About VPN on a dedicated “server”


It seems that this topic is quite hackneyed, there are 1001 instructions on the Internet for setting up your virtual server for $5, but I wanted to tell you a little about something else. Namely, about renting a dedicated “server” in Russia.

Questions and answers

q: Why?

a: Everything is simple, if we do not plan to hack Kremlin Pentagon, you need high speed and low ping, then this option will be ideal, especially if you need to use video services.

q: Why is the word “server” in quotation marks and why exactly the desire to purchase a dedicated one?

a: This is the width of the channel, it is yours and only yours, as well as the load of the resources of this server.

It makes no sense to rent a real server, but there are data centers that offer “raspberry” for rent, and we need it. As a matter of fact, there is no point in bothering with backups.

q: What will we get from this?

a: Ping 4–8, speed: with an unlimited tariff ~ 100Mbps (with a gigabit channel, the raspberry will give out about 600–700Mbps, depending on the type of VPN connection and the load on the processor).

RKN
  1. I want to say right away that some data centers are under the restrictions of the ILV, and some are not, I won’t write which ones, because this is advertising.

  2. Peskov admitted that he uses VPN

q: Price???

a: All this will cost 800 rubles per month, is it expensive? But you can connect a friend.

q: What will work?

a: Everything, except for services that consider the Russian IP “objectionable”, but do not forget that Tor will work (without bridges).

Protocol selection

VPN protocols: for a smartphone – definitely WireGuard because it is “quiet”. It does not keep an open tunnel, therefore it does not consume battery / traffic, it does not get upset from the constant change of ip / connection type. For PC (router): SSTP, IPsec, OpenVPN, you can also add ZeroTier.

Setting

You will need an SSH client, the easiest option for Windows is PuTTY, download the entire archive with the key generator.

0. (optional step) We create a key pair for the server (puttygen.ene), add the public key to the server management console, and write the private key to ourselves in PuTTY.

1. Select an OS on the Pi OS buster aarch64 server and add the public key (step 0).

2. We are waiting for 10 minutes, when the OS is installed, we connect to our server via SSH (putty.exe) and use the password (or private key, if you completed step 0). Login “pi”

3. (may true Linuxoids forgive me) in the console we type: $sudo su

#timedatectl set-ntp 1

#apt -y update

#apt -y upgrade

#git clone https://github.com/pivpn/pivpn

#bash pivpn/auto_install/install.sh

We select WireGuard, the settings can be left “by default”, after completing the setup wizard, we do not reboot.

Install SoftEther VPN, its configuration is done from Windows or the web interface (outside the scope of this article)

#apt install –y cmake gcc g++ libncurses5–dev libreadline–dev libssl–dev make zlib1g–dev git

#git clone https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/

#cd SoftEtherVPN_Stable

#./configure

#make -j4

#make -j4 install

Create file (exit and save ctrl+x)

#nano /etc/init.d/softether

#!/bin/bash

#SoftEther

sleep 10

# REMOVE # before sudo to turn ON

# description: SoftEther VPN Server

sudo /usr/bin/vpnserver start

# description: SoftEther VPN Bridge

# sudo /usr/bin/vpnbridge start

# description: SoftEther VPN Client

# sudo /usr/bin/vpnclient start

exit 0

#chmod +x /etc/init.d/softether

#nano /etc/rc.local

add above the line “exit”

/etc/init.d/softether

#/usr/bin/vpnserver start

After launching SoftEther, be sure to set the administrator password immediately (via the PC application – SoftEther VPN server manager for Windows). How to set up SoftEther

Security setup ONLY IF YOU DID NOT SKIP STEP 0

#nano /etc/ssh/sshd_config

add a line

PasswordAuthentication no

Reboot the server

#reboot

Zero Tier

* I did not like how this bundle works, the battery consumption is more than WireGuard, the speed is lower.

#curl -s https://install.zerotier.com | sudo bash

In order to be able to use “raspberry” as a gateway to access the Internet, you need to add iptables rules. Where eth0 is the server’s network interface.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ztrtaqxslf -o eth0 -j ACCEPT

Site setup my.zerotier.com

Adding WireGuard Users

$sudo pivpn add

show qr code

$sudo pivpn -qr

For WireGuard, I recommend using the DNS of the “data center”, 8.8.8.8 – then you will have a “sovereign” and “not very” Internet.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *