Setting up OpenVPN on Azure From Scratch

Why do this? One of the major benefits being able to use the internet with a specified IP address. If you’re going to be working systems that whitelist specific IP addresses, you can use this solution to allow for access regardless of both machine and location.

This guide assumes that you:

  • Have an Azure subscription in place.
  • Have a means of SSHing into a virtual machine, such as OpenSSH.

Creating the Virtual Machine

First, access the Azure Marketplace image for OpenVPN.

Next, fill out the form to create a virtual machine with OpenVPN pre-installed. The following information

Once you’re finished, it should look like this:

After creating the virtual machine, access it via the Azure portal and take note of the Public IP address – you’ll use this to SSH into the server and complete the installation:

Running The OpenVP Installation

SSH into the server using OpenSSH and the admin credentials created when creating the virtual machine:

Once SSHed into the virtual machine, you’ll be asked to complete the OpenVPN installation. For most settings, you’ll just use default options. After the installation is complete, you’ll need to reset the admin password:

Once this is done, verify the installation is complete and access the OpenVPN admin section at the following URL: https://<YOUR_PUBLIC_IP>/admin. Log in using the following credentials:

  • Username: openvpn (most likely)
  • Password: the password generated in the step above.

Once this is done, you’ll want to change the server name to the generated public IP address from Azure. Go to ‘Network Settings’ and change the IP address to reflect your public IP, alongside making the following changes:

Setting up OpenVPN Connect

To verify that VPN is working and that you can connect, access the URL https://<PUBLIC_IP>. Log in using the same credentials above and download the OpenVPN Connect application for your operating system.

Once this is done, you can import the record from the server, and log in using the credentials provided above.

Finally, you can verify everything is working by checking your IP again. If your IP address matches the VPN server, you’ve successfully set up the VPN!

Enhancements

After completing the setup, there are a few improvements to make.

Only Whitelist Specific IP Addresses for SSH Access

When the image is created, all traffic can SSH into the box. This is a security flaw, as it allows anyone access, provided they know the credentials to get into the machine. To change this, you should whitelist only IP addresses you are using regularly. To get your IP address, do a Google search for “what is my IP”. 

After that’s done, access the Virtual Machine via Azure, and click the ‘Networking’ tab. Change the rule for default-allow-ssh to the IP addresses desired:

Leave a Reply

Your email address will not be published. Required fields are marked *