07-22-2011, 10:46 PM
Don't just leech info without commenting. Be it positive or negative, leave something here.
Of course, this can be edited for any Linux distro, but since I use Ubuntu as my example, I'll post it in the Ubuntu sub-forum.VPN. Virtual Private Network.
Many people want them. Today, I'll be showing you how to make one yourself.
The main purpose (in my opinion) for building your own VPN, is tunneling traffic from a restricted location so you can do what you want to online - and privately. I used my VPN strictly for getting on websites while at school my Senior year. I do not recommend selling spots on this VPN, it won't nearly be as good as the ones you pay for.
This will be a PPTP VPN, hosted by an Ubuntu Linux machine. It isn't the most secure, but it gets the job done.
Okay, let's get started. I have a very old machine running Ubuntu Server 10.10 for my VPN, and for this tutorial I'll be using a Virtual Machine of the same OS. Ubuntu Server is great for turning an old machine into a great server. My VPN only has a 400Mghz processor, 128MB of RAM and a 15GB HDD. Runs like a brute on Linux though. This will work in Ubuntu Desktop Edition, but for computer recourses, I prefer to stick with CLI. So, if you're on Desktop rather than Server, open up the Terminal.
The first command you need to issue is:
Code:
sudo su
This will give you escalated privileges for the time being, allowing you to run as root.
Installing Poptop
PPTP stands for Point to Point Tunneling Protocol. It allows remote users to securely access their network from anywhere on the Internet.
Before Poptop, no solution existed if you wish to connect PPTP clients to Linux servers. Using Poptop, Linux servers can now function seamlessly in a PPTP VPN environment.
To install Poptop, issue this command:
Code:
apt-get install pptpd -y
Now that that is done, we must know more about our machine. Issue this command:
Code:
ifconfig
For you new net-workers, that means that you have 253 hosts available on your network, 192.168.1.1 being reserved for your router, and 192.168.1.255 being reserved as your broadcast.
As you can see in my screenshot, my server is using interface “eth0”, and has the IP address 192.168.1.14 on my LAN. Take a note of this.
Now we must configure our server. There are only a few files we need to edit, I use Nano, you can use as you wish.
First we must edit the pptpd.conf file; issue this command:
Code:
nano /etc/pptpd.conf
As long as we are using eth0, we are only interested in the very bottom of that page. If you are using another interface, such as eth1 or wlan1, you can find an option to change it in this file. But, at the bottom, you'll see:
Code:
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
# or
#localip 192.168.101.1
#remoteip 192.168.101.200-245
Pay attention to this part, it's hard to explain. Those “#” pretty much tell Ubuntu to ignore the line. We want to make the “localip” line have the IP address of your machine, that you learned from the ifconfig command. The “remoteip” line, holds the IP's that we will give machines connecting to your VPN. A safe bet for this, would be to copy mine. Look at my screenshot if you have any confusion. Here are my bottom lines, which allow 4 hosts to connect to my VPN that will be given the IP's 192.168.1.67, 192.168.1.68, 192.168.1.69, 192.168.1.70, in order of connection:
Code:
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
# or
localip 192.168.1.14
remoteip 192.168.1.67,192.168.1.68,192.168.1.69,192.168.1.70
Notice the difference between the bottom two and top three lines. The lines with a # at the beginning of them are ignored, but the bottom two are the ones that PPTPD pays attention to. This can be flipped around, just remember that the # means it will be ignored.
To close and save your changes, hit “Ctrl+x”, press Y to confirm your changes, Enter to save the file.
Remember to remove the # before the lines to uncomment them!!!!
Next we need to add our users to the VPN. These are just stored in a simple text file, so issue the comand:
Code:
nano /etc/ppp/chap-secrets
You should see the following:
Code:
# Secrets for authentication using CHAP
# client server secret IP addresses
So, here is how it works. Client = PPTP Username. Server = VPN server name (sortof). Secret = Password for user. IP address = self explanatory.
As you can see in my screenshot below, I have a user named kottonmouth, using my pptpd server, with the password “hackforums”, that can connect from any IP address. The “*” is a wildcard, meaning I can use any IP. Where as the user “omni” can only connect from the randomly typed IP address I have entered. Save your changes with “Ctrl+X”, Y, Enter, and you have successfully added users to your VPN.
Now it is time to add a Satic IP address to eth0, so that it will always be 192.168.1.14 (in my case) on your LAN.
Issue the following:
Code:
nano /etc/network/interfaces
We need to Change:
Code:
auto eth0
iface eth0 inet dhcp
To:
Code:
auto eth0
iface eth0 inet static
address 192.168.1.14
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
Save your changes as before.
Look at my screenshot if you are having any trouble.
Now we need to edit the DNS setting for the static IP. Issue:
Code:
nano /etc/resolv.conf
On the line that says nameserver, I suggest using Google's DNS as it seems faster, so if you wish to take my advice, change the address to “8.8.8.8” as in my screenshot below.
Now remove the DHCP client so this will always stay:
Code:
apt-get remove dhcp3-client
You may have to remove dhcp-client3 instead.
Now, restart your networking with this command:
Code:
/etc/init.d/networking restart
and ping a website (I chose hackforums).
If you get replies and an IP back, you're good to go. Issue “Ctrl+C” to stop the ping.
No we must enable ip-masquerading:
Code:
nano /etc/rc.local
Add the following above the line that says “exit 0”:
Code:
# PPTP IP forwarding
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Then issue:
Code:
nano /etc/sysctl.conf
And uncomment this by removing the # in front of it:
Code:
net.ipv4.ip_forward=1
Next we must enable internet throughput by adding a DNS server for the VPN and the clients that connect to it. Execute:
Code:
nano /etc/ppp/pptpd-options
We're looking for a specific part here. Below is the section we're looking for. We need to remove the #'s before the lines "ms-dns", and change the IP's to copy what I have; 8.8.8.8 and 8.8.4.4
Just copy what I have, and you should be good to go.
Code:
# Network and Routing
# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients. The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
# Attention! This information may not be taken into account by a Windows
# client. See KB311218 in Microsoft's knowledge base for more information.
ms-dns 8.8.8.8
ms-dns 8.8.4.4
So now we have the Server set up, our IP set to static so it's always the same, lets test it. We must restart the VPS by issuing these commands:
Code:
killall pptpd
To stop it, then:
Code:
pptpd
To restart it.
To confirm my connection, I used my iPhone on the same LAN. Below are my settings of configuration on my phone, and my confirmed connection to it. I DON'T THINK YOU WILL BE ABLE TO BROWSE THE WEB FROM THE VPN WHILE IT IS ON YOUR LAN. This will confuse your network since you are using the same device on two different Ips, and you will not be able to receive any packets.
I apologize for the image sizes.
To use this VPN, we must first port forward our machine on port 1723 TCP, then connect from a remote location. A good way to test this out is by having a friend you can trust try and connect.
I hope this helped you guys out. I know this tutorial needs some work, I just felt like writing one so here it is, haha. If you have any questions feel free to post.