VPN or how to access US sites abroad

If you live outside US you cannot watch Hulu/CBS/etc. videos on demand because you need US IP. The other reason to use VPN is a secure connection to VPN provider. So your ISP doesn't know what are you browsing until you are connected to VPN.

There is some free and some payable services. Payable usually have no problems with speed and blocked IPs.

1. AnchorFree Hotspot Shield

It is a great service and it's free too. Downsides are that their IPs are blocked from VoD (video on demand) web sites and connection is not the fastest. Another downside is that you need to install their program in order to get service to work.

2. Payable service HappyVPN

I decided to try a payable service and I heard a lot good about HappyVPN, so I decided to give it a try.

It's 14.99$ per month and you will get unlimited access. Nice offer. So I payed for the first month and watched a few of episodes of various TV shows. Sometimes I got disconnected but I weren't worry about it too much. And after a week or a liitle bit more I am not able to even connect to this service.

So I decided to cancel my subcription to them.

You can try if you want. They offer payment by credit card or PayPal.

3. The best option is it's own server or VPS (Virtual Private Server)

They are from 20$ per month and you will really get unlimited access. There is only one downside, they have limited bandwidth.

So I bought one node from VPS.Net and try it out. You can pay with PayPal (I prefer this method, however they do not offer automatic payment through PayPal, like GoDaddy does) or credit card.

How to buy a node and create VPS at VPS.net

1. Go to http://vps.net/, select one node (or more if you need more bandwidth or multiple VPS for some reason) and click Buy Now!

2. Now you need to type your information and select your payment type. Then pay for it.

3. Go to your account and select Create new VPS.

4. Type VPS label and host name. For host name you can use your domain or sub domain. You don't actually need a domain.

5. Then select your cloud. UK to get access to UK sites (like BBC iPlayer) or US cloud to get access to US web sites (like CBS or FOX).

6. Select Debian 5.0 (Lenny) x64 and in the bottom box select VPN image. Then click Create.

7. You will be redirected to a page with your VPS's information. Wait a minute or two and then hit refresh.

8. Your VPS should be ready now. Use SSH program from Terminal (Mac/Linux) or Putty for Windows.

9. Connect to IP of your VPS and login as root with default password written on VPS's information page.

10. Type following command to edit username/password to access VPN server:

nano /etc/ppp/chap-secrets

11. Go to the end of file and type something like:

username pptpd password *

(change username and password with your desired username/password)

12. Save file and exit (Ctrl + C and then type "Y" (without quotes))

13. Type following command to reboot pptpd service in order to make VPN work:

/etc/init.d/pptpd restart

That's it for server side.

How to connect to the VPN network with Mac

Now that you bought VPN access or created VPS with VPN service you need to prepare your Mac to send all your Internet connections trought your VPN.

1. Go to System Preferences.

2. Go to Network and press on "+" button in the bottom left corner. Then change interface to VPN, select PPTP as VPN Type and enter your desired VPN Service Name.

3. Now type your IP address and username:

4. Click on Advanced and set up like in following picture:

5. Click Ok and then Apply. Now you need to type your password and hope everything is allright.

Everything should work now. You can check by going to http://www.ip-adress.com/ and if IP on site match your VPS's IP then you're good.

I'll write more about connecting to VPN on Windows in next blog post.

Essential security tips for servers

In this tutorial you will find out some of the necessary steps to secure you VPS or dedicated server.

1. First thing you need to do is to change your root password. Connect to server with SSH and type:

passwd

Then type in your new password, press enter, and retype it again.

2. It's not safe to allow root user to login throught SSH. So you need to create a new user:

useradd user_name

Then set the password for this user with:

passwd user_name

3. Now let's go to SSH settings.

Open file by typing:

nano /etc/ssh/sshd_config

And find/change following:

PermitRootLogin no
X11Forwarding no
AllowUsers user_name
Port 10000

It's important to change your SSH port to higher number (for example 10000).

4. Configure iptables:

iptables-save > /etc/iptables.rules
nano /etc/iptables.rules

Example rules:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -i ! lo -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT #Change this port to SSH server's port
-A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j ACCEPT
COMMIT

Be careful to change your SSH port to the one you set in sshd_config, otherwise you wouldn't be able to log in to SSH server.

Import rules to iptables:

iptables-restore < /etc/iptables.rules

5. Set new iptables rules to reset during reboots:

sudo nano /etc/network/interfaces

...
auto lo
iface lo inet loopback
pre-up iptables-restore < /etc/iptables.rules
...

6. And now reload SSH server:

sudo /etc/init.d/ssh reload

These are only essential steps to secure you server. Your server should now be a little bit more secure, but there is no such thing as 100% security.