Rigs protection: Secured and encrypted network traffic - OpenVPN

19 Jul
2018

OpenVPN
Hello everyone. 
Some time we have some reasons and want  to hide our mine rigs from inquisitive eyes. That also mean You may want to hide Your network traffic or at least make it secured and not readable for strangers. One solution allow us to achieve that goal - it's called VPN. Virtual Private Network connection is the way You can communicate securely within the nodes in the network You have access and no one else. All traffic between the nodes is encrypted. And most important thing You don't have to lay Your own cabling. You can use existing Internet connection to establish VPN secured connection. Let's consider one of many possible scenarios. Assume You have your rig(s) in a location where the network provider does not allow to utilize bandwidth to mine cryptocurrencies. And You have other place with Internet access where You are able to put through all traffic You want. It may be Your home with old PC where You can install VPN server. If You don't want to bother with VPN server installation You may use one of many VPN providers. Example link You may find on banner below. For purposes of this scenario we will use modified network router with OpenVPN Server feature on board. Router is modified with dedicated OS with GUI so configuration is easy. There is one requirement that Your router WAN port should hold public IP and in this case it's dynamic IP with DynamicDNS service configured on the router. It allows You to find Your VPN Server always at same DNS address. You may google about it looking for Gargoyle operating system for routers and Dynamic DNS service.
The rig OS where OpenVPN client will be installed is Windows 10 Pro. Establishing our VPN can be planned in few steps: 
 
  1. Setup OpenVPN server  in the place where You have non-limited, non-monitored and non-filtered Internet access. 
  2. Install OpenVPN client on Your rig (Windows 10 Pro)
  3. Configure OpenVPN client on Your rig.
  4. Make sure Your VPN connection will start with the rig (e.g after restart)
 
Lets dive into details. 
 

1. Setup OpenVPN server 

Setup OpenVPN server properties on Gargoyle 1.8.1 router operating system (VPN Server location - e.g. home) is easy. When You log in to Your router You shall enter the Connection menu section on the left. Then go to OpenVPN menu and on the top of panel for OpenVPN configuration select:OpenVPN server. 
Then setup following configuration features: 
 
OpenVPN Server configuration on Gargoyle
 
OpenVPN Internal IP, subnet mask, port and protocol leave as it is - it's default values and shall not be changed unless You know what You doing and You want to change them. 
OpenVPN Cipher shall be used strongest You can for best protection - AES-CBC-256bit in this case. 
Client-to-Client traffic: Clients can communicate with server means there won't be possible to communicate between other clients(rigs) within VPN - only rig <-> VPN server connections will be possible.  
LAN subnet Access: Clients can not access LAN means the client (rig) won't be able to access VPN server side LAN resources - like network shares etc. 
Credentials re-use: Credentials are specific to each client - every rig will have separate credentials - we will talk about it a bit below. 
Clients Use VPN for: All client Traffic - basically that means all traffic will be encrypted and put through VPN tunnel. 
Now click save changes and settings will be applied (it may take up to 3 minutes to initiate OpenVPN server on Gargoyle OS.)
Now we need to add allowed VPN clients on server side (same menu section: Connection> OpenVPN)
On the bottom You can type Client Name You want and also leave the rest in defaults (unless You know what to change)
 
OpenVPN client configuration on Gargoyle 
 
Click Add and then save changes. 
Now You will be able to download Client Configuration package file which contain dedicated credentials, client configuration files and proper encryption certificates. Main VPN profile file is with .ovpn extension. Download the package by pressing Download button and move it to the rig machine. Now we are about to start client side OpenVPN configuration. 
 

2. Install OpenVPN client on Your rig. 

Log in to Your rig and follow detailed instructions: 
  • Easiest way is just download client form: https://openvpn.net/index.php/open-source/downloads.html  There are available source code versions for Linux systems as well as Windows executable installer.
  • Install the client on Your rig (use default installer wizard options for Windows unless You know what You doing)
  • It's not required but I recommend to restart the rig now.
  • Start the rig.

3. Configure OpenVPN client on Your rig. 

Log in to Your rig and follow detailed instructions: 
  • Do You remember OpenVPN Client configuration package file? Now is time to use it. Extract all files from the package into some new (any name) directory in following path:

C:\Users\<your rig username>\OpenVPN\config\

  • Look for new try icon similar to:
OpenVPN tray icon - not connected status
 
If it's not present then just start OpenVPN GUI with new shortcut looking like this (on desktop or in Start Menu):
 
OpenVPN Gui windows application start icon.
 
Afterwards above mentioned tray icon should be present now. Then right click on tray icon and choose Your profile name and click connect. Connection log window will appear during connection initialization. When connection is established connection log window shall disappear. You will see the green icon in tray. 
 
OpenVPN client connected status
 
That means Your connection is established and all traffic from Your rig to VPN server is encrypted. 
As You observed there was no required credentials in this particular scenario because private key certificate from VPN package is used. In other VPN services You may have to use some credentials provided by VPN vendor. OpenVPN of course also allows to create configuration with credentials requirement. But  this time we are using certificates to authenticate against VPN server. 
 

4. Make sure Your VPN connection will start with the rig 

If You want to have VPN connection being established when Your rig start You need to create batch and place it in windows startup folder: 
 
C:\Users\<your rig username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
 
You can name batch file whatever You want but with .bat extension. Batch file should contain command to automatic VPN connection establishment like: 
 
"C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect your_rig_vpn_profile_name.ovpn
(quotes are on purpose)
 
You can  also add this command line into Your miner startup script, however there is strong recommendation also to insert some delay before  miner start - e.g 1 minute after VPN command. 
 
And here You go - all traffic is secure and encrypted all the way from Your rig to VPN server and from there You can reach any other resources in the Internet. 
 
--
Happy mining...
CryptoSaviour
 
NordVPN
Tags: rig protection, vpn, openvpn, encryption, network traffic, virtual private network

Protect your rigs with VPN:

VPN

VPS for your MasterNodes: