FANDOM


First, go to www.ramnode.com, sign up for an OpenVZ SSD VPS in Seattle. They will email you login details as soon as you've paid. Pick Ubuntu 12.04 as OS. Enter whatever you want as the hostname (it'll be the name of the server - not its address).

Lines starting with "#" are an indication that you are entering commands as root (admin), unless otherwise stated.

Where you see "123.456.78.90" in the instructions below, replace it with the IP address of your own server.

Login to the SolusVM CP, shutdown the VPS. At the bottom of the page you have a few tabs of options:

  • enable TUN/TAP
  • enable PPP
  • change the root password

Restart the VPS.

Connect to the VPS with your SSH client (Terminal on Mac, putty on windows).

ssh root@123.456.78.90


Run the following commands - it removes the rubbish installed by default, installs the VPN stuff needed, and upgrades everything to the latest version:

# apt-get autoremove sendmail-bin sendmail-cf sendmail-doc apache2.2-bin apache2-doc samba-common-bin samba-common


# apt-get update


# apt-get install pptpd


# apt-get upgrade -y


Edit the VPN connection settings:

# cd /etc/


# vi sysctl.conf


Enable ipv4 port forwarding, by uncommenting this line:

net.ipv4.ip_forward=1


# vi pptpd.conf


At the bottom of the file, enter these 2 lines:

localip 192.168.10.1
remoteip 192.168.10.10-100


# cd /etc/ppp/


# vi pptpd-options


At the bottom of the file, enter these 4 lines:

ms-dns 8.8.8.8
noipx
mru 1440
mtu 1440


# vi ip-up.local

(Note: first line is a comment, not a command)

#!/bin/bash

/sbin/ifconfig $1 mtu 1440

# uncomment the next 4 lines to restrict each user to 1 login session:
#REALDEVICE=$1
#USER=`cat /dev/shm/pptpd-users/$REALDEVICE.new`
#cp "/var/run/$REALDEVICE.pid" /dev/shm/pptpd-users/$USER
#rm "/dev/shm/pptpd-users/$REALDEVICE.new"


# chmod +x ip-up.local


Create a user:

# vi chap-secrets


username * password *

(Tab after each field)

Reboot the VPS:

# reboot


Create a VPN connection on your device, use the server IP address from the SolusVM CP, and the username and password you just created.

Try to connect; every time I've done the above the first connection attempt has always failed, but then starts working, so don't panic if it doesn't work first time. If it keeps failing, you've done something wrong.

Finally, setup the routing. SSH into your server.

# cd /usr/local/bin/


# vi vmfw

(NOTE: This is the entire contents of the file, the # lines are comments, not commands)

#!/bin/bash

# reset
iptables -F
iptables -F -t nat
iptables -X

# default policy
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# openvz policy
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# open ports
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT

# vpn routing
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o venet0 -j SNAT --to-source 123.456.78.90


Make the script executable:

# chmod +x vmfw


Enable it at boot:

# cd /etc/


# vi rc.local


Enter this line above "exit 0":

/usr/local/bin/vmfw


Reboot:

# reboot


You're good to go. Hopefully you haven't locked yourself out of the server with the iptables rules above.

Notes:

  • you don't have to use RamNode; any provider that allows TUN/TAP + PPP on OpenVZ should work without drama. google "low end box" for cheapo providers (you'll get what you pay for).
  • the same instructions on Debian don't work, stick to Ubuntu. 12.10, 12.04, no matter.
  • to add users, edit the "/etc/ppp/chap-secrets" file, just add entries to it. the passwords are in plain text, so be sensible. you can use www.pctools.com to generate random passwords.
  • it would be a good idea to install fail2ban, to change the SSH port to a different one, and to add a non-root user, so you can disable remote root login. google for that stuff, or ask someone for help.
  • you can point a domain to your server IP address; an A record is enough, anywhere that sells or hosts domains will get you sorted out, or you can use DynDNS.
  • if it all goes wrong, just reinstall Ubuntu 12.04 from the SolusVM CP.
  • poor performance could be due to the mru/mtu settings. 1440 for both gave me the best results. adjust the values by +/-20 increments in all 3 places to suit - once again, google is your friend for this.

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.