Power your VPN Main Server using EHCP

HI, for my first blog in EHCP. I will show you how to use EHCP to power your VPN service.

FAQ:
1. Why EHCP?
answer: Coz EHCP provides low memory consumption for your VPS way better that the others. It also provides easy customization to fit your needs.

Here are the steps:
1. Install Ubuntu 10+ OS or whatever latest build into your VPS
2. Install EHCP.
3. Edit classapp.php to use plain text password.
Note: You can contact ehcp support for know hows on configuring this.
4. Add users to your EHCP main db for the "panelusers" table to be accessible outside.
Note: We will need panelusername and password column to be accessible for this to work.
5. Once you've done step 4. Open Bitvise or any other SSH Client.

Type the following commands in the xterm, answering "yes" to every question:
6. apt-get update
7. apt-get install openvpn

8. cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn/
9. cd /etc/openvpn/easy-rsa/2.0/
10. source ./vars
11. ./clean-all

Enter each command and answer each question by providing your certificate details:
12. ./build-ca
13. ./build-key-server server
14. ./build-key client1
15. ./build-dh

Install pam-mysql:
16. apt-get install libpam-mysql
17. nano /etc/pam.d/openvpn
Type the following and save (test inside quotes only):
"auth sufficient pam_mysql.so \
user=openvpn passwd=openvpn host=localhost db=openvpn \
table=user usercolumn=username passwdcolumn=password \
where=active=1 sqllog=0 crypt=1

account required pam_mysql.so \
user=openvpn passwd=openvpn host=localhost db=openvpn \
table=user usercolumn=username passwdcolumn=password \
where=active=1 sqllog=0 crypt=1"

Where crypt is:
0 (or "plain") = No encryption. Passwords stored in plaintext.
HIGHLY DISCOURAGED.

1 (or "Y") = Use crypt(3) function.

2 (or "mysql") = Use MySQL PASSWORD() function. It is possible
that the encryption function used by PAM-MySQL
is different from that of the MySQL server, as
PAM-MySQL uses the function defined in MySQL's
C-client API instead of using PASSWORD() SQL function
in the query.

3 (or "md5") = Use plain hex MD5.

4 (or "sha1") = Use plain hex SHA1.

18. nano /etc/default/saslauthd
Change: START=no to START=yes

19. /etc/init.d/saslauthd restart
Note: restart should succeed

Lets test the saslauthd:
20. testsaslauthd -u panelusername -p password -s openpvn
Note: If you get the message: OK :"Success" then we can continue. Other wise, refer to /var/log/auth.log for reasons of failure

Copy openvpn pam module:
21. cp /usr/lib/openvpn/openvpn-auth-pam.so /etc/openvpn/

22. Compose openvpn configuration files:
dev tun
proto udp
port 1194

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

user nobody
group nogroup
server 10.8.0.0 255.255.255.0

keepalive 20 120
persist-key
persist-tun

# user/pass auth from mysql
plugin ./openvpn-auth-pam.so openvpn
client-cert-not-required
username-as-common-name

client-to-client

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

comp-lzo

max-clients 15

status status/udp.log
log-append /var/log/openvpn/udp.log
verb 3
mute 5

23. Make directories for Log files:
mkdir /etc/openvpn/status
mkdir /var/log/openvpn

24. restart openvpn service:
/etc/init.d/openvpn restart

25. Configure IPTables:
nano /etc/rc.local

append before exit 0:
# iptables for OpenVPN
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to xxx.xxx.xxx.xxx
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o venet0 -j SNAT --to xxx.xxx.xxx.xxx

Note: Where xxx.xxx.xxx.xxx is the IP address of your server.

26. Make IPTables effective:
/etc/rc.local

27. Make and try with your client config:
client
dev tun
proto udp
remote xxx.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3

Thats it! we've succesfully configured openvpn for authentication with EHCP Panel. Have a good day!

If you are unclear of certain things dont hesitate to comment. Im just really in a hurry so,,. thank you soo much.
EHCP is a great software,... I will always be loyal.

Email me at: markcodes@yahoo.com
Business site: http://imhyper.net
VPN Service is my game

Comments

open classapp.php
find

'logintable'=>array(
'tablename'=>'panelusers',
'passwordfunction'=>'md5',
'usernamefield'=>'panelusername',
'passwordfield'=>'password'
),

replace to:


'logintable'=>array(
'tablename'=>'panelusers',
'passwordfunction'=>'',
'usernamefield'=>'panelusername',
'passwordfield'=>'password'
),

After that,
update your mysql:

update panelusers set password='yourpass' where panelusername='admin';

this way, you switched to plaintext. you need to repeat last statement for all users that are already in db, or:

update panelusers set password='1234';

to set all passwords to 1234

Thank you for support.
If you want to ask me on how to setup a vpn server using ehcp and openvpn please don't hesitate to mail me at admin@hypernetvpn.com or hypernet28@yahoo.com.

Site: https://hypernetvpn.com