In this article, I will be walking you through my process of installing and deploying a VPN server in the homelab for the purpose of simulating an environment similar to an enterprise network. I will be using an installation of OpenVPN Access Server, a clean installation of Ubuntu Linux Server 18.04 LTS, a Windows Server 2016 running Active Directory, and a fresh installation of Windows 10 Enterprise Addition to act as a client to test our connections.

Quick note: The steps and points below have been summarized to keep this part short. All resources and guides followed throughout this course will be linked when necessary. At the end of this article is a Article Links and Resources I Used, which lists all articles referenced throughout this post. You can simply follow each of these resources in sequential order and achieve the same result. A number in brackets is placed after each section in the article which corresponds to the resource number at the end.

A virtual private network (VPN) establishes a secure connection between two hosts through the use of encryption. VPNs can be used for a private and corporate use case. Private VPNs are often used by individuals who want to ensure the confidentiality of their connection while initiating a form of anonymity by appearing as if their connection originates from a different location. To accomplish this task, a VPN service provider grants access to privately owned servers to a customer. The customer is then able to connect to a server, where then the server queries for a specific resource (e.x. website) on behalf of the customer. The VPN server returns the queried result back to the customer.

Corporate VPNs are used to grant access to a corporate network, services, and resources for a remote host which is not in the network. Usually the remote host is a company-owned device such as a laptop or mobile device. Employees who are not using a device which resides in the corporate network must be able to be accounted for while allowing access to user profile, files, and company resources. In addition, remote employees using company devices need to be securely transferred across an unsecure medium. To do this, a business will setup and configure VPN server to allow remote employees and their devices to connect to the corporate network using a secure connection.

A corporation will have several types of options when it comes to setting up and administering a corporate VPN. For this version of the homelab project, I will be a free, open-source solution to accomplish this goal. OpenVPN is an open-source commercial software used to establish secure connections between remote facilities. Over the past few years, OpenVPN has been considered the baseline standard when it comes to providing a VPN solution. Many private VPN providers use OpenVPN as their standard.

To implement a corporate VPN service, the first task we will do is set up an OpenVPN Access Server. The OpenVPN Access Server will act as our server where remote devices will connect to. The access server will reside in the corporate network where we already have our AD server and clients configured.

To set up an access server, we must use a base operating system which will allow us to install and configure OpenVPN services. I used an Ubuntu Linux Server 18.04 LTS virtual image to accomplish this task. (1) I went ahead and ran through the default set up for the server. (2)

After the Linux server was set up, the next task is to install OpenVPN Access Server libraries and dependencies through a repository download. (3 & 4) OpenVPN makes the installation process relatively simple. Select the Linux distribution and version of the server and copy and paste the following commands into the Linux terminal as a root user.

Once the commands have been supplied to the terminal, an openvpn installation wizard will run in the terminal where it will set up a new access server.

Using the Lightweight Directory Access Protocol (LDAP) service, we can attain access to user profiles and objects which reside in Active Directory. We want to connect our OpenVPN Access Server using LDAP so a user profile can be queried through the access server and successfully authenticate in AD.

To configure LDAP, we can use the admin user interface. The admin UI will allow us to configure the necessary services so we can transfer users and their proceeding profile information between the AD DC and OpenVPN access server. I followed this guide to enable LDAP on OpenVPN Access Server. (5)

To test LDAP,  we can use the OpenVPN troubleshooting command ./authacli to query a specific user in AD. Read more about the ./authcli here. (6)

Once we have our access server set up with LDAP configured, we can then test our connection using a remote Windows 10 Enterprise device.

We can download the VPN connection client through the web UI and then transfer the client program to the Windows 10 Enterprise device. (7)

Once we run through our installation of the VPN client, we can connect to the OpenVPN Access server by supplying the IP address.

In this part of the Cybercademy Cybersecurity Homelab project, we have successfully learned why businesses use corporate VPNs, how to set up OpenVPN Access Server on a clean installation of Ubuntu Linux, set up and use LDAP to access AD objects, and connect a remote host to the OpenVPN Access Server.

In this next part of this project, I will be setting up and connecting a pfSense firewall.

Articles Links & Resources I Used

1) Download Ubuntu 18.04.4 LTS – Ubuntu

2) Install Ubuntu Server 18.04 LTS Guide (if you need help) – Foss Linux

3) Installing OpenVPN Access Server on a Linux System Article – OpenVPN

4) Access Server Installation: Install Access Server via Repository

5) OpenVPN Access Server on Active Directory via LDAP

6) Test LDAP Functionalities using AuthCLI Tool

7) OpenVPN Connect for Windows – Download Client