API tools faq
paste
Jackk

Create your own VPN

Jackk
Nov 4th, 2014
3,648
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.37 KB | None | 0 0
raw download clone embed print report
  1. So this weeks video is how to turn your CentOS 6 VPS into a VPN Server. Why would you want to do this? Well the issue is that even if a hosting provider for VPN's say they do not keep logs, you can never be sure. If we create our own OpenVPN Server on our own VPS we are in control of everything. So below are all the commands you will need to do this tutorial.
  2.  
  3.  
  4.  
  5. I recommend copying and pasting commands, as one error may result in a non working VPN Server.
  6.  
  7. First things first lets update our CentOS VPS using this command:
  8. yum update -y
  9.  
  10. First we need to check to make sure we have tun/tap enabled. If you do not, you will need to ask your VPS Host to enable it for you. You can check this using this command:
  11. cat /dev/net/tun
  12. It should read 'cat: /dev/net/tun: File descriptor is in bad state'.
  13.  
  14. Now install openvpn and it's dependencies using each of these commands in order:
  15. yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel iptables -y
  16. rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
  17.  
  18. wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
  19. rpm -Uvh lzo-*.rpm
  20. rpm -Uvh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
  21. yum install openvpn
  22.  
  23. Now we need to change some files, copy directories and generate the SSL keys for your server. Use these commands in order:
  24. cp -r /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
  25. cp -irv /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/2.0/openssl.cnf
  26. cd /etc/openvpn/easy-rsa/2.0
  27. chmod 755 *
  28. source ./vars
  29. ./vars
  30. ./clean-all
  31.  
  32. Now we need to enter the certificate details. Use these commands in order:
  33. ./build-ca
  34. ./build-key-server server
  35.  
  36. ./build-dh
  37.  
  38. Now we need to create the openvpn server config file. Use these commands in order:
  39. cd /etc/openvpn
  40. nano server.conf
  41.  
  42. Paste in this configuration:
  43.  
  44. local x.x.x.x #- change it with your server ip address
  45.  
  46. port 1194 #Change to the PORT you would like
  47. proto udp
  48. dev tun
  49. tun-mtu 1500
  50. tun-mtu-extra 32
  51. mssfix 1450
  52. ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
  53. cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
  54. key /etc/openvpn/easy-rsa/2.0/keys/server.key
  55. dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
  56. plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
  57. client-cert-not-required
  58. username-as-common-name
  59. server 10.8.0.0 255.255.255.0
  60. push "redirect-gateway def1"
  61. push "dhcp-option DNS 8.8.8.8"
  62. push "dhcp-option DNS 8.8.4.4"
  63. keepalive 5 30
  64. comp-lzo
  65. persist-key
  66. persist-tun
  67. status server-tcp.log
  68. verb 3
  69.  
  70.  
  71. Don't forget to replace x.x.x.x with your VPS IP Address. Use CTRL + X then press Y and then press S to save.
  72.  
  73. Now check your OpenVPN Server is working by using this command:
  74. openvpn /etc/openvpn/server.conf
  75.  
  76. 'Initialization Sequence Completed' means that your server is working fine so far.
  77.  
  78. Now enter these commands in order:
  79. chkconfig openvpn on
  80. chkconfig iptables on
  81.  
  82. Now we need to edit the sysctl.conf file by opening it up with this command:
  83. nano /etc/sysctl.conf
  84.  
  85. Change the line: net.ipv4.ip_forward = 0 TO 1
  86. Comment out this line: # net.ipv4.tcp_syncookies = 1
  87.  
  88. Then press CTRL + X, press Y and then press S to save
  89.  
  90. Now type:
  91. sysctl -p
  92.  
  93. Now configure the IP Tables using these commands in order:
  94.  
  95. iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  96.  
  97.  
  98. iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
  99.  
  100. iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to x.x.x.x
  101.  
  102.  
  103. Replace x.x.x.x with your VPS IP Address.
  104.  
  105. Then save this by typing:
  106. service iptables save
  107.  
  108. Now you need the client config that goes on the WINDOWS Machine:
  109.  
  110. client
  111.  
  112. dev tun
  113. proto udp
  114. remote x.x.x.x 1194 #- your OPENVPN server ip and port
  115. resolv-retry infinite
  116. nobind
  117. tun-mtu 1500
  118. tun-mtu-extra 32
  119. mssfix 1450
  120. persist-key
  121. persist-tun
  122. ca ca.crt
  123. auth-user-pass
  124. comp-lzo
  125. verb 3
  126.  
  127.  
  128. Make sure to change the IP and Port to match your VPS IP and Port
  129.  
  130. Now make sure your OpenVPN Server starts on startup on your VPS
  131. echo openvpn /etc/openvpn/server.conf >> /etc/rc.d/rc.local
  132.  
  133. Then reboot your VPS by typing@
  134. reboot
  135.  
  136. Log back in and add some users by typing:
  137. useradd <username> -s /bin/false
  138.  
  139. You can change the password by doing:
  140. passwd <username>
  141.  
  142. Now stop the OpenVPN Service:
  143. service openvpn stop
  144.  
  145. And then start it again by typing:
  146. openvpn /etc/openvpn/server.conf
  147.  
  148. And you can login to your OpenVPN Client and surf the web through your own VPN!
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!