Introduction

Hola, this post is about my trivial experiment on VPN. If you just want to know about how to get a free VPN quick, kindly proceed to this section for the answer. Let’s get started!

As a student who lives on campus and uses school Wi-Fi every day, I sometimes get frustrated when the school’s firewall blocks me from accessing some websites. For example: 1 Furthermore, I am kinda interested in Cyber Security too. Right now, I am exploring some techniques in password cracking, and the fact that having a VPN server seems to be helpful in protecting me from being hacked by others. So, I have been doing some research online in the last few days to see what approaches I have for hosting my VPN server without the need to pay any VPN service provider. Some of the solutions I have encountered are:

  1. Turn your Raspberry Pi or an old computer into a VPN server
  2. Buy a router with built-in VPN server capability
  3. Use Cloud Computing Provider to set up a VPN server

Finally, I chose the third technique since it appears to be the most straightforward, cost-effective, and time-saving option.

Virtual Private Server from AWS

Rent OpenVPN server from AWS Marketplaces

To begin, I logged into my AWS console with the 12-Month-Free-Tier. After that, I went to the EC2 Dashboard. After clicking the Launch Instance button, I searched OpenVPN in AWS Marketplaces and selected the free tier eligible under Amazon Machine Image. I chose micro as the instance type, which is also eligible for the Free Tier. Remember to download the key pair if you created any. Recovering access to your AWS Instance after losing your key pair is not fun at all… Trust Me LOL. Long story short, I rented a Virtual Private Server from AWS.

What’s next?

Connect to the Server using SSH

To initiate the VPS installation, I connect to the server using ssh and username=root in my terminal. In the first connection, I pressed enter for every question and accepted all the default settings. In the end, the server finished the setup process and asked me to connect again using openvpnas as the username. In the second connection, I updated the password for my server. Then, I go back to AWS Console, copy the Public IPv4 address, and type https://[Public IPv4 address]:943/admin/ in a new browser tab. The browser showed me this warning: Your connection is not private, but I continue to proceed with the advanced option. And bam! That’s the admin portal Username: openvpn Password: mypasswordthatIjustset :D The reason I wish to log in to the admin browser is that I need to change one setting: Client Internet traffic be routed through the VPN. No -> Yes After saving the setting, I clicked on Update Running Server to make sure it is working.

Then, I accessed https://[Public IPv4 address]:943/ in a new tab. I logged into the portal using the same username and password and downloaded the suggested software. After installing the software, that’s where I faced a problem…(sigh) I will be back! :(

Failure in Connection Using School’s Wifi

My OpenVPN Connect App encountered FAILURE when I’m trying to connect to it using school wifi. Like this:

2

Review Error Log

Alright! After stress eating a coconut tart and Mexican bun. I’m back to work. To see what was wrong in my OpenVPN, I reconnect to the server using ssh, then went to var/log and used cat openvpnas.log to review the error logs. After reading the long and tedious code. I have made a major and important decision! Which is….. Copy and paste the error log into google! This is what google told me:

If you get a “check your network connectivity error”, most likely the connection may be filtered or blocked by a firewall.    
Solution: Please make sure you are not behind any firewalls that are preventing you from establishing an outbound connection to the labs.    
Otherwise you will need to allow traffic on UDP port 1194.

Run NMAP to Scan My Network

Okehhhh, still trapped behind the evil firewall… Anyway, I decided to follow the instructions and open UDP port 1194 to traffic. Before allowing traffic, I’d like to double-check that the port isn’t already open. So I install nmap on my server and run the nmap command to see what ports are available. And it turns out that port 1194’s status is filtered (?)

openvpnas@ip-<censored private address>:/var/log$ nmap -p 1194 <censored public address>

Starting Nmap 7.60 ( https://nmap.org ) at 2022-03-29 11:19 UTC
Nmap scan report for ec2-<censored public DNS>.ap-southeast-1.compute.amazonaws.com (<censored public address)
Host is up (0.00051s latency).

PORT     STATE    SERVICE
1194/tcp filtered openvpn

Nmap done: 1 IP address (1 host up) scanned in 0.24 seconds

According to Nmap’s wiki, filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed.

Use Telnet to Test Open Port

To confirm that port 1194 is restricted by my school firewall, I use telnet to test the port.

openvpnas@ip-<censored private address>:/var/log$ telnet <censored public address> 1194
Trying <censored public address>...
telnet: Unable to connect to remote host: Connection timed out

Connection failed.

Connection Succeeded using Phone’s Data

Then, I decided to connect with my data hotspot to verify that it is the firewall’s problem. In the attempt, I connected to the OpenVPN server without any error! Dang, I’m now super-duper sure that my school’s firewall caused all the trouble just now :')

Anyway, I came across two articles that were extremely helpful and explained my predicament. My server was unable to establish a VPN connection to UDP port 1194 due to the public network’s firewall. To get around this, I should run OpenVPN daemons on TCP port 443, which is the default HTTPS port, on the Access Server. So, I need to double-check that the daemons are up and operating. After checking, I found out that the daemons did run because it is the default setting.

Free VPN from Cloudflare WARP

After one day of struggling, I have finally decided to ask a senpai in my school for help. He told me that my school blocked most of the VPNs (Like NordVPN and ExpressVPN) except for Cloudflare WARP which he suggested I use instead. So I took his advice and tried it out. Within 3 mins, I have changed my computer’s public IP address even when I’m connecting with my school’s wifi… Magic huh…

Steps to install Cloudflare WARP:

  1. Open a new tab for this download link.
  2. Install and run the package.
  3. Turn on the connection.
  4. Your public IP address will change immediately.

4

Conclusion

  1. The takeaway for this post is -> Use Cloudfare WARP to get a free VPN quick.
  2. If you want to have fun and build your VPN server, you are welcome to read my wall-hitting experience in the paragraphs above.

My current status: 3

I will continue to update this post if I find other solutions to the school’s firewall problem. I am pretty sure that there are solutions out there. For example, port forwarding etc. Feel free to leave a comment below if you have any solution in mind. Thanks for reading!

References

  1. https://openvpn.net/vpn-server-resources/troubleshooting-access-to-the-web-interface/#why-does-access-server-use-tcp-443-and-tcp-943-ports
  2. https://openvpn.net/vpn-server-resources/advanced-option-settings-on-the-command-line/#:~:text=By%20default%20the%20OpenVPN%20Access,443%20as%20a%20fallback%20method
  3. https://wiki.onap.org/display/DW/Nmap#:~:text=The%20state%20is%20either%20open,it%20is%20open%20or%20closed