Difference between revisions of "Create a VPN Server on Ubuntu 12.04 (OpenVZ)"

From Zam Wiki

(Created page with "As we know, VPN is frequently needed in order to connect to the Internet or to other device in more safer way. So today I want to show you how to create your own VPN server us...")
 
 
(3 intermediate revisions by the same user not shown)
Line 72: Line 72:
  
 
15. Then, we put this into iptables rule:
 
15. Then, we put this into iptables rule:
 +
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o '''venet0''' -j MASQUERADE
 +
iptables -t nat -A POSTROUTING -o '''venet0''' -j SNAT --to-source '''YOUR.VPS.IP'''
 
  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o '''venet0''' -j SNAT --to '''YOUR.VPS.IP'''
 
  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o '''venet0''' -j SNAT --to '''YOUR.VPS.IP'''
  
Line 82: Line 84:
 
uncomment (remove the '''#''') from the line containing '''#net.ipv4.ip_forward=1'''
 
uncomment (remove the '''#''') from the line containing '''#net.ipv4.ip_forward=1'''
  
17. Create new openvpn.config file and copy this code below:
+
17. Create new newvpn.ovpn file and copy this code below:
 
  dev tun
 
  dev tun
 
  client
 
  client
Line 103: Line 105:
 
  newvpn.ovpn
 
  newvpn.ovpn
  
and place it under 1 folder (e.g. vpn client)
+
and place it under 1 folder (e.g. vpn client). All this file located at '''/etc/openvpn/easy-rsa/keys'''
  
 
19. Start the openvpn service;
 
19. Start the openvpn service;
Line 116: Line 118:
  
 
Credit to [http://geeksandtweaks.com/wp/how-to-create-a-vpn-server-on-ubuntu-12-04/ geeksandtweaks.com]
 
Credit to [http://geeksandtweaks.com/wp/how-to-create-a-vpn-server-on-ubuntu-12-04/ geeksandtweaks.com]
 +
 +
<disqus></disqus>

Latest revision as of 19:16, 26 May 2014

As we know, VPN is frequently needed in order to connect to the Internet or to other device in more safer way. So today I want to show you how to create your own VPN server using OpenVPN on Ubuntu 12.04

1. Update your OS:

apt-get update
apt-get upgrade

2. Then, we get the openvpn & openssl package:

apt-get install openvpn openssl

3. After that, go to openvpn dir:

cd /etc/openvpn

4. Then, copy the file to the correct dir:

cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa

5. Edit the file named vars:

vi easy-rsa/vars

6. Change from this line:

export EASY_RSA="`pwd`"

to this:

export EASY_RSA="/etc/openvpn/easy-rsa"

7. Then, we run this 2 commands:

. ./easy-rsa/vars
./easy-rsa/clean-all

8. Enter to the dir:

cd easy-rsa

9. Link the config file:

ln -s openssl-1.0.0.cnf openssl.cnf

10. Then we run this commands:

cd ..
./easy-rsa/build-ca OpenVPN
./easy-rsa/build-key-server server
./easy-rsa/build-key client1
./easy-rsa/build-dh

11. Edit the config file:

vi openvpn.conf

12. Copy this code below to openvpn.conf

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push "redirect-gateway def1"
#set the dns servers
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo

13. Enable ipv4 ip_forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

14. Do "ifconfig" to get adapter name and ipaddress (mine was venet0 since my vps is using openvz)

15. Then, we put this into iptables rule:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source YOUR.VPS.IP
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to YOUR.VPS.IP

P/S : Please ensure that you vps ip is correct

16. Edit the sysctl file:

cd ..
vi sysctl.conf

uncomment (remove the #) from the line containing #net.ipv4.ip_forward=1

17. Create new newvpn.ovpn file and copy this code below:

dev tun
client
proto udp
remote YOUR.VPS.IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3

18. Copy all this file:

ca.crt
client1.crt
client1.key
newvpn.ovpn

and place it under 1 folder (e.g. vpn client). All this file located at /etc/openvpn/easy-rsa/keys

19. Start the openvpn service;

service openvpn start 
  • The software that I use to download the files required by openvpn client is called WinSCP. It allows you to transfer files via SSH. This is useful if you do not have an ftp or http server running.
  • Download all the config file (vpn client folder) to client/user PC via WinSCP.
  • The openvpn client that I use is openvpn protable. Paste the config folder to OpenVPNPortable\data\config\

Run the openvpn client to see if it is connected or not.

Credit to geeksandtweaks.com

blog comments powered by Disqus