HOW GEEK!

Tag: vserver openvpn

  • Alvotech Vserver VPS with OpenVPN

    Renting a server at Alvotech and thinking about installing OpenVPN? Then follow this tutorial.

    This tutorial has been done on the default configuration of the Alvotech VPS: Debian 5 64bit, and on Debian 6 64bit.

    The specs page of the vservers show that TUN/TAP is usable, but when you rent the VPS, no TUN interface is enabled.

    The first thing is to ask the support to enable it, after they say they did, you need to reboot your server through the control panel.

    Note that you don’t need any iptable rule, ip forwarding is enabled and you cannot add any iptable rule anyway, Alvotech will enable the necessary rules on the Host.

    Then enter your server through ssh and check ifconfig, you might have something like this:

    tun2391-136 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    inet addr:10.0.2.97 P-t-P:10.0.2.98 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
    RX packets:11782 errors:0 dropped:0 overruns:0 frame:0
    TX packets:8389 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:1258182 (1.1 MiB) TX bytes:5467118 (5.2 MiB)

    Great, now do:

    apt-get install openvpn

    cd /etc/openvpn

    mkdir easy-rsa

    cp -r /usr/share/doc/openvpn/examples/easy-rsa/* easy-rsa/

    cd easy-rsa/2.0/

    source ./vars

    ./clean-all

    ./build-key-server server

    ./build-key client1

    ./build-dh

    ln -s /etc/openvpn/easy-rsa/2.0/keys /etc/openvpn/keys

    cd /etc/openvpn

    Now create a file server.conf with this content:

    port 1194
    proto udp
    dev tun2391-136 #Your TUN device in ifconfig
    ifconfig 10.0.2.97 10.0.2.98 # your TUN interface settings in ifconfig
    ifconfig-noexec
    route-noexec
    keepalive 10 120
    persist-key
    persist-tun
    comp-lzo
    verb 3
    fragment 1200
    mssfix 1200
    ca keys/ca.crt
    cert keys/server.crt
    key keys/server.key
    dh keys/dh1024.pem
    user nobody
    group nogroup
    tls-server
    push “dhcp-option DNS 8.8.8.8”

    Restart openvpn:

    /etc/init.d/openvpn restart

    Now copy the ca.crt client1.crt and client1.key on your client, and create a client.conf file (or client.ovpn) with this content:

    client
    dev tun
    proto udp
    remote 88.88.88.88 1194 #your server ip address/port
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client1.crt
    key client1.key
    ns-cert-type server
    comp-lzo
    verb 3
    ifconfig 10.0.2.98 10.0.2.97 #change it according to the IPs of your TUN interface, notice it is the CONTRARY of the server config
    redirect-gateway
    fragment 1200
    mssfix 1200

    And now just run “sudo openvpn client.conf”, on Windows you might need to adjust the paths to something like this: “cert c:\\Users\\admin\\desktop\\client1.crt” (for the key+certs).

    If you need another client to connect, just ask the support another TUN device (they added one on my server), copy server.conf to server2.conf, modify the TUN interface IPs/name + change the openvpn port in server2.conf, and don’t forget to generate a second client certificate!

    Enjoy!

    (thanks to the support @ Alvotech for providing the details i was missing)