API tools faq
paste
Advertisement
independentt

How To Make Your Own VPN

independentt
Jun 1st, 2017
25,112
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.35 KB | None | 0 0
raw download clone embed print report
  1. How to make a VPN with OpenVPN (tutorial)
  2. *Get the walkthrough pictures here: https://www.sendspace.com/file/5ojjyn (sorry, it has been deleted)
  3.  
  4. 1- Download OpenVPN for your platform: https://openvpn.net/index.php/download/community-downloads.html
  5. 2- Install with SSL Utilities provided in the download and OpenVPN RSA certificate also.
  6. 3- Install TAP Adapter
  7. 4- once your installation finishes you will need to go to the directory where you installed OpenVPN and create a vars.bat
  8. (you can take the sample one and rename it)
  9. 5- edit configuration to your needs
  10. 6- Open Command Prompt as Administrator
  11. 7- type in the console: cd C:\Program Files\OpenVPN\easy-rsa
  12. 8- (we will stay in the console for this part of making certificates and keys)
  13. 9- RTFM (Read The F* Manual) :
  14. Create new empty index and serial files (once only)
  15. 1. vars
  16. 2. clean-all
  17.  
  18. Build a CA key (once only)
  19. 1. vars
  20. 2. build-ca
  21.  
  22. Build a DH file (for server side, once only)
  23. 1. vars
  24. 2. build-dh
  25.  
  26. Build a private key/certficate for the openvpn server
  27. 1. vars
  28. 2. build-key-server <machine-name>
  29.  
  30. Build key files in PEM format (for each client machine)
  31. 1. vars
  32. 2. build-key <machine-name>
  33. (use <machine name> for specific name within script)
  34.  
  35. 10. Make your .OVPN config files
  36. #SAMPLE CLIENT.OVPN FILE:
  37.  
  38. client
  39.  
  40. dev tap
  41.  
  42. proto tcp-client
  43.  
  44. remote some.ip.here 443
  45.  
  46. resolv-retry infinite
  47.  
  48. cipher AES-256-CBC
  49. auth MD5
  50. nobind
  51.  
  52. persist-key
  53. persist-tun
  54.  
  55. <ca>
  56. put CA Cert code here
  57. </ca>
  58. <cert>
  59. put Client Cert code here
  60. </cert>
  61. <key>
  62. put Client Private Key code here
  63. </key>
  64. comp-lzo
  65. verb 3
  66.  
  67. #SAMPLE Server.OVPN Config (separate file)
  68.  
  69. port 443
  70.  
  71. proto tcp-server
  72.  
  73. # You don't need to edit this.
  74. dev tap
  75.  
  76. #Setting up encryption
  77. <ca>
  78. Enter CA Cert Code here
  79. </ca>
  80.  
  81. <cert>
  82. Enter Server Cert Code Here
  83. </cert>
  84.  
  85. <key>
  86. Enter Server Private Key Here
  87. </key>
  88.  
  89. <dh>
  90. Paste the dh2048.pem code inside this string
  91. </dh>
  92.  
  93. server 10.11.1.0 255.255.255.0
  94.  
  95. # Clients wants to see each other.
  96. client-to-client
  97.  
  98. keepalive 10 120
  99.  
  100. comp-lzo
  101. cipher AES-256-CBC
  102. auth MD5
  103. persist-key
  104. persist-tun
  105.  
  106. status openvpn-status.log
  107.  
  108. duplicate-cn
  109. verb 1
  110.  
  111. -----------------------------------------------
  112. Making a Proxy on the VPN to have Client connect with server ip.
  113. (need 64bits OS for Squid Proxy Server or another proxy software)
  114.  
  115. 1. Download SQUID Proxy Server here: http://packages.diladele.com/squid/3.5.27/squid.msi (latest)
  116. 2. Open Squid tray icon, edit config, use the one below for high anonymity proxy
  117. #-----------------------------------------------------------------------------------
  118. #
  119. # High Anonymous Squid Proxy Server
  120. #
  121.  
  122. # Example rule allowing access from your local networks.
  123. # Adapt to list your (internal) IP networks from where browsing
  124. # should be allowed
  125. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  126. acl localnet src 172.16.0.0/8 # RFC1918 possible internal network
  127. acl localnet src 192.168.0.0/8 # RFC1918 possible internal network
  128. acl localnet src fc00::/7 # RFC 4193 local private network range
  129. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  130.  
  131. acl SSL_ports port 443-65535
  132. acl Safe_ports port 1-65535 # unregistered ports
  133. acl CONNECT method CONNECT
  134.  
  135. #
  136. # Recommended minimum Access Permission configuration:
  137. #
  138. # Deny requests to certain unsafe ports
  139. http_access deny !Safe_ports
  140.  
  141. # Deny CONNECT to other than secure SSL ports
  142. http_access deny CONNECT !SSL_ports
  143.  
  144. # Only allow cachemgr access from localhost
  145. http_access allow localhost manager
  146. http_access deny manager
  147.  
  148. # We strongly recommend the following be uncommented to protect innocent
  149. # web applications running on the proxy server who think the only
  150. # one who can access services on "localhost" is a local user
  151. http_access deny to_localhost
  152.  
  153. #
  154. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
  155. #
  156.  
  157. # Example rule allowing access from your local networks.
  158. # Adapt localnet in the ACL section to list your (internal) IP networks
  159. # from where browsing should be allowed
  160. http_access allow localnet
  161. http_access allow all
  162.  
  163. # And finally deny all other access to this proxy
  164. #http_access deny all
  165. forwarded_for delete
  166. via off
  167.  
  168. # Squid normally listens to port 3128
  169. http_port 3128
  170.  
  171.  
  172. # Uncomment and adjust the following to add a disk cache directory.
  173. #cache_dir ufs /var/cache/squid 100 16 256
  174.  
  175. # Leave coredumps in the first cache dir
  176. coredump_dir /var/cache/squid
  177.  
  178. #
  179. # Add any of your own refresh_pattern entries above these.
  180. #
  181. refresh_pattern ^ftp: 1440 20% 10080
  182. refresh_pattern ^gopher: 1440 0% 1440
  183. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  184. refresh_pattern . 0 20% 4320
  185.  
  186. dns_nameservers 8.8.8.8 8.8.4.4
  187.  
  188. ###END SQUID CONFIGURATION
  189.  
  190. 3. restart Squid Service
  191.  
  192. 4. Open your internet options and set (your server ip 10.11.1.1) and Squid Port (3128) as shown in picture
  193.  
  194. 5. Set your browsers to use the proxy. If you have a firewall please accept port 3128 and Squid service.
  195.  
  196. 6. IMPORTANT: to avoid browser leaking your IP Address go in firefox address bar and type ABOUT:CONFIG
  197.  
  198. 7. Search for peer, and turn everything that is true to false.
  199.  
  200. I hope you enjoyed this tutorial as much as I had writing it.
  201. Thanks.
  202.  
  203.  
  204.  
  205.  
  206.  
  207.  
  208. Here a sample config for LAN VPN without OpenVPN GUI: https://www.sendspace.com/file/yo5as8
  209. simply extract on your desktop* (important) and run as admin VPN.bat
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!