Use Putty as SOCKS proxy

I’ll need 2 programs to achieve this, assuming you already have access to a Linux box and you can connect using putty client. Need S/w packages are-

  1. Putty and
  2. SeaMonkey Browser

Follow the following steps-

  • Run Putty
  • Goto SSH > Tunnels and configure as required
    • Turn Tick ON- Local port accept connects from other hosts
    • Turn Tick ON- Remote ports do the same (SSH-2 only)
    • Type “8443” (I’ll using port 8443 to create tunnel) into “Source Port” and click “Add”. Upon hitting “Add” button the mid text box is shown as “D8443”
  • Key point here is to use “DYNAMIC” for destination section
  • Now connect to the SSH Server

Read more

Share

Install Softether VPN Client on Linux

Download and Install SoftEther VPN Client

Download SoftEther VPN Client software from their official website (https://www.softether.org).

Navigate to Download — > Download SoftEther VPN

Click on Download SoftEther VPN link.

  • Select Component : SoftEther VPN Client
  • Select Platform : Linux
  • Select CPU : Select the appropriate CPU from the Drop down

  • Click on the appropriate downloading link based on the version of the software.
  • Extract the downloaded tar.gz file. Here after I will refer the extracted folder as <vpnclient>
  • Navigate to <vpnclient>folder and open a terminal.
  • Execute make command and accept all license agreements by entering the number relevant to “Yes”. execute make command

After the completion of make command process, start the vpn client using:

Read more

Share

Softether Linux Client using Bridged with Softether VPN Server

It’s assumed that you already have a vpn server deployed in your network, created user, password and enabled bridged network during vpn server configuration. A sample snippet of VPN Server Bridge enabled is below-

So here’re the setup value-

  • On Softether Server IP- 103.146.221.30/24 and Gateway- 103.146.221.1
  • Client Server IP- 123.49.47.245/24, Gateway- 123.49.47.1 Once the server is connected to the vpn, it will be using 103.146.221.5 as bridged IP.

Let’s start.

My setup was done on Debian-10 fresh installation, should work on any linux distro though, it’s simple. The dependency packages that I needed were development tools/build-essentials and few other which were installed as below-

apt-get update
apt-get install build-essential gcc openssl apt-transport-https

Read more

Share

Softether Auto Installer on CentOS/Debian/Ubuntu (Backward compatible edition)

Softether Auto Install Script for multi platforms updated version

  • Softether VPN server latest version v4.27-9666-beta-2018.04.21
  • Revised to last known stable version due to compilation error from their latest release
  • An open source VPN project from University of Tsukuba Japan

Centos 6 or 7 x64

  • Debian 8 (jessie) (Not compatible for Debian 9 (stretch) x64 – compilation error)
  • Ubuntu 14, 15, 16 x64 (Not compatible for Ubuntu 17 and 18 x64 – compilation error)

Instruction

Choose your desired platform folder

Download installer.sh using wget or transfer to your root directory using ftp

Read more

Share

Install Pritunl on Ubuntu 16

Update your bare-bone and freshly installed Ubuntu 16 system.

sudo apt-get update && sudo apt-get upgrade

Add Pritunl’s APT repository and update the package lists:

echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" > /etc/apt/sources.list.d/mongodb-org-3.0.list
echo "deb http://repo.pritunl.com/stable/apt trusty main" > /etc/apt/sources.list.d/pritunl.list

Add repo keys for apt to validate against

apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7F0CEB10
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A

Update the package cache

sudo apt-get update

If you have a firewall running on the Linode, add exceptions for Pritunl’s Web UI and server:

sudo iptables -A INPUT -p udp -m udp --sport 9700 --dport 1025:65355 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --sport 9700 --dport 1025:65355 -j ACCEPT
sudo iptables -A INPUT -p `your protocol here` -m `your protocol here` --sport `your_port_here` --dport 1025:65355 -j ACCEPT

NoteIf you’ve configured the firewall according to the Securing Your Server guide, be sure to add these port ranges to the /etc/iptables.firewall.rules file.

Install Pritunl and its required dependencies:

sudo apt-get install python-software-properties pritunl mongodb-org

Start the Pritunl service:

sudo service pritunl start

Open a web browser on your computer, and navigate to https://123.45.67.89:9700, replacing 123.45.67.89 with your VM IP address. You will see a screen similar to this:

Read more

Share

How to Setup a Multi-Protocol VPN Server Using SoftEther

SoftEther VPN is one of the world’s most powerful and easy-to-use multi-protocol VPN software, made by the good folks at the University of Tsukuba, Japan. It runs on Windows, Linux, Mac, FreeBSD and Solaris and is freeware and open-source. You can use SoftEther for any personal or commercial use free of charge.

Step 1: Create a Virtual Server

First, you need to create a DigitalOcean Droplet. As mentioned in SoftEther’s website, SoftEther will work on almost every Linux distro with kernel v2.4 or above,; however it’s recommended to choose one of these distributions: CentOS, Fedora, or Red Hat Enterprise Linux.

Personally I have tried it on Ubuntu, CentOS and Fedora, both 32 and 64 bit editions, and it has worked perfectly.

Step 2: Update your Server Software

Using the command below, update and upgrade your server software packages to the latest version:

Debian / Ubuntu:

apt-get update && apt-get upgrade

CentOS / Fedora:

yum upgrade

Step 3: Download SoftEther

You can download the latest SoftEther server package for Linux from their website:

Download SoftEther

Unfortunately, there is no way of getting the latest version through package managers (or even using a single url) at the moment. Therefore you have to browse their website using a desktop browser to download the package. There are a couple of ways of dealing with this: First, browse their website on your own computer and then depending on your server configuration (OS, x86/x64, etc.) find the link to the appropriate package then use wget to download the package to your server. Alternatively, you can use a terminal based web browser such as lynx to browse the SoftEther website and download the right package.

Read more

Share

Setup a Site to Site IPsec VPN With Strongswan and PreShared Key Authentication

Today we will setup a Site to Site ipsec VPN with Strongswan, which will be configured with PreShared Key Authentication.

After our tunnels are established, we will be able to reach the private ips over the vpn tunnels.

Get the Dependencies:
Update your repository indexes and install strongswan:

$ apt update && sudo apt upgrade -y
$ apt install strongswan -y

Set the following kernel parameters:

$ cat >> /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 1 
net.ipv4.conf.all.accept_redirects = 0 
net.ipv4.conf.all.send_redirects = 0
EOF

$ sysctl -p /etc/sysctl.conf

Generate Preshared Key:
We will need a preshared key that both servers will use:

Read more

Share

All about VPN ports

1) If RRAS based VPN server is behind a firewall (i.e. a firewall is placed between Internet and RRAS server), then following ports need to be opened (bidirectional) on this firewall to allow VPN traffic to pass through: –

  1. For PPTP:
    1. IP Protocol=TCP, TCP Port number=1723   <- Used by PPTP control path
    2. IP Protocol=GRE (value 47)   <- Used by PPTP data path
  2. For L2TP:
    1. IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv1 (IPSec control path)
    2. IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv1 (IPSec control path)
    3. IP Protocol Type=ESP (value 50)   <- Used by IPSec data path
  3. For SSTP:
    1. IP Protocol=TCP, TCP Port number=443   <- Used by SSTP control and data path
  4. For IKEv2:
    1. IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv2 (IPSec control path)
    2. IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv2 (IPSec control path)
    3. IP Protocol Type=ESP (value 50)   <- Used by IPSec data path

Read more

Share

Install VPN PPTP Server on CentOS

In this tutorial, I will use pptp as protocol to connect to VPN server using a username and password, with 128 bit MPPE encryption. Variable as below:

OS: CentOS 6 64bit
VPN server: 209.85.227.26
VPN client IP: 209.85.227.27 – 209.85.227.30
VPN username: vpnuser
Password: myVPN$99

Install ppp via yum:

$ yum install ppp -y

Download and install pptpd (the daemon for point-to-point tunneling). You can find the correct package at this website http://poptop.sourceforge.net/yum/stable/packages/ :

$ cd /usr/local/src
$ wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm
$ rpm -Uhv pptpd-1.3.4-2.el6.x86_64.rpm

Updated rpm link-

https://lnmpp.googlecode.com/files/pptpd-1.3.4-2.el6.x86_64.rpm

Once installed, open /etc/pptpd.conf using text editor and add following line:

localip 209.85.227.26
remoteip 209.85.227.27-30

*in remoteip you can use your lan interface IP if you have dual interface.

Open /etc/ppp/options.pptpd and add authenticate method, encryption and DNS resolver value:

require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8

Lets create user to access the VPN server. Open /etc/ppp/chap-secrets and add the user as below:

vpnuser pptpd myVPN$99 *

The format is: [username] [space] [server] [space] [password] [space][IP addresses]

We need to allow IP packet forwarding for this server. Open /etc/sysctl.conf via text editor and change line below:

net.ipv4.ip_forward = 1

Run following command to take effect on the changes:

sysctl -p

Allow IP masquerading in IPtables by executing following line:

$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$ service iptables save
$ service iptables restart

Update: Once you have done with step 8, check the rules at /etc/sysconfig/iptables. Make sure that the POSTROUTING rules is above any REJECT rules.

Turn on the pptpd service at startup and reboot the server:

$ chkconfig pptpd on
$ init 6

Once the server is online after reboot, you should now able to access the PPTP server from the VPN client. You can monitor /var/log/messages for ppp and pptpd related log. Cheers!

Src: http://blog.secaserver.com/2011/10/install-vpn-pptp-server-centos-6/

 

Share