Latest ads
-
Gemini AI PRO 18 months Offer- Hawaka
- Updated:
-
koko account
- DasunEranga
- Updated:
-
koko account
- DasunEranga
- Updated:
AWS SSH tunnel
- Thread starter zeuzapex
- Start date
sudo nano /etc/ssh/sshd_config
PasswordAuthentication yes
ChallengeResponseAuthentication no
sudo systemctl restart sshd
sudo adduser ec2-user
sudo passwd ec2-user
From your local PC, use the SSH client to establish a SOCKS5 tunnel:
ssh -D <local-port> -N -f -C ec2-user@<aws-instance-ip>
in Firefox:
Go to Settings > Network Settings > Manual Proxy Configuration.
Enter 127.0.0.1 for SOCKS Host and <local-port> for the port.
Check "SOCKS v5" and ensure "Proxy DNS when using SOCKS v5" is enabled.
aye vpn oni na.
tunneling karan nathuwa direct openvpn / softether hari aws ekata daganna eka lesi habai.
මගෙ VPS එකක් තියනවා openvpn config කරගන්න බැරිව උතුර දකුන මාරුවෙලා හිටියෙ. http inject ඇප් එකට දාගන්න.
1. Install OpenVPN and Easy-RSA
Update the package list and install OpenVPN along with Easy-RSA for managing SSL certificates.
sudo apt update
sudo apt install openvpn easy-rsa -y
2. Set Up the Public Key Infrastructure (PKI)
Create a directory for Easy-RSA and navigate to it:
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
Initialize the PKI:
./easyrsa init-pki
Build the Certificate Authority (CA):
./easyrsa build-ca
You will be prompted to enter a password for the CA and some details. Provide relevant information.
3. Generate Server Certificate and Key
Create a certificate request and key for the server:
./easyrsa gen-req server nopass
Sign the server's certificate request:
./easyrsa sign-req server server
4. Generate Diffie-Hellman Key
Generate the Diffie-Hellman parameters for secure key exchange:
./easyrsa gen-dh
5. Generate Client Certificate and Key
Create a certificate and key for a client:
./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1
6. Configure OpenVPN
Copy the generated files to the OpenVPN directory:
sudo cp ~/openvpn-ca/pki/ca.crt /etc/openvpn/
sudo cp ~/openvpn-ca/pki/private/server.key /etc/openvpn/
sudo cp ~/openvpn-ca/pki/issued/server.crt /etc/openvpn/
sudo cp ~/openvpn-ca/pki/dh.pem /etc/openvpn/
Create a server configuration file in /etc/openvpn/server.conf:
sudo nano /etc/openvpn/server.conf
Add the following configuration:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
7. Enable IP Forwarding
Edit the /etc/sysctl.conf file:
sudo nano /etc/sysctl.conf
Uncomment or add the following line:
net.ipv4.ip_forward=1
Apply the changes:
sudo sysctl -p
8. Start the OpenVPN Server
Enable and start the OpenVPN service:
sudo systemctl enable openvpn@server
sudo systemctl start openvpn@server
9. Set Up Firewall Rules
Allow traffic on the OpenVPN port and enable NAT:
sudo ufw allow 1194/udp
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Persist the rules:
sudo apt install iptables-persistent -y
sudo netfilter-persistent save
10. Create Client Configuration
Generate a .ovpn file for clients. Create a configuration file, for example, client1.ovpn:
sudo nano client1.ovpn
Add the following content:
client
dev tun
proto udp
remote <your-server-ip> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
key-direction 1
verb 3
<ca>
# Paste the contents of ca.crt here
</ca>
<cert>
# Paste the contents of client1.crt here
</cert>
<key>
# Paste the contents of client1.key here
</key>
<tls-auth>
# Paste the contents of ta.key here
</tls-auth>
11. Distribute Configuration
Provide the client1.ovpn file to your client device for connection.
You now have a working OpenVPN server! Test connectivity from a client device using the generated .ovpn file.
