Showing posts with label vpn. Show all posts
Showing posts with label vpn. Show all posts

Tuesday, August 03, 2010

Install OpenVPN-2.0.9 on Server CentOS 5.5

First check whether your server supports the device dev/tun
# ls -al /dev/net/tun

You'll get results like the following if it supports
# ls -al /dev/net/tun
crw------- 1 root root 10, 200 Aug  1 14:12 /dev/net/tun

Then also check whether the device dev/tun has been enabled or not
# cat /dev/net/tun

You'll get results like the following if it is enabled
# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state

If it has not enabled you should contact the staff of VPS providers


Install the required supporting dependency
# yum -y install gcc make zlib-devel pam-devel openssl-devel rpm-build autoconf.noarch nano openssl lzo2

Install OpenVPN
# cd /tmp
# wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
# wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
# rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
# rpmbuild -tb openvpn-2.0.9.tar.gz

For server CentOS x86 (i386)
# rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
# rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm

For server CetOS x64 (x86_64)
# rpm -Uvh /usr/src/redhat/RPMS/x86_64/lzo-*.rpm
# rpm -Uvh /usr/src/redhat/RPMS/x86_64/openvpn-2.0.9-1.x86_64.rpm

Build certificate
# cp -R /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
# cd /etc/openvpn/easy-rsa/2.0
# nano ./vars
Find following line
export KEY_DIR=$EASY-RSA/keys
Change like the following
export KEY_DIR="/etc/openvpn/keys"

# chmod 755 *
# source ./vars
# ./vars
# ./clean-all
# ./build-ca

will then appear like the following posts:
Generating a 1024 bit RSA private key
....................................................................++++++
..............................................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [Fort-Funston CA]:
Email Address [me@myhost.mydomain]:

Just hit enter in each field, which needs to fill only the "Common Name" fill it with anything you want.


Build Server Key
# ./build-key-server server

will then appear like the posts before, just hit enter in each field, which needs to fill only the "Common Name" fill it with servers, then follow the next steps to complete build server key.

Build DH Key
# ./build-dh


Create OpenVPN configuration file.
# nano /etc/openvpn/server.conf

The following is an example configuration:

local xxx.xxx.xxx.xxx #Replace with your server IP address
port xxxx #Replace with the desired port
proto udp #Choose between tcp and udp (remove instructions in bold)
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 192.168.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-vpn.log
verb 3

Start Service OpenVPN
# service openvpn start
# chkconfig openvpn on

Setting Firewall
# nano /etc/sysctl.conf
find net.ipv4.ip_forward  and give value = 1
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -s 192.168.0.0/24  -j SNAT –to xxx.xxx.xxx.xxx
Change xxx.xxx.xxx.xxx with your server IP address
# iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
Save iptables
# service iptables save

Build Client Key
# cd /etc/openvpn/easy-rsa/2.0
# source ./vars
# ./vars
# ./build-key ClientName

File keys we have made earlier is stored in the directory /etc/openvpn/keys
save to your PC file "ClientName.key", "ClientName.crt" and "ca.crt"

Create a configuration file for the client and name it "ClientName.ovpn"

The following is a sample configuration for the clients based on server configuration:
client
dev tun
proto udp
remote xxx.xxx.xxx.xxx xxxx
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
cert ClientName.crt
key ClientName.key
comp-lzo
verb 3

Replace xxx.xxx.xxx.xxx with the server ip and  xxxx with port that has been in setting on the server.
Save files "ClientName.key", "ClientName.crt", "ClientName.ovpn" and "ca.crt" in the directory OpenVPN.
for example on C:\Program Files\OpenVPN\config\ClientName.
Posted by Manage VPS at 11:32:00 AM 2 comments
Labels: , , , ,

Monday, August 02, 2010

Install ptunnel on Server CentOS 5.5 for Tunneling via ICMP

      Ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies. It is not a feature-rich tool by any means, but it does what it advertises. So here is what it can do:

  • Tunnel TCP using ICMP echo request and reply packets
  • Connections are reliable (lost packets are resent as necessary)
  • Handles multiple connections
  • Acceptable bandwidth (150 kb/s downstream and about 50 kb/s upstream are the currently measured maximas for one tunnel)
  • Authentication, to prevent just anyone from using your proxy
    

      PTunnel will not work in the condition that when an outgoing/incoming ping not allowed, or filtered by a gateway somewhere along the way. Also, it does not involve any congestion control. But a good thing is that it is open source and supports both Linux, Windows & Mac. For Windows, you will also need WinPcap.

There is the step for installing ptunnel 0.71:

ON SERVER

# yum -y install gcc*
# yum -y install libpcap*
# mkdir /tmp
# cd /tmp
# wget http://www.cs.uit.no/~daniels/PingTunnel/PingTunnel-0.71.tar.gz
# tar -zxvf PingTunnel-0.71.tar.gz
# cd PingTunnel
# make
# make install

On server  CentOS 5.5 32bit

# ptunnel &



On server  CentOS 5.5 64bit

# ptunnel > /dev/null 2 >&1 &


Open Port on Server (8000 or whatever it that will be used for tunneling)

# setup

and then choose Firewall configuration >> Customize

do as shown in the picture:



ON CLIENT

ptunnel -p ptunnel.example.org -lp 8000 -da ssh.example.org -dp 22

If you using ptunnel client on windows, make sure you copy ptunnel.exe to folder system32 before running that command on command prompt and WinPcap has installed on your system.

ON SSH CLIENT

Using PuTTY or Bidvise Tunnelier to login to your SSH.

Setting on SSH Client:
Host : 127.0.0.1
Port : 8000
Posted by Manage VPS at 2:22:00 AM 2 comments
Labels: , , , , , ,
Subscribe to: Posts (Atom)