Tunneling OpenVPN Through SSH

I have recently discovered that it is fairly easy to tunnel OpenVPN through SSH. This is useful if you are behind a restrictive firewall that uses SPI to block services rather than plain old port blocking. An SPI firewall is able to distinguish between one packet type and another, without just checking the port that is in use. You can, of course, get a much more in-depth and accurate account of what SPI does/doesn’t do from Wikipedia, however that it’s really the purpose of this post.

You’ll need root access to the OpenVPN Server, as you have to change some of the server config files

So, on to the technical part of the procedure. You need to do the folllowing:

  1. Set the OpenVPN server config file to use TCP rather than UDP. This is done by changing the line proto udp to proto tcp in the server config file (normally located at /etc/openvpn/server.conf).
  2. Set the OpenVPN client config file to use TCP rather than UDP. You can do this by changing the line proto udp to proto tcp-client in the client config file.
  3. Change the OpenVPN client config to connect to localhost rather than the remote server address. This is done by changing the “remote” line of the server to remote localhost 1194
  4. Create an SSH tunnel between the client machine and the OpenVPN Server, and forward from remote:1194 to localhost:1194. This can be done by running the command:
    ssh user@server -L 1194:localhost:1194 on the client machine (assuming you’re running Linux/Unix with the OpenSSH client binary installed)

All being well, after making those config file changes and creating your SSH tunnel, you’ll be able to tunnel OpenVPN through SSH.

It’s not the ideal solution – the is a lot more overhead when running OpenVPN in TCP mode, and even more when tunneling TCP over TCP, which is what you’re doing by using an SSH tunnel with VPN Traffic. However, needs must – and this is one way of getting round an SPI Firewall when SSH connections are allowed

Dedicated to VPS Migration

If you’re reading this, then my blog has successfully been migrated to a different server!

I decided that it didn’t make much sense to have my old dedicated server any more, now that I’ve got a VPS node – so I span up a Debian Instance, and setup nginx, mysql and php-fcgi, and started migrating my sites over. So far, it’s been a great experience – there have been no issues, and I’m pretty sure that the site is much much faster. Just try out the search function!

I’m also hosting the previously mentioned VPS wiki on this machine, and have plenty of resources left to host several more dynamic sites.

I hope to do a quick writeup for the VPS wiki in the near future.

GNUPanel on Debian Squeeze

I was recently playing around with the “GNUPanel” Hosting control panel software. While trying to install the dependencies (with the install-dep.sh file), I encountered the error:

Debian version not supported

Even though the GNUPanel site seemed to say that Debian Squeeze was supported.

A quick look at the install-dep.sh file showed that it relied on the mawk unix utility.

By running apt-get install mawk, we can solve this problem and continue with the installation.


UPDATE:

I’ve now had a chance to play around with GNUPanel a bit more, and unfortunately, I don’t think it’s fully up to scratch. The installation process was pretty clunky – the automated installed script forced me to manually confirm the installation of at least 10 groups of packages. Once the software was installed, I had to guess at the username – and the web interface was also pretty…. “ropey”. These are mainly minor issues, and I’m sure that with some TLC, the project can progress, and become much more useable.

VPS Wiki

I have recently started work on what is currently called “VPS Wiki”.

The aim of the Wiki is to provide a centralised location for information about using Linux, performing general sysadmin duties, as well as some programming basics. I think the site will naturally change in time – It might lean more strongly towards a particular topic. If that happens, then I will rename the site – I thought “VPS Wiki” was a good starting point, especially given my recent venture.

Some people might think “What’s the point in this – can’t people just google for the answer?”. However, Because technology is rapidly changing, I find that it can be difficult to find relevant, up-to-date solutions to problems that I encounter. I think having a central database of of useful content could be very handy.

I’d really appreciate any contributions towards the wiki – at the moment, you need an account to edit/create pages. You can check the Wiki out here.

Getting into VPS Hosting…

So, I have taken things a step further. I started off being interested in buying VPS machines – I then turned to low end Dedicated Servers, and now, I’m dabbling in hosting my own VPS machines.

To start off with, I am doing this not for profit. I will not be offering any formal support for my customers, and have negotiated a deal with RapidSwitch, who are providing me with a discount (because I’m not making any money from it). I will be offering OpenVZ VM’s to people on my University course for £5.00/m, with the following spec: 18GB hard disk space, 400MB Ram, 128MB VSwap, and 750GB Bandwidth.

I’ve chosen to use the OpenVZ Web Panel control panel software, as it is easy to use and free.

If this is a successful endeavor, then I may go on to provide commercial VPS’s to customers. Who knows!

You can probably expect some  OpenVZ/CentOS based posts in the not too distant future…

 

UPDATE:

I had to go with SolusVM, due to OWP’s lack of bandwidth tracking. This meant increasing the price by £0.50 to £5.50/m – however, I think the users are probably getting a slightly better experience with the commercial control panel.