Creating a VPN service using Azure VMs and OpenVPN can be broken down into the following steps:
- Create a new virtual machine in Azure that will act as the VPN server. You can use any Linux distribution for this, but Ubuntu is a popular choice.
- Connect to the new VM via SSH and update the package list by running “sudo apt-get update”.
- Install OpenVPN by running “sudo apt-get install openvpn”
- Create a new directory to store the OpenVPN configuration files by running “sudo mkdir /etc/openvpn/server”
- Create a new file called “server.conf” in the “/etc/openvpn/server” directory and open it in a text editor.
- Add the following lines to the server.conf file, replacing the IP address with the public IP of your Azure VM:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
- Create a new directory called “easy-rsa” by running “sudo mkdir /etc/openvpn/easy-rsa”
- Copy the easy-rsa scripts to the new directory by running “sudo cp -r /usr/share/easy-rsa /etc/openvpn/easy-rsa”
- Change into the easy-rsa directory by running “cd /etc/openvpn/easy-rsa”
- Edit the vars file by running “nano vars” and update the details as per your requirement
- Build the certificate authority by running “source vars” followed by “./clean-all” and then “./build-ca”
- Build the server certificate by running “./build-key-server server”
- Build the client certificate by running “./build-key client1”
- Generate the Diffie-Hellman key by running “./build-dh”
- Copy the certificate and key files to the OpenVPN server directory by running the following commands:
sudo cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/server/
sudo cp /etc/openvpn/easy-rsa/keys/server.crt /etc/openvpn/server/
sudo cp /etc/openvpn/easy-rsa/keys/server.key /etc/openvpn/server/
sudo cp /etc/openvpn/easy-rsa/keys/dh2048.pem /etc/openvpn/server/
- Start the OpenVPN service by running “sudo systemctl start openvpn@server”
- Create a client configuration file on your local machine. This file should have the following contents, replacing the IP address with the public IP of your Azure VM:
client
dev tun
proto udp
remote <your-vpn-server-ip> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3
- Copy the client configuration file, ca.crt, client1.crt, and client1.key to the local machine.
- Download and install OpenVPN client software on your local machine.
- Import the client configuration file and the certificate and key files in the OpenVPN client software.
- Connect to the VPN server using the OpenVPN client software.
- Verify the connection by checking the IP address or by trying to access resources on the Azure virtual network.
Please note that the above steps are just a general guide and may vary depending on your specific setup and requirements.
Connect from iPhone
After completing the above steps, you can connect to the VPN service using the OpenVPN app on your iPhone by following these steps:
- Open the OpenVPN app on your iPhone and tap the “+” button to add a new VPN connection.
- Enter a name for the connection, such as “My Azure VPN.”
- Tap the “Server Address” field and enter the public IP address or hostname of your Azure VM that is running the OpenVPN server.
- Tap the “Remote ID” field and enter the same value as the “Server Address” field.
- Tap the “Local ID” field and enter the name of your VPN connection.
- Tap the “Username” field and enter your OpenVPN username.
- Tap the “Password” field and enter your OpenVPN password.
- Tap the “Save” button to save the connection.
- Tap the “Connect” button to connect to your VPN service.
Note:
You will need to import the .ovpn file from the Azure VM to your OpenVPN app.
You can follow same steps in your Android device too.
Once connected, your iPhone will be connected to the VPN service, and you will be able to securely access resources on your internal network as if you were physically connected to it.