Dionaea Honeypot Obfuscation
September 10, 2014
Gmail to FastMail
October 12, 2014

Full Network "Anonymous" VPN w/Ubiquiti EdgeMax Router

I use an Ubiquiti EdgeMax Router at the demarkation point in my home network for a variety of reasons, one of which is the capability to maintain a Full Network “Anonymous” VPN w/Ubiquiti EdgeMax Router. I’ve been using IPVanish for a few years on selected systems to ensure a decent level of anonymity while performing research on various information security topics. The only complaint I’ve ever had was the fact that when my VPN connection drops on a system everything keeps trucking along on my public IP address, thus losing any protection afforded by the VPN service.

I’ve been meaning to take on setting up the EdgeMax to establish and maintain a VPN connection for my entire network, therefore protecting everything in my home all the time, for a while. And, as an added bonus, Verizon can’t throttle (shape) my traffic based on whatever arbitrary 3rd party service they’re exploiting this week (ie: Netflix). And lastly, in case the connection drops I’ve removed the routes to the Internet directly. Traffic can *only* leave my LAN via the VPN.

With the guide here, this was very simple project. Below is exactly what I did to setup Openvpn connectivity via IPVanish with an Ubiquiti EdgeMax router.

  1. Verify the VPN works at all. Don’t waste your time troubleshooting the wrong thing.
  2. Download the openvpn configuration files form IPVanish
  3. Upload your preferred configuration files to the router (I use SFTP via CyberDuck on my Mac)
    1. Ensure you upload the IPVanish .crt files also
  4. Create a password file on the router
    1.  vi ipvanish_creds.txt
    2. type your username and password into this file (username on first line password on second).
  5. Make a backup of your configuration file from the Web UI (System, Back up Config on bottom-left)
  6. Obtain your current public IP address
    1. Go to google.com and type ” my ip
    2. Take note of this address
  7. Modify the selected .ovpn files on the router
    1. Locate the line that contains auth-user-pass
      1. Modify to include password file (ex: auth-user-pass /home/brian/ipvanish_creds.txt)
    2. Locate the line that contains dev-tun
      1. Modify the device to ” dev-type tun” — no quotes
  8. Type ” set interfaces openvpn vtun0 config-file ipvanish-US-Ashburn-iad-a03.conf
  9. Type “commit” to push the changes
    1. There will be a slight pause while the connection is established.
    2. If you’re prompted for a username/password then you’re auth file isn’t working…check location and correctness of username/password
    3. The vtun0 interface will show up in the Web UI 5-10 seconds after “commit,” but will not show any IP address information. If it shows up, the VPN connection worked.
    4. VPN connectivity information can be seen in the CLI user mode with “show interfaces openvpn”
  10. Type “save” to ensure this configuration is maintained across a reboot.
  11. In the Web UI, go into the “Firewall/NAT” tab, then “NAT”
  12. Add a source route to the interface you’ve added, vtun0.
    1. Click “Add Source NAT Rule”
    2. Give it a description
    3. Select “vtun0” from the interfaces drop down
      1. If it’s not there, you may need to refresh the browser
      2. If that doesn’t work, the VPN connection wasn’t successful — troubleshoot the user/pass/config
    4. Select “Use Masquerade”
    5. Hit “Save”
  13. Confirm Internet connectivity has been restored to your network.
  14. Confirm that all traffic is going through IPVanish
    1. Go to google.com and type ” my ip” again
    2. Confirm a different IP
  15. (OPTIONAL) Delete the original source route from the NAT table leaving only the vtun0 rule you created.
    1. This ensures that no traffic leaves the network outside of the VPN.
    2. If the VPN loses connection, there is no connectivity outside of the LAN
      1. I haven’t had this happen yet, but I’m hoping the router just re-establishes the connection.
      2. If this is not so, then I’ll just have to reboot the router really quick 🙂
    3. Again, select “commit” then “save”

Screen Shot 2014-10-12 at 11.44.30 AM

 

Easy as that. You should be up and running on the Internet via IPVanish.

3 Comments

  1. Tim says:

    Hi, I’ve just tried your guide to configure my edgemax router except i get an error when i try to commit the changes.

    ubnt@ubnt# commit
    [ interfaces openvpn vtun0 ]
    OpenVPN configuration error: Failed to start OpenVPN tunnel.

    did you experience this? thanks

    • Tim says:

      here is my ovpn file

      client
      dev-type tun
      proto udp
      remote nyc-c01.ipvanish.com 443
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      persist-remote-ip
      ca ca.ipvanish.com.crt
      tls-remote nyc-c01.ipvanish.com
      auth-user-pass /config/auth/pass.txt
      comp-lzo
      verb 3
      auth SHA256
      cipher AES-256-CBC
      keysize 256
      tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA

  2. Mark G says:

    It would be nice to have the directories that the various files go into and the dependencies in the files themselves, if any. Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *