Setting up an OpenVPN server with Netgear and Viscosity
Virtual Private Networks (VPNs) can be utilized for a number of very useful applications. You can securely connect to any public WiFi hotspot. You can overcome geo-blocking restrictions on your favourite websites. And you can even connect to your home or office network from anywhere in the world, as if you were sitting right at your desk. This guide will walk you through the process of setting up your own OpenVPN server, and connecting to it with your copy of Viscosity.
Running your own OpenVPN server will allow you to encrypt everything you do on the internet, so that you can safely do your online banking on the free WiFi at your favourite cafe. Anything you send over the VPN connection will be encrypted from your device until it reaches your OpenVPN server at home. Setting up your OpenVPN server to access your home or office network gives you full access to all your files on your network.
This guide will walk you through the steps involved in setting up an OpenVPN server on a Netgear router that allows you to securely access your home/office network from a remote location and optionally send all of your network traffic through it so you can access the internet securely as well.
This guide won't treat any issues related to setting up your router. We will assume that the Netgear router has a direct connection to the internet and its own IP address. Therefore we will not be considering any issues related to having your Netgear router behind another router.
For this guide, we assume:
- Your Netgear router has been set up with at least a WAN interface and a LAN interface
- You are connected with your client device to the Netgear router via its LAN interface during this guide
- You already have a copy of Viscosity installed on your client device
If you are running a different Netgear router to the one used in this guide (D7000), it's very likely that many or even all of the steps outlined in this guide will still apply. If you are looking to setup an OpenVPN server on a different operating system, please check out our other guides.
Your client device needs to be connected to the Netgear router via the LAN interface. This is necessary so that you can access the NETGEAR genie to set up the router configuration. The specifics of how you can achieve this depend on your particular network configuration.
Unfortunately we cannot provide any direct support for setting up your own OpenVPN server. We provide this guide as a courtesy to help you get started with, and make the most of, your copy of Viscosity. We've thoroughly tested the steps in this guide to ensure that, if you follow the instructions detailed below, you should be well on your way to enjoying the benefits of running your own OpenVPN server.
First you need to log in to the NETGEAR genie from your client device connected to the LAN interface of the Netgear router. Open a browser on your client and navigate to
http://www.routerlogin.net. You will need to login. The default credentials are:
User: admin Password: password
For security the router admin password should be changed. In the Advanced tab, click on
Set Password and set a new password. Click
Apply when done.
If your ISP assigns your router IP address via DHCP, the IP address will change frequently. To allow consistent access to your OpenVPN server, you can set up a dynamic DNS service. There are a number of dynamic DNS service providers, such as www.dyndns.com|DynDNS and www.no-ip.com|No-IP. Once you have set up a dynamic DNS address with one of these service providers:
- In the sidebar, click on
- Check the Use a Dynamic DNS Service checkbox.
- Select the Service Provider you setup above.
- Enter the dynamic DNS details in the Host Name, Username and Password.
Set the IP address of the DNS servers we will use:
- In the sidebar, click
- In the Domain Name Server (DNS) Address section, click on Use These DNS Servers.
- Set the Primary DNS and Secondary DNS to 184.108.40.206 and 220.127.116.11, respectively (Google DNS). If you want to use different DNS servers, feel free to use them here instead.
- In the NAT (Network Address Translation) section, click Enable.
Applyat the top when done.
To configure the OpenVPN server settings:
- Check the Enable VPN Service checkbox at the top.
- In the Advanced Configurations at the bottom, set the TAP Mode Service Type to UDP.
- Set the TAP Mode Service Port to 12974.
- Set the TUN Mode Service Type to UDP and the TUN Mode Service Port to 12973.
- Set Clients will use this VPN connection to access to All sites on the Internet & Home Network.
- When done, click
Applyat the top.
- You will be informed that the VPN Service configurations have changed. Click
Both a TAP and TUN connection are available to our OpenVPN server. We will demonstrate the steps for the TUN server, however if you wish to connect via a TAP interface, download the For non-Windows configuration.
VPN Service, click on the
For Smart Phonebutton to download the TUN connection configuration.
- This will download a folder called "smartphone".
- Inside this folder is four files, ca.crt, client.crt, client.key, and client_phone.ovpn.
You may need to reboot the router for these VPN Service settings to take effect:
- On the sidebar, click on
- In the Router Information box, click the
Setting Up Viscosity
The interface provided by the Mac and Windows versions of Viscosity are intentionally very similar. As such, we will focus our guide on the Mac version, pointing out any differences with the Windows version as they arise.
If you do not have Viscosity already running, start Viscosity now. In the Mac version you will see the Viscosity icon appear in the menu bar. In the Windows version you will see the Viscosity icon appear in the system tray.
Click the Viscosity icon in the menu bar (Windows: system tray) and select 'Preferences...':
This shows you the list of available VPN connections. We assume you recently installed Viscosity, so this list is empty. Click on the '+' button and select
Import Connection >
Navigate to the location of the client_phone.ovpn file downloaded previously and open it. You will see a pop up message to indicate that the connection has been imported.
Configuring the Connection
Double click on the connection in the Preferences window to bring up the connection settings. You will now need to set the connection parameters as outlined below:
- In the General tab, replace the connection name with your desired name for the connection, for example "DemoConnection".
- The Address should be set to your dynamic DNS address. The Port should be set to 12973, the Protocol set to UDP and the Device set to tun.
- Click on the Networking tab and enter "10.8.0.1" into the "Servers" field in the DNS Settings section.
- Click the
Savebutton to save these changes.
(Optional) Allowing Access to the Internet
By default the VPN connection will allow access to the file server and other computers on the home/office (LAN) network. However if you also wish to have all internet traffic sent through the VPN connection it's necessary to make a final edit to the connection:
- Double-click on your connection in the Viscosity Preferences window to open the connection editor
- Click on the Networking tab.
- Click the "All Traffic" drop down and select the "Send all traffic over VPN connection" option. It is not necessary to enter a Default Gateway.
- Click the
Connecting and Using Your VPN Connection
You are now ready to connect. Click on the Viscosity icon in the menu bar (Windows: system tray) and select 'Connect DemoConnection'. That's it, you should see a notification that you're now connected!
To check that the VPN is up and running, you can use the Viscosity details window. Click the Viscosity menu bar (Windows: system tray) icon and select 'Details...'. This will bring up the details window.
This window will show you the traffic passing through the VPN connection.
Accessing Network Resources
Once connected to your VPN, you can access your files or other services by using the LAN IP address you would use if you were connected to them via your home/office local network.
Connect via Mac
To connect to a shared network directory from your Mac connected to the VPN:
- Open a Finder window
- Click Go on the menu bar and select "Connect to Server..."
- In the Server Address, type the LAN IP address of your network resource (something like 192.168.0.x) and click
- Enter the username and password for the network resource
- Select the shared volume you want to access and click
Network resources you would normally find appearing in the Finder sidebar will not appear when connected to via the VPN. You can find connected network resources in the Computer directory. In a Finder window, press
c to jump to the Computer directory.
Connect via Windows
To connect to a shared network directory from your PC connected to the VPN:
- Type the
\\lan-ip-addressinto the Search the web and Windows box in the taskbar and press
Enter(something like \\192.168.0.x)
- Enter the username and password for the network resource
- You will then see the folders shared by this host
That's it, you've set up your very own OpenVPN server. Congratulations, you are now free to enjoy the benefits of operating your own OpenVPN server!