7:34 PM What is VPS | How to Make Your Own VPS | Rahul Tyagi White Hat Blog | |
Nowadays a lot of which can be used to create a vpn server from starting
a direct form of hardware up to the only form of application, from the
expensive to the free.OpenVPN is a VPN application is free
(opensource) is quite reliable. Some sources say OpenVPN is in fact not
the safest but if the data must be transferred between two or more
networks are not too sensitive like more than enough moreover OpenVPN
OpenVPN is also very easy to install. Here I will just tell you about the installation steps OpenVPN on FreeBSD. Although probably could have used some of his tricks on Linux or * nix like any other OS. Ok long story rather than let's start it. First OpenVPN on FreeBSD can be found in the folder / usr / ports / security / openvpn, which is required usually lzo library lib but since I installed it through the ports, then all the dependencies will automatically be installed. For installation please follow these steps (all performed by root) cd / usr / ports / security / openvpn make config Make the build make install clean Performed the above steps so that you have a chance to see what happens at each step. Actually you can just change directory and typing make install clean immediately. After the installation process goes wrong and no significant errors, then input the following line to / etc / rc.conf with your favorite text editor. openvpn_enable = "YES" Now we will create a config file to be placed in the folder / usr / local / etc / openvpn if the folder does not exist yet please make advance with the command mkdir / usr / local / etc / openvpn Then please move to the folder and start creating openvpn.conf file with your favorite text editor. cd / usr / local / etc / openvpn pico openvpn.conf Now please enter the following sample config. # Specify device dev tun # # The server and client IP Pool server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt # Certificates for VPN Authentication ca / usr / local / etc / openvpn / keys / ca.crt cert / usr / local / etc / openvpn / keys / server.crt key / usr / local / etc / openvpn / keys / server.key dh / usr/local/etc/openvpn/keys/dh1024.pem # Routes to client push "route 192.168.0.0 255.255.255.0" # Compression VPN link comp-lzo keepalive 10 60 ping-timer-rem persist-tun persist-key # Run OpenVPN as a daemon and drop privileges to user / group nobody user nobody group nobody daemon Save the file above, and we continue with cerificates. Copy the script to create a certificate from the folder / usr / local / share / doc / openvpn manner as follows (examples copied it to the folder / home / giest please be replaced with your user). cp-r / usr / local / share / doc / openvpn / easy-rsa / home / guest / cd / home / guest / easy-rsa After successfully copying easy-rsa scripts then please adan edit the vars file with your favorite editor and adjust purposes (without dieditpun no problems then you will be given only a few questions over and over again). Here are examples of parts that you need to edit. export KEY_COUNTRY = ID export KEY_PROVINCE = "ENGLAND" export KEY_CITY = LONDON export KEY_ORG = "GUEST-VPN" export KEY_EMAIL = "admin@guest.org" Then we moved from the FreeBSD default shell (usually tcsh) to sh or bash first. If you do not move the shell I guarantee you will not succeed in making certificates for openvpn. To switch to sh or bash please type the following command. sh Once you move the shell follow the steps below. . vars NOTE: Pls you run. / Clean-all, I Will be doing a rm-rf on / usr / home / Guest / easy-rsa / keys . / Clean-all . / Build-ca Generating a 1024 bit RSA private key ....................................++++++ ..............++++++ writing new private key to 'ca.key' ----- You are about to be asked to enter information That Will be incorporated into your certificate request.What you are about to enter is what is Called a Distinguished Name or a DN.There are quite a Few fields but you can leave some blankFor some fields there Will be a default value,If you enter '.,' Will the field be left blank. ----- Country Name (2 letter code) [ID]: State or Province Name (full name) [ENLAND]: Locality Name (eg, city) [LONDON]: Organization Name (eg, company) [GUEST-VPN]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address [admin@guest.org]: Ok as you can see you are required to answer some questions, but because previously I've edit the file vars so I can just hit enter to use the default answer. Next is to build certificate and key follow the steps below . / Build-key-server server Generating a 1024 bit RSA private key ..........++++++ .................................................. ++++++ writing new private key to 'server.key' ----- You are about to be asked to enter information That Will be incorporated into your certificate request.What you are about to enter is what is Called a Distinguished Name or a DN.There are quite a Few fields but you can leave some blankFor some fields there Will be a default value,If you enter '.,' Will the field be left blank. ----- Country Name (2 letter code) [ID]: State or Province Name (full name) [ENGLAND]: Locality Name (eg, city) [LONDON]: Organization Name (eg, company) [GUEST-VPN]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: SERVER Email Address [admin@guest.org]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: 123456 An optional company name []: ARSENAL Using configuration from / usr / home / Guest / easy-rsa / openssl.cnf Check That the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName : P RINTABLE: 'ID' stateOrProvinceName: P RINTABLE: 'ENGLAND' localityName : RINTABLE: 'LONDON' OrganizationName : RINTABLE: 'GUEST-VPN' commonName : RINTABLE: 'SERVER' emailAddress : IA5STRING: 'admin@guest.org' Certificate is to be certified until July 12 18:04:29 2019 GMT (3650 days) Sign the certificate? [Y / n]: y 1 out of 1 certificate requests certified, commit? [Y / n] y Write out database with 1 new entries Data Base Updated See if we do not edit the file vars we need to answer that question once again. now we will build certificate and key for use by the client. I emulated this will make the client certificate for 2 only. if you have more than two clients please adjusted. . / Build-key client1 Generating a 1024 bit RSA private key .........++++++ ....................................++++++ writing new private key to 'client1.key' ----- You are about to be asked to enter information That Will be incorporated into your certificate request. What you are about to enter is what is Called a Distinguished Name or a DN.There are quite a Few fields but you can leave some blank For some fields there Will be a default value,If you enter '.,' Will the field be left blank. ----- Country Name (2 letter code) [ID]: State or Province Name (full name) [ENGLAND]: Locality Name (eg, city) [LONDON]: Organization Name (eg, company) [GUEST-VPN]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: CLIENT1 Email Address [admin@giest.org]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: 123456 An optional company name []: ARSENAL Using configuration from / usr / home / Guest / easy-rsa / openssl.cnf DEBUG [load_index]: unique_subject = "yes" Check That the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName: P RINTABLE: 'ID' stateOrProvinceName: P RINTABLE: 'england' localityName: P RINTABLE: 'london' OrganizationName: P RINTABLE: 'GUEST-VPN' commonName: P RINTABLE: 'CLIENT1' emailAddress: IA5STRING: 'admin@guest.org' Certificate is to be certified until July 12 18:10:43 2019 GMT (3650 days) Sign the certificate? [Y / n]: y 1 out of 1 certificate requests certified, commit? [Y / n] y Write out database with 1 new entries Data Base Updated To client2 just typing . / Build-key client2 you should replace only the part [Source] Common Name (eg, your name or your server's hostname) []: CLIENT2 [/ source] If you do not make changes here the certificates and keys for the client to the two would not formed. Next we build dh parameters with a command like the following 1. #. / Build-dh 2. Generating DH parameters, 1024 bit long safe prime, generator 2 3. This is going to take a long time 4. ok now completed the process of making key right now you just exit back to your default shell with the command exit Now copied keys folder to / usr / local / etc / openvpn with the command cp-r keys / usr / local / etc / openvpn / Before we start running the openvpn server we first prepare a file for the log. Please edit the file / etc / syslog.conf and add the following line at the bottom of the syslog.conf file. ! Openvpn .* / Var / log / openvpn.log then create the file and restart syslog openvpn.log ny touch / var / log / openvpn.log killall-HUP syslogd Now we load the first module tun / tap tun device that could arise later. kldload if_tun kldload if_tap if you find errors kldload: can not load if_tun: File exists mean tun or tap and it was too load so do not worry. In order to tun and tap was loaded each time the boot please edit the file / boot / defaults / loader.conf then locate the following lines and change to YES if_tap_load = "YES" # Ethernet tunnel software network interface if_tun_load = "YES" # Tunnel driver (user process ppp) Ok lah is now complete we are ready to run the OpenVPN server for the first time. To run OpenVPN please type the following command. / Usr / local / etc / rc.d / openvpn start Next we check whether everything is ready or not we check first with the command ifconfig tun device tun0: flags = 8051 mtu 1500 inet 10.8.0.1 -> 10.8.0.2 netmask 0xffffffff Opened by PID 10147 If you've seen a display like the above means that the OpenVPN server is already successful path. It remains to add the following rules for your pf.conf # VPN Interface vpn_if = "tun0" # VPN Network vpn_network = "10.8.0.0/24" # NAT VPN connections nat on $ ext_if from $ vpn_network to any -> ($ ext_if) # Inbound VPN connections pass in on $ ext_if proto udp from any to port 1194 keep state pass quick on $ vpn_if Now you are ready to use your own VPS :) Enjoy Source | |
|