With the constant changes of city and country that I have had lately, I have had to use a lot of free Wi-Fi networks (even now I'm connected from a wifi that I got the key thanks to aircrack-ng, airmon-ng, airdump-ng, aireplay-ng which were already installed in Kali Linux), The problem is that these connections can compromise my information and we do not know who can be connected and make me know on the network. A solution to this problem is the one raised long ago by let's use linux en How to surf safely on open Wi-Fi networks, but there is also the possibility of solving it using a VPN, of which there are many free and paid ones that are easy to use and install, each with its pros and cons, but we can also create our own VPN server on Ubuntu, Debian and Centos.
Looking for the solution to this problem and prioritizing using a VPN that would give me other advantages, I managed to find a script that allows us to build a VPN server automatically with little interaction with the user.
What is the server configuration script?
It's a shell script allowing automatically configure a VPN server over IPsec in Ubuntu, Debian and CentOS quickly and easily, plus supports IPsec / L2TP and Cisco IPsec protocols. The user just needs to provide their own VPN credentials and let the script do the rest.
The server VPN over IPsec It encrypts network traffic, so that data cannot be eavesdropped while there is communication between the user and the VPN server. This is especially useful when using unsecured networks, for example in coffee shops, airports, or hotel rooms.
The script uses freewan which is an implementation of IPsec for Linux y xl2tpd which is a L2TP provider.
The script can be used on any dedicated server or Virtual Private Server (VPS). Furthermore, it can be used directly as "user data" of Amazon EC2 For the launch of a new instance, this feature makes it ideal because it allows me to have a VPN up and running at any time and helps me take advantage of Amazon's offer of one year free of their VPS.
Features of the VPN over IPsec server configuration script
- Configuration of a fully automated VPN over IPsec server, without user intervention
- Supports the fastest protocol
IPsec/XAuth ("Cisco IPsec") - Available docker images from the VPN server
- Encapsulates all VPN traffic in UDP - ESP protocol is not required
- It can be used directly as "user data" for new Amazon EC2 instances
- Automatically determine the Public IP and Private IP of the server
- Includes basic IPTables rules and allows you to adjust the
sysctl.conf - Tested on Ubuntu 16.04 / 14.04 / 12.04, Debian 8 and CentOS 6 & 7
VPN over IPsec server configuration script requirements
A Dedicated Server or Virtual Private Server (VPS) is required, although it is recommended to use an instance of Amazon EC2, using one of these AMIs:
- Ubuntu 16.04 (Xenial), 14.04 (Trusty) or 12.04 (Precise)
- Debian 8 (Jessie) EC2 Images
- CentOS 7 (x86_64) with Updates
- CentOS 6 (x86_64) with Updates
Installing the VPN over IPsec server configuration script
Installing the VPN over IPsec server configuration script on Ubuntu and Debian
The first thing you should do is update your system, for this run the following commands apt-get update && apt-get dist-upgrade and reboot.
To install the VPN, please select one of the following options:
Option 1: Generate the VPN credentials at random, which can be viewed when the installation is complete
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
Option 2: Edit the script and provide your own VPN credentials
wget https://git.io/vpnsetup -O vpnsetup.sh nano -w vpnsetup.sh [Replace with your values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD] sudo sh vpnsetup.sh
Option 3: Define VPN credentials as environment variables
# All values must be enclosed within 'single quotes'
# Do not use these characters within the values: \ "'
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo \ VPN_IPSEC_PSK ='your_ipsec_pre_shared_key' \ VPN_USER ='your_vpn_username' \ VPN_PASSWORD ='your_vpn_password' sh vpnsetup.sh
Installing the VPN over IPsec server configuration script on Centos
The first thing you should do is update your system, for this run the following commands yum update and reboot.
Follow the same steps as in Ubuntu and Debian, but substituting https://git.io/vpnsetup by https://git.io/vpnsetup-centos.
Conclusions on the VPN over IPsec server configuration script
Well, once we have our VPN installed, we must connect to it through a VPN client, I recommend that we use OpenVPN, which we can install with the package manager of our distribution. That in the case of Debian and derivatives we can do it in the following way:
sudo apt-get install openvpn
This is a very elegant solution to connect to the internet in a safe way and have our own VPN which can also be used to
- Access a work or home network when you are traveling.
- Hide browsing data.
- Enter geo-blocked sites.
- And many other uses
And that's all guys, I hope you enjoy it and get it going. If all of this has seemed complicated to you and you prefer to keep things simple, you can always hire a VPN like Hidemyass, which in addition to having good reviews, offers very good offers for new users.
Why did they cross out the part where he admits to having committed a crime? jajajjajajajjaja
Hello friend, I have managed to install the VPN in an Amazon instance with ubuntu, but now what I cannot do to connect to the installed VPN, I think it is necessary to add the ports in the instance at the moment I have achieved that they are these: open TCP port 1723 and also open the protocol with ID 47 (GRE).
For L2TP you have to open TCP port 1701; If you are going to use IPSec, you must open the UDP port 500 and the protocols of ID 50 (IPSec ESP) and 51 (IPSec AH), once I have added them I verify with netstat -ntpl in the instance but it does not Come be active, could you give me a hand please?
For servers with an external firewall (for example EC2), you must open UDP ports 500 and 4500, and TCP port 22 (for SSH).
To open additional ports on the server, edit /etc/iptables.rulesy / or /etc/iptables/rules.v4(Ubuntu / Debian), or / etc / sysconfig / iptables (CentOS). And restart the Server, although EC2, the convenient thing is with the external firewall.
"The Freedom of the Code is directly proportional to the Growth of an Organization", an excellent statement.
Thanks for the great script.
I have managed to install it and it works with Iphone and Android, but I don't know how to use openVPN in linux as a client.
The server I have installed in Ubuntu 16.04 terminal.
Help please
Hello, how do I make it work with a dynamic ip?
subscribe to noip.com in free version.
Hello, my name is Oscar, I have installed this VPN server on my Linux server in a VPS, and my security study after 24 hours, is that it performs attacks, Smurf, performs connection scans and tries to intercept data, it only seems to be able to intervene All the keys that use non-secure protocols, that is, any connection that does not use encryption, immediately after I noticed, I closed my VPN connection and reset the VPS, since I created a restore point before starting this process.
I expose all this so that the author and / or reader of this article who reads these comments is precarious when installing this VPN server, I say it all in good faith, and I thank the author for taking his time in writing this article.
A greeting.
when I do ifconfig tun0 it gives me this error
Error fetching interface information: Device not found
Now I know why I don't use VPN…. because it is not easy and it is tedious to configure it. Is there not a simpler and more graphic way to do it?