openvpn udp over tcp via SSH IP Tunnel

openvpn udp over tcp via SSH IP Tunnel

tonight, i make a simple test to make udp over tcp with ssh IP tunnel, main tools is pppd and ssh connection. by this ways, you can transfer udp over tcp, but its too slow, then to raise its performance, i put openvpn udp. The speed is good enough for me. 

before you use it, you need to know that i put 3 level compressions. Two in pppd and one in ssh. On pppd i use deflate and bsdcomp, and on ssh i put -C options. These are needed because we make 3 pipes to make this connection / tunnel.

by this methods, you will get increase your mobile internet speed significantly, but i NOT RECOMMEND for high speed connection such LTE or FO/FTTH connection, it will make slower. So, its effectively as your solution if  you just have more than 5 mbps. why ?, because it ANOMALY there. See on pppd manual here : 

Compression methods.
********************

This package supports two packet compression methods: Deflate and BSD-Compress. Other compression methods which are in common use include Predictor, LZS, and MPPC. These methods are not supported for two reasons - they are patent-encumbered, and they cause some packets to expand slightly, which pppd doesn't currently allow for. BSD-Compress is also patent-encumbered (its inclusion in this package can be considered a historical anomaly :-) but it doesn't ever expand packets. Neither does Deflate, which uses the same algorithm as gzip.

how it works ?

first of all, we make pppd connection over ssh. I recently uploaded on this. 

secondly, we put openvpn udp on it.

why SSH IP Tunnel ?

main reason is, i need to make this connection FREE, so i need to make socket connection to bypass the proxy. The ssh ip tunneling will run with sock proxy.

to bypass the proxy, you can make simple program to modify the header, you can see here.

Why openvpn UDP ?

its very fast connection, running as speed boster. In the end of this experiment, you will get 2 tun-interfaces.

the result on speedtest.

bare connection : (without tunnel)
http://www.speedtest.net/result/3333628291.png

+SSH IP tunnel
http://www.speedtest.net/result/3333641416.png

+SSH IP tunnel + OpenVpn UDP
http://www.speedtest.net/result/3333654874.png

+OpenVpn UDP

http://www.speedtest.net/result/3333673088.png

Tools 

you can make ssh tunnel with this account. 

Read more ...

[SOLVED] ERROR: unable to download video

when you download with youtube-dl, you get an error as this :

[youtube] Setting language
[youtube] pgEFfZOV9GQ: Downloading video webpage
[youtube] pgEFfZOV9GQ: Downloading video info webpage
[youtube] pgEFfZOV9GQ: Extracting video information
[youtube] pgEFfZOV9GQ: Encrypted signatures detected.

ERROR: unable to download video

then you try to solve by this command : 

sudo youtube-dl -U

you just get this message : 

It looks like you installed youtube-dl with a package manager, pip, setup.py or a tarball. Please use that to update.

well, the solution is :

sudo pip install --upgrade youtube-dl

Downloading/unpacking youtube-dl from https://pypi.python.org/packages/source/y/youtube_dl/youtube_dl-2014.02.26.tar.gz#md5=941720c118544cb0d00dde072b8667f7

  Downloading youtube_dl-2014.02.26.tar.gz (311kB): 311kB downloaded

  Running setup.py egg_info for package youtube-dl

    

Installing collected packages: youtube-dl

  Found existing installation: youtube-dl 2013.08.29

    Uninstalling youtube-dl:

      Successfully uninstalled youtube-dl

  Running setup.py install for youtube-dl

    

    Installing youtube-dl script to /usr/local/bin

Successfully installed youtube-dl

Cleaning up...

then everything will run properly.

Read more ...

inject links

i want to share this link so they can try to make their own "header inject", some of this links may have been blocked by broadband mobile provider, but some others is still ok.

Read more ...

install openvpn webmin ubuntu

here's simpler ways to use server as vpn server, you just need install webmin then everything will be run as you want. Let's start :

install openvpn and webmin

add webmin repository on your source list (/etc/apt/sources.list)

deb http://download.webmin.com/download/repository sarge contrib

add key and update repository

sudo wget http://www.webmin.com/jcameron-key.asc

sudo apt-key add jcameron-key.asc

sudo apt-get update

install openvpn and webmin

sudo apt-get install openvpn webmin

install openvpn gui admin web

download openvpn admin module : here 

log into : https://your_vpnserver_ip:10000 

go to "module index" => install module 

go to "OpenVpn + CA" =>  "Certification Authority list" then create new CA

go to "OpenVpn + CA" =>  "Certification Authority list" then click on "key list" to create server key, don't forget to choose "key server" type is "SERVER"

go to "OpenVpn + CA" =>  "Certification Authority list" then click on "key list" to create client key, don't forget to choose "key server" type is "CLIENT"

go to "OpenVpn + CA" =>  "vpn list" then create new vpn

save and start your vpn

Openvpn Client setup 

go to "vpn server list" => Client list 

create new client, then export the configuration file 

then you are ready to connect with openvpn gui client. 

if you want to remove the client, you may remove it from that menu.

setup your routing table

edit your /etc/sysctl.conf and make sure that ip_forward is  1  (un comment it)

net.ipv4.ip_forward=1

change your vpn server routing table

sudo echo 1 > /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o tun0 -m state –state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT 

Read more ...

simple vpn over ssh

some people write a simple trick to make vpn connection over ssh tunnel without additional program or authentication files such ta, cert, ca etc.

on linux, pppd and ssh are commonly used. So you can try this trick :

PPPD is /usr/sbin/pppd
SSH is /usr/bin/ssh

${PPPD} updetach noauth passive pty "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -l${SERVER_USERNAME} -o Batchmode=yes sudo ${PPPD} nodetach notty noauth" ipparam vpn ${CLIENT_IFIPADDR}:${SERVER_IFIPADDR}

before you do this trick, make sure that :
you ssh connection is running with batch mode, you need to make ssh-keygen on your client, then put the key to the server authorized keys.

after you do this trick, if you want to re-route your traffic to vpn server, you need to run :
1. routing on server :
iptables -t nat -A POSTROUTING -s [your_vpn_client_ip] -d 0/0 -j MASQUERADE

2. routing on client
route add default gw [your_vpn_server_ip] 

Read more ...

get free internet zero balance with default home page

First of all, i want to show you some vulnerable internet connection on mobile internet broadband provider, its depend on your service / internet plan.

I've test this trick with ZERO balance, its ABSOLUTELY  FREE !!!

How It Works

• when you connect with tour mobile modem, it will get default intenet-plan (or just as your profile, set on your APN).
• every internet-plan / connection-profile, have one (or more) free page. (such as default home page. etc, let say : "wap.vodafon.com" )
• default home page commonly use this method "^wap.vodafon.com*"  (style in ereg)
• you can create your own dns A record in your domain (or free domain) precedes by the bugs.
• the simple server, will make you pass internet provider proxy using this bugs, then open one port (as http-proxy)
• you can use the new http-proxy to make vpn connection, so you are free.

How to get bugs

to get bugs, just visit their official web site, then grap information about these :

• default home page (as bugs)
• proxy address and port (put it on simple server config)
• apn and user password (to set your mobile modem)

Start your free internet mobile with zero balance

setup your own DNS forward

get the bugs, and setup your simple server config

connect your vpn (via http proxy of simple server)

taraaaaa..... you are free noww....  

TCP Connection stable enough for me ... 

Tools 

simple server

openvpn account tcp (password : trial5)
ssh tunnel account

Read more ...

install openvpn admin gui web base administration part 1

there are so many openvpn administration software, there are : 

• http://openvpncertmgmt.sourceforge.net/ 
• http://sourceforge.net/projects/openvpn-admin/?source=recommended
• http://sourceforge.net/projects/openvpn-control/?source=recommended
• http://www.bytemine.net/en/bytemine-manager
• http://sourceforge.net/projects/openvpn-control/files/?source=navbar

but, today i will share my experience installing purplenet, i think its better, ok lets start.

A. install purplenet openvpn server gui administration 

apt-get install bridge-utils vlan ebtables openvpn libapache2-mod-python postgresql python-psycopg2 python-django 

note: 

if you want to install by your self independently, you can use this way : 

wget http://www.djangoproject.com/download/1.1.1/tarball/
tar zxf Django-1.1.1.tar.gz
cd Django-1.1.1

sudo cp -pr django /usr/local/lib/python2.5/site-packages/

then

python setup.py

B. Create Database for purplenet

sudo -u postgres createuser -S -D -R -l -P -E purplenet
sudo -u postgres createdb --encoding=UTF-8 --owner=purplenet purplenetdb

edit your hba

vim /etc/postgresql/9.1/main/pg_hba.conf

just like this :

host purplenetdb purplenet 127.0.0.1/32 md5
or 
host    all         all         127.0.0.1/32          md5

C. Install Purplenet
wget http://sourceforge.net/projects/purplenet/files/purplenet-0.7.2/purplenet-0.7.2.tar.bz2/download
bzip2 -dc purplenet-0.7.2.tar.bz2 | tar xf -
mkdir -p /opt
sudo cp -r purplenet-0.7.2 /opt
sudo ln -s /opt/purplenet-0.7.2 /opt/purplenet

edit your seting.py
cd /opt/purplenet/purplenet
sudo cp settings.py.dist settings.py
vim /opt/purplenet/purplenet/settings.py

ADMINS = (
        ('Firstname Surname', 'firstname.surname@yourdomain'),
)

DATABASE_ENGINE = 'postgresql_psycopg2'
DATABASE_NAME = 'purplenetdb'
DATABASE_USER = 'purplenet'
DATABASE_PASSWORD = 'yourpassword'
DATABASE_HOST = '127.0.0.1'
DATABASE_PORT = '5432'
MEDIA_ROOT = '/opt/purplenet/media'
MEDIA_URL = 'http://servername/purplenet/media/'
ADMIN_MEDIA_PREFIX = '/purplenet/media/admin/'
SECRET_KEY = 'yourSecretKey'
LOGIN_URL = '/purplenet/login/'
TEMPLATE_DIRS = (
       '/opt/purplenet/templates',
)
FIXTURE_DIRS = (
      '/opt/purplenet/fixtures'
)
PURPLENET_LOGOUT_URL = "http://servername/"
PURPLENET_SETUP_KEY = "yourOtherSecretKey"

edit your mkca.conf and openssl template

vim /opt/purplenet/libpurplenet/mkca.cnf
countryName_default = US

localityName_default            = Montreal
organizationName_default        = SuperFastVPN
organizationalUnitName_default  = vpn

vim /opt/purplenet/templates/mkca/openssl.cnf

countryName_default             = US
localityName_default            = Montreal
organizationName_default        = SuperFastVPN
organizationalUnitName_default  = vpn

D. Create Database purplenet

cd /opt/purplenet
source env.sh
manage syncdb

.....

You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (Leave blank to use 'someuser'): administrator
E-mail address: firstname.surname@organisation.com
Password: 
Password (again): 
Superuser created successfully.
Installing index for auth.Permission model
Installing index for auth.Message model
Installing index for admin.LogEntry model

....

this user will use to setup purplenet web.

E. Configure Apache

vim /etc/apache2/sites-available/default.

<Location /purplenet>
     SetHandler python-program
    PythonHandler django.core.handlers.modpython
     SetEnv DJANGO_SETTINGS_MODULE purplenet.settings
     PythonOption django.root /purplenet
     PythonDebug On
     PythonAutoReload On
    PythonPath "['/opt/purplenet'] + sys.path"
     PythonInterpreter purplenet
</Location>
Alias "/purplenet/media/admin" "/usr/local/lib/python2.5/site-packages/django/contrib/admin/media/"
Alias "/purplenet/media" "/opt/purplenet/media"
<Location /purplenet/media>
   SetHandler None
</Location>

Apache needs now be restarted with the new configuration with the following
command:

sudo /etc/init.d/apache2 restart

F. Configure CA Directory

sudo mkdir -p /var/lib/purplenet/ca
sudo chown www-data:www-data /var/lib/purplenet/ca
sudo chmod 750 /var/lib/purplenet/ca

the last, enter to :

http://yourwebserver/purplenet/setup/

turn to the next page, lets setup the purplenet-web

if you want to try this connection, you can download vpn tcp configuration here (the password is trial5)

Read more ...

install openvpn admin gui web base administration part 2

previously, we try to install openvpn administration gui, now lets move forward to its setting. 

goto : 

http://yourwebserver/purplenet/login

then go to menu "manage"

a. Create vpn Server

b. Create organization

c. Create Network

then you need to link it, one server can have many organization, on one organization can use some networks, and on one organization can be used by some users.

D. Create user and its certificate to login

E. put your server configuration to your openvpn configuration directory, the file configuration should be like this : 

if you use many servers, you can use vlan to make administration-centered.

finishing this steps, you can test your speed now, for me, i've got better speed then : 

for bare connection before tuning up, you can download here (the password is trial 5, proto udp)

Read more ...

install openvpn on ubuntu

before we start to install openvpn, let me explain about it.

A. Openvpn Authentication

there are 3 types of openvpn Authentication.

• you can use fully key only (no need username and password)
• you can use pam plugin to activate username and password
• or you can use username and tls files.
• moreover, you can combine it.

B. How it works

it will make full encrypted-tcp-ip stack tunnel connection among you and server. So your ip will be recognize as your server. You can also communicate among clients (if server is setted to). You can use UDP or TCP connection.

TCP connection will allow you to combine with other tunneling-technique, such as openvpn over ssh-sock-tunnel, or via http-proxy, etc..

on server, client can use bridge-mode (with tap connection) or tun connection (layer 3).

C. Install openvpn server

1. install openvpn (with tun)

sudo apt-get install openvpn 

(some vps are not include tun module, so you need to mkdev tun by yourself)

2. copy easy-rsa

sudo mkdir /etc/openvpn/easy-rsa/ 
sudo cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ 

3. edit vars

sudo vim /etc/openvpn/easy-rsa/vars

export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Montreal"
export KEY_EMAIL="me@superFastVPN.com"

4. setup CA

cd /etc/openvpn/easy-rsa/ 
sudo chown -R root:admin .
sudo chmod g+w . 
source ./vars 
./clean-all  ## Setup the easy-rsa directory (Deletes all keys)
./build-dh  ## takes a while consider backgrounding
./pkitool --initca ## creates ca cert and key
./pkitool --server server ## creates a server cert and key

5. copy your keys

cd keys
openvpn --genkey --secret ta.key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/


6. create simpe server configuration
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz


vim /etc/openvpn/server.conf

dev tun
server 10.7.0.0 255.255.255.0
push "dhcp-option DNS 8.8.8.8"
tls-auth ta.key 0 # This file is secret
user nobody
group nogroup
ca ca.crt
cert myservername.crt
key myservername.key 
dh dh1024.pem

proto udp
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

7. route the server
its depend on your vps-types and your protocol, 
for udp or tcp : 
iptables -t nat -A POSTROUTING -s 10.7.0.0/24 -j SNAT --to 123.123.123.123

If you're using Dedicated Server:

for udp or tcp:
iptables -t nat -A POSTROUTING -s 10.7.0.0/24 -o eth0 -j MASQUERADE



8. create client configuration
apt-get install network-manager-openvpn

after download file configuration from server, and install openvpn-network-manager, then open your network connection as below : 








for more about client configuration file production, you can see here 

Other Reference :
http://lowendbox.com/blog/getting-started-with-openvpn-server/

Read more ...