Build VPN Server on Linux

0, preface

In recent years, the company's internal confidential documents have been leaked and the network has been invaded by hackers. In order to provide employees with a secure network environment, it is generally applied for a dedicated line or built internal networks. Pulling a network dedicated line to isolation from the outside world is huge, so virtualized private network VPN is the best choice. It is a data tunnel through the existing wide - area network, through the encrypted protocol, and transmitting its own internal files through the tunnel to realize the data sharing of the branch.

This article takes only CentOS as an example to build PPTP, L2TP, Shadowsocks. After all, I have not installed the server of other systems

Note: Please use the root user to perform the installation script!

1. Install PPTP

implement:
[Hide]
bash
wget https://raw.githubusercontent.com/danylzhang/vps/master/centos7-pptp-host1plus.sh.sh.sh.sh
chmod +x ./centos7-pptp-host1plus.sh.sh
./Centos7 - PPTP - HOST1PLUS.SH - u Username - P Password

[/hide]
Note: Please replace the username and password in the last line to your own account password. The length needs to be greater than the eight characters of **, otherwise the new password will be generated randomly!

Prompt for successful installation:
bash
You can now connect to your vpn via your external ip x.x.x.x*
Username: ...
Password: ...

allowable

/ETC/PPP/Chap-Secrets

Add an account or modify the password.
If you cannot open the webpage on the connection, you can edit it

/ETC/PPP/IP-Up

Add in the second line of the countdown:

/sbin/ifconfig $ 1 mtu 1400

The default MTU is 1496, and it should be modified to the corresponding value, and only 1400 is used for demonstration.
After saving, you need to restart the PPTP server:
bash
SystemCTL RESTART PPTPD

If the connection cannot be connected, please modify the entry rules of the safety group of the cloud server and open the TCP 1723 port.

2, install L2TP

implement:
[Hide]
bash
wet-no-check-meficate https://raw.githubusercontent.com/Teeddysun/across/master/l2tp.sh
CHMOD +X L2TP.SH
./l2tp.sh

[/hide]
Set some of the default except for IP, account number, password, PSK.

Please input ip-Range: default
Please input PSK: Customized
Please input username: Customized
Please input ... 'S Password: Customized
Serverip: Customized
Server Local ip: Default

After the installation is completed, use

L2TP

Command management L2TP VPN.
bash
l2tp - a #new user
l2tp - d #delete users
L2TP - M #Modify the user's password
l2tp - l #lists all users
L2TP - H #Help

If the connection cannot be connected, please modify the entry rules of the safety group of the cloud server, open UDP 50, UDP 4500, UDP 1701 port.

3, install shadowsocks

implement:
[Hide]
bash
WGET - -no-Check-Certification - O Shadowsocks- Libev.sh https://raw.githubusercontent.com/Teddysun/shadowSocks_install/shadowsocks-libev.sh
chmod +x shadowsocks-libev.sh
./shadowsocks-libev.sh 2> & 1 | Tee ShadowSocks- Libev.log123

[/hide]
Installation complete prompts:
bash
Concess, shadowsocks-libev server install completion!
Your Server ip:
Your Server Port:
Your password:
Your Encryption Method:

Uninstall method:
bash
./shadowsocks-libev.sh uninstall1

Service management:
bash
/etc/init.d/shadowsocks start #Start
/etc/init.d/shadowsocks Stop #stop
/etc/init.d/shadowsocks Restart #Restart
/etc/init.d/shadowsocks Status #View status

4, compare

4.1, PPTP

There is no encryption, the data is not safe, but the response is fast, and the number of reasons is low.

4.2, L2TP

Based on PPTP, IPSEC has been added, but the data is safer, but the response is slow. Because of the increase in encryption, the data traffic is increased, the CPU occupation rate is high, and the number of users is high.
Suitable for current Apple devices.

4.3, shadowsocks

Based on a third - party VPN, the connection must be supported by software, and the connection is stable and fast, but there will be no global agent. In other words, some devices cannot be used because of authority problems.

5 Conclusion

If problems occur during installation, you cannot connect to github, you can refer to the article:

Create GitHub mirror station
[https://blog.tsinbei.com/archives/152/] [1]

Although the main application scenarios of VPN are schools and enterprises, many people have established privately to realize the international networking.
Note: Personal uses overseas servers to build VPN to violate procedures and tools for illegal control of computer information systems. *On - site education , dissemination sharing or even profit may be punished by , detention, and even sentences!

Related laws:

Provide invasion, illegal control of computer information system programs and tools
According to Article 9 of the Criminal Law Amendment of the People's Republic of China (7), in violation of national regulations, the computer information system other than the preceding paragraph or other technical means is obtained to obtain data from the computer information system in the computer information system. Or if you implement illegal control on the computer information system, if the circumstances are serious, it will be sentenced to imprisonment or detention of less than three years, and a single fine; the circumstances are particularly serious.
Provide procedures and tools that are specially used for invasion and illegal control of computer information systems, or know that other people implement illegal criminal behavior of invasion and illegally control computer information systems, and provide them with a serious and serious circumstances. Essence

If you use the VPN server to intercept and record user data, it may be violated:

Refuse to fulfill the obligation of information network security management
According to the "Amendment to the People's Republic of China (9)", the network service provider does not fulfill the information network security management obligations stipulated by the law and administrative regulations, and the regulatory authorities are ordered to take correction measures and refuse to correct them. For less than three years, imprisonment, detention or control, and punishment or single fines:
(1) Living a large amount of illegal information;
(2) Discover user information and cause serious consequences;
(3) The evidence of criminal cases is lost and the circumstances are serious;
(4) There are other serious plots.
At the same time, if the unit offends the previous crime, the unit will be punished, and the person in charge and other direct responsible persons who are directly responsible for will be punished in accordance with the provisions of the previous paragraph.
With the first two acts, and at the same time, if other crimes are constituted, conviction and punishment shall be determined in accordance with the heavy punishment.

In addition, the "Cyber ​​Security Law of the People's Republic of China" clearly stipulates:

No individual or organization shall engage in activities such as illegal intrusion into the network of others, interfere with the normal functions of the network of others, and stealing network data; shall not provide the harm to engage in the network, interfere with normal functions and protective measures, theft of network data, etc. Procedures and tools for network security activities; knowing that others are engaged in activities that endanger network security, they shall not provide them with technical support, advertising promotion, payment settlement and other help.

You can do it yourself.