Setting up OpenVPN on Azure From Scratch

Why do this? One of the major benefits being able to use the internet with a specified IP address. If you’re going to be working systems that whitelist specific IP addresses, you can use this solution to allow for access regardless of both machine and location.

This guide assumes that you:

Setting up OpenVPN Server

Create a virtual machine in Azure with the following specs:

Once the virtual machine is created, create an inbound rule that allows access to port 943.

Once that’s done, SSH into the machine and install OpenVPN Access Server:

After OpenVPN is installed, set up an admin password:

After creating a password, log into OpenVPN with the above credentials at https://YOUR_SERVER_ID/admin.

Enabling HTTPS with Let’s Encrypt

To set up a certificate for OpenVPN using Let’s Encrypt, first set up a domain to use with OpenVPN. This can either be:

  1. A domain created from a DNS name label in the Azure Public IP.
  2. A separate domain pointing to the DNS name label above with A and/or CNAME records.

install Certbot onto the OpenVPN server:

Then run the following commands to stop OpenVPN, apply cert, and start OpenVPN again :

This command will also handle automatically renewing the cert every three months (via pre-hook and post-hook), which will shut down the VPN for a few seconds while renewing, while removing everyone’s connections. If this is an issue, you can set up a reverse proxy with Apache or NGINX and apply the cert at the reverse proxy level, keeping users connected during renewal.

Finally, verify the URL above is secured.

HTTP -> HTTPS Redirect

The last step is setting up HTTP to redirect to HTTPS, which can be done with a Python script. Create the following file at /usr/local/openvpn_as/port80redirect.py:

Now set up the script to run at boot:

Add this line to the bottom:

Reboot the server, and verify that accessing via HTTP redirects to HTTPS.

References

Installing OpenVPN on Ubuntu: https://openvpn.net/vpn-software-packages/ubuntu/

Setting up Let’s Encrypt on OpenVPN AS: https://loige.co/using-lets-encrypt-and-certbot-to-automate-the-creation-of-certificates-for-openvpn/

Redirect HTTP -> HTTPS in OpenVPN: https://openvpn.net/vpn-server-resources/how-to-redirect-http-to-https/