Run your own VPN

First, go to www.ramnode.com, sign up for an OpenVZ SSD VPS in Seattle. They will email you login details as soon as you've paid. Pick Ubuntu 12.04 as OS. Enter whatever you want as the hostname (it'll be the name of the server - not its address).

Lines starting with "#" are an indication that you are entering commands as root (admin), unless otherwise stated.

Where you see "123.456.78.90" in the instructions below, replace it with the IP address of your own server.

Login to the SolusVM CP, shutdown the VPS. At the bottom of the page you have a few tabs of options: Restart the VPS.
 * enable TUN/TAP
 * enable PPP
 * change the root password

Connect to the VPS with your SSH client (Terminal on Mac, putty on windows). ssh root@123.456.78.90

Run the following commands - it removes the rubbish installed by default, installs the VPN stuff needed, and upgrades everything to the latest version:
 * 1) apt-get autoremove sendmail-bin sendmail-cf sendmail-doc apache2.2-bin apache2-doc samba-common-bin samba-common


 * 1) apt-get update


 * 1) apt-get install pptpd


 * 1) apt-get upgrade -y

Edit the VPN connection settings:


 * 1) cd /etc/


 * 1) vi sysctl.conf

Enable ipv4 port forwarding, by uncommenting this line:

net.ipv4.ip_forward=1


 * 1) vi pptpd.conf

At the bottom of the file, enter these 2 lines:

localip 192.168.10.1 remoteip 192.168.10.10-100


 * 1) cd /etc/ppp/


 * 1) vi pptpd-options

At the bottom of the file, enter these 4 lines:

ms-dns 8.8.8.8 noipx mru 1440 mtu 1440


 * 1) vi ip-up.local

(Note: first line is a comment, not a command) /sbin/ifconfig $1 mtu 1440
 * 1) !/bin/bash
 * 1) uncomment the next 4 lines to restrict each user to 1 login session:
 * 2) REALDEVICE=$1
 * 3) USER=`cat /dev/shm/pptpd-users/$REALDEVICE.new`
 * 4) cp "/var/run/$REALDEVICE.pid" /dev/shm/pptpd-users/$USER
 * 5) rm "/dev/shm/pptpd-users/$REALDEVICE.new"


 * 1) chmod +x ip-up.local

Create a user:
 * 1) vi chap-secrets

username * password *

(Tab after each field)

Reboot the VPS:
 * 1) reboot

Create a VPN connection on your device, use the server IP address from the SolusVM CP, and the username and password you just created.

Try to connect; every time I've done the above the first connection attempt has always failed, but then starts working, so don't panic if it doesn't work first time. If it keeps failing, you've done something wrong.

Finally, setup the routing. SSH into your server.


 * 1) cd /usr/local/bin/


 * 1) vi vmfw

(NOTE: This is the entire contents of the file, the # lines are comments, not commands) iptables -F iptables -F -t nat iptables -X iptables -P INPUT DROP iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -p gre -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o venet0 -j SNAT --to-source 123.456.78.90
 * 1) !/bin/bash
 * 1) reset
 * 1) default policy
 * 1) openvz policy
 * 1) open ports
 * 1) vpn routing

Make the script executable:
 * 1) chmod +x vmfw

Enable it at boot:
 * 1) cd /etc/


 * 1) vi rc.local

Enter this line above "exit 0": /usr/local/bin/vmfw

Reboot:
 * 1) reboot

You're good to go. Hopefully you haven't locked yourself out of the server with the iptables rules above.

Notes:


 * you don't have to use RamNode; any provider that allows TUN/TAP + PPP on OpenVZ should work without drama. google "low end box" for cheapo providers (you'll get what you pay for).


 * the same instructions on Debian don't work, stick to Ubuntu. 12.10, 12.04, no matter.


 * to add users, edit the "/etc/ppp/chap-secrets" file, just add entries to it. the passwords are in plain text, so be sensible. you can use www.pctools.com to generate random passwords.


 * it would be a good idea to install fail2ban, to change the SSH port to a different one, and to add a non-root user, so you can disable remote root login. google for that stuff, or ask someone for help.


 * you can point a domain to your server IP address; an A record is enough, anywhere that sells or hosts domains will get you sorted out, or you can use DynDNS.


 * if it all goes wrong, just reinstall Ubuntu 12.04 from the SolusVM CP.


 * poor performance could be due to the mru/mtu settings. 1440 for both gave me the best results. adjust the values by +/-20 increments in all 3 places to suit - once again, google is your friend for this.