OpenVPN IP Alias

Digital Ocean introduced floating IP addresses a while ago and combined with yesterday’s announcement that the UK is now going to record all of our traffic “for one year”, I thought it was about time to re-deploy my VPNs with this new feature and outside of the UK. This means:

  • People visiting xxx.programster.org will not be recorded. All the UK government will be able to see is that there is a connection between my servers and my VPN.
  • If one of my VPN’s “dies” I will be able to deploy another with the same floating IP resulting in me not having to reconfigure my firewalls which use an IP whitelist to allow access.
  • The government should not be able to track my personal internet habits. I don’t want them to know that secretly, deep down, I am a massive nerd.

In an earlier post, I discussed how to set up OpenVPN on Debian 8. Below is how to alter that configuration to use a floating IP that you’ve assigned it. If you do not perform these steps, then your VPN will be working with the instance’s fixed IP instead.

Steps

Use the

command to find your “anchor IP”. Unfortunately, this address will not show up in the output of

. Hopefully yours will be similar to mine and start with 10.x.x.x.

Once you have the anchor IP. Find the line near the top of your

file:

… and replace it with

Then edit the

script that my tutorial automatically created/edited and replace the like with

with:

For example, my full script looks like:

Now reboot the server.

On your local machine (or any other device that intends to use the VPN) edit local

file and update the

line with

That’s it! Now you will appear to other services/sites as if you are coming from the floating IP address rather than the fixed one that every instance is deployed with.



Comments

comments

Leave a Reply