Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 916
- Points
- 113
"Any online security in our world begins with creating your own VPN"
In this article we will create a VPN server using the Openvpn protocol for comfortable work on the network; for this we will need:
1) Server (Debian 10)
2) Having straight hands and following this manual
The main indicators of the hoster that will provide us with the server - payment in cryptocurrency and 1GB channel
Hosters that fit these criteria. Server rental starts from $5 per month.
List of hosters:
pq.hosting
cp.inferno.name
itldc.com
4vps.su
We need to get a Debian 10 version server from them
Minimum server characteristics: 1 core, 1GB RAM, 10GB SSD
After renting, you will be given a standard set for connecting to the server, namely:
- IP
- Login
- Password
- Standard port for connecting via ssh - port 22
You can download it from the official website: putty.org
After installing and opening the application, we will have this window:
In it we need to enter the IP. Port remains - 22
Next, save the key by pressing the button: “Accept”
Next, we will be asked for a login and password (in Linux, the clipboard is inserted with the right mouse button, you need to get used to this)
We enter them and get to the server:
After logging into the server, let's immediately disable saving input in the terminal
To do this we need to enter the following command:
nano /root/.bashrc
The nano editor will open, there at the end of the file we will enter:
export HISFILE=''
export HISTSIZE=0
Use the up and down arrows to move to the end of the file
Save the result using the Ctrl+O key combination. Press Enter. The result is saved
Exit the editor using the key combination Ctrl+X
Next, we need to update the system and install the necessary programs on the server
Enter the commands one by one:
apt-get update -y
apt-get upgrade -y
apt-get install net-tools cron wget curl nano mc htop python -y
apt-get install python-pip git ufw sudo git tcptrack vnstat screen -y
apt-get install build-essential make automake autoconf pkg-config -y
The update will take a couple of minutes
Now you need to change the password for root (from which we will connect)
To do this, enter the command: passwd root
Next, enter a new password and press Enter. And so twice
For security, let's create a new user and disable connections via standard port 22, from which we are connecting now
To create a new user, enter the command:
useradd -m -s /bin/bash newuser
replace the new user with your new login from the server
Next, we will assign a password to this new user
passwd newuser
newuser also replace with your login
Okay, now we have a new user and an updated system
Let's disable unnecessary programs and logging
The system will not detect any processes - no big deal, just enter
One by one, you need to enter the following commands into the terminal:
/etc/iniu.d/apache2 stop
update-rc.d apache2 disable
/etc/iniu.d/postfix stop
update-rc.d postfix disable
/etc/iniu.d/nginx stop
update-rc.d nginx disable
/etc/iniu.d/exim4 stop
update-rc.d exim4 disable
/etc/iniu.d/rpcbind stop
update-rc.d rpcbind disable
/etc/iniu.d/nfc-common stop
update-rc.d nfc-common disable
/etc/iniu.d/rsyslog stop
update-rc.d rsyslog disable
Next, we will prohibit login from root and change the ports (so that we can connect only as a new user)
nano /etc/ssh/sshd_config
With this command we again go to the nano editor and edit the file
You need to find the line and change from yes to no
PermitRootLogin no
Also find port 22 and change it to your new port for connection
Line: #Port 22
Change to: Port X (instead of X, insert any port from 10000 to 40000. For example, 22384)
The port must be remembered
We also save the results by pressing Ctrl+o. Enter. Ctrl+X
Let's restart the services with these commands:
service sshd restart
systemctl restart sshd
Now let's disable the IPv6 service
Because she is considered unsafe
Enter the command:
nano /etc/sysctl.conf
And at the end of the file we add
#disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
We also save the result Ctrl+O. Enter. Ctrl+X
Restart the service with the command:
sysctl -p
Let's add administrator rights to the user we created at the very beginning
To do this we write the command:
usermod -g sudo newuser
You need to replace the name with your own, instead of newuser
Now let's go to the editor. We write the command:
visudo
We find the line in the file:
# Allow members of group sudo to execute any command
And add rights to the new user:
Instead of %sudo - write your new user
Save the result and exit: Ctrl+O. Enter. Ctrl+X
Enter the command: reboot to reboot the server. Close the Putty window
We currently have an updated server:
- No logging
- With IPv6 disabled
- With prohibition of connection from root
- With unnecessary services disabled
At this point, basic server administration is completed. You can start installing the openvpn server
New login and new password for this login
Download the necessary programs to install openvpn (at the first sudo command you will be asked to enter the user password again)
Enter these commands one by one:
sudo apt-get install git
sudo apt-get install secure-delete
git clone https://github.com/angristan/openvpn-install.git
Using the ls command you can see that the openvpn-install folder has appeared
Let's go to the openvpn folder with the command:
cd openvpn-install
Let's make the openvpn file executable with the command:
chmod +x openvpn-install.sh
And run the script with the command:
sudo ./openvpn-install.sh
Setting up openvpn:
1 - Check the IP and enter Enter
2 - Check that the letter n is there and enter Enter
3 - Delete 1 and enter 3 so that the port is not standard
4 - Leave 1 (if the VPN will be used from the host machine), 2 (if the VPN will be used not from the host machine)
5 - Select 3 or 9 (popular DNS servers)
6 - Leave n, we don’t need compression
7 - Leave n, we don’t need additional encryption either
And press Enter. The server will begin installation
Enter any Client name
And leave 1. Press Enter
The openvpn config has been created. Go to the previous folder with the command: cd
Enter the command: ls and see the file name.ovpn (replace name with your client name)
Open it in the nano editor with the command:
nano name.ovpn (replace name with your client name)
Create a text file on your system (notepad file) and copy the entire file one by one to the very end
Once you have copied the entire file we need to safely delete it
To do this, we downloaded the secure-delete program
Delete the file:
sudo srm -z name.ovpn (replace name with your client name)
Using the ls command, we check that this file no longer exists in the folder and exit the server by closing the window
After the final config is ready, we will need a program to connect. You can download it on the official website for many devices: https://openvpn.net/client/
After installing the program, to launch you need to drag the finished configuration file into the program window and connect
To check your IP address change, you can use the website: whoer.net
In this article we will create a VPN server using the Openvpn protocol for comfortable work on the network; for this we will need:
1) Server (Debian 10)
2) Having straight hands and following this manual
STAGE 1. Server rental:
The main indicators of the hoster that will provide us with the server - payment in cryptocurrency and 1GB channel
Hosters that fit these criteria. Server rental starts from $5 per month.
List of hosters:
pq.hosting
cp.inferno.name
itldc.com
4vps.su
We need to get a Debian 10 version server from them
Minimum server characteristics: 1 core, 1GB RAM, 10GB SSD
After renting, you will be given a standard set for connecting to the server, namely:
- IP
- Login
- Password
- Standard port for connecting via ssh - port 22
STAGE 2. We go to the server and do basic administration:
To connect to the server we need the Putty programYou can download it from the official website: putty.org
After installing and opening the application, we will have this window:
In it we need to enter the IP. Port remains - 22
Next, save the key by pressing the button: “Accept”
Next, we will be asked for a login and password (in Linux, the clipboard is inserted with the right mouse button, you need to get used to this)
We enter them and get to the server:
After logging into the server, let's immediately disable saving input in the terminal
To do this we need to enter the following command:
nano /root/.bashrc
The nano editor will open, there at the end of the file we will enter:
export HISFILE=''
export HISTSIZE=0
Use the up and down arrows to move to the end of the file
Save the result using the Ctrl+O key combination. Press Enter. The result is saved
Exit the editor using the key combination Ctrl+X
Next, we need to update the system and install the necessary programs on the server
Enter the commands one by one:
apt-get update -y
apt-get upgrade -y
apt-get install net-tools cron wget curl nano mc htop python -y
apt-get install python-pip git ufw sudo git tcptrack vnstat screen -y
apt-get install build-essential make automake autoconf pkg-config -y
The update will take a couple of minutes
Now you need to change the password for root (from which we will connect)
To do this, enter the command: passwd root
Next, enter a new password and press Enter. And so twice
For security, let's create a new user and disable connections via standard port 22, from which we are connecting now
To create a new user, enter the command:
useradd -m -s /bin/bash newuser
replace the new user with your new login from the server
Next, we will assign a password to this new user
passwd newuser
newuser also replace with your login
Okay, now we have a new user and an updated system
Let's disable unnecessary programs and logging
The system will not detect any processes - no big deal, just enter
One by one, you need to enter the following commands into the terminal:
/etc/iniu.d/apache2 stop
update-rc.d apache2 disable
/etc/iniu.d/postfix stop
update-rc.d postfix disable
/etc/iniu.d/nginx stop
update-rc.d nginx disable
/etc/iniu.d/exim4 stop
update-rc.d exim4 disable
/etc/iniu.d/rpcbind stop
update-rc.d rpcbind disable
/etc/iniu.d/nfc-common stop
update-rc.d nfc-common disable
/etc/iniu.d/rsyslog stop
update-rc.d rsyslog disable
Next, we will prohibit login from root and change the ports (so that we can connect only as a new user)
nano /etc/ssh/sshd_config
With this command we again go to the nano editor and edit the file
You need to find the line and change from yes to no
PermitRootLogin no
Also find port 22 and change it to your new port for connection
Line: #Port 22
Change to: Port X (instead of X, insert any port from 10000 to 40000. For example, 22384)
The port must be remembered
We also save the results by pressing Ctrl+o. Enter. Ctrl+X
Let's restart the services with these commands:
service sshd restart
systemctl restart sshd
Now let's disable the IPv6 service
Because she is considered unsafe
Enter the command:
nano /etc/sysctl.conf
And at the end of the file we add
#disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
We also save the result Ctrl+O. Enter. Ctrl+X
Restart the service with the command:
sysctl -p
Let's add administrator rights to the user we created at the very beginning
To do this we write the command:
usermod -g sudo newuser
You need to replace the name with your own, instead of newuser
Now let's go to the editor. We write the command:
visudo
We find the line in the file:
# Allow members of group sudo to execute any command
And add rights to the new user:
Instead of %sudo - write your new user
Save the result and exit: Ctrl+O. Enter. Ctrl+X
Enter the command: reboot to reboot the server. Close the Putty window
We currently have an updated server:
- No logging
- With IPv6 disabled
- With prohibition of connection from root
- With unnecessary services disabled
At this point, basic server administration is completed. You can start installing the openvpn server
STEP 3: INSTALLING OPENVPN
Go to Putty and enter the IP address and port (which we changed)New login and new password for this login
Download the necessary programs to install openvpn (at the first sudo command you will be asked to enter the user password again)
Enter these commands one by one:
sudo apt-get install git
sudo apt-get install secure-delete
git clone https://github.com/angristan/openvpn-install.git
Using the ls command you can see that the openvpn-install folder has appeared
Let's go to the openvpn folder with the command:
cd openvpn-install
Let's make the openvpn file executable with the command:
chmod +x openvpn-install.sh
And run the script with the command:
sudo ./openvpn-install.sh
Setting up openvpn:
1 - Check the IP and enter Enter
2 - Check that the letter n is there and enter Enter
3 - Delete 1 and enter 3 so that the port is not standard
4 - Leave 1 (if the VPN will be used from the host machine), 2 (if the VPN will be used not from the host machine)
5 - Select 3 or 9 (popular DNS servers)
6 - Leave n, we don’t need compression
7 - Leave n, we don’t need additional encryption either
And press Enter. The server will begin installation
Enter any Client name
And leave 1. Press Enter
The openvpn config has been created. Go to the previous folder with the command: cd
Enter the command: ls and see the file name.ovpn (replace name with your client name)
Open it in the nano editor with the command:
nano name.ovpn (replace name with your client name)
Create a text file on your system (notepad file) and copy the entire file one by one to the very end
Once you have copied the entire file we need to safely delete it
To do this, we downloaded the secure-delete program
Delete the file:
sudo srm -z name.ovpn (replace name with your client name)
Using the ls command, we check that this file no longer exists in the folder and exit the server by closing the window
STAGE 4: OPENVPN CONNECTION
First, let's remake the text file that we have turned into a ready-made openvpn config. To do this, we need to open a text file in Notepad and click “Save As” at the top. Select file type: 'all files'. And set .ovpn at the end of our file name (for example 1.ovpn)After the final config is ready, we will need a program to connect. You can download it on the official website for many devices: https://openvpn.net/client/
After installing the program, to launch you need to drag the finished configuration file into the program window and connect
To check your IP address change, you can use the website: whoer.net
