After being bored with the usual movies in the TV Channel in Indonesia, I just remember that I have an account on Hulu.com, and want to watch another movies on there again 🙂
So, after doing some search on the LowEndBox, LowEndTalk and WHT, here is some VPS Provider list in the US which I choose for running an OpenVPN Server :
- Stylexnetworks
- VPSCheap.net ( Unmetered 10mbps )
- CatalystVPS ( Unmetered 100mbps )
Maounique also giving me a free SSH Tunnel under BudgetVM VPS, thank’s Mao 🙂
And for setting up the OpenVPN Server, we can use the following tutorials in a VPSCheap.net vps :
|
1 2 3 4 5 6 7 8 |
System Resources : 2 CPU Cores Memory 128MB Burstable 256MB Disk Space 10GB Bandiwdth Unmetered 10mbps 1 IPv4 and 1 IPv6 SolusVM / OpenVZ |
Update, upgrade and installing OpenVPN
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# apt-get update && apt-get upgrade && apt-get install openvpn Hit http://security.debian.org squeeze/updates Release.gpg Ign http://security.debian.org/ squeeze/updates/contrib Translation-en Ign http://security.debian.org/ squeeze/updates/main Translation-en Ign http://security.debian.org/ squeeze/updates/non-free Translation-en Hit http://security.debian.org squeeze/updates Release Hit http://security.debian.org squeeze/updates/main i386 Packages Hit http://security.debian.org squeeze/updates/contrib i386 Packages Hit http://security.debian.org squeeze/updates/non-free i386 Packages Hit http://ftp.debian.org squeeze Release.gpg Ign http://ftp.debian.org/debian/ squeeze/contrib Translation-en Ign http://ftp.debian.org/debian/ squeeze/main Translation-en Ign http://ftp.debian.org/debian/ squeeze/non-free Translation-en Hit http://ftp.debian.org squeeze Release Hit http://ftp.debian.org squeeze/main i386 Packages Hit http://ftp.debian.org squeeze/contrib i386 Packages Hit http://ftp.debian.org squeeze/non-free i386 Packages Reading package lists... Done Reading package lists... Done Building dependency tree Reading state information... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: liblzo2-2 libpkcs11-helper1 openvpn-blacklist Suggested packages: resolvconf The following NEW packages will be installed: liblzo2-2 libpkcs11-helper1 openvpn openvpn-blacklist 0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded. Need to get 1606 kB of archives. After this operation, 3744 kB of additional disk space will be used. Do you want to continue [Y/n]? Get:1 http://ftp.debian.org/debian/ squeeze/main liblzo2-2 i386 2.03-2 [62.4 kB] Get:2 http://ftp.debian.org/debian/ squeeze/main libpkcs11-helper1 i386 1.07-1 [43.8 kB] Get:3 http://ftp.debian.org/debian/ squeeze/main openvpn-blacklist all 0.4 [1068 kB] Get:4 http://ftp.debian.org/debian/ squeeze/main openvpn i386 2.1.3-2+squeeze1 [432 kB] Fetched 1606 kB in 9s (172 kB/s) Preconfiguring packages ... Selecting previously deselected package liblzo2-2. (Reading database ... 22852 files and directories currently installed.) Unpacking liblzo2-2 (from .../liblzo2-2_2.03-2_i386.deb) ... Selecting previously deselected package libpkcs11-helper1. Unpacking libpkcs11-helper1 (from .../libpkcs11-helper1_1.07-1_i386.deb) ... Selecting previously deselected package openvpn-blacklist. Unpacking openvpn-blacklist (from .../openvpn-blacklist_0.4_all.deb) ... Selecting previously deselected package openvpn. Unpacking openvpn (from .../openvpn_2.1.3-2+squeeze1_i386.deb) ... Setting up liblzo2-2 (2.03-2) ... Setting up libpkcs11-helper1 (1.07-1) ... Setting up openvpn-blacklist (0.4) ... Setting up openvpn (2.1.3-2+squeeze1) ... Restarting virtual private network daemon.:. |
Configuring OpenVPN
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# cp -r /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn # cd /etc/openvpn/easy-rsa/2.0 # chmod 755 * # source ./vars # ./vars # ./clean-all # ./build-ca Generating a 1024 bit RSA private key .........................................................................++++++ ..........++++++ writing new private key to 'ca.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]:ID State or Province Name (full name) [CA]:WJ Locality Name (eg, city) [SanFrancisco]:Bandung Organization Name (eg, company) [Fort-Funston]:www.bsie.net Organizational Unit Name (eg, section) []:VPN Common Name (eg, your name or your server's hostname) [Fort-Funston CA]:www.bsie.net Name []:BSIE Email Address [me@myhost.mydomain]:info@bsie.net # ./build-key-server server Generating a 1024 bit RSA private key ......................++++++ ..........................++++++ writing new private key to 'server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]:ID State or Province Name (full name) [CA]:WJ Locality Name (eg, city) [SanFrancisco]:Bandung Organization Name (eg, company) [Fort-Funston]:www.bsie.net Organizational Unit Name (eg, section) []:VPN Common Name (eg, your name or your server's hostname) [server]:www.bsie.net Name []:BSIE Email Address [me@myhost.mydomain]:info@bsie.net Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:www.bsie.net Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName          :PRINTABLE:'ID' stateOrProvinceName  :PRINTABLE:'WJ' localityName         :PRINTABLE:'Bandung' organizationName     :PRINTABLE:'www.bsie.net' organizationalUnitName:PRINTABLE:'VPN' commonName           :PRINTABLE:'www.bsie.net' name                 :PRINTABLE:'BSIE' emailAddress         :IA5STRING:'info@bsie.net' Certificate is to be certified until Oct 19 04:26:06 2022 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated # ./build-dh Generating DH parameters, 1024 bit long safe prime, generator 2 This is going to take a long time ....+........................++*++*++* |
Enabling Port Forwarding
|
1 |
# echo 1 > /proc/sys/net/ipv4/ip_forward |
Setting up the IPTABLES
|
1 |
# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to your.vps.ip.address |
Saving IPTABLES to file
|
1 |
# iptables-save > /etc/iptables.conf |
Restoring IPTABLES at each boot
|
1 |
# nano /etc/network/if-pre-up.d/iptables |
Insert the following code :
|
1 2 |
#!/bin/sh iptables-restore < /etc/iptables.conf |
Press Ctrl+O to save the file
Press Ctrl+X to exit from nano editor
Set the file so it can be executed
|
1 |
# chmod +x /etc/network/if-pre-up.d/iptables |
Configuring OpenVPN Server configuration /etc/openvpn/openvpn.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
local your.vps.ip.address port 1194 proto udp dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ca ca.crt cert server.crt key server.key dh dh1024.pem plugin /etc/openvpn/openvpn-auth-pam.so /etc/pam.d/login client-cert-not-required username-as-common-name server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 4.2.2.1" keepalive 5 30 comp-lzo persist-key persist-tun status 1194.log verb 3 |
Configuring OpenVPN Client configuration client.ovpn
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
client dev tun proto udp #- protocol remote your.vps.ip.address 1194 resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ca ca.crt auth-user-pass comp-lzo verb 3 |
Adding username and set the password
|
1 2 |
# useradd erawanarifnugroho # passwd erawanarifnugroho |
Copying certificate and needed files
|
1 |
# cp -r /etc/openvpn/easy-rsa/2.0/keys/* /etc/openvpn/ |
Start your OpenVPN Server
|
1 |
# service openvpn start |
Download all of your files from /etc/openvpn and copy it to your OpenVPN installation in directory “config”.
Now you have your own OpenVPN server ready for watching hulu :). It will ask for your username and password when connecting to the OpenVPN server
If you need the openvpn-auth-pam.so, you can download it here
Bagus tutorialnya. 😀