How To Build A VPN?

Want to build you own VPN?

If you've already had a VPS, cloud computing or dedicated server, and the Terminal application of Mac, or the Putty tool for Windows, you can start to build VPN services, whether PPTP, L2TP or OpenVPN types.

I. How to build a PPTP VPN?

PPTP VPN

After connecting to your server via SSH, you can build your own PPTP VPN with the following 8 steps:

1. Install PPTPD

Install the PPTPD package with the following command:

apt-get install pptpd

2. Edit the VPN interface IP addresses

Open the pptpd.conf file with the following code:

nano /etc/pptpd.conf

Press the Enter key, find and uncomment the following 2 lines:

#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245

3. Edit DNS addresses

Enter the following command:

nano /etc/ppp/pptpd-options

Find the following codes:

#ms-dns 10.0.0.1
#ms-dns 10.0.0.2

And change them to the following ones:

ms-dns 8.8.8.8
ms-dns 8.8.4.4

4. Add VPN accounts

Enter the following command:

nano /etc/ppp/chap-secrets

Press the Return key and enter the following information:

username pptpd password *

For example:

freenuts pptpd 123456 *

5. Forward IPv4

Enter the following command:

nano /etc/sysctl.conf

Press the Return key, find and uncomment the following line:

#net.ipv4.ip_forward=1

6. Apply the forward

Your forward change won't be active immediately, and you need to apply it with the following commend:

sysctl -p

If everything is correct, then you can see the following result:

net.ipv4.ip_forward = 1

7. Allow the routing

Copy and paste the following command:

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

Press the Return key to run the command.

8. Restart PPTPD

Copy and paste the following command:

/etc/init.d/pptpd restart

Press the Return key, then you can use your PPTP VPN with the username and password you've set before.

For more details, you can check out this tutorial mentioned before.

II. How to build an L2TP VPN?

How to build an L2TP VPN

To build an L2TP/IPSec VPN, you can follow the following 6 steps:

1. Install OpenSwan

Enter the following command lines one by one:

aptitude install build-essential

aptitude install libgmp3-dev gawk flex bison

wget http://www.openswan.org/download/openswan-2.6.35.tar.gz

tar xzvf openswan-2.6.35.tar.gz

cd openswan-2.6.35

make programs

make install

Remember to press the "Return" key when entering any one of the above lines.

By the way, 2.6.35 is the latest version during my test, and you can check the OpenSwan website to see if there is a new version later, if yes, you can use it instead.

2. Edit IPSec

Firstly, open the ipsec.conf file with the following command:

vi /etc/ipsec.conf

Delete all the existing contents, and paste the following ones:

version 2.0
config setup
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
    oe=off
    protostack=netkey

conn %default
    forceencaps=yes

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=YOUR.VPS.IP.ADDRESS
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any

Remember to change YOUR.VPS.IP.ADDRESS to your VPS IP address, such as 178.18.17.30 for this tutorial.

Secondly, open the ipsec.secrets file with the following code:

vi /etc/ipsec.secrets

And insert the following content:

YOUR.VPS.IP.ADDRESS %any: PSK "YourSharedSecret"

For example:

178.18.17.30 %any: PSK "123456abcdef"

Thirdly, enter the following command lines one by one:

for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done

Remember to press the "Return" key after every command line.

Fourthly, restart IPSEC with the following command:

service ipsec restart

3. Install L2TP

Go back to the root directory, and install the L2TP package with the following command line:

aptitude install xl2tpd

After installation, open the conf file with the following code:

vi /etc/xl2tpd/xl2tpd.conf

Delete all the existing content and paste the following one:

[global]
; listen-addr = 192.168.1.98

[lns default]
ip range = 10.1.1.2-10.1.1.255
local ip = 10.1.1.1
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

4. Set up xl2tpd

Enter the following command:

vi /etc/ppp/options.xl2tpd

Then insert the following codes:

require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

After that, open the chap-secrets file:

vi /etc/ppp/chap-secrets

And insert the following content:

username l2tpd password *

For example:

freenuts l2tpd 123456 *

Then, restart L2TP:

service xl2tpd restart

5. IP forward

Enter the following command:

vi /etc/sysctl.conf

Press the "Return" key, find the line of "#net.ipv4.ip_forward=1" and uncomment it.

After that, enter the following command:

sysctl -p

Press the "Return" key, then you will only see "net.ipv4.ip_forward=1" as the result if everything is right.

After that, enter the following command:

iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE

6. For reboot

Now, you can connect your L2TP/IPSec VPN, but if you reboot your VPS, your forwarding settings will be gone, to avoid this, you can enter the following command:

vi /etc/rc.local

Press the "Return" key and paste the following contents before the "exit 0" line:

for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
/etc/init.d/ipsec restart

Save it, then you are done.

For more details, you can check out this post.

III. How to build an OpenVPN?

OpenVPN

It is also easy to build an OpenVPN with the following 9 steps:

1. Install OpenVPN

Enter the following command to install OpenVPN:

apt-get install openvpn

2. Move easy-rsa into the correct place

Enter the following command:

cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn

Press the "Return" key, then you can move the easy-rsa folder to the OpenVPN directory.

3. Generate keys

Enter the following commands one by one:

cd /etc/openvpn/easy-rsa/2.0

. ./vars

./clean-all

./build-ca

./build-key-server server

./build-key client

./build-dh

Remember to press the "Return" key at each line, and answer "yes" to all "yes/no" questions:

4. Apply iptables rules

Enter the following command:

vi /etc/sysctl.conf

Press the "Return" key, find the line of "#net.ipv4.ip_forward=1" and uncomment it.

After that, enter the following code:

sysctl -p

Then you will see the following message as a result:

net.ipv4.ip_forward=1

Then create iptables rules with the following command:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 178.18.17.142

Remember to replace "178.18.17.142" with the actual IP address of your server.

5. Create the VPS OpenVPN configuration file

Enter the following command:

# vi /etc/openvpn/server.conf

And paste the following contents:

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3

6. Start OpenVPN

You can start OpenVPN with the following command:

# /etc/init.d/openvpn start

7. Create the PC OpenVPN configuration file

Enter the following command:

vi /etc/openvpn/easy-rsa/2.0/keys/client.conf

And insert the following contents:

client
dev tun
proto udp
remote 178.18.17.142 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3
redirect-gateway
script-security 2

Remember to replace "178.18.17.142" with your own VPS’ IP address.

8. For reboot

In order to redo the above iptables settings when you reboot your VPS, you can enter the following command:

vi /etc/rc.local

And insert the following contents above the line of "exit 0" :

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 178.18.17.142
openvpn /etc/openvpn/server.conf

Remember to replace "178.18.17.142" with the actual IP address of your VPS.

9. Download some things to your PC

You need to download the following 4 files to your local PC:

  • client.conf
  • ca.crt
  • client.crt
  • client.key

To do so, you can use Fetch (for Mac), WinSCP (for Windows) or some other SFTP software.

When it is finished, go to the root of your user name, and move the 4 download files to your local OpenVPN configurations folder, then your own OpenVPN is ready.

For more details, you can check out this post.

P.S.: The above tutorials are based on XEN VPS, for OpenVZ VPS, Cloud computing or dedicated server, the steps may be a little different.

This entry was posted in Free Online Anti-censorship Tools and tagged , , . Bookmark the permalink. Both comments and trackbacks are currently closed.