Login

Forgot password?

We love free and open web!

Author Topic: Easiest way to setup Ubuntu as a VPN server  (Read 4231 times)

Offline sucks

  • Newbie
  • *
  • Posts: 5
    • View Profile
Easiest way to setup Ubuntu as a VPN server
« on: December 10, 2012, 11:39:25 PM »
I know there are many tutorials on the net for setting up VPN client and server.

I you find one that is simple/short please put a link, I am interested only in the server part.

For client, I will use OS X so I prefer a solution that uses L2TP over IPsec or PPTP because I suppose Cisco IPsec would cost something.

I don't want to spent too many hours setting it up. You know, maybe someone already made a setup script :)

Note: I am using an EC2 micro instance running Ubuntu 12.04 on it.

Offline glee

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: Easiest way to setup Ubuntu as a VPN server
« Reply #1 on: December 10, 2012, 11:40:33 PM »
PPTP via PoPToP is easy

 1.Install pptpd
   
Code: [Select]
apt-get install pptpd
  2. edit /etc/pptpd.conf and set the remoteip option to a range on your network that is NOT served by your DHCP server.

  3. edit /etc/ppp/chap-secrets and add a username and password

e.g.
vpnuser pptpd vpnpassword *

This is all it takes to setup pptp. Now test it with your OS X client.

Offline Administrator

  • Administrator
  • Jr. Member
  • *****
  • Posts: 87
    • View Profile
Re: Easiest way to setup Ubuntu as a VPN server
« Reply #2 on: December 10, 2012, 11:42:57 PM »
The Absolute Minimum Server Setup
What follows are the absolute minimum instructions that you need to get a basic PPTP VPN server running under Ubuntu. Clients will then be able to VPN into the server and route  their internet traffic so that it goes through the server to the internet. As always, consult the full documentation to understand what everything is doing.
First, install the required software:
sudo apt-get install pptpd 
Second, enable ip_forward in the kernel for IPv4 by uncommenting the associated line in /etc/sysctl.conf:
sudo sed -i -r 's/^\s*#(net\.ipv4\.ip_forward=1.*)/\1/' /etc/sysctl.conf # Reload the config file to have the change take effect immediately. sudo -i sysctl -p 
Third, enable NAT (if it isn't enabled already) so that users on the private VPN network can have their packets routed out to the internet:
OUTIF=`/sbin/ip route show to exact 0/0 | sed -r 's/.*dev\s+(\S+).*/\1/'` sudo -i iptables --table nat --append POSTROUTING --out-interface $OUTIF --jump MASQUERADE # Enable NAT on boot from the rc.local script. CMD="iptables --table nat --append POSTROUTING --out-interface $OUTIF --jump MASQUERADE" sudo sed -i "\$i$CMD\n" /etc/rc.local 
Note: This guide assumes you have no firewall configured on the server. If you have a firewall on the server, such as UFW, consult the relevant documentation instead.
Fourth, for each VPN user, create an account in the file /etc/ppp/chap-secrets. Replace $USER with the actual username you want to use for that VPN user.
KEY=`head -c 20 /dev/urandom | sha1sum | nawk '{print $1}'` echo "$USER pptpd $KEY *" | sudo tee -a /etc/ppp/chap-secrets 
Finally, you are ready to...
Configure the Client
In the Network Manager applet, select VPN ConnectionsConfigure VPN, then click Add. On the next screen select PPTP for the VPN type, then click Create.
enter image description here
In this window, enter your server's hostname or IP along with the username and key that you added to the /etc/ppp/chap-secrets file on the server.
Now click Advanced.
enter image description here
In this window, enable "Use Point-to-Point encryption (MPPE)" and select 128-bit security. Disable the use of MSCHAP authentication (leave MSCHAPv2 enabled).
Finally, click Ok and then Save to close out the previous window.
You can now test the VPN connection by going to the Network Manager applet → VPN Connections and selecting the connection that you just created. Make sure you get a message saying that the VPN connection was successful, then browse to an IP checking website to verify that your IP now shows up as the server's IP.
If you get a message saying that the VPN connection to the server failed: first verify that you correctly entered the client settings; second, check that the client has network connectivity to TCP port 1723 on the server; finally, check the log file /var/log/messages on the server for further clues. If your VPN connection succeeds, but you subsequently are unable to browse to any websites from the client, consult this incredibly helpful diagnostic guide on the pptpd website.
Notes
If the local network you are connected to is using the 192.168.0.0/24 and 192.168.1.0/24 subnets, you are going to run into issues because that is what the PPTP server uses by default. You will have to configure PPTP to use different subnets in pptpd.conf.
There are numerous other configuration changes you may want to make. For example, all your domain name lookups will still be queried using your local DNS server instead of going through the PPTP server. Take the time to read over the full documentation to find out how to change this setting and many others.
 

Offline gcrest

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: Easiest way to setup Ubuntu as a VPN server
« Reply #3 on: January 11, 2013, 01:13:01 PM »
i have used a vpn software before now dat makes use of ICMP /UDP protocol. (pd-proxy).  i assume that  a default vpn server makes use of TCP for packet routing 2 the internet..

assuming some service are blocked by my ISP and i wish 2 create  a vpn dat can transmit packets via ICMP / UDP. / TCP / DNS  (which ever is blocked it should be able to switch 2 another protocol)..how do i set it up..

i dont even have a server for now.. loll..

Offline Administrator

  • Administrator
  • Jr. Member
  • *****
  • Posts: 87
    • View Profile
Re: Easiest way to setup Ubuntu as a VPN server
« Reply #4 on: January 12, 2013, 06:53:39 AM »
I dont know any open source or free vpn application that can tunnel through ICMP or DNS.

As far as I know only PD-Proxy and Wi-free are the only vpn that uses ICMP to tunnel their traffic and they are using their own custom coded vpn servers.

Offline gcrest

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: Easiest way to setup Ubuntu as a VPN server
« Reply #5 on: January 12, 2013, 07:18:48 AM »
so what do i do now...since by default vpn are allowed 2 tunnel through TCP

Offline Administrator

  • Administrator
  • Jr. Member
  • *****
  • Posts: 87
    • View Profile
Re: Easiest way to setup Ubuntu as a VPN server
« Reply #6 on: January 12, 2013, 11:30:59 PM »
If you know how to code then you can code it yourself. You can get some ideas how icmp tunneling works from other icmp tunneling apps like http://www.cs.uit.no/~daniels/PingTunnel/