Own VPN server without logging and with the tunnel disabled

[Hacker]

From attachments, only $ 2 per VPS. Not much, but the result is high-quality.

Getting started
Take a VPS from msk. host ($ 2 per month)

Regress and take a VPS

You can choose any OS, but I will configure it on Debian and I advise you to repeat everything after me(DON'T FORGET TO CHANGE THE DOMAIN NAME!)

Go to the main page:

We connect to the server via putty/xshell, the password is in the info about your server:

Installing OpenVPN on the server:

cd /home
apt install git
git clone https://github.com/Nyr/openvpn-install.git
cd /openvpn-install
chmod +x ./openvpn-install.sh
./openvpn-install.sh

Creating a config file:

In the first paragraph 2

In the second and third, just press Enter (DNS can be set as desired). In the 4th section, we need to specify the name of the config file.

Now let's remove logging:

apt remove rsyslog

Completion:

You need to download the config from the server

To do this, we use a program that supports SSH FTP(FileZilla or WinSCP)

We log in to it under data from the server, go to the root folder, then to home and the.ovpn config.

We transfer it to the working environment

Installing OpenVPN - https://openvpn.net/download-open-vpn/

Then just run the file with the .ovpn permission

Now how to remove ICMP?

Internet Control Message Protocol-simply put, allows you to perform a ping on the availability of the server. If you are in favor of anonymity, then you need to prohibit ICMP traffic to your VPN server or " tunnel detection (two-way ping)".

Debian/Ubuntu:

1. We start ssh, go to the server and log in as the root user
2. Go to edit ufw settings using nano: nano /etc/ufw/before. rules
3. Adding a new line and saving the result:

A ufw-before-input -p icmp —icmp-type echo-request -j DROP

4. Restart the ufw firewall

ufw disable && ufw enable

5. The server should no longer send ICMP traffic, which means that you managed to hide the two-way ping!

Other distributions:

The easiest way to block a ping command on Linux systems is to add a rule to iptables, as shown in the example below. Iptables is part of the Linux netfilter kernel and is generally installed by default in most Linux environments.

# iptables -A INPUT --proto icmp -j DROP
# iptables -L -n -v [List Iptables Rules]

Another common method of blocking ICMP messages on a Linux system is to add the following kernel variable, which will "disable" all ping packets.

# echo “1” > /proc/sys/net/ipv4/icmp_echo_ignore_all

To make this rule permanent, add the following line to the /etc/sysctl.conf file and then apply the rule using the sysctl command.

# echo “net.ipv4.icmp_echo_ignore_all = 1” >> /etc/sysctl.conf
# sysctl -p

For a CentOS or Red Hat Enterprise Linux distribution that uses the Firewalld interface to manage iptables rules, add the rule below to delete ping messages.

# firewall-cmd --zone=public --remove-icmp-block={echo-request,echo-reply,timestamp-reply,timestamp-request} --permanent
# firewall-cmd --reload

—remove-icmp-block will remove the permission, and since everything is forbidden by default, there will be no ping.

If everything is allowed to everyone by default, then you need to set the —add-icmp-block rule.