create OpenVPN on ubuntu12.04

---恢复内容开始---

最近比较火的有digitalocean  的SSD VPS，配置还不错。每个月5刀，512MB内存，CPU被虚拟过。不是KVM。链接能量也不大。

节点在西雅图，对环太平洋比较好。但是延迟也能到200多左右。可以选择节点，这个算是对我们最优的节点了。

好了。需要的东西，

1、paypal或者信用卡账户去买个VPS

2、电脑，能操作终端推荐使用linux。或者在windows上使用putty，每个客户端登录的话，都需要rsa.pub 认证的。

好了，我已经有了DO的VPS了。剩下的就是去deploy了。

We can get help from:

http://www.linuxfly.org/post/84/

http://jingpin.org/set-up-openvpn-in-vps/

https://www.ivpn.net/knowledgebase/62/PPTP-vs-L2TP-vs-OpenVPN.html

http://openvpn.net/index.php/access-server/overview.html

http://openvpn.net/index.php/access-server/docs/quick-start-guide.html

which is better OpenVPN or others? : http://strongvpn.com/compare.shtml

https://www.ivpn.net/knowledgebase/62/PPTP-vs-L2TP-vs-OpenVPN.html

I followed the tutorial here:

http://geeksandtweaks.com/wp/how-to-create-a-vpn-server-on-ubuntu-12-04/

　　　　　　

Please follow here this is the video demonstration of it:

************The reference we need for the video************

http://geeksandtweaks.com/wp/how-to-create-a-vpn-server-on-ubuntu-12-04/

Commands:

apt-get update

apt-get install openvpn openssl

cd /etc/openvpn

cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa

apt-get install nano

nano easy-rsa/vars

change

export EASY_RSA=”`pwd`”

to

export EASY_RSA=”/etc/openvpn/easy-rsa”

. ./easy-rsa/vars

./easy-rsa/clean-all

cd easy-rsa

ln -s openssl-1.0.0.cnf openssl.cnf

cd ..

./easy-rsa/build-ca OpenVPN

./easy-rsa/build-key-server server

./easy-rsa/build-key client1

./easy-rsa/build-dh

nano openvpn.conf

begin openvpn.conf contents – copy below this line

dev tun

proto udp

port 1194

ca /etc/openvpn/easy-rsa/keys/ca.crt

cert /etc/openvpn/easy-rsa/keys/server.crt

key /etc/openvpn/easy-rsa/keys/server.key

dh /etc/openvpn/easy-rsa/keys/dh1024.pem

user nobody

group nogroup

server 10.8.0.0 255.255.255.0

persist-key

persist-tun

status /var/log/openvpn-status.log

verb 3

client-to-client

push “redirect-gateway def1″

#set the dns servers

push “dhcp-option DNS 8.8.8.8″

push “dhcp-option DNS 8.8.4.4″

log-append /var/log/openvpn

comp-lzo

end openvpn.conf contents – copy above this line

echo 1 > /proc/sys/net/ipv4/ip_forward

do “ifconfig” to get adapter name and ipaddress (venet0 was mine since my vps host is using openvz)

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to YOUR.VPS.IP

cd ..

nano sysctl.conf

un-comment (remove the #) from the line containing #net.ipv4.ip_forward=1

cd ..

/etc/init.d/openvpn start

begin newvpn.ovpn contents – copy below this line

dev tun

client

proto udp

remote YOUR.VPS.IP 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert client1.crt

key client1.key

comp-lzo

verb 3

end newvpn.ovpn contents – copy above this line

The software I download the files with is called WinSCP. It allows you to transfer files via SSH. This is useful if you do not have an ftp or http server running.

****************************************************

Once you've installed the VPN service on your remote VPS, you ought to install a frontend openvpn-compatiable client.

For KDE users, they could use the default "Networking connections". Or kvpnc -- a VPN GUI for KDE

And For gnome, there is a gadmin-openvpn-client which will need you to tar all the files into a xxx.tar.gz package.

I do prefer the default one.

I chose the ubuntu 12.04 i386 image to be mounted on the remote VPS.

And It is very fancy to use coz I am using Linuxmint which also derives from ubuntu.

I chose OpenVPN. It's because that some other VPN services, such as PPTP, L2TP , are usually blocked.

OpenVPN is compatiable with dynamic ports, which will increase the level of difficulty for someone who wants to do some messy things.

---恢复内容结束---