Building a secure, simple VPN connection
Automation
DSVPN remains true to its motto in many areas: There is neither a tool for creating the key file nor a user administration tool. The developer is also reluctant to integrate the program into the system as a service. However, his aversion to the init system does not mean that DSVPN cannot be managed with systemd: You just have to create the corresponding service files manually.
Based on templates by Greek developer Evaggelos Balaskas, this can be done quickly [4]. Under /etc/systemd/system/
create the dsvpn_server.service
and dsvpn_client.service
files, and fill them with the content from Listing 5 (Server) and Listing 6 (Client). Don't forget to adjust the path to the key file, the server IP address, and the WiFi router port number to the ports forwarded to the DSVPN server.
Listing 5
Server Service
Listing 6
Client Service
Next, you have to update the system configuration on both the client and the server with:
sudo systemctl daemon-reload
Afterwards the connection can be enabled manually or automatically during the boot process (Listing 7). To disable the automatic start, replace enable
in the last two commands with disable
.
Listing 7
Automatically Enabling the Connection
Firewall
For the greatest possible security, you must prevent data leaks from the VPN to the Internet. This requires a firewall that intercepts all data packets flowing past the VPN. See Balaskas' blog for a description of implementing such a firewall with iptables [5].
Conclusions
DSVPN fills a gap left open by other VPN solutions. For example, it works in isolated environments that only allow TCP/80 and TCP/443 ports to roam the Internet. WireGuard and other lean VPN solutions, such as Glorytun [6], also require UDP, since one TCP port alone is not enough. With DSVPN, the connection between the client and the server is established with a single command, while OpenVPN requires a lengthy configuration.
In practical use, DSVPN shows its strengths if you rarely need a VPN and OpenVPN's long configuration is not worth the effort. One drawback is that DSVPN is only available for Linux and macOS. In many situations, however, you might want to tunnel your Android or iOS smartphone through the VPN to a secure network. The developer states that DSVPN is not intended as a replacement for classic tools like WireGuard. DSVPN solved an existing problem for the developer; perhaps it can solve one for you.
Infos
- WireGuard: https://www.wireguard.com
- DSVPN: https://github.com/jedisct1/dsvpn
- FreeDNS: https://freedns.afraid.org
- Scripts for DSVPN: https://github.com/ebal/scripts/tree/master/dsvpn
- "A Dead Simple VPN": https://balaskas.gr/blog/2019/07/20/a-dead-simple-vpn/
- Glorytun: https://github.com/angt/glorytun
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Direct Download
Read full article as PDF:
Price $2.95
News
-
New Linux Ultrabook from TUXEDO Computers
TUXEDO Computers has released a new 15" Ultrabook running Linux.
-
GNOME 43 To Bring Some Exciting New Features
GNOME 43 is getting close to the first alpha development release and it promises to add one particular feature that should be exciting to several users.
-
KaOS 2022.06 Now Available With KDE Plasma 5.25
The newest iteration of KaOS Linux not only adds the latest KDE Plasma desktop but sets LibreOffice as the default.
-
Manjaro 21.3.0 Is Now Available
Manjaro “Ruah” has been released and includes the latest Calamares installer, GNOME 42, and much more.
-
SpiralLinux is a New Linux Distribution Focused on Simplicity
A new Linux distribution, from the creator of GeckoLinux, is a Debian-based operating system with a focus on simplicity and ease of use.
-
HP Dev One Linux Laptop is Now Available for Pre-Order
The System76/HP collaboration Dev One laptop, geared toward developers, is now available for pre-order.
-
NixOS 22.5 Is Now Available
The latest release of NixOS with a much-improved package manager and a user-friendly graphical installer.
-
System76 Teams up with HP to Create the Dev One Laptop
HP and System76 have come together to develop a new laptop, powered by Pop!_OS and aimed toward developers.
-
Titan Linux is a New KDE Linux Based on Debian Stable
Titan Linux is a new Debian-based Linux distribution that features the KDE Plasma desktop with a focus on usability and performance.
-
Danielle Foré Has an Update for elementary OS 7
Now that Ubuntu 22.04 has been released, the team behind elementary OS is preparing for the upcoming 7.0 release.