ZeroNet - free opensource uncensored distributed web site hosting network
+ Post New Thread
Results 1 to 2 of 2

Thread: How to setup private OpenVPN on a Linux server and Windows/Android client?

  1. #1
    Administrator
    Join Date
    Mar 2013
    Posts
    2,724

    How to setup private OpenVPN on a Linux server and Windows/Android client?

    This tutorial should help You to
    a) protect your internet communication by encryption
    b) use different IP so you hide your real IP

    You will need
    a) Linux server (starts at less than $2/month) and you can use it for many other tasks like website hosting server
    b) to install OpenVPN software on that server and on your own home computer and/or on the Android device

    ALTERNATIVES to OpenVPN: You may also skip this whole tutorial and try
    A) WireGuard which is faster than OpenVPN - Download and run WG installer on a Linux server (Dedicated server or vitual server virtualized using KVM/XEN since OpenVZ & LXC needs different approach: #1 or #2)
    Here i found another tutorials for Wireguard server + Windows client:
    https://web.archive.org/web/20210816050733/https://golb.hplar.ch/2019/07/wireguard-windows.html
    https://web.archive.org/web/20210915091556/https://www.stavros.io/posts/how-to-configure-wireguard/
    B) https://github.com/StreisandEffect/streisand but it is much more complicated, complex system.
    C) free VPN like from https://tunsafe.com/vpn (TunSafe is alternative client to OpenVPN and is claimed to be much faster, though do not have GUI Linux client)

    Most recent version of this tutorial is available when you run ZeroNet and then open this page.

    Server side OpenVPN setup

    Login to Your Linux server that you want to act as a VPN server / proxy server. If you do not have one, try Linux VPS 256MB RAM from there: https://instantcpanelhosting.com/cart.php?gid=4 (when selecting a VPS, consider its data transfer/bandwidth limits usually mentioned by the VPS seller and your current computer internet data transfer so the VPS fits) After order you will receive login details which will allow you to access your linux server command line. Following are Linux commands to run.

    cat /dev/net/tun
    (checking that tun/tap is available)

    A) It is OK if it says "cat: /dev/net/tun: File descriptor in bad state"

    B) It is bad, tun device is not available currently, it says "cat: /dev/net/tun: Operation not permitted". In case of a dedicated server, do command "modprobe tun" and then add tun into /etc/modules.conf or on RHEL into /etc/sysconfig/modules/my.modules add line "/sbin/modprobe tun". If you are on a VPS (not dedicated server), then ask your VPS provider to enable tun/tap (sometimes there is option in control panel). On OpenVZ, provider will issue command: "vzctl set CTID --devnodes net/tun:rw --capability net_admin:on --save"

    Update your system and reboot, some people including me had problems due to outdated kernel:
    Debian based Linux: sudo apt update;sudo apt upgrade;reboot
    Redhat based Linux: yum update;yum upgrade;reboot


    Then download & run Nyr's installation bash script for the Linux Debian, Ubuntu, CentOS (no centos 5.x):
    wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh


    NOTE: if you are on older OS (CentOS6, Debian 8), original installer above may fail. Use following command instead:
    wget https://raw.githubusercontent.com/Nyr/openvpn-install/c90989a0e2dbb6316e5d048f105c8615f70c6ba9/openvpn-install.sh && bash openvpn-install.sh


    Maybe worth using 443 port as it will be rarely restricted.

    If the installation ends in ERROR: "Job for [email protected]e failed because the control process exited with error code."
    Try command: sed -i 's/LimitNPROC/#LimitNPROC/g' /lib/systemd/system/[email protected];systemctl daemon-reload;systemctl restart [email protected]e;systemctl status [email protected]e
    The VPN server then should appear as active (running) which is correct. If that is wrong, try to stop that service. Maybe other service name is used: systemctl status openvpn-server*


    Disable OpenVPN server logging (after openvpn server is installed):
    for f in $(find /etc/openvpn/ -name server.conf);do sed -e '/openvpn-status.log/d' -e '/verb /d' "$f" && echo -e "log /dev/null\nstatus /dev/null\nverb 0" >> "$f"; done
    chkconfig openvpn on 2>/dev/null|| update-rc.d openvpn enable

    Check journalctl for possible service errors: journalctl -g [email protected]e|tail;echo "Time now: $(date)"
    "Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/server.service.conf"?
    If exist, then try: systemctl disable [email protected]e && systemctl stop [email protected]e
    Maybe wrong service is used. is this correct?: systemctl status openvpn-server*

    Initial installation wizard should have printed out the path to the openvpn configuration file ~/client.ovpn (/root/client.ovpn)
    Download this file (or copy its contents) to your device from which you want to be connecting to the OpenVPN server

    increase number of simultaneous connections (if you are heavy, P2P internet user):
    echo "net.netfilter.nf_conntrack_max=99000" > /etc/sysctl.d/10-conntrack-max.conf;sysctl -p /etc/sysctl.d/10-conntrack-max.conf
    Client side setup

    Windows client

    Place your .ovpn configuration file into the proper directory, C:\Program Files\OpenVPN\config, and click Connect in the GUI.

    Linux client

    openvpn --config ~/path/to/client.ovpn

    Android client

    I installed this software. And then downloaded my .ovpn file to the phone. Then open that file in phone and select VPN client you just installed to open it. It will import the file.

    ---
    After connection is established, the OS connections should be routed through the OpenVPN. If not, or internet fails, verify your proxy settings in InternetExplorer or in the app that fails to connect internet.

    If apps still can't connect internet, try to switch to the server and discover your network interface name (usually eth0 or venet0):
    route|grep default|awk '{print $8}'

    Then execute command on the server:
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
    (i used venet0 as im on the OpenVZ VPS, to discover yours interface name, run command mentioned few lines above)

    How to prevent your OS leaking real IP when OpenVPN is down?

    When OpenVPN app crash or not started, computer can connect internet directly revealing your true identity and transfer data unencrypted. To prevent this, you need to configure your computer Firewall. Click here for windows and or here for Linux.

    How to open port for P2P etc. to become active peer connectable from outside?

    Also called port forwarding. Details are on this page (will work once you run this ZeroNet software).

    ----------------------------------------
    How to setup torrent client to work with OpenVPN? https://internetlifeforum.com/security/6552-how-make-qbittorent-working-openvpn/izer

  2. #2
    Junior Member JohnnyD's Avatar
    Join Date
    Feb 2020
    Posts
    2
    It can be difficult to make it work on some devices, but here is a step-by-step tutorial for OpenVPN on Android illustrated with screenshots. Should probably be the same method to setup VPN on all new versions of Android.

+ Post New Thread

Similar Threads

  1. Replies: 0
    Last Post: 04-20-2018, 09:20 PM
  2. Replies: 0
    Last Post: 03-30-2017, 11:38 PM
  3. Replies: 1
    Last Post: 01-24-2017, 05:23 AM
  4. Windows VPS (Virtual private server) with Free Setup?
    By sujalpatel in forum VPS Hosting
    Replies: 1
    Last Post: 07-22-2016, 09:17 AM
  5. Replies: 0
    Last Post: 02-15-2016, 03:06 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
 Protected by : ZB BLOCK  &  StopForumSpam