Page 1 of 1

OpenVPN Noob how to add more users

Posted: Mon Feb 11, 2019 1:25 am
by thebluecoat
OpenVPN Community,

I recently started a project to setup my own vpn rather than use
more commonly known commercial providers, mainly because I like DIY and to experiment.

I followed some guides and where I’m at in the process is: I purchased a Droplet on Digital Ocean running Ubuntu x32 , I setup OpenVPN and made a .ovpn file that I imported into OpenVPN connect on an iOS device. I felt so accomplished and it’s been working great!

I want to be able to “add more users” and from what I’ve gathered so far it looks like I have to install OpenVPN Access Server on the machine to take next steps? It also looks like doing this only allows 2 concurrent connections and I must pay for a lisence for more users than that. I also notice there’s a minimum order of 10 lisences @$15 each for a total of $180/year, my basic VPS machine is $5/mo or $60/year.

Ultimately at this point I’m only looking to have myself and another device I own , my significant other , and a friend or two. I’d be perfectly happy with “3 concurrent connections max” VPN setup. Is the stuff above “the way it is?” or am I incorrect on how to add more users.

I would appreciate any advisements and next steps.


Edit: math (lol), and use case for connections

Re: OpenVPN Noob how to add more users

Posted: Mon Feb 11, 2019 4:24 pm
by arachma1
As far as I understood, OpenVPN is a multi-client server (as described in OpenVPN documentation). So I think it will allow us to connect as many clients as we like to the server. In case of IPv4, perhaps the limitation will be the number of hosts on the subnet that you select.

So far I only have 1 OpenVPN server on 1 of my 2 VPS'. And there are up to 4 clients that can simultaneously connect to that server, i.e. my other VPS, my server at home, my Linux PC and my Window$ PC. I don't need to pay anything at all for those :D.

You just need to make sure that each client have their own certificate (*.crt) and key (*.key). The server ca.crt and ta.key (in case you use TLS authentication) can be shared amongst all clients. Of course for IPv4, you need to select the VPN subnet which allows it to provide as many VPN IP addresses as the number of clients that you want to connect. My version 2.3.8 of OpenVPN limits the minimum subnet to /248 (6 hosts). You also need to make sure to setup the routing within your VPN subnet so that each clients can talk to each other. Otherwise all clients will only be able to talk to the server.

I think the how-to page of OpenVPN will eventually get you there. Good luck.

Re: OpenVPN Noob how to add more users

Posted: Mon Feb 11, 2019 7:58 pm
by thebluecoat
I didn’t have to go through the respective process you mentioned above for myself regarding .crt or .key. I just remember at the end of the process a .ovpn file churned out that I grabbed with an FTP client.

All of that stuff you mentioned plus subnets seems a little daunting. I took a look at the how to part but haven’t really identified the key part on how to add users in the process that I did it.

The clients would only be using the VPN as a means to avoid data aggregation , no LAN based stuff.

My noob is showing

Re: OpenVPN Noob how to add more users

Posted: Mon Feb 11, 2019 8:57 pm
by arachma1
I am not sure what you are planning to do, e.g. What kind of applications that you have on your Droplet for your devices? What kind of services that your devices need on your Droplet? Are you sure that you need VPN at all for that? :)

Well... If you are not comfortable with the "LAN based stuff", e.g. subnet and routing, then we can worry about that later. But at least you need to know some basic stuff, like making sure that your applications listen to the VPN IP address of your OpenVPN server as otherwise your devices can only connect to it but doing nothing.

As you already have your OpenVPN server running and you have 1 device successfully connected to it, I would imagine you just need to:
1. Create certificates and keys for your other devices
2. Copy .ovpn file that you already have, for your other devices
3. Change the certificate and key on the copy of the .ovpn file for respective devices, with the ones you created on step 1.

I still think it would be better for you to understand more about this by reading the how-to page. At least on the part that is relevant to what I explained above on this page.

Re: OpenVPN Noob how to add more users

Posted: Mon Feb 11, 2019 10:29 pm
by thebluecoat
Thank You so much for at least entertaining my questions , I really value the time you’ve given me thus far!

Im only going to be using OpenVPN on the droplet. I looked at it like “I don’t like paying commercial VPN providers for 1 year in advance to get a decent monthly rate” so I generally paid monthly, anywhere from $4-$12.99/mo.

Once I found out I could “setup my own for $5/mo” I was like “yeeee stick it!!” The next thing I thought was “maybe I can hookup my signicant other with a VPN now too” etc.

Ultimately my use profile for VPN is to make it more difficult to:

data footprint/aggregate my traffic and tie it to me.

To avoid targeted ads based on search history and IP address

avoid deep packet inspection (to a certain degree)/ throttling/QoS that I believe (without evidence however) that mobile operators and ISPs have in place for YouTube/media performance.

For the record , I’m not trying to obscure anything illegal either, It’s strictly to not give away the farm with my traffic in terms of what services I use , or how I use them etc.

Maybe you might be laughing at the use cases above, for the record I do NOT believe that VPN alone will somehow magically free me of the things above but just make it more difficult.

Edited: to include “for the record” piece.

Re: OpenVPN Noob how to add more users

Posted: Tue Feb 12, 2019 9:42 am
by arachma1
VPN can help you prevent your mobile operator and ISP to "sniff" on what you are doing and monetising your activities on internet. You can also minimise service/application based traffic throttling done by your mobile operator and ISP with VPN.

But apart from just "hiding" the real public IP of your device using VPN on your Droplet, you are practically like open books to the servers that you access on the internet. You need to do a lot more on your devices to minimise that, like using adblocker, etc.

I would imagine that you need at least some kind of transparent proxy on your Droplet for that purpose. And for that, I think you have to learn a lot more than just the "LAN based stuff" :) , to be able to configure your Droplet. I am sure you are not the only one having this idea. So there might be already some notes of the other people on the internet that can help you achieve that. Good luck.

Re: OpenVPN Noob how to add more users

Posted: Fri Oct 04, 2019 1:18 pm
by dragontattoo
For me there was an issue while adding the users. Anyone please reply me, I will explain the issue.