Photo credit: ant.sr
Building your own SSH,SSL and Openvpn Server is as easy as abc. You don’t need a formal training to learn how to set it up. All we need is a little help from our friend (Google) to get it to work, and a cup of hot coffee to keep us sound and alert. We need a lot of patience too.
Just like an ordinary poetry, we need to have our pen and paper of course for us to start writing a good poetry. Same goes when building your own server we need the proper tools to start doing the job. Our writing tools in this project are the apps called Putty and Bitvise. Well we just need to choose one. Either of the two will do. (You do not hold 2 pens at the same time to write.) You can have these apps by downloading Putty and Bitvise. These apps are free. Of course we need a paper to write our thoughts into, so we need to get one. In our case, thats where the VPS kicks in. Virtual Private Server or simply VPS is a virtual machine that has its own OS and therefore can be configured for many purposes and being sold as a service by an internet hosting service. The physical machine itself is located in different parts of the world and can be remotely accessed and configured. Each Virtual machine is represented by a unique IP Address on the internet and in that purpose serves as a host server or simply the Host. How can I get my own VPS? The most commonly used in terms of performance at lower cost is Digital Ocean. Depending on the location and specifications you selected, price of monthly rentals varies. Unfortunately, Digital ocean does not have a local server (Philippine Server). If you are looking for a local server, you may want to consider CloudSigma. Like any other internet hosting services, the price depends on the specifications. Sadly a bit expensive compare to other hosting.
Today, I will show you how to setup your SSH, SSL and Openvpn the easiest way. Just by copying and pasting some ready made script we will be able to set up our server in just a couple of minutes. Big credits to the original author of the script.
Building your Server.
1. Given that you already have your VPS info: root and password.
Open your your SSH client (Bitvise or Putty)and Login your info. Input your VPS IP on Host. Dropbear port should be 22. Username should be root and type in your password. We are going to use Debian 8 64 bit OS.
2. Terminal window will open, it will prompts you to change your password.
3. Just copy the below command and paste it to terminal then hit enter. We need to install wget to be able to download external file.
apt-get -y install wget
3. Now lets use it to download the script by typing in the code below.
wget https://raw.githubusercontent.com/daybreakersx/premscript/master/Debian8
4. Paste this command for us to be able to modify the file folder destination.
chmod +x Debian8
5. Now its time for us to execute the script we had just downloaded earlier by this command below, this may take a while.
./Debian8
6. Lets delete the file folder Debian 8.
rm -f Debian8
7. Lets delete the history.
history -c
Take note any important information the screen will provide you at the end. The next step is to set up an account or user for us to use the service.
How to add a new user.
How to add a new user.
1. To Add a new user like for example, we add vpnas as a new user just type in this command.
useradd vpnas
2. To set a password for the created username please type in this command.
passwd vpnas
3. It will prompt you to type in your password and verify twice.
How to set expiration date for a user.
Now that we have already set a username and password we have the option to modify it or set an account expiry. In this case we will use the command chage with option M to set the number of days the account will be active. Lets set the account expiry to 30 days.
chage -M 30 vpnas
To know the details of the account lets use the option l.
chage -l vpnas
How to delete a user.
How to delete a user.
To delete an account use the command userdel.
userdel vpnas
Services:
OpenSSH : 22, 444
Dropbear : 143, 3128
SSL : 443 Squid3 : 8000, 8080 (limit to IP SSH)
OpenVPN : TCP 1194 (client config :http://myip:81/client.ovpn)
Dropbear : 143, 3128
SSL : 443 Squid3 : 8000, 8080 (limit to IP SSH)
OpenVPN : TCP 1194 (client config :http://myip:81/client.ovpn)
You can also watch the video tutorial for this purpose.
Once you downloaded the client.ovpn you have to edit it and follow the steps here and upload it to your modem or you can copy the configuration below.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
client
dev tun
proto tcp
remote 167.179.87.203:1194@pg.cdn.viber.com 443
persist-key
persist-tun
dev tun
pull
resolv-retry infinite
nobind
comp-lzo
ns-cert-type server
verb 3
mute 2
mute-replay-warnings
auth-user-pass
redirect-gateway def1
script-security 2
route 0.0.0.0 0.0.0.0
route-method exe
route-delay 2
cipher AES-128-CBC
http-proxy 167.179.87.203 8080
http-proxy-retry
http-proxy-option CUSTOM-HEADER HTTP/1.0
http-proxy-option CUSTOM-HEADER Host pg.cdn.viber.com
http-proxy-option CUSTOM-HEADER X-Forward-Host pg.cdn.viber.com
http-proxy-option CUSTOM-HEADER Connection:Keep-Alive
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIJAMWoqyRLQBRlMA0GCSqGSIb3DQEBCwUAMIGhMQswCQYD
VQQGEwJQSDEOMAwGA1UECBMFQWxiYXkxEDAOBgNVBAcTB0xlZ2F6cGkxDTALBgNV
BAoTBElJRUUxFTATBgNVBAsTDGRheWJyZWFrZXJzeDEQMA4GA1UEAxMHSUlFRSBD
QTEVMBMGA1UEKRMMZGF5YnJlYWtlcnN4MSEwHwYJKoZIhvcNAQkBFhJyZGJ0eDEy
M0BnbWFpbC5jb20wHhcNMTkwMzE5MDYzMDU4WhcNMjkwMzE2MDYzMDU4WjCBoTEL
MAkGA1UEBhMCUEgxDjAMBgNVBAgTBUFsYmF5MRAwDgYDVQQHEwdMZWdhenBpMQ0w
CwYDVQQKEwRJSUVFMRUwEwYDVQQLEwxkYXlicmVha2Vyc3gxEDAOBgNVBAMTB0lJ
RUUgQ0ExFTATBgNVBCkTDGRheWJyZWFrZXJzeDEhMB8GCSqGSIb3DQEJARYScmRi
dHgxMjNAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
pgud4Cntx+uzpcA6TmAjnAaiWmuuU9++i/BisVUCDRVDl66ZOcKDaQtAXzHLpzr+
ue4AX1SnWoS5vXqkFcED3+SeaxauEWbRNTPTIs+5hawGt1wec6VovusjhYRcfD88
/A00mmyX6TjnhsRZmRddV+CGuCX+g9T8t2/1kG6HVJWLIubCHDZM56wp/YNkiruV
ZqdUHyQhXRjp0ilXZ+NsAXm0HTeiq5QIBwlr/hTutjFFwnrp2NJUaIgfaRuyLsCs
mfVEhRsGKE+BCMsQWdenzVDz33bFEctKlCc60JtZFqZBh753vDm8sVGaeWyRJ0OO
tCMRluyzUIb0K0sEmv6GwwIDAQABo4IBCjCCAQYwHQYDVR0OBBYEFNsROWA09/EG
dj0NZ6cGxLrXXwPyMIHWBgNVHSMEgc4wgcuAFNsROWA09/EGdj0NZ6cGxLrXXwPy
oYGnpIGkMIGhMQswCQYDVQQGEwJQSDEOMAwGA1UECBMFQWxiYXkxEDAOBgNVBAcT
B0xlZ2F6cGkxDTALBgNVBAoTBElJRUUxFTATBgNVBAsTDGRheWJyZWFrZXJzeDEQ
MA4GA1UEAxMHSUlFRSBDQTEVMBMGA1UEKRMMZGF5YnJlYWtlcnN4MSEwHwYJKoZI
hvcNAQkBFhJyZGJ0eDEyM0BnbWFpbC5jb22CCQDFqKskS0AUZTAMBgNVHRMEBTAD
AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCBuCMXngC3F6QQLV24XYNyHQ1xvS6qAm3G
uB+spn+xKzFS7lNrqOTcON04bNVpK7nqjRYf0iEEYSZMPy5QZPn0cgEggcQ2hjUP
lyLkyt/J2UqLmArRO9VvU+/FjBreIeJCycowrhreblUfLbeRq/2JnXNbQhkFMUuY
5EvuUlZNTayKBSd6lVk6Yg91L9p0+bJdHlD6NzkvopbOpa9EqgEbXURag2p5iXzr
GiDYWbdhtU9zNm4/B9v7Zk4EzYnLNlwUhSILx2QQvo/ia2qbnEIsN1//0twsa8FO
xCYko+UyAKeTBHQVFS1Zsfjr5WNmrLFHKu58BZB0ALDRxIlXoXun
-----END CERTIFICATE-----
Once you downloaded the client.ovpn you have to edit it and follow the steps here and upload it to your modem or you can copy the configuration below.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
client
dev tun
proto tcp
remote 167.179.87.203:1194@pg.cdn.viber.com 443
persist-key
persist-tun
dev tun
pull
resolv-retry infinite
nobind
comp-lzo
ns-cert-type server
verb 3
mute 2
mute-replay-warnings
auth-user-pass
redirect-gateway def1
script-security 2
route 0.0.0.0 0.0.0.0
route-method exe
route-delay 2
cipher AES-128-CBC
http-proxy 167.179.87.203 8080
http-proxy-retry
http-proxy-option CUSTOM-HEADER HTTP/1.0
http-proxy-option CUSTOM-HEADER Host pg.cdn.viber.com
http-proxy-option CUSTOM-HEADER X-Forward-Host pg.cdn.viber.com
http-proxy-option CUSTOM-HEADER Connection:Keep-Alive
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIJAMWoqyRLQBRlMA0GCSqGSIb3DQEBCwUAMIGhMQswCQYD
VQQGEwJQSDEOMAwGA1UECBMFQWxiYXkxEDAOBgNVBAcTB0xlZ2F6cGkxDTALBgNV
BAoTBElJRUUxFTATBgNVBAsTDGRheWJyZWFrZXJzeDEQMA4GA1UEAxMHSUlFRSBD
QTEVMBMGA1UEKRMMZGF5YnJlYWtlcnN4MSEwHwYJKoZIhvcNAQkBFhJyZGJ0eDEy
M0BnbWFpbC5jb20wHhcNMTkwMzE5MDYzMDU4WhcNMjkwMzE2MDYzMDU4WjCBoTEL
MAkGA1UEBhMCUEgxDjAMBgNVBAgTBUFsYmF5MRAwDgYDVQQHEwdMZWdhenBpMQ0w
CwYDVQQKEwRJSUVFMRUwEwYDVQQLEwxkYXlicmVha2Vyc3gxEDAOBgNVBAMTB0lJ
RUUgQ0ExFTATBgNVBCkTDGRheWJyZWFrZXJzeDEhMB8GCSqGSIb3DQEJARYScmRi
dHgxMjNAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
pgud4Cntx+uzpcA6TmAjnAaiWmuuU9++i/BisVUCDRVDl66ZOcKDaQtAXzHLpzr+
ue4AX1SnWoS5vXqkFcED3+SeaxauEWbRNTPTIs+5hawGt1wec6VovusjhYRcfD88
/A00mmyX6TjnhsRZmRddV+CGuCX+g9T8t2/1kG6HVJWLIubCHDZM56wp/YNkiruV
ZqdUHyQhXRjp0ilXZ+NsAXm0HTeiq5QIBwlr/hTutjFFwnrp2NJUaIgfaRuyLsCs
mfVEhRsGKE+BCMsQWdenzVDz33bFEctKlCc60JtZFqZBh753vDm8sVGaeWyRJ0OO
tCMRluyzUIb0K0sEmv6GwwIDAQABo4IBCjCCAQYwHQYDVR0OBBYEFNsROWA09/EG
dj0NZ6cGxLrXXwPyMIHWBgNVHSMEgc4wgcuAFNsROWA09/EGdj0NZ6cGxLrXXwPy
oYGnpIGkMIGhMQswCQYDVQQGEwJQSDEOMAwGA1UECBMFQWxiYXkxEDAOBgNVBAcT
B0xlZ2F6cGkxDTALBgNVBAoTBElJRUUxFTATBgNVBAsTDGRheWJyZWFrZXJzeDEQ
MA4GA1UEAxMHSUlFRSBDQTEVMBMGA1UEKRMMZGF5YnJlYWtlcnN4MSEwHwYJKoZI
hvcNAQkBFhJyZGJ0eDEyM0BnbWFpbC5jb22CCQDFqKskS0AUZTAMBgNVHRMEBTAD
AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCBuCMXngC3F6QQLV24XYNyHQ1xvS6qAm3G
uB+spn+xKzFS7lNrqOTcON04bNVpK7nqjRYf0iEEYSZMPy5QZPn0cgEggcQ2hjUP
lyLkyt/J2UqLmArRO9VvU+/FjBreIeJCycowrhreblUfLbeRq/2JnXNbQhkFMUuY
5EvuUlZNTayKBSd6lVk6Yg91L9p0+bJdHlD6NzkvopbOpa9EqgEbXURag2p5iXzr
GiDYWbdhtU9zNm4/B9v7Zk4EzYnLNlwUhSILx2QQvo/ia2qbnEIsN1//0twsa8FO
xCYko+UyAKeTBHQVFS1Zsfjr5WNmrLFHKu58BZB0ALDRxIlXoXun
-----END CERTIFICATE-----
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Please watch out for the next post.
Good morning sir. Saan po ba makakakuha ng certific ng openvpn para sa fconfig? Salamat po sir
ReplyDeleteun pong certificate ay included na po sa client.ovpn kapag dinownload nyo.
DeleteASK KO LANG PO. pano pag ganto na lumalabas? "No connection could be made because the target machine actively refused it. 05:31:45.403 The SSH2 session has been terminated." may connection nmn po ako
ReplyDeletetry to clear your ssh client (bitvise) or gamit ka ng putty.
Deleteayaw na mag cconnect nito sir.. may bago kaba.. tnx
ReplyDeletefor sun fix plan pwede pa.. pero meron taung new update check the latest post.
Deleteonce you hit enter automatic na added na siya sa server.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteMay Error during installation Sir,
ReplyDeletedi ko ma install at nag stop xa sa easy-rsa
tanong lang po pano ako makakakuha or san ko makukuha ung vps info
ReplyDeletePano makakuha ng vps info ?
ReplyDeletesa vultr or digital ocean
ReplyDeleteayaw na gumana sa smart/tnt no load
ReplyDeletegood day po new lang po ako gusto ko gumawa ng new vpn server sa laptop ko. paano po ba kapag sa sun no load sim ang gagamitin para sa config na rin nya ?
ReplyDelete