Tag: VPN

Posted on

How to install and configure shadowsocks in ubuntu machine

shadowsocks wpcademy

Installing and configuring Shadowsocks on an Ubuntu machine involves several steps, including updating the system, installing necessary dependencies, downloading and setting up Shadowsocks, and configuring it to run as a service. Here’s a step-by-step guide to help you through the process:

Step 1: Update the System

First, ensure your system is up to date:

sudo apt update
sudo apt upgrade -y

Step 2: Install Necessary Dependencies

Shadowsocks requires Python and pip (Python package manager). Install them with:

sudo apt install python3 python3-pip -y

Step 3: Install Shadowsocks

Use pip to install Shadowsocks:

sudo pip3 install shadowsocks

Step 4: Configure Shadowsocks

Create a configuration file for Shadowsocks. The default location for the configuration file is /etc/shadowsocks/config.json. You might need to create the directory first:

sudo mkdir -p /etc/shadowsocks

Then create the configuration file:

sudo nano /etc/shadowsocks/config.json

Here’s a sample configuration:

{
    "server": "0.0.0.0",
    "server_port": 8388,
    "local_address": "127.0.0.1",
    "local_port": 1080,
    "password": "your_password",
    "timeout": 300,
    "method": "aes-256-cfb",
    "fast_open": false
}

Replace "your_password" with a strong password. You can also adjust the "server_port" and "method" as needed.

Step 5: Run Shadowsocks

To start Shadowsocks manually, use the following command:

sudo ssserver -c /etc/shadowsocks/config.json

Step 6: Configure Shadowsocks to Run as a Service

To ensure Shadowsocks starts automatically on system boot, create a systemd service file:

sudo nano /etc/systemd/system/shadowsocks.service

Add the following content to the file:

[Unit]
Description=Shadowsocks Proxy Server
After=network.target

[Service]
ExecStart=/usr/local/bin/ssserver -c /etc/shadowsocks/config.json
Restart=on-failure

[Install]
WantedBy=multi-user.target

Save and close the file. Then, enable and start the Shadowsocks service:

sudo systemctl enable shadowsocks
sudo systemctl start shadowsocks

Step 7: Verify the Service

Check the status of the Shadowsocks service to ensure it is running correctly:

sudo systemctl status shadowsocks

If everything is set up correctly, the status should indicate that Shadowsocks is active and running.

Additional Configuration

For enhanced security and performance, consider configuring additional settings such as:

Firewall Rules: Allow the Shadowsocks server port through the firewall.

sudo ufw allow 8388/tcp
sudo ufw allow 8388/udp
sudo ufw enable
  • Optimizations: Adjust TCP settings or use fast_open if your kernel supports it.

By following these steps, you should have a fully functional Shadowsocks server running on your Ubuntu machine.

Read more from Shadowsocks documentation

Posted on

How To Install OpenVPN on Ubuntu 16.04 LTS

Install OpenVPN on Ubuntu 16

OpenVPN is an open source application which is widely used to create secure virtual private networks over the unsecured public Internet. OpenVPN is an SSL VPN solution which drains your system connection securely through the Internet. OpenVPN functions in the client server structure. All the devices connected to a virtual private network act as if they’re linked to your local area network. The packets sent through the VPN tunnel are encrypted with 256 bit AES encryption making data theft impossible.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation OpenVPN open source virtual private network on a Ubuntu 16.04 (Xenial Xerus) server.

Install OpenVPN on Ubuntu 16.04 LTS

Step 1. First make sure that all your system packages are up-to-date by running these following apt-get commands in the terminal.

sudo apt-get update
sudo apt-get upgrade

Step 2. Installing OpenVPN on Ubuntu 16.04.

Install OpenVPN using following command:

apt-get install openvpn easy-rsa

Step 3. Setting Certificate Authority.

The OpenVPN server uses certificates to encrypt traffic between the server and various clients. Thus, we need to set up a certificate authority (CA) on the VPS to create and manage these certificates:

make-cadir ~/openvpn-ca
cd ~/openvpn-ca

We’ll be editing some variables toward the end of the file:

nano vars

Change them according to your needs:

# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="NewYork"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="[email protected]"
export KEY_OU="MyOrganizationalUnit"

# X509 Subject Field
export KEY_NAME="chedelics"

If there aren’t any errors, you’ll see the following output:

source vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /home/user/openvpn-ca/keys

Now we can clean up the environment and then build up our CA:

./clean-all
./build-ca

Congratulation…..New RSA key will be created, and you’ll be asked to confirm the details you entered into the vars file earlier. Just hit Enter to confirm.

Step 4. Generating a server key and certificate.

Run the command below in the current directory:

./build-key-server server

We will also need to create a Diffie-Hellman file. Creation of this file will depends on the length of the key. For this default we will use 2048 bit key but you can always change it by editing the vars file in the easy-rsa folder:

./build-dh

Finally, you need to generate an HMAC signature to strengthen the certificate:

openvpn --genkey --secret keys/ta.key

Step 5. Create the client public/private keys.

This process will create a single client key and certificate:

source vars
./build-key client1

Step 6. Configure the OpenVPN server.

We will now configure the OpenVPN server:

cd ~/openvpn-ca/keys
cp ca.crt ca.key vpnserver.crt vpnserver.key ta.key dh2048.pem /etc/openvpn

Next, extract a sample OpenVPN configuration to the default location:

gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf

Now edits to the configuration file:

nano /etc/openvpn/server.conf

Paste the configurations below (you may change the values of port etc.):

local 192.168.77.20
port 443
proto tcp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
#-ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 4.2.2.1"
keepalive 2 30
comp-lzo
persist-key
persist-tun
status 443status.log
log-append 443log.log
verb 3

Save the file and enable and start the OpenVPN service:

systemctl enable openvpn@server
systemctl start openvpn@server

Step 7. Configure Iptables for OpenVPN.

We will need to enter some iptable rules to enable internet on the client machine:

sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
sudo apt-get install iptables-persistent

Congratulation’s! You have successfully installed OpenVPN. Thanks for using this tutorial for installing OpenVPN server on Ubuntu 16.04 LTS (Xenial Xerus) system. For additional help or useful information, we recommend you to check the official OpenVPN web site.