Solution: How to Play World of Warcraft behind Blocked Proxy Firewall at Campus, Hotels, Schools…

I remember a few years ago when my friend and I started to play World of Warcraft together. He was at the high school campus at the time and of course, had plenty of time to waste for gaming. So we both decided to purchase a gaming laptop for WoW for each one of us (we just don’t like playing World of Warcraft on desktop PC), the game, and subscription but then he soon realized that their internet access at the campus is very limited regarding security. Well, to be honest, not that much about security rather limiting being able to play online games. To study more instead of gaming. 🙂

So my friend just couldn’t connect to servers. F***!! Now what… We then browsed the internet to figure it out what are the possibilities to overcome those firewall limitations. The answer was a VPN or Virtual Private Network. For a better understanding, you may check it here if you will. Basically what it does is it extends your private network (at your home) to anywhere across the internet. It creates an encrypted tunnel from any location to your local network and you benefit from the functionality, security, and management of this private network of yours at home.

There are plenty of paid VPN services and this is, of course, the first solution. The second one is to build your own VPN server (with a free opensource OpenVPN software) and having it up and running at your home 24/7. For building such server you won’t need a new machine, just find some old computer for a few bucks, it would be up for the task just fine. The third solution is buying a router, compatible with opensource OpenWRT firmware. Or maybe you already have one and you just don’t know that is compatible with OpenWRT yet. 🙂

So let’s see all three possibilities.

 

Solution 1: Building Your Own VPN Server With OpenVPN

I’m a big fan of Linux server, especially Ubuntu server. At the time of writing, I’m using Ubuntu Server 18.04 LTE, so this guide will cover installing and configuring OpenVPN on this version of Ubuntu.

In fact, it doesn’t matter much as I’m not going to be explaining how to install basic Ubuntu Server. The instructions are pretty straightforward, you can find them here on HowToForge.

First, you need at least a machine with minimal system requirements:

• 300 MHz x86 processor
• 256 MiB of system memory (RAM)
• 1.5 GB of disk space
• Ethernet card
• Static public IP address (check it at your ISP)

Let’s assume you installed the system so we can go straight to installing and configuring OpenVPN.

Step 1: Basic Installation

When we have Ubuntu Server up and running, first we want it to be fully up to date. So we run:

sudo apt-get update && sudo apt-get upgrade

 

Next all we need to install is two additional packages. One is, of course, OpenVPN and the other Easy-RSA, which is software for creating certificates and keys.

sudo apt-get install openvpn easy-rsa

 

Let’s go to the next step…

Step 2: Infrastructure Configuration

In this step, we generate custom CA (Certificate Authority), certificates/keys pairs, the Diffie-Hellman parameters, and the tls-auth key.

By default, we are in our home directory (/home/username). Here we create a folder certificates (with all default files and folders inside it) with a make-cadir command (which is a part of easy-rsa) and enter it.

make-cadir certificates

 

and we enter it with

cd certificates

 

For the rest of the guide, we stay in this certificates folder and execute all the mentioned commands inside it.

Step 2.1 – Variables

We need to adjust variables for our needs which are in the vars file. With cat vars command we can see the content of this file, especially this part is important:

export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

 

This variable contains a wrapper script to retrieve the right SSL configuration. But more often than not it generates an error. To avoid this we directly specify the config file. We enter the file with nano.

nano vars

 

Now we change the previously mentioned line to:

export KEY_CONFIG="$EASY_RSA/openssl-1.0.0.cnf"

 

We exit nano with ctrl+x, and press y to save the file.

The other variables you can leave them by default. After we finished editing the file, we must “source” it, so the variables become part of our runtime environment. We do it with the following command:

source vars

 

Step 2.2 – Certificate Authority (CA) Generation

With the next command we clean all the (possible previous attempts 🙂 ) and generate CA:

./clean-all && ./build-ca

 

You can just press enter until the end.

Step 2.3 – Certificate and Key Generation

With the following command, we create key and certificate for the server. Let’s just call it server, plain and simple.

./build-key-server server

 

Again we just press enter till the end and double y to sign and commit.

Step 2.4 – Diffie-Hellman Generation

Next, we need to create Diffie-Hellman parameters. Those are used for cryptographic keys exchange.

./build-dh

 

Just wait till the end, it may take some time especially on older machines.

Step 2.5 – Generate a Random Key For a Shared Secret

With the next step, we strengthen our security a little more and we generate a key to be a shared secret. For VPN to be working both server and client need this file.

openvpn --genkey --secret keys/ta.key

 

Step 2.6 – Copying the generated files

In this step, we are going to copy the generated files from the keys folder to the OpenVPN folder.

We need the following files to be in the /etc/openvpn folder:

• ca.crt (Certificate Authority)
• server.crt (Certificate)
• server.key (Key)
• dh2048.pem (Diffie-Hellman)
• ta.key (Tls-auth Key)

sudo cp keys/{server.crt,server.key,ca.crt,dh2048.pem,ta.key} /etc/openvpn

 

Step 3 – OpenVPN Configuration

With the following command, we extract the default sample configuration located at /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz into /etc/openvpn folder and send its output to stdout and redirect it through the /etc/openvpn/server.conf file.

gzip -d -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf > /dev/null

 

Step 4 – Firewall Configuration

In Ubuntu Server, the firewall is disabled by default. So the first thing is to enable it. If you are configuring the server via SSH, make sure you first allow the incoming traffic via port 22. If not you may lock yourself out.

sudo ufw allow 22 && sudo ufw enable

 

As you can see there is also a warning “Command may disrupt existing ssh connections. Proceed with operation (y|n)?“. But we already opened the 22 port so you just proceed with Y.

 

You also need to open incoming traffic via default OpenVPN port 1194/udp, so we run the command:

sudo ufw allow openvpn

 

To allow the internet traffic (not by default only client <-> server) we also need to uncomment (remove ; ) at the beginning of the following line in the file /etc/openvpn/server.conf

push "redirect-gateway def1 bypass-dhcp"

 

Next, we use an iptable rule to translate the VPN client through the internet. In the next command, there is eth0, which is the default network interface. If your interface has a different name. Especially if you work with virtual machines, the names of the interfaces may be different. Change it in the following command accordingly. (If you want to see the name of your network interface, just run uplink show command.)

sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

 

Now we need to make this iptables rule persistent so it doesn’t delete if the server reboots. Run the command:

sudo nano /etc/ufw/before.rules

 

and at the beginning of the file insert the following:

*nat
:POSTROUTING ACCEPT [0:0] 
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT

 

Next, we enable packet forwarding. With sudo nano /etc/sysctl.conf we open the file and uncomment (remove #) in front of the following line:

net.ipv4.ip_forward=1

 

…and reload the configuration with:

sudo sysctl -p /etc/sysctl.conf

 

The last thing we need to allow packet forwarding through the firewall. With sudo nano /etc/default/ufw we open the file and we change the following policy, which by default is set to DROP, to ACCEPT:

DEFAULT_FORWARD_POLICY="ACCEPT"

 

Now we only need to reload the firewall with:

sudo ufw reload

 

Step 5 – Start the OpenVPN Service

Let’s use the systemctl command for the service to start. Notice the @ symbol, following with server suffix. If you have used different config name in step 2.3, change it accordingly.

sudo systemctl start openvpn@server

 

Let’s check if it is up and running with the following command:

sudo systemctl is-active openvpn@server

 

If the output is active, everything works as it should.

 

Step 6 – Client Configuration

First, we need to create certificates as we did for the server. For each client, we create a different certificate. We are about to make only for one client (let’s call it client1), if you want to create them more, repeat this section of a guide for all of the desired clients. Just use a different name, for example, client2, client3, and so on…

source vars && ./build-key client1

 

Next, we create a new folder, called clients, and we copy a default setting to client1.ovpn configuration file. (Note:

mkdir clients && cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf clients/client1.ovpn

 

Enter the clients directory and open the file client1.ovpn with nano.

First, you need to change the following line…

remote my-server-1 1194

 

Change “my-server-1” to your server public IP. If you don’t know your server IP, just be within your local network at home and type in “what’s my IP address” there are plenty of sites showing your IP, https://whatismyipaddress.com for instance.

 

Next, you need to uncomment (remove ; ) the following two lines (this one is in case you are on a Mac):

;user nobody
;group nogroup

 

The simplest way (also considering migration) is having CA, key, certificate and shared secret embedded inside .ovpn file. So we first need to comment out (put # in front) the following lines like this:

#ca ca.crt
#cert client.crt
#key client.key
#tls-auth ta.key 1

 

Next, at the end of the file, we embed all the previously mentioned keys, certs, etc.

The content of ca.crt goes inside <ca></ca> tag, client1.crt into <cert></cert>, client1.key into <key></key>, and ta.key into <tls-auth></tls-auth>.

You find all these files in /home/USERNAME/certificates/keys folder.

For a better representation, here is an example of an ovpn file. For privacy issue, I replaced my server’s IP address with xxx.xxx.xxx.xxx 🙂

That’s about it, just import the config file in your client application and you should be ready to go.

• If you are on Windows machine:
  First, you download the OpenVPN client here (choose Windows installer (NSIS)) and install it. If you install to the default location, you need to copy the .ovpn config file to the folder C:\Program Files\OpenVPN\config
• If you are on a Mac:
  There are many OpenVPN clients for Mac. Personally, I prefer the opensource called Tunnelblick. Download it here and install it. Then just follow the instructions. But basically you just need to run .ovpn file from any folder it’s in.

 

Solution 2: Using OpenWRT Supported Router With OpenVPN

The third solution would be purchasing a router compatible with OpenWRT firmware and having installed OpenVPN server directly on it. Further on, I’m going to explain how to install and configure OpenVPN server on OpenWRT firmware. How to change from stock firmware to OpenWRT you can check here.