/r/shanghai - laowaikipedia Wiki

Run your own VPN

62pages on
this wiki
Add New Page
Talk0 Share

First, go to, sign up for an OpenVZ SSD VPS in Seattle. They will email you login details as soon as you've paid. Pick Ubuntu 12.04 as OS. Enter whatever you want as the hostname (it'll be the name of the server - not its address).

Lines starting with "#" are an indication that you are entering commands as root (admin), unless otherwise stated.

Where you see "123.456.78.90" in the instructions below, replace it with the IP address of your own server.

Login to the SolusVM CP, shutdown the VPS. At the bottom of the page you have a few tabs of options:

  • enable TUN/TAP
  • enable PPP
  • change the root password

Restart the VPS.

Connect to the VPS with your SSH client (Terminal on Mac, putty on windows).

ssh root@123.456.78.90

Run the following commands - it removes the rubbish installed by default, installs the VPN stuff needed, and upgrades everything to the latest version:

# apt-get autoremove sendmail-bin sendmail-cf sendmail-doc apache2.2-bin apache2-doc samba-common-bin samba-common

# apt-get update

# apt-get install pptpd

# apt-get upgrade -y

Edit the VPN connection settings:

# cd /etc/

# vi sysctl.conf

Enable ipv4 port forwarding, by uncommenting this line:


# vi pptpd.conf

At the bottom of the file, enter these 2 lines:


# cd /etc/ppp/

# vi pptpd-options

At the bottom of the file, enter these 4 lines:

mru 1440
mtu 1440

# vi ip-up.local

(Note: first line is a comment, not a command)


/sbin/ifconfig $1 mtu 1440

# uncomment the next 4 lines to restrict each user to 1 login session:
#USER=`cat /dev/shm/pptpd-users/$`
#cp "/var/run/$" /dev/shm/pptpd-users/$USER
#rm "/dev/shm/pptpd-users/$"

# chmod +x ip-up.local

Create a user:

# vi chap-secrets

username * password *

(Tab after each field)

Reboot the VPS:

# reboot

Create a VPN connection on your device, use the server IP address from the SolusVM CP, and the username and password you just created.

Try to connect; every time I've done the above the first connection attempt has always failed, but then starts working, so don't panic if it doesn't work first time. If it keeps failing, you've done something wrong.

Finally, setup the routing. SSH into your server.

# cd /usr/local/bin/

# vi vmfw

(NOTE: This is the entire contents of the file, the # lines are comments, not commands)


# reset
iptables -F
iptables -F -t nat
iptables -X

# default policy
iptables -P INPUT DROP

# openvz policy
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# open ports
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT

# vpn routing
iptables -t nat -A POSTROUTING -s -o venet0 -j SNAT --to-source 123.456.78.90

Make the script executable:

# chmod +x vmfw

Enable it at boot:

# cd /etc/

# vi rc.local

Enter this line above "exit 0":



# reboot

You're good to go. Hopefully you haven't locked yourself out of the server with the iptables rules above.


  • you don't have to use RamNode; any provider that allows TUN/TAP + PPP on OpenVZ should work without drama. google "low end box" for cheapo providers (you'll get what you pay for).
  • the same instructions on Debian don't work, stick to Ubuntu. 12.10, 12.04, no matter.
  • to add users, edit the "/etc/ppp/chap-secrets" file, just add entries to it. the passwords are in plain text, so be sensible. you can use to generate random passwords.
  • it would be a good idea to install fail2ban, to change the SSH port to a different one, and to add a non-root user, so you can disable remote root login. google for that stuff, or ask someone for help.
  • you can point a domain to your server IP address; an A record is enough, anywhere that sells or hosts domains will get you sorted out, or you can use DynDNS.
  • if it all goes wrong, just reinstall Ubuntu 12.04 from the SolusVM CP.
  • poor performance could be due to the mru/mtu settings. 1440 for both gave me the best results. adjust the values by +/-20 increments in all 3 places to suit - once again, google is your friend for this.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.