Tuesday, February 21, 2017

OpenVPN install on Ubuntu 16.04

VPN install on Ubuntu 16.04

How to do it


curl http://ip.mtak.nl
 -- show up your current public IP address 

https://diafygi.github.io/webrtc-ips/
 -- try WebRTC leak

iptables -I INPUT 1 -p tcp –dport 1723 -j ACCEPT
iptables -I INPUT 1 -p gre -j ACCEPT

tcpdump -i eth0 port 1723
tcpdump -i eth0 proto 47



apt-get install fail2bandepending on the Linux distro, the iptables FORWARD chain is probably set to a default policy of ACCEPT, which means as soon as you turn IP forwarding on in the kernel (the sysctl command), you are allowing your server to act as a open router.
If the VPN server is behind a NAT router, the forwarding security can be a bit more open for data traffic.

sudo netstat -tulpn 

make-cadir /var/easy-rsa
cd /var/easy-rsa
ln -s openssl-1.0.0.cnf openssl.cnf

openssl dhparam 4096 > /etc/openvpn/dh4096.pem

openvpn --genkey --secret /etc/openvpn/easy-rsa/keys/ta.key   

nano vars
export KEY_COUNTRY="US"
export KEY_PROVINCE="NJ"
export KEY_CITY="Matawan"
export KEY_ORG="Your Awesome Organization"
export KEY_EMAIL="me@your_awesome_org.com"
export KEY_OU="YourOrganizationUnit" 
 
./clean-all
./build-ca
 
./build-key-server server
 
./build-dh
 
./build-key client
 
cd keys
cp ca.crt ca.key server.crt server.key ta.key dh2048.pem /etc/openvpn
cd ..
 
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | tee /etc/openvpn/server.conf
 
nano server.conf
push "redirect-gateway def1 bypass-dhcp"
user nobody
group nogroup
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
tls-auth ta.key 0
 
tls-auth key-direction 0
 
nano /etc/sysctl.conf
net.ipv4.ip_forward=1
 
sysctl -p
  
iptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -j MASQUERADE
 
service openvpn start
 
       
 
  
--------------
 
apt-get install xl2tpd ppp lsof
(  apt-get install strongswan  ) 
sudo apt-get install pptpd -y
 
sudo nano /etc/ppp/pptpd-options 
 
 ms-dns 8.8.8.8
ms-dns 8.8.4.4
 
sudo nano /etc/pptpd.conf
localip 10.0.0.1
remoteip 10.0.0.100-200
 
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 
sudo service pptpd start
 
sudo apt-get install pptp-linux network-manager-pptp network-manager-pptp-gnome 
 
  
echo "net.ipv4.ip_forward = 1" |  tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_redirects = 0" |  tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.send_redirects = 0" |  tee -a /etc/sysctl.conf
echo "net.ipv4.conf.default.rp_filter = 0" |  tee -a /etc/sysctl.conf
echo "net.ipv4.conf.default.accept_source_route = 0" |  tee -a /etc/sysctl.conf
echo "net.ipv4.conf.default.send_redirects = 0" |  tee -a /etc/sysctl.conf
echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" |  tee -a /etc/sysctl.conf
 
nano /etc/ppp/chap-secrets
 
# Secrets for authentication using CHAP
# client       server  secret                  IP addresses
alice          l2tpd   password1            *
bob            l2tpd   passWd2             *   
 
ipsec restart
/etc/init.d/xl2tpd restart 
      
 
at

No comments:

Post a Comment

Thank you for your comment. Will try to react as soon as possible.

Regards,

Networ King

Subscribe to: Post Comments (Atom)