In this tutorial, I will tell you how to install and create private VPN on VPS server with OpenVPN. OpenVPN is a client / open source VPN server. It creates a VPN rather easily on any Linux or Windows machine and connect to it with virtually all operating systems.
This tutorial is based on Debian Linux distribution (7 and 8).For VPN, I will use the virtual network 10.8.0.0/24 and Google DNS: 188.8.131.52 and 184.108.40.206.
Steps To Install Private VPN On VPS Server
To facilitate the installation of OpenVPN, I will use the packages on deposits of Debian. As my server will use SSL certificates to authenticate clients, I will also install OpenSSL and easy-rsa allowing me to easily create scripts SSL:
apt- get install openvpn openssl easy-rsa
Above all, I will generate all certificates that will eventually be used by the server.To do this, I will copy the easy-rsa folder in the OpenVPN configuration file:
cp -R / usr / share / easy-rsa / / etc / openvpn / easy-rsa /
cd / etc / openvpn / easy-rsa /
This file includes a configuration file which are present all the default variables: vars file. Feel free to modify it to your liking.
The scripts do not automatically load the configuration, so you have to do it manually:
Now we can start creating our certificates.
The first is that of creating the certificate authority: it will be used to digitally sign all certificates to authenticate:
Simply complete the required fields as desired.
The second certificate is the one generating the server:
also, fill in the fields as you like, but do not put a password on the certificate. Otherwise, the password is required for each startup OpenVPN.
The third “certificate” used by OpenVPN is a Diffie-Hellman. It allows the exchange of certificates securely. To generate:
Finally, to increase security, we use a TLS key that will be used by the client to connect:
openvpn –genkey –secret keys / ta.key
Creating certificates done, we must now configure the OpenVPN server-side of the VPS.
The server configuration file is this: /etc/OpenVPN/server.conf
So either you leave the sample configuration present in the sample OpenVPN files (/usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ) or you use my configuration file
Now that our server is configured, we can restart it:
Service openvpn restart
At this stage, if a customer connects to your server, it will have no access to the Internet (it ‘will only have access to the VPN virtual network). It is, therefore, necessary to route the traffic between the VPN network is the Internet.
For this, the first step is to activate the IP forward:
echo 1 > / proc / sys / net / ipv 4 / ip_forward
This command only activates the ip forward until the next reboot. To activate it permanently, edit /etc/sysctl.conf and uncomment the following line (or add it if it is not present):
net.ipv4.ip_forward = 1
Second step: redirect traffic from the VPN interface to the external network interface. For this, we will use IP tables. Retrieve the iptables configuration file:
wget -O /etc/init.d/iptables_vpn http: / /pastebin.com/raw.php?i=YTtYPHDj
Then we will ensure that this script is run to start the VPS:
chmod + x /etc/init.d/iptables_vpn
update-rc.d defaults iptables_vpn
VPS configuration is now complete.