Dionaea Honeypot ObfuscationSeptember 10, 2014
Gmail to FastMailOctober 12, 2014
I use an Ubiquiti EdgeMax Router at the demarkation point in my home network for a variety of reasons, one of which is the capability to maintain a Full Network “Anonymous” VPN w/Ubiquiti EdgeMax Router. I’ve been using IPVanish for a few years on selected systems to ensure a decent level of anonymity while performing research on various information security topics. The only complaint I’ve ever had was the fact that when my VPN connection drops on a system everything keeps trucking along on my public IP address, thus losing any protection afforded by the VPN service.
I’ve been meaning to take on setting up the EdgeMax to establish and maintain a VPN connection for my entire network, therefore protecting everything in my home all the time, for a while. And, as an added bonus, Verizon can’t throttle (shape) my traffic based on whatever arbitrary 3rd party service they’re exploiting this week (ie: Netflix). And lastly, in case the connection drops I’ve removed the routes to the Internet directly. Traffic can *only* leave my LAN via the VPN.
With the guide here, this was very simple project. Below is exactly what I did to setup Openvpn connectivity via IPVanish with an Ubiquiti EdgeMax router.
- Verify the VPN works at all. Don’t waste your time troubleshooting the wrong thing.
- Download the openvpn configuration files form IPVanish
- Upload your preferred configuration files to the router (I use SFTP via CyberDuck on my Mac)
- Ensure you upload the IPVanish .crt files also
- Create a password file on the router
- type your username and password into this file (username on first line password on second).
- Make a backup of your configuration file from the Web UI (System, Back up Config on bottom-left)
- Obtain your current public IP address
- Go to google.com and type ”
- Take note of this address
- Modify the selected .ovpn files on the router
- Locate the line that contains auth-user-pass
- Modify to include password file (ex: auth-user-pass /home/brian/ipvanish_creds.txt)
- Locate the line that contains dev-tun
- Modify the device to ”
dev-type tun” — no quotes
- Type ”
set interfaces openvpn vtun0 config-file ipvanish-US-Ashburn-iad-a03.conf“
- Type “commit” to push the changes
- There will be a slight pause while the connection is established.
- If you’re prompted for a username/password then you’re auth file isn’t working…check location and correctness of username/password
- The vtun0 interface will show up in the Web UI 5-10 seconds after “commit,” but will not show any IP address information. If it shows up, the VPN connection worked.
- VPN connectivity information can be seen in the CLI user mode with “show interfaces openvpn”
- Type “save” to ensure this configuration is maintained across a reboot.
- In the Web UI, go into the “Firewall/NAT” tab, then “NAT”
- Add a source route to the interface you’ve added, vtun0.
- Click “Add Source NAT Rule”
- Give it a description
- Select “vtun0” from the interfaces drop down
- If it’s not there, you may need to refresh the browser
- If that doesn’t work, the VPN connection wasn’t successful — troubleshoot the user/pass/config
- Select “Use Masquerade”
- Hit “Save”
- Confirm Internet connectivity has been restored to your network.
- Confirm that all traffic is going through IPVanish
- Go to google.com and type ”
my ip” again
- Confirm a different IP
- (OPTIONAL) Delete the original source route from the NAT table leaving only the vtun0 rule you created.
- This ensures that no traffic leaves the network outside of the VPN.
- If the VPN loses connection, there is no connectivity outside of the LAN
- I haven’t had this happen yet, but I’m hoping the router just re-establishes the connection.
- If this is not so, then I’ll just have to reboot the router really quick 🙂
- Again, select “commit” then “save”
Easy as that. You should be up and running on the Internet via IPVanish.