How to create a VPN?

hi

i am looking for some way to turn my server into a VPN (socks Proxy sort of a thing) so that i can access net through that server ?

how is it possible?

thanks

 

Look into OpenVPN.

 

does it create a "SOCKS" proxy? which i can enter in my browser connection settings and start using?

it seems pretty complicated?

 

Do you use PuttyTel?

 

Hi,

If you have ssh access to the server you can configure putty.exe (on windows) or ssh on linux to setup a socks tunnel.

 

if you have Linux OS i would recomend OpenVPN with IP forwarding.
Wich means once connected you'll have the server ip instead of you'r.
In fact, every query will be past to your server, server download the page and give back to you.

If you want, i can install OpenVPN + OpenVPN Web-Interface + OpenVPN GUI for WIndows for using Certificate for authentification.

 

but that requires technical knowledge ?

 

You need tun/tap device to be enabled on your vps, its not that hard to install openvpn. Actually its very easy to do.

1. Download the required package files.

#wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
#wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

2. Install and build your download files

You may need the required repository before start your installation

#yum install rpm-build
#yum install autoconf.noarch
#yum install zlib-devel
#yum install pam-devel
#yum install openssl-devel

If you have the above dependencies installed, you can start your installation as follows:

#rpmbuild –rebuild lzo-1.08-4.rf.src.rpm

#rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm

#rpmbuild -tb openvpn-2.0.9.tar.gz

#rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm

3. Copy configuration files

#cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
#cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/


4. CA configuration


#cd /etc/openvpn/easy-rsa/
#pico vars (or use vi editor, I just like to use pico)

then scroll down to the bottom, edit as you like.

export KEY_COUNTRY=AU
export KEY_PROVINCE=VIC
export KEY_CITY=MELBOURNE
export KEY_ORG=”THROXVPN”
export KEY_EMAIL=”name@email.com”

#.� ./vars (note a space between . . )
#./clean-all

5. Build CA

#./build-ca

Generating a 1024 bit RSA private key
………………………++++++
…………………….++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:
State or Province Name (full name) [VIC]:
Locality Name (eg, city) [MELBOURNE]:
Organization Name (eg, company) [THROXVPN]:
Organizational Unit Name (eg, section) []:Throx
Common Name (eg, your name or your server’s hostname) []:throx.net
Email Address [name@mail.com]:

Some information above already entered in step 4, hust hit enter and go to next line.

6. Building server key 

#./build-key-server ovpnsrv1

Generating a 1024 bit RSA private key
………………………………….++++++
…………………….++++++
writing new private key to ‘ovpnsrv1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:
State or Province Name (full name) [VIC]:
Locality Name (eg, city) [MELBOURNE]:
Organization Name (eg, company) [THROXVPN]:
Organizational Unit Name (eg, section) []:Throx
Common Name (eg, your name or your server’s hostname) []:throx.net
Email Address [name@email.com]:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:<enter your password here>
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName���������� :PRINTABLE:’AU’
stateOrProvinceName�� :PRINTABLE:’VIC’
localityName��������� :PRINTABLE:’MELBOURNE’
organizationName����� :PRINTABLE:’THROXVPN’
organizationalUnitName:PRINTABLE:’Throx’
commonName����������� :PRINTABLE:’throx.net’
emailAddress��������� :IA5STRING:’name@email.com’
Certificate is to be certified until Apr 10 15:15:27 2018 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

7. Building Diffie Hellman

#./build-dh

Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time

(Wait until it finished)

8. Copy key certificates to the required folder 

#cp keys/ca.crt ../
#cp keys/dh1024.pem ../
#cp keys/ovpnsrv1.key ../
#cp keys/ovpnsrv1.crt ../

9. OpenVPN configuration


#cd ../
#pico server.conf
dev tap
;dev tun
ca ca.crt
cert ovpnsrv1.crt
key ovpnsrv1.key # This file should be kept secret

10. Startup the OpenVPN service (Finally, hold your breath)

#service openvpn restart
#chkconfig openvpn on

Windows Client Installation and Configuration

1. Download a copy of windows client 

http://openvpn.net/release/openvpn-2.0.9-install.exe and install it.

2. Create CA in windows machine

Open windows cmd.exe command promp and change directory (cd) into c:\program files\openvpn\

>copy vars.bat.sample vars.bat

>edit vars.bat (scroll down to the bottom)

set KEY_COUNTRY=AU
set KEY_PROVINCE=VIC
set KEY_CITY=MELBOURNE
set KEY_ORG=THROXVPN
set KEY_EMAIL=name@mail.com

note: the above information must be same as the details set in server previously.

3. Run the file vars.bat

>vars

4. Build client’s key and certificate

>copy openssl.cnf.sample openssl.cnf
>md keys
>build-key vpnhome

5. Copy vpnhome.csr to the server directory /etc/openvpn/easy-rsa/keys

#cd /etc/openvpn/easy-rsa/
#./sign-req vpnhome
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName���������� :PRINTABLE:’AU’
stateOrProvinceName�� :PRINTABLE:’VIC’
localityName��������� :PRINTABLE:’MELBOURNE’
organizationName����� :PRINTABLE:’THROXVPN’
organizationalUnitName:PRINTABLE:’Throx’
commonName����������� :PRINTABLE:’throx.net’
emailAddress��������� :IA5STRING:’name@mail.com’
Certificate is to be certified until Apr 10 16:04:33 2018 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

6. Copy new signed certificate to your windows machine

Go to /etc/openvpn/easy-rsa/keys/ , you will see 2 new generated file - ca.crt and vpnhome.crt

Copy both of them to your Windows home machine c:/Program Files/OpenVPN/config

Also copy your windows generated vpnhome.key from C:\Program Files\OpenVPN\easy-rsa\keys to C:\Program Files\OpenVPN\config

7. Setting the client configuration for OpenVPN

Copy client.ovpn from C:\Program Files\OpenVPN\sample-config to C:\Program Files\OpenVPN\config

Edit it with the followings changes, similar to what you have done in the linux server

dev tap
;dev tun
dev-node OpenVPN_Tap
remote <ipaddress> 1194� (example: remote 202.188.1.1 1194)
ca ca.crt
cert alanghome.crt
key alanghome.key
ns-cert-type server

8. Configure the network interface for OpenVPN
Select “Control Panel” -> “Network Connection” -> “TAP-Win32#(#)”
Right-Click to rename as ‘OpenVPN_Tap’

9. Startup the connection of client

Go to START>All Programs>OpenVPN>OpenVPN GUI , click it

In the task-bar, select “OpenVPN GUI” -> right-click “Connect”

Phew…. if everything set correctly, now you should be connected to your linux via OpenVPN.

Source: http://yumax1012.blogspot.com/2007/08/install-openvpn-on-centos-44.html

Code (markup):

 

thanks. this is a nice tutorial.

i want to know before installing that this will not affect my normal apache and other configuration right? the server would continue to work normally?

 

No, it wont have any effect on your apache or other configuration.