Difference between revisions of "Create a VPN Server on Ubuntu 12.04 (OpenVZ)"
From Zam Wiki
(One intermediate revision by the same user not shown) | |||
Line 105: | Line 105: | ||
newvpn.ovpn | newvpn.ovpn | ||
− | and place it under 1 folder (e.g. vpn client) | + | and place it under 1 folder (e.g. vpn client). All this file located at '''/etc/openvpn/easy-rsa/keys''' |
19. Start the openvpn service; | 19. Start the openvpn service; | ||
Line 118: | Line 118: | ||
Credit to [http://geeksandtweaks.com/wp/how-to-create-a-vpn-server-on-ubuntu-12-04/ geeksandtweaks.com] | Credit to [http://geeksandtweaks.com/wp/how-to-create-a-vpn-server-on-ubuntu-12-04/ geeksandtweaks.com] | ||
+ | |||
+ | <disqus></disqus> |
Latest revision as of 19:16, 26 May 2014
As we know, VPN is frequently needed in order to connect to the Internet or to other device in more safer way. So today I want to show you how to create your own VPN server using OpenVPN on Ubuntu 12.04
1. Update your OS:
apt-get update apt-get upgrade
2. Then, we get the openvpn & openssl package:
apt-get install openvpn openssl
3. After that, go to openvpn dir:
cd /etc/openvpn
4. Then, copy the file to the correct dir:
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa
5. Edit the file named vars:
vi easy-rsa/vars
6. Change from this line:
export EASY_RSA="`pwd`"
to this:
export EASY_RSA="/etc/openvpn/easy-rsa"
7. Then, we run this 2 commands:
. ./easy-rsa/vars ./easy-rsa/clean-all
8. Enter to the dir:
cd easy-rsa
9. Link the config file:
ln -s openssl-1.0.0.cnf openssl.cnf
10. Then we run this commands:
cd .. ./easy-rsa/build-ca OpenVPN ./easy-rsa/build-key-server server ./easy-rsa/build-key client1 ./easy-rsa/build-dh
11. Edit the config file:
vi openvpn.conf
12. Copy this code below to openvpn.conf
dev tun proto udp port 1194 ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh1024.pem user nobody group nogroup server 10.8.0.0 255.255.255.0 persist-key persist-tun status /var/log/openvpn-status.log verb 3 client-to-client push "redirect-gateway def1" #set the dns servers push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" log-append /var/log/openvpn comp-lzo
13. Enable ipv4 ip_forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
14. Do "ifconfig" to get adapter name and ipaddress (mine was venet0 since my vps is using openvz)
15. Then, we put this into iptables rule:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source YOUR.VPS.IP iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to YOUR.VPS.IP
P/S : Please ensure that you vps ip is correct
16. Edit the sysctl file:
cd .. vi sysctl.conf
uncomment (remove the #) from the line containing #net.ipv4.ip_forward=1
17. Create new newvpn.ovpn file and copy this code below:
dev tun client proto udp remote YOUR.VPS.IP 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client1.crt key client1.key comp-lzo verb 3
18. Copy all this file:
ca.crt client1.crt client1.key newvpn.ovpn
and place it under 1 folder (e.g. vpn client). All this file located at /etc/openvpn/easy-rsa/keys
19. Start the openvpn service;
service openvpn start
- The software that I use to download the files required by openvpn client is called WinSCP. It allows you to transfer files via SSH. This is useful if you do not have an ftp or http server running.
- Download all the config file (vpn client folder) to client/user PC via WinSCP.
- The openvpn client that I use is openvpn protable. Paste the config folder to OpenVPNPortable\data\config\
Run the openvpn client to see if it is connected or not.
Credit to geeksandtweaks.com