Configuring VPN-server on Ubuntu
Nowadays VPN services are particularly popular among “advanced” users in those countries, where freedom of expression and free access to information is restricted (China, Belarus, Russia and others). Leaving the politics aside, we note that the free access to information has made the Internet a popular and useful phenomenon.
Let’s try to make own VPN-server based on the simplest SSD VDS. Among the many technologies, we will use L2TP/IPSec. This type of VPN-tunnels is supported by not only the desktop operating systems, but the devices based on Apple IOS (iPhone, iPad) and Android.
First step is to order SSD VDS and choose Ubuntu as the operating system. There are no special resource requirements, so you can choose the simplest fare, with 512Mb of memory. Installing the operating system takes about 5-7 minutes, and after the installation you will receive an email with the access to VDS. Now choose any SSH-client (e.g. PuTTY) and proceed to setup.
Install the required applications:
apt-get install openswan xl2tpd ppp
During the installation process you will be asked about the key generation. Abandon the automatic key generation (select “No” in the dialog).
Using your favorite text editor (vi or nano), edit the file /etc/ipsec.conf:
It is necessary to specify the IP-address of the VDS in the parameter left=.
The next step is to add the encryption key. To do this, specify the desired key in the file /etc/ipsec.secrets (change its value to some more secret):
%any %any: PSK "TestSecret"
Now we proceed to configuring L2TP. Open the file /etc/xl2tpd/xl2tpd.conf in the editor and change its contents to the following:
ipsec saref = yes
ip range = 192.168.1.231-192.168.1.239
local ip = 192.168.1.230
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = no
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
Now setting up PPP. Our next target – the configuration file /etc/ppp/options.xl2tpd:
Our connection uses password authentication, so we need to mention it in the appropriate file – /etc/ppp/chap-secrets:
* * TestPassword *
We are done with VPN configuration, but we need to enable NAT (network address translation) in the network settings of the operating system. Open the file /etc/rc.local and specify the following command in the very beginning:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
The configuration of our VPN-server is over. Reload VDS by reboot command and after a minute you can start using our encrypted channel for Internet access. In the meantime, let’s configure our iPhone. Go to “Settings” – “VPN”, then select “Add VPN Configuration …”. Fill in the fields:
- Type of VPN – L2TP
- Description – select any convenient name, such as My VPN or ITLDC VPN
- Server – specify the IP-address of our VDS
- Account – any name
- RSA SecurID – off mode
- Password – your selected password (in our example – TestPassword)
- Secret – the encryption key (TestSecret)
The configuration of the client part is finished, select “Save”. To connect to a VPN, you should turn VPN on in the “Preferences”. Connecting to a VPN is quite fast: after a few seconds, you can enjoy all the benefits of the Internet, without any restrictions.