Tonight I want to try to setup an openvpn server with mysql based authentication because I'd love to somehow setup/become a vpn provider.

Of course there's a huge ass legal part but let's first make sure I know the technology of the top of my head!

Just ranting this out because I'm excited 😊

Good luck! :)

need to create the company in a legally safe country (and outside the fourteen eyes...)
hope you'll have a zero logging policy 🤓

@coffeeholic I'll only log every connection without timestamp. Solely to prevent abuse. Because only then I can limit the amount of connections per account.

@RantSomeWhere Connecting with 5+ devices at the same time or something.

Use LDAP

@xalys I've never worked with ldap, what's the advantage to mysql?

@XiovV I'll see ;)
But first setting up a network of servers with all the works, legal stuff and business stuff 😬

You should really look at WireGuard for running a VPN. The more I read about it, the more I am convinced that it is better than any other option out there.

https://wireguard.com

Not sure about mysql auth, but setting up an ovpn server is quite straightforward - I was pleasantly surprised when everything worked exactly the way I wanted it on the first try!

@Gophyr I'm currently setting up my private wireguard setup (rpi at home <-> my vserver <-> some VPN host who supports wireguard <-> the interwebz) and I'm astonished how easy and fast wireguard is! Unfortunately I still need an openvpn fallback solution for my Laptop and mobile phone because my university doesn't support UDP with eduroam :(

.

@Gophyr I can't find a single documentation or guide thingy as for how to setup username/password auth :/ (with wireguard)

@endor I've setup loads of vpn servers myself, the challenge is the mysql part 😅

@linuxxx that's because it's public-key auth. Bit harder to steal credentials they way.

@Gophyr How'd I implement that for thousands of users?

@Condor you around? Having trouble setting this up 😅

@linuxxx I'm around but I've only got experience in the setup of the service myself.. the key infrastructure is still a huge barrier for me as well, especially since professional VPN providers tend to not disclose this stuff. Perhaps if I get a server or two for experiments where I could actually probe real internet addresses and address it as if it was in prod etc, I could look into it.. but for now it's just a shiny gem full of revenue potential for me as well...

@Condor I could genuinely get you a vps to tweak around with if needed. I can get quite far but my knowledge is limited to the point that I don't get how to setup the networking part 😬

@Condor what do you think a out this? https://pritunl.com/

@linuxxx Hmm.. IPsec.. those are territories that I haven't gone through myself to be honest. Here I went with OpenVPN to build my VPN servers. The key infrastructure on that (which is currently held in /root/openvpn-ca/ on both of my servers could be merged into a shared storage server I think, and its key generation could be scripted out and have an API developed for. The shared storage part is similar to what I've been planning out for my mailers as well. The networking part shouldn't be too hard in OpenVPN at least.. it's got some options into the server config for that, which by default assign 10.8.0.0/24 to tun0 - which is fine - and on other servers you'd want to have incremented by 1 as 10.8.1.0/24 and similar. This doesn't make much of a difference to the clients, but it makes multiple simultaneous connections to various VPN servers a lot easier.

@linuxxx As for the OpenVPN part (which I've missed because I'm really tired but I have to switch sleep schedules from night to day wake for an appointment on Friday), personally I'd prefer an in-house solution or at least something that I fully understand inside out. I've had far too many issues with certified shitdesigns in the past and the present to settle with glorified black boxes in this regard. If they're open source (which I haven't checked due to lack of energy), great! The source code would be a great indicator of whether it'd be worth adopting into the infrastructure. If it doesn't suit the needs of the infrastructure however (and can't be configured to do so) I'd look into developing an in-house solution.

@linuxxx check out how azirevpn does it.
azirevpn.com