Hi guys, if you guys planning to get a VPS from vpslink.com you can get a 10% life time discount by entering my referral discount code while placing an order.

Discount Code: JPF0JP

Your code may be entered at the VPSLink Signup Page or using this embedded link VPSLink.com , at which the referral code will be stored in a cookie on your machine and automatically added at checkout.

If you have a success OpenVPN connection, then you can proceed to next step to install Squid.

1. You can use yum to install squid

#yum install squid

2. Open the squid configuration file

#vi /etc/squid/squid.conf

3. Edit squid configuration to allow you to access to the web via the squid proxy.

Locate “http_port”, default port number is 3128, you can change it to any port you like. In this example I change it to 8080.

http_port 8080

Because you want to hide your IP address, you must connect to squid via OpenVPN tunnels. Now we need to create acl list to allow your VPN ip address to get through your squid proxy server. Search for “acl our_networks” then uncomment and modify it as follows:

acl our_networks src 10.8.0.2  #assume your client VPN address is 10.8.0.2
http_access allow our_networks

4. Save your squid.conf and restart your squid.

#/etc/init.d/squid restart

5. Config you web browser connection settings to access the web via your squid proxy

Firefox user:

Tools -> Options -> Network -> Settings , Select manual proxy configuration
HTTP Proxy: 10.8.0.1 and Port: 8080

IE User:

Tools -> Internet Options -> Connections -> LAN Settings , Tick the check box “Use a proxy server for your LAN…”
Address: 10.8.0.1 and Port: 8080

6. Go to http://www.whatismyip.com and check your IP address. You should be browsing with your squid server IP address now. Good luck.

“The mbstring PHP extension was not found and you seem to be using a multibyte charset. Without the mbstring extension phpMyAdmin is unable to split strings correctly and it may result in unexpected results”

and

“Cannot load mycrypt extension. Please check you PHP configuration”

You are not alone, you can solve the problems with the followings steps.

mbstring

New linux repo has the mbstring removed by default, just install it back.

#yum install php-mbstring

mycrypt

Install libmcrypt and php-mcrypt

#yum install libmcrypt
#yum –enablerepo=centosplus install php-mcrypt

Restart your apache / httpd, the warnings should have gone now.

# cp -Rf * backup/
cp: overwrite ‘index.php?’ y

Then I search around and finally found a solution ! It was an alias preset for the c, which alias -i to ask for confirmation.

#alias
alias cp= ‘cp -i’
alias l.=’ls -d .* –color=tty’
alias ll=’ls -l –color=tty’
alias ls=’ls –color=tty’
alias mv=’mv -i’
alias rm=’rm -i’
…….

Remove the cp alias

#unalias cp

Done, you should be able to cp -f without the confirmation now.

Example:

Command: LIST
Error: Transfer channel can’t be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Error: Could not retrieve directory listing

There is a way to overcome this matter, first is to define a range of ports will be used for passive mode in vsftpd config file. Secondly, open the defined tcp port in your firewall setting.

1. Create vsftpd passive ports

#vi /etc/vsftpd/vsftpd.conf

Scroll down to the bottom and add the followings lines:

pasv_enable=YES
pasv_max_port=9000
pasv_min_port=9050

pasv_max_port=9000
pasv_min_port=9050

Save the config file and restart vsftpd

#service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]

2. Firewalls rules (APF Firewall)

Open your apf firewall configuration file:

#vi /etc/apf/conf.apf

Add the ports range of 9000 to 9050 into IG_TCP_CPORTS

IG_TCP_CPORTS=”20,21,22,25,26,53,80,110,143,……,9000_9050″

Save it and restart your apf firewall

#apf -r

Now you should be able to access your ftp server in passive mode.

There is a range from 0 to 100 in swappiness setting, higher value means the system will move idle memory usage to SWAP file more often. Please note that by setting to “0″ does not men it disabled the SWAP space, this will just make the system write to the SWAP space as little as possible.

To check your current swappiness setting type:

#cat /proc/sys/vm/swappiness
60

You will see 60 by default, you can change it to other value to try out the effect before permanently change it in the configuration file:

#sysctl -w vm.swappiness=10
vm.swappiness = 10

Put a value between 0 to 100 above and then run a some high resources program to try out the different. After you hve found the best setting then you can set it to your server configuration.

#vi /etc/sysctl.conf
add the line: “vm.swappiness=10″ without the quote to the end of the file.

This way your swappiness will be set to 10 after the next reboot.

1. Go to your timezone dir and look for your city

#cd /usr/share/zoneinfo
#ls

2. Now delete the original setting

#rm -r /etc/localtime

3. Use link command create a new localtime file linked to your city timezone, I choose Melbourne in this example:

#ln -s /usr/share/zoneinfo/Australia/Melbourne /etc/localtime

Restart your server to make the change.

Here are the steps to guide you installed a secure connection between your� CentOS5 and Windows with OpenVPN open source application.

1. Download the required package files.

#wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
#wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

2. Install and build your download files

You may need the required repository before start your installation

#yum install rpm-build
#yum install autoconf.noarch
#yum install zlib-devel
#yum install pam-devel
#yum install openssl-devel

If you have the above dependencies installed, you can start your installation as follows:

#rpmbuild –rebuild lzo-1.08-4.rf.src.rpm

#rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm

#rpmbuild -tb openvpn-2.0.9.tar.gz

#rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm

3. Copy configuration files

#cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
#cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/

4. CA configuration

#cd /etc/openvpn/easy-rsa/
#pico vars (or use vi editor, I just like to use pico)

then scroll down to the bottom, edit as you like.

export KEY_COUNTRY=AU
export KEY_PROVINCE=VIC
export KEY_CITY=MELBOURNE
export KEY_ORG=”THROXVPN”
export KEY_EMAIL=”name@email.com”

#.� ./vars (note a space between . . )
#./clean-all

5. Build CA

#./build-ca

Generating a 1024 bit RSA private key
………………………++++++
…………………….++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:
State or Province Name (full name) [VIC]:
Locality Name (eg, city) [MELBOURNE]:
Organization Name (eg, company) [THROXVPN]:
Organizational Unit Name (eg, section) []:Throx
Common Name (eg, your name or your server’s hostname) []:throx.net
Email Address [name@mail.com]:

Some information above already entered in step 4, hust hit enter and go to next line.

6. Building server key

#./build-key-server ovpnsrv1

Generating a 1024 bit RSA private key
………………………………….++++++
…………………….++++++
writing new private key to ‘ovpnsrv1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:
State or Province Name (full name) [VIC]:
Locality Name (eg, city) [MELBOURNE]:
Organization Name (eg, company) [THROXVPN]:
Organizational Unit Name (eg, section) []:Throx
Common Name (eg, your name or your server’s hostname) []:throx.net
Email Address [name@email.com]:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:<enter your password here>
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName���������� RINTABLE:’AU’
stateOrProvinceName�� RINTABLE:’VIC’
localityName��������� RINTABLE:’MELBOURNE’
organizationName����� RINTABLE:’THROXVPN’
organizationalUnitName:PRINTABLE:’Throx’
commonName����������� RINTABLE:’throx.net’
emailAddress��������� :IA5STRING:’name@email.com’
Certificate is to be certified until Apr 10 15:15:27 2018 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

7. Building Diffie Hellman

#./build-dh

Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time

(Wait until it finished)

8. Copy key certificates to the required folder

#cp keys/ca.crt ../
#cp keys/dh1024.pem ../
#cp keys/ovpnsrv1.key ../
#cp keys/ovpnsrv1.crt ../

9. OpenVPN configuration

#cd ../
#pico server.conf
dev tap
;dev tun
ca ca.crt
cert ovpnsrv1.crt
key ovpnsrv1.key # This file should be kept secret

10. Startup the OpenVPN service (Finally, hold your breath)

#service openvpn restart
#chkconfig openvpn on

Windows Client Installation and Configuration

1. Download a copy of windows client

http://openvpn.net/release/openvpn-2.0.9-install.exe and install it.

2. Create CA in windows machine

Open windows cmd.exe command promp and change directory (cd) into c:\program files\openvpn\

>copy vars.bat.sample vars.bat

>edit vars.bat (scroll down to the bottom)

set KEY_COUNTRY=AU
set KEY_PROVINCE=VIC
set KEY_CITY=MELBOURNE
set KEY_ORG=THROXVPN
set KEY_EMAIL=name@mail.com

note: the above information must be same as the details set in server previously.

3. Run the file vars.bat

>vars

4. Build client’s key and certificate

>copy openssl.cnf.sample openssl.cnf
>md keys
>build-key vpnhome

5. Copy vpnhome.csr to the server directory /etc/openvpn/easy-rsa/keys

#cd /etc/openvpn/easy-rsa/
#./sign-req vpnhome
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName���������� RINTABLE:’AU’
stateOrProvinceName�� RINTABLE:’VIC’
localityName��������� RINTABLE:’MELBOURNE’
organizationName����� RINTABLE:’THROXVPN’
organizationalUnitName:PRINTABLE:’Throx’
commonName����������� RINTABLE:’throx.net’
emailAddress��������� :IA5STRING:’name@mail.com’
Certificate is to be certified until Apr 10 16:04:33 2018 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

6. Copy new signed certificate to your windows machine

Go to /etc/openvpn/easy-rsa/keys/ , you will see 2 new generated file – ca.crt and vpnhome.crt

Copy both of them to your Windows home machine c:/Program Files/OpenVPN/config

Also copy your windows generated vpnhome.key from C:\Program Files\OpenVPN\easy-rsa\keys to C:\Program Files\OpenVPN\config

7. Setting the client configuration for OpenVPN

Copy client.ovpn from C:\Program Files\OpenVPN\sample-config to C:\Program Files\OpenVPN\config

Edit it with the followings changes, similar to what you have done in the linux server

dev tap
;dev tun
dev-node OpenVPN_Tap
remote <ipaddress> 1194� (example: remote 202.188.1.1 1194)
ca ca.crt
cert alanghome.crt
key alanghome.key
ns-cert-type server

8. Configure the network interface for OpenVPN
Select “Control Panel” -> “Network Connection” -> “TAP-Win32#(#)”
Right-Click to rename as ‘OpenVPN_Tap’

9. Startup the connection of client

Go to START>All Programs>OpenVPN>OpenVPN GUI , click it

In the task-bar, select “OpenVPN GUI” -> right-click “Connect”

Phew…. if everything set correctly, now you should be connected to your linux via OpenVPN.

Source: http://yumax1012.blogspot.com/2007/08/install-openvpn-on-centos-44.html