RU RU

IT support for startups and developers

All Posts

OpenVPN: setting up Ubuntu server and Keenetic client

September 11, 2025

#OpenVPN #Ubuntu #Keenetic #VPN #iptables

🛠 OpenVPN Setup: Ubuntu (server) + Keenetic (client)

In this guide, we’ll go through setting up an OpenVPN server on Ubuntu and connecting a Keenetic router to it. This setup is useful if you need to provide access to your home network or forward services (e.g., PBX or web server) through VPN.

1. Preparing the Ubuntu server

1.1 Installing packages

sudo apt update
sudo apt install -y openvpn easy-rsa iptables-persistent

1.2 Creating PKI (Easy-RSA v3)

make-cadir ~/easy-rsa
cd ~/easy-rsa
./easyrsa init-pki
./easyrsa build-ca nopass

Server keys

./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh

Client keys (for Keenetic)

./easyrsa gen-req keenetic nopass
./easyrsa sign-req client keenetic

TLS key (specifically tls-auth, not tls-crypt)

openvpn --genkey secret ta.key

1.3 Distribute keys

  • In /etc/openvpn/server/:

094 | OpenVPN + Keycloak: Modern Authentication

August 27, 2025

#OpenVPN #Keycloak #Authentication #SSO #Identity Provider #VPN #Security

The Problem with Certificates at Scale

In previous articles, we discussed that OpenVPN uses certificates for authentication. This method is reliable but has significant drawbacks:

  • Inconvenience for users: Each user must manually receive and install their own certificate.
  • Complex management: When an employee leaves, their certificate must be revoked, which requires extra steps.
  • Lack of centralization: Each service that requires access has its own authorization system.

The solution to this problem is using a centralized identity provider such as Keycloak.

093 | OpenVPN Setup: Explaining the Basics

August 26, 2025

#OpenVPN #VPN #Setup #PKI #Server #Client

VPN: Not Just an “On” Button

For many users, a VPN is simply an “On” button. However, when it comes to building your own secure tunnel, it’s important to understand its architecture. OpenVPN is based on two key ideas: the client-server model and Public Key Infrastructure (PKI).

The Client-Server Model

The concept is simple:

  • Server — the entry point into your secure network. It constantly “listens” for incoming requests and is ready to accept connections.
  • Client — your device (laptop, phone) that initiates the connection to the server.

Once the server and client “agree,” a secure tunnel is created between them, and all traffic passes through it.

092 | OpenVPN: One Protocol – Different Clients

August 25, 2025

#OpenVPN #VPN #Network #Security #Protocol #OpenVPN Connect

OpenVPN: A Time-Tested Standard

Introduction

In a world where the speed and simplicity of WireGuard have become the new standard, OpenVPN remains one of the most reliable and flexible VPN protocols. It works both on traditional computers and on networking equipment, providing cross-platform compatibility and a high level of security. However, to understand how to use it, it is important to distinguish between the protocol itself and its client applications.

086 | Keenetic as a VPN Client: Securing Your Network

August 18, 2025

#Keenetic #VPN #router #VPN-client #OpenVPN #WireGuard #privacy #security #IPIP #Shadowsocks

Keenetic as a VPN Client: Network-Wide Protection

Why Use a Router-Level VPN Client?

Setting up a VPN client on every individual device can be tedious. Moreover, many devices (Smart TVs, gaming consoles, IoT gadgets) don’t even support VPN connections. Keenetic solves this problem by acting as a central VPN client for the entire network. This allows you to protect all devices with a single VPN connection, eliminating the need to install and configure software on each one.

085 | Keenetic as a VPN Server: Secure Remote Access

August 17, 2025

#Keenetic #VPN #router #VPN-server #OpenVPN #WireGuard #IPsec #remote access #EOIP #Shadowsocks

Keenetic as a VPN Server: Secure Remote Access

The Remote Access Problem

When you’re away from home or the office, accessing local resources — such as a network-attached storage (NAS), server, or smart devices — can be challenging. Opening ports to the public internet is unsafe. The solution is to create a secure VPN tunnel, allowing you to safely connect to your local network from anywhere in the world. Keenetic makes this task simple by offering powerful and flexible VPN server functionality right out of the box.

067 | Redundancy of Interoffice Links (Site-to-Site VPN, MPLS, Dark Fiber)

July 29, 2025

#network redundancy #resilience #interoffice communication #VPN #IPsec #OpenVPN #MPLS #Dark Fiber #SD-WAN #BGP #OSPF #VRRP #HSRP #failover #network #branch offices

We’ve already discussed how to ensure reliable connectivity within a single building. Now let’s look at a more complex but equally critical topic: redundancy of communication links between geographically distributed offices or branches. This is crucial for companies where employees across locations need to exchange data, access shared resources (such as a central CRM, file servers, or IP telephony), and work as a unified whole.