paid out and inc VAT?

VPN's pay for themselves for me through the savings they enable
The difference is about £10 cashback.
Also the terms weren't super clear so I'm not sure if there were restriction on the package I could sign up for and I may have gone for the wrong one, so I'm worried that even though the transaction is pending that it won't go through.

I'm not sure that a VPN would save me any money, I just though it might be useful to get one if it was cheap. But if the cashback isn't as much as I thought and given the hassle and uncertainty around cashback I'm not sure it's worth it.
 
The difference is about £10 cashback.
Also the terms weren't super clear so I'm not sure if there were restriction on the package I could sign up for and I may have gone for the wrong one, so I'm worried that even though the transaction is pending that it won't go through.

I'm not sure that a VPN would save me any money, I just though it might be useful to get one if it was cheap. But if the cashback isn't as much as I thought and given the hassle and uncertainty around cashback I'm not sure it's worth it.
It states this in the terms "Cashback is calculated based on the cost of the basic VPN package cost and does not include the value of any added extras or add ons."

So if you've gone for one of the higher packages that could explain why you are seeing a lower amount than you expect, cashback will be based on whatever the cost of the basic package is. The amount of time it takes for payout is pretty standard for most cashback on there.
 
It states this in the terms "Cashback is calculated based on the cost of the basic VPN package cost and does not include the value of any added extras or add ons."

So if you've gone for one of the higher packages that could explain why you are seeing a lower amount than you expect, cashback will be based on whatever the cost of the basic package is. The amount of time it takes for payout is pretty standard for most cashback on there.
I first read "basic" to mean that you only got cashback on the package you selected not any add-ons. On the NordVPN sign-up page Basic has a capital letter as it's the name of the package, but in the "Terms" on TopCashBack it has a lowercase b, thus suggesting they're not using it as a name.
Currently the amount being tracked is more than the Basic package costs, so I'm not sure what they're tracking it based on.
I'll give it a bit of time to see if anything gets sorted out, but will probably just cancel NordVPN within the 30 days and get my full refund.

I feel TopCashBack need to be more specific if the cashback relies on purchasing specific products that they clearly point out which products it applies to.
 
I first read "basic" to mean that you only got cashback on the package you selected not any add-ons. On the NordVPN sign-up page Basic has a capital letter as it's the name of the package, but in the "Terms" on TopCashBack it has a lowercase b, thus suggesting they're not using it as a name.
Currently the amount being tracked is more than the Basic package costs, so I'm not sure what they're tracking it based on.
I'll give it a bit of time to see if anything gets sorted out, but will probably just cancel NordVPN within the 30 days and get my full refund.

I feel TopCashBack need to be more specific if the cashback relies on purchasing specific products that they clearly point out which products it applies to.
Yeah, I'm not really sure tbh. I took it to mean that you could buy any package but that you would get cashback based on the price of the basic package, and that when it mentions not including other addons that was referring to some of the other additional things you can add, such as a dedicated IP for example. I agree the amount is odd though, I purchased the plus package and my cashback has been based on a purchase price of £71.06, which is somewhere between basic and plus.

I guess you could always query with their support, though cancelling if you're worried you won't get it could be the way to go. I think it will likely payout, but the rule with cash back is you should never really rely on getting it.
 
Yeah, I'm not really sure tbh. I took it to mean that you could buy any package but that you would get cashback based on the price of the basic package, and that when it mentions not including other addons that was referring to some of the other additional things you can add, such as a dedicated IP for example. I agree the amount is odd though, I purchased the plus package and my cashback has been based on a purchase price of £71.06, which is somewhere between basic and plus.

I guess you could always query with their support, though cancelling if you're worried you won't get it could be the way to go. I think it will likely payout, but the rule with cash back is you should never really rely on getting it.
Yeah, ideally you'd just use cashback on something you were going to get anyway, but given the size of these cashback offers it was the only reason I decided to buy.
 
Back
Top Bottom