How To Install Private VPN On VPS Server

0

In this tutorial, I will tell you how to install and create private VPN on VPS server with OpenVPN. OpenVPN is a client / open source VPN server. It creates a VPN rather easily on any Linux or Windows machine and connect to it with virtually all operating systems.

This tutorial is based on Debian Linux distribution (7 and 8).For VPN, I will use the virtual network 10.8.0.0/24 and Google DNS: 8.8.8.8 and 8.8.4.4.

Steps To Install Private VPN On VPS Server

To facilitate the installation of OpenVPN, I will use the packages on deposits of Debian. As my server will use SSL certificates to authenticate clients, I will also install OpenSSL and easy-rsa allowing me to easily create scripts SSL:

apt-get update

apt- get install openvpn openssl easy-rsa

Configuration

Above all, I will generate all certificates that will eventually be used by the server.To do this, I will copy the easy-rsa folder in the OpenVPN configuration file:

cp -R / usr / share / easy-rsa / / etc / openvpn / easy-rsa /

cd / etc / openvpn / easy-rsa /

This file includes a configuration file which are present all the default variables: vars file. Feel free to modify it to your liking.

The scripts do not automatically load the configuration, so you have to do it manually:

source vars

./clean-all

Now we can start creating our certificates.

The first is that of creating the certificate authority: it will be used to digitally sign all certificates to authenticate:

./build-ca

Simply complete the required fields as desired.

The second certificate is the one generating the server:

./build-key-server VPN

also, fill in the fields as you like, but do not put a password on the certificate. Otherwise, the password is required for each startup OpenVPN.

The third “certificate” used by OpenVPN is a Diffie-Hellman. It allows the exchange of certificates securely. To generate:

./build-dh

Finally, to increase security, we use a TLS key that will be used by the client to connect:

openvpn –genkey –secret keys / ta.key

server configuration:

Creating certificates done, we must now configure the OpenVPN server-side of the VPS.

The server configuration file is this: /etc/OpenVPN/server.conf

So either you leave the sample configuration present in the sample OpenVPN files (/usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ) or you use my configuration file

Now that our server is configured, we can restart it:

Service openvpn restart

At this stage, if a customer connects to your server, it will have no access to the Internet (it ‘will only have access to the VPN virtual network). It is, therefore, necessary to route the traffic between the VPN network is the Internet.

For this, the first step is to activate the IP forward:

echo 1 > / proc / sys / net / ipv 4 / ip_forward

This command only activates the ip forward until the next reboot. To activate it permanently, edit /etc/sysctl.conf and uncomment the following line (or add it if it is not present):

net.ipv4.ip_forward = 1

Second step: redirect traffic from the VPN interface to the external network interface. For this, we will use IP tables. Retrieve the iptables configuration file:

wget -O /etc/init.d/iptables_vpn http: / /pastebin.com/raw.php?i=YTtYPHDj

Then we will ensure that this script is run to start the VPS:

chmod + x /etc/init.d/iptables_vpn
update-rc.d defaults iptables_vpn
/etc/init.d/firewall

VPS configuration is now complete.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.