Building a secure, simple VPN connection

Automation

DSVPN remains true to its motto in many areas: There is neither a tool for creating the key file nor a user administration tool. The developer is also reluctant to integrate the program into the system as a service. However, his aversion to the init system does not mean that DSVPN cannot be managed with systemd: You just have to create the corresponding service files manually.

Based on templates by Greek developer Evaggelos Balaskas, this can be done quickly [4]. Under /etc/systemd/system/ create the dsvpn_server.service and dsvpn_client.service files, and fill them with the content from Listing 5 (Server) and Listing 6 (Client). Don't forget to adjust the path to the key file, the server IP address, and the WiFi router port number to the ports forwarded to the DSVPN server.

Listing 5

Server Service

 

Listing 6

Client Service

 

Next, you have to update the system configuration on both the client and the server with:

sudo systemctl daemon-reload

Afterwards the connection can be enabled manually or automatically during the boot process (Listing 7). To disable the automatic start, replace enable in the last two commands with disable.

Listing 7

Automatically Enabling the Connection

 

Firewall

For the greatest possible security, you must prevent data leaks from the VPN to the Internet. This requires a firewall that intercepts all data packets flowing past the VPN. See Balaskas' blog for a description of implementing such a firewall with iptables [5].

Conclusions

DSVPN fills a gap left open by other VPN solutions. For example, it works in isolated environments that only allow TCP/80 and TCP/443 ports to roam the Internet. WireGuard and other lean VPN solutions, such as Glorytun [6], also require UDP, since one TCP port alone is not enough. With DSVPN, the connection between the client and the server is established with a single command, while OpenVPN requires a lengthy configuration.

In practical use, DSVPN shows its strengths if you rarely need a VPN and OpenVPN's long configuration is not worth the effort. One drawback is that DSVPN is only available for Linux and macOS. In many situations, however, you might want to tunnel your Android or iOS smartphone through the VPN to a secure network. The developer states that DSVPN is not intended as a replacement for classic tools like WireGuard. DSVPN solved an existing problem for the developer; perhaps it can solve one for you.

Infos

  1. WireGuard: https://www.wireguard.com
  2. DSVPN: https://github.com/jedisct1/dsvpn
  3. FreeDNS: https://freedns.afraid.org
  4. Scripts for DSVPN: https://github.com/ebal/scripts/tree/master/dsvpn
  5. "A Dead Simple VPN": https://balaskas.gr/blog/2019/07/20/a-dead-simple-vpn/
  6. Glorytun: https://github.com/angt/glorytun

« Previous 1 2

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • WireGuard

    A recent addition to the Linux kernel, WireGuard lets you build a VPN tunnel that relies on encryption to reduce potential security issues.

    more »
  • Teaming NICs

    Combining your network adapters can speed up network performance – but a little more testing could lead to better choices.

    more »
  • Mistborn

    Mistborn bundles important Internet services on your home network and secures them with a WireGuard VPN tunnel, Pi-hole, iptables rules, and separate containers.

    more »
  • Tipi

    Tipi gives you complete control of more than 100 applications and services. A mouse click is all it takes to install the apps.

    more »
  • Admin Workshop: inetd & xinetd

    If you have many daemons running on your server, it can be quite difficult to keep track of them all. inetd and xinetd manage these services centrally and also take care of exchanges with your clients, allowing programs without network code to operate as Internet servers.

    more »
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News

Tag Cloud

Administration Community Events Hardware Linux Linux Pro Magazine Mobile Programming Security Software Ubuntu Web Development Windows free software open source