Closed 🚩 ubuntu - manual script - dropbear+ vps(same ip) squidproxy 👈

[tRickzterPH]

Para ito sa hindi umaasa sa script lang na nasa github, at gusto matuto nang command para sa gagawin nyong vpn server

apt-get update
---------------
apt-get upgrade
---------------------
apt-get install ssh or apt-get install open-ssh server
---------------------------------------
apt-get install dropbear
----------------------------
apt-get install nano
-----------------------------
service dropbear start
----------------------------------------
nano /etc/default/dropbear
------------------------------
*Change start server from 1 to 0
-----------------------------------
*Change Dropbear port from 22 to 443
-----------------------------------------
*Put to exrtr args= "-p 80 -p 110 -p 143 -p 442"
--------------------------------------------------
*change DROPBEAR_BANNER="/etc/issue.net"
----------------------------------------------
nano /etc/issue.net
----------------------
paste this:
<br><b><u><font color='#0D98BA'>Keep LOVING, Stay in LOVE</font></u></b></br>
<br>
<br><font color='#FF0000'>¤¤ NO SPAM ¤¤ </br></font>
<br><font color='#FF0000'>¤¤ NO DDOS ¤¤ </br></font>
<br><font color='#FF0000'>¤¤ NO häçkING ¤¤</br></font>
<br><font color='#FF0000'>¤¤ NO CARDING ¤¤</br></font>
<br><font color='#FF0000'>¤¤ NO TORRENT ¤¤</br></font>
<br><font color='#FF0000'>¤¤ NO MULTI-LOGIN ¤¤</br></font>
<br>
<br><font color='#1261A0'>¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤</br></font>
<br><font color='#0D98BA'>*************** <b>®Welcome to VPN World®</br> ***************</br></font>
<br><font color='#1261A0'>¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤</br></font>

ctrl+o to overwrite - hit enter to save - ctrl+x to exit
------------------------------------------------Next----------------------------------

Add user to server:
adduser username --- press enter
---------------------------------
enter user password
---------------------------------
Delete user to server:
deluser username --- press enter
-----------------------------------------Next----------------------------------------------

Squid
apt-get install squid
-------------------------------
service squid start
--------------------------------------
nano /etc/squid/squid.conf
----------------------------------
*Ctrl+w to search "http_port 3128" change to your preferred port ex.80
-------------------------------------------------------------------------------------------------------------------
*Ctrl+w to search "http_access deny all" change to "http_access allow ssh" and paste this below:
a x.x.x.x-x.x.x.x/255.255.255.255 -> x is your vps ip
-----------------------------------------------------------------------------------------------
*Ctrl+w find "acl CONNECT method CONNECT" paste this below:
acl SSH dst x.x.x.x-x.x.x.x/255.255.255.255 -> x is your vps ip
acl SSL_ports port 443 ----
acl Safe_ports port 443 ----
acl Safe_ports port 80 ----
acl SSL_ports port 80 ---------- Your "Dropbear" port change it according to your configure port.
acl SSL_ports port 442 ---- (remove this ---- line after pasting)
acl Safe_ports port 442 ----
acl SSL_ports port 143 ----
acl Safe_ports port 143 ----
------------------------------------------------------------------------------------------------
/etc/init.d/dropbear restart
/etc/init.d/squid restart
/etc/init.d/dropbear start
/etc/init.d/squid start
--------------------------------------------------------------------------

Connect Now using your favorite VPN!


-----Dont remind this--- for local configuration only!
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16

 

[LiquidFart]

ask lanG. di ko alam kung pano itatanong pero possible ba gumawa ng username at password sa isang ip na wala sa mga ssh sites?

 

[tRickzterPH]

ask lanG. di ko alam kung pano itatanong pero possible ba gumawa ng username at password sa isang ip na wala sa mga ssh sites?

medyo di ko gets tanong mo, malabo hehe... para maging specific ano po ba gusto mo gawin?

 

[LiquidFart]

haha hindi ko din gets.
i mean my nakita kasi kong ip ng globe via ssh direct and working ang kaso di ko alam ang user and pass kaya ang reply is invalid user at pass sa http injector. noob question lang haha.

 

[LiquidFart]

kala ko kasi my way or termux.terminal etc command na pwd mg input ng custom user at pass sa isang ssh ip.ewan haha

 

[tRickzterPH]

kala ko kasi my way or termux.terminal etc command na pwd mg input ng custom user at pass sa isang ssh ip.ewan haha

walang way para jan. out of bound - kung gagawa ka sarili mo server tiyak pwede mo gawin yan XD....

 

[LiquidFart]

i knew it.silly question haha.anyway thanks

 

[PHC-Benjamin]

Boss paano ba lagyan ng private key ang openvpn ? Para di na mag ask ng credentials

 

[jonathanugale]

thanks po sa pagshare

 

[PHC - plokplok]

Boss paano ba lagyan ng private key ang openvpn ? Para di na mag ask ng credentials

ito po sir, isingit mo kahit saang banda ng config

<auth-user-pass>
username
password
</auth-user-pass>

 

[tRickzterPH]

Boss paano ba lagyan ng private key ang openvpn ? Para di na mag ask ng credentials

Di ko pa na try ss open vpn ehhh, pero alam ko iinstall xd

 

[tRickzterPH]

Ayan pla ibig mo savhn authentication yan hndi private key ayan n bnigay nyan na singit m nlng yan sa config mo

 

[Bon-chan]

1. Move your thread to linux section(para po mas marami makagets)
2. use code/icode tag sa mga command line/file contents.
3. Practice to use one-liner commands po sa tutorial. just install dropbear and squid, since default napo nakainstall si openssh sa machine. Also install nano(other stock images ng ubuntu walang nano program)
4. about po dun sa squid config, deny/disallow caching, if proxy for vpn server po ang gagawin ng user.
5. forgot to set to a nonshell user ung nagawa pong user, recommended po yan if pang vpn usage/tunnel lang ung ssh. If hindi nyopo naset yan, magagamit po yang account nayan sa mga ssh clients(like PuTTy,JuiceSSH,Connectbot). use usermod -s /bin/false UserHere to modify your user's shell. Also add /bin/false to /etc/shells. echo '/bin/false' >> /etc/shells

 

[fatal_instinct]

Sir Bon-chan aside from using username-password para maging private ang squid server mo, ano pang ibang ways? kasi meron mga proxy na walang username and password pero nag rerefused ng connection pero ok naman yung server. kagaya ng mga openvpn config ni boss B A R T S . Sorry for the noob question.

 

[Bon-chan]

IP-restricted po yung proxy server na yun (allowed lang sa isang IP ung proxy, no need na lagyan ng auth).
About sa Connection Refused issue, hindi po sa proxy server un, sa client po un mismo.. May something po na mali sa request header ng client, better solution is to use latest OpenVPN client builds (like openvpn connect v3). If gamit nyo po mga client like OpenVPN-GUI or OpenVPN connect v 1.XX or any v1/v2 release, marami po kayong ma eencounter na eeror about custom headers.

 

[fatal_instinct]

nakalimutan ko sir sabihin n nag rerefuse connection lang sya pag sa browser ginamit like firefox.. example yung openvpn config ni boss BARTS, working 101% yung config nya at gumagamit sya ng proxy, pero pag yung proxy nya nilagay mo sa firefox di sya gagana. Diba sir ang topology ng mga openvpn configs natin ay ganito.

CLIENT ===>>> PROXY SERVER ====>>> OPENVPN SERVER ====>>> INTERNET

Pag meron ka madaming users hindi po pwede yung IP restricted (or mali po ba ako?). Wala po ako alam sa programming and networking kaya po hindi ko mahimay.

Meron ako openvpn and squid proxy server for family use and gusto ko rin ishare sa kapitbahay namin pero gusto ko yung squid ko exclusive lang sa openvpn na hindi sya gagana pag sa ibang apps and browser ginamit kagaya ng kay boss BARTS.

Salamat Sir ng marami sa pagsagot ng mga tanong ko.

 

[Bon-chan]

..pero pag yung proxy nya nilagay mo sa firefox di sya gagana.

Ayan po ang mean ko about "IP Restricted" proxy server, Allowed lang or Whitelisted lang sa specific IP addresses yung proxy server. So yung nasa whitelist lang po ang makakagamit ng proxy server. Mostly dedicated po yung ganyang setups sa mga VPN na under tcp protocol like yung kay BARTS.

Meron ako openvpn and squid proxy server for family use and gusto ko rin ishare sa kapitbahay namin pero gusto ko yung squid ko exclusive lang sa openvpn na hindi sya gagana pag sa ibang apps and browser ginamit kagaya ng kay boss BARTS.

Configure nyo lang po yung squid na i-accept lahat ng connection mula po sa public ip address po ng vps nyo.

May squid config napo sa taas(nasa thread napo ni TS ung example) pero eto po my own example with quick explain(add or edit nyo nalang po kung may i-specify pa po kayong ibang options)

# ACL rule na specified yung IP address po vps nyo/ or machine na may nakainstall
acl MyVPN dst 1.2.3.4/32 # remain nyo lang po yung /32 block if i eedit nyo po yung line
# port ng squid proxy server
http_proxy 8080
# deny all access sa server, then allow po ng isang ACL rule na may content ng ip address na want lang po natin i allow for incomming connections.
http_access deny all
http_access allow MyVPN

 

[fatal_instinct]

Maraming salamat sir Bon-chan napagana ko na... nakalock sa dst address and with auth pa hehe.
I'm very grateful sir sa tulong nyo.

 

[Yummypom]

pwd pahingi ng link sa panel yung github