Web Hosting Talk : Web Hosting Main Forums : VPS Hosting : VPN Server on CPanel/WHM VPS

[saeidcdc]

Hi

I want to setup a VPN SERVER with an accounting system
on my VPS that users connect via Windows (PPPTP or L2TP).

my VPS config:

- CentOS 5
- cPanel/WHM 11
- Parallels Power Panel
- 2 free dedicated IPs

How can i do this?

[Richard-BCS]

To make it short, you cant! With Virtuozzo / OpenVZ you cant use PPPTP or L2TP. You would need to get an XEN / VmWare VPS in order to use PPPTP or L2TP.

[BurstVPN]

Nope, incorrect. PPTP can be enabled on OpenVZ servers. Yes I've tried on BuyVM's VPS.

[Richard-BCS]

Quote:

Originally Posted by BurstVPN

Nope, incorrect. PPTP can be enabled on OpenVZ servers. Yes I've tried on BuyVM's VPS.

You can get it working with a lot of tweaking on the Hostnode, but I personally wouldn't enable it for customers as those changes need to be removed again when the customer leaves as well and instead of having the hassle to get it to work in the first place, I would rather go with Xen.

[Erawan Arif Nugroho]

I've tried to install the OpenVPN under QuickWeb Supa VZ2 OpenVZ, with Tun/Tap enabled, and it works.

My VPN can also be used for browsing the internet using the server ip.
And also can make connections between users connected to the VPN via internet. - Works on QuickWeb Supa VZ2

For XEN, it just as simple as running the vpsnoc openvpn installation script, and then we can start connecting to the internet trough our VPS.

As for the 123Systems OpenVZ, I can only connect each users to the VPS, but can not connect to the internet altough it's Tun/Tap enabled. And the problem is with the iptables modules. Nat is not supported.

[BurstVPN]

You use SNAT rule in that case.

[123Andrew]

Quote:

Originally Posted by Erawan Arif Nugroho

As for the 123/Systems OpenVZ, I can only connect each users to the VPS, but can not connect to the internet altough it's Tun/Tap enabled. And the problem is with the iptables modules. Nat is not supported.

You can open a ticket with the support department and they can help you with that.

[Erawan Arif Nugroho]

Quote:

Originally Posted by 123Systems-Andrew

You can open a ticket with the support department and they can help you with that.

Thank you. I will try to send a ticket for that

[saeidcdc]

thanks for your replies...

at first, I want my vps provider to enable TUN/TAP,
and they enable it for me.

I want this VPN Server for about 100 users that want surfing internet with server ip, they are also on Windows OS.
although i have hosted about 10 websites on this vps under CPanel/WHM.

i want to start installing OpenVPN with this instructions: http://yumax1012.blogspot.com/2007/0...centos-44.html
on my vps.

is these instructions useful for me?

[Erawan Arif Nugroho]

That is a good tutorials for windows user. Maybe you can try to compare it with the tutorial from 123System Knowledgebase:
https://www.123systems.net/billing/k...or-CentOS.html

You can try to use the script, it is simple, just download the script, run it, copy the keys from /root to the windows openvpn installation directory, and run the openvpn gui.

For creating another keys for another user, you can use the instruction at the blog you've mentioned

[saeidcdc]

Thanks Erawan, It's useful.

Sorry, i'm newbie, i have a question

I want that my clients JUST connect via my vpn server to surf the internet, by creating a VPN connection in network connections, instead using "OpenVPN Windows GUI Client",
so i must create Key for these users?

[Erawan Arif Nugroho]

I got some example from Indonesian based VPS provider (webcipta.net), for the configuration of VPN users. If we don't want to create each keys for each users, maybe we just can create the users instead.

In the VPS :
Adding the user
# adduser pengguna -m -s /bin/false
Changing the user password
# passwd "username"

And for the VPN COnfiguation in the user side, maybe like this :

client
dev tun
proto udp
remote server.ip.address
resolv-retry infinite
route-method exe
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3


Take a notice at the line "auth-user-pass".All user who want to connect to the VPS must login using their username and password. But please set the user rights to limited, only for VPN usage. <-- this is the weakness, someone can try to put some shell script and hack your server.

Secure way, is creating each keys for each clients.

[saeidcdc]

OK, i think it's not suitable for my case
I must use another VPN service for VPN
what do you prefer for my case?

[Erawan Arif Nugroho]

Hm... I never go with specific VPN provider, I just go with a VPS provider. For my current VPS for VPN, I am using QuickWeb Micro (XEN), and 123System (OpenVZ)

Maybe you can try to contact both of them

[saeidcdc]

...Ok,
Finally i have installed poptop with this tutourial:
http://blog.doylenet.net/?p=17

and made these change in CSF Firewall:

Code:

Step 1 
Create File 
vi /etc/csf/csfpre.sh 
Input Text down 

iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT 
iptables -A INPUT -i eth0 -p gre -j ACCEPT 
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT 
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT 

Save File 
chmod 777 /etc/csf/csfpre.sh 

Step 2 
Create File 
vi /etc/csf/csfpost.sh 
Input Text down 

service pptpd stop 
service pptpd start 

Save File 
chmod 777 /etc/csf/csfpost.sh

every things looks ok but when i connect to vpn via windows
i got Error 619
log messages are:

HTML Code:

Oct 29 10:52:25 c156 pptpd[28131]: CTRL: Client xxx.xxx.xxx.xxx control connection started
Oct 29 10:52:25 c156 pptpd[28131]: CTRL: Starting call (launching pppd, opening GRE)
Oct 29 10:52:25 c156 pppd[28140]: This system lacks kernel support for PPP.  This could be because the PPP kernel module could not be loaded, or because PPP was not included in the kernel configuration.  If PPP was included as a module, try `/sbin/modprobe -v ppp'.  If that fails, check that ppp.o exists in /lib/modules/`uname -r`/net. See README.linux file in the ppp distribution for more details.
Oct 29 10:52:25 c156 pptpd[28131]: GRE: read(fd=6,buffer=8059680,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Oct 29 10:52:25 c156 pptpd[28131]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Oct 29 10:52:25 c156 pptpd[28131]: CTRL: Client xxx.xxx.xxx.xxx control connection finished

whats wrong?