The title of this thread isn't a joke, after many months I have been able to get Windows Server 2012 R2 successfully running on OVH's VPS SSD 1. https://www.ovh.com/us/vps/vps-ssd.xml Since I am unaware of any previous events of this happening I decided to share my findings with anyone who would be interested.

This is NOT violating the Terms of Service or Rules of OVH or these forums.

These steps will also work on any other VPS in the SSD, RAM or Cloud ranges. I am using the VPS SSD 1 as it's the cheapest at $3 and has 2 gigs of ram, 10gb ssd and 100mbps down and up.

The technology OVH uses, all of their VPS ranges use the same or similar spec'd servers. CPU: E5-2687Wv3 Disks: PCIe NVMe SSDs Network: 100mbps down and up with DDoS Mitigation included for free Hypervisor: OpenStack Nova

How I was able to do it: I bought 2 VPSs. I bought a VPS Cloud 1 with the Windows Server option, and a CentOS 6 VPS SSD 1. I shrinked the partition down to 8.5GB in Windows, I then booted both into the recovery mode on both VPSs and used GParted to shrink the size of the Windows Server's VPS vdb2 down to 9 gigs so it would fit on the VPS SSD 1, and used SSHFS on a third VPS and dd to clone the MBR, vdb1 (Windows system) and vdb2 (Windows OS) files over to the SSD 1 VPS and rebooted and there you go.

Here is how you can do it for yourself, I am going to make it easy, and not charge for it, mainly because I would be violating a bunch of rules and terms of service agreements if I did that. For those of you new to OVH they have NEVER had a custom ISO option (unless you pay for IPKVM on their dedicated servers), so that is why this process is a bit more involved than usual, but shouldn't be hard at all as long as you follow the instructions.

Before we begin: Disclaimer about the distribution of Microsoft products.

I have provided a 100% product-key, activation free windows server 2012 R2 DD image of this VPS below, this image has no product keys inputted and is UNACTIVATED and 100% legal to distribute. Windows Server 2012 R2 will run for 30 days before complaining, however if you are a student in high school or College/University or post-secondary education you can get a free 1 year windows server 2012 R2 license through Microsoft DreamSpark which is available in many different countries.

I do plan to offer more versions such as Windows 7, Windows 8, Windows 10, Server 2016, Server 2003 R2, etc but for now this is all that we have and should be good enough as it's pretty much the standard for Windows Server deployments at the time of writing this.

Step 1. Head over to https://www.ovh.com/us/vps/vps-ssd.xml (if you are in a different country change that in the top right hand corner by clicking on the US flag.)

Step 2. Purchase the VPS SSD 1 for $3.49/month, click on order, on the next page pick your location, and then choose CentOS as your distribution and CentOS 6 64bit as your version. Then click on continue and complete the transaction and pay for it.

Step 3. Once the VPS has been activated, installed and set up by OVH and is visible in your manager, go ahead and click on "Rescue mode" and wait for the VPS to reboot into rescue mode. You will need patience, it'll take about 5 minutes to reboot into rescue mode and send you an email with the SSH login details.

Step 4. Install an SSH client like mRemoteNG if you are using windows or if you are on mac/linux open up a terminal and ssh root@(vps ip), this is assuming you've used SSH before.

Step 5. Once you are in the recovery-pro environment do the following commands in this order.

apt-get update

and press Y on any prompts you get, it is okay if you don't get a prompt or get an error, continue to the next step..

apt-get upgrade

and press Y on any prompts that you get, it is okay if you don't get a prompt or get an error, continue to the next step..

once that has finished, now do

apt-get install sshfs tmux

lsblk

and you should see the following

vda 254:0 0 10G 0 disk

└─vda1 254:1 0 10G 0 part /

vdb 254:16 0 10G 0 disk

├─vdb1 254:17 0 10G 0 part /mnt/vdb1

vda and vda1 that are 10 gigs in size is the temporary filesystem mounted for the use of the recovery mode, we aren't going to touch these, this has nothing to do with the VPS or it's filesystem. (This will vary depending on the VPS you're doing this on.)

vdb and vdb1 are the VPS's 10GB (or larger depending on your selected VPS) SSD, these are where we will be installing our image of Windows.

Basically what you want to do at this point is restore the dd file containing the windows image onto the VPS. To do this we'll do the following, first run these commands to make sure we have full access to everything on the disk.

umount /mnt/vdb1

rm -rf /mnt/vdb1

tmux

now we can restore the image. Keep in mind this will take well over an hour, so leave this running and go to something else until it finishes. The command to start this is

wget -O- 'http://192.99.235.192/FinalOVHServer2012R2VPSimage.img.gz' | gunzip -c | dd of=/dev/vdb

It will take around an hour or 2 for this to complete, so just relax and go and do something else whilst that happens, don't press or touch anything, you'll know when it's done when you see

root@rescue-pro:~#

and you are able to type stuff again, if you think it's frozen give it at least 2 hours, if it still hasn't completed by then reconnect and type "tmux attach-session" and you'll most likely find it's completed.

Once it's done go back to your OVH manager and press the "Reboot my VPS" button, the VPS will take a bit to reboot, and once it's done click on the KVM button and then "Open in a new window".

You should see before you the Windows Server 2012 login screen. Press the control alt delete button and type in TempPass123#* as the password, then you will be prompted to enter a new Administrator password for obvious security reasons, so enter yours and then press enter and if everything went well you should be booted to the desktop, and we are done!. Additional IPs, an additional disk, etc will all work, you can set those up by following OVH's own documentation under the Windows section.

Remote desktop connection is enabled by default and your VPS will obtain it's dedicated IP via DHCP as that is how OVH has their system set up.

I plan on making different images for different Windows installs, but for now this should be good enough.

Now what about other operating systems like FreeBSD, Solaris, etc? Well Solaris is out of the question as it has no VirtIO support which OVH's hypervisor requires, and I haven't tried FreeBSD using this method but I don't see why it wouldn't work.

Credits: https://wiki.archlinux.org/index.php/disk_cloning#Using_dd https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh https://kb.iu.edu/d/abbe https://www.vultr.com/docs/correcting-time-on-windows-server

This script is used to setup a scrambled(OpenVPN+Xor patch) VPN on any centos box with user interaction.Standard OpenVPN setup won't work in countries like China and Pakistan due to intensive censorship.

Source : http://lowendtalk.com/discussion/21539/tutorial-build-your-ultimate-scrambled-vpn

I wish to thank @halczy for posting the tutorial to setup the vpn and i used his tutorial as a source to create the bash script that i am going to share with you today.

Download link

https://drive.google.com/file/d/0B_s7n4-sdChARnpNeTJTTkVmQmM/edit?usp=sharing

Run the script on a fresh Centos 6 minimal Install

Requires root access

Setup Time : 2-5 mins

Tested with : Centos 6.x (Both 32 bit and 64 bit)

Script is fully opensource

How to install

Upload setup_vpn.sh to root directory.

Login to your server via ssh as root and type the following command

bash setup_vpn.sh

Wait for setup to complete

Once setup has completed login to SFTP via FileZilla to /root/client-files/

Download scrambled-client.ovpn on your computer and place the scrambled-client.ovpn in the config folder of your OpenVPN installation

Do NOT forget to patch the OpenVPN installation on your computer to be able to connect to your VPN. See the following post for more details: http://scramblevpn.wordpress.com/2013/09/28/build-patched-windows-openvpn-client/

After you patch your openvpn installation you should be able to connect

Njoy your VPN

1. OpenVPN with TCP 443 port.

2. OpenVPN over SSH tunneling.

3. OpenVPN over Shadowsocks.

4. OpenVPN over HTTP Proxy.

5. OpenVPN over SOCKS Proxy.

6. OpenVPN over TOR network.

7. OpenVPN over V2Ray.

8. OpenVPN over Stunnel.

These are the methods I know. What are the methods you know?

You are able to use this tool to view system information and test the network, disk of your Linux server by using the command as follows

wget -qO- bench.sh | bash

or

curl -Lso- bench.sh | bash

hi, im used templates for install OS in new ovh dedicated 2017. im install template, but later when try to join with RDP not possible, maybe this templates not have drivers network? im need windows 2008 r data center or enterprise, im try with this 2, but same problem with RDP, help me?

Hi, I want to know what I need to install this program MEmu on an server? Do I must have a dedicated server to be able to install it? or just an VPS.

Thanks in advance..

Hi!

I am looking for a tutorial to setting up a /24 manually. I tried searching and I can't find. If you know where I can find please help via centos 6 or 7

Situations like crashing mysql and its recovery seem to be painful situation somehow, initially we can try all possible solutions, yet if we have no luck, please try below solution

step 1:Start mysql by setting mysql force recovery in /etc/my.cnf

innodb_force_recovery = 1

Try it for the values 2 and 3 but, try with 1 for better

step 2Start mysql server

service mysql start

step 3 .List all mysql DB in the server and write it to a file

mysql -e 'show databases' > /tmp/dbinfo.txt

step 4 : Exclude the databses information_schema and performance_schema and

for i in grep -wv Database /tmp/dbinfo.txt | grep -v '\.' | grep -v information_schema| grep -v performance_schema ; do mysqldump $i > /home/mysql/backup/$i.sql; done

or

simply,

for i in cat /tmp/dbinfo.txt; do mysqldump --skip-lock-tables $i >/home/mysql/backup/$i.sql; done

step 5. stop mysql server

service stop mysql

step 6. move all ibdata file to another location, otherwise while restarting it will use the corrupted innodb data.

cd /var/lib/mysql

mv ibdata* /home/mysql/recovery/

and Remove or comment out  the  innodb_force_recovery in /etc/my.cnf and start the server.

step 7 start mysql server

service mysql start

step 8. Once the backups are completed, delete all databases on the server

step 9. Restore the DBs

for i in cat /tmp/dbinfo.txt ; do mysql --lock-tables=false $i < /home/mysql/backup/$i.sql ; done

------------------------------------------------------/////////////////////////----------------------------------------------------------

Short intro

Using VPN is an important part of nowadays privacy and blindly trusting even most recognized VPN providers may still represent some risks. People who already know that, prefer making and using their own solutions, such as buying VPS or dedicated servers and building VPN. Using Tor as a VPN exit point is a widely used scheme known for its anonimity benefits, but it can be achieved by different ways and each of them has different level of performance. I will quickly show the fastest one that I am very happy with.

Software and technology used

OpenVPN, Tor, HAProxy, transocks_ev or redsocks, Unbound, DNSCrypt.

Clients are connected to the OpenVPN instance and their default gateway is set to the OpenVPN server address. Their connections to the clearnet are transparently redirected to the Haproxy instance and balanced through several Tor instances afterwards, because using one Tor instance for that is a proven bad practice for achieving performance. Connections that are made to .onion services are not load-balanced as this requires packet mangling and more advanced configuration, for now we will keep it simple. Thus, basically the scheme is:

I will omit OpenVPN instance configuration here and my reasons are:

• it doesn't matter which tunneling software is used, you may prefer WireGuard or any other modern software to OpenVPN

• there are plenty of HOW-TO's exist already that can be found on Duckduckgo

• less unnecessary information in the article

As for transparent TCP->Socks5 redirector I use transocks_ev, because the current version of redsocks has some issues with recent versions of libevent and they remain unfixed. However, I will demonstrate examples for both, transocks and redsocks, so it's up to you which one to use.

Initial configuration

To avoid confusion in this article I decided to put all required daemons listening on 127.0.0.1. In practice you might create a separate loopback interface, because linux considers a packet as 'martian' when its destination is 127.0.0.1.

The following kernel parameters are needed to get everything working:

net.ipv4.ip_forward=1 # enable packet forwarding net.ipv4.conf.all.route_localnet=1 # this is only needed to permit routing packets to 127.0.0.1

Our VPN clients range: 10.11.1.0/24

Configuring Tor

We will make 2 groups of Tor instances: 1. One for resolving, mapping and accessing .onion domains.

# DNS port for resolving and mapping .onion domains to VirtualAddrNetworkIPv4 range
DNSPort 127.0.0.1:5301 
VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1

# TransPort is needed for transparent redirection 
TransPort 127.0.0.1:9041

You may use that with your system's default Tor instance, whose usual config location is /etc/tor/torrc

1. Several instances for making clearnet connections through Tor exits. I am using a cron script for bringing them up when they are not running.

   !/bin/bash

   TORBINARY=/usr/bin/tor BASEDIR=/tmp/.tor-nodes # you must change this to a more secure location PORTS=(9070 9071 9072 9073 9074 9075) # Socks5 ports to listen. A quantity of ports here defines the quantity of Tor instances

   if [ ! -d "$BASEDIR" ]; then mkdir $BASEDIR fi

   for port in ${PORTS[]} do IS_RUNNING=$(netstat -tlpn 2>/dev/null | awk '{print $4}' | sed 's/^.://' | grep "^$port\$") if [ ! $IS_RUNNING ]; then $TORBINARY -f /dev/null --allow-missing-torrc --defaults-torrc /dev/null --DataDirectory $BASEDIR/$port --SocksPort $port > /dev/null 2>&1 & fi done

Configuring Haproxy

global
    daemon
    maxconn 2048

defaults
    timeout connect 3000ms
    timeout client 0ms
    timeout server 0ms

frontend rotatingproxies
    mode tcp
    # the IP:port Haproxy will listen on
    bind 127.0.0.1:9999
    default_backend torproxies

backend torproxies
    mode tcp
    option persist
    # you should put all the ports defined in $PORTS array from 
    # the cron script we discussed in the previous section
    server tor1 127.0.0.1:9070 check
    server tor2 127.0.0.1:9071 check
    server tor3 127.0.0.1:9072 check
    server tor4 127.0.0.1:9073 check
    server tor5 127.0.0.1:9074 check
    server tor6 127.0.0.1:9075 check

Configuring transocks and redsocks

Either piece of software will "transform" our clients clearnet TCP traffic into Socks5 requests and redirect them to Haproxy.

I am using 'transocks_ev' (http://oss.tiggerswelt.net/transocks_ev/) fork instead of transocks due to livevent and updated code. libevent library is required for it. Get & compile it with: git clone https://github.com/tiernano/transocks_ev ; cd transocks_ev ; make

Now just make another cron script for it and add to cron:

#!/bin/bash
TRANSOCKS_DIR="/opt/transocks" # you should define your own here
PROCTEST=$(pgrep -f transocks_ev)

if [ -z "$PROCTEST" ]; then
    $TRANSOCKS_DIR/transocks_ev -H 127.0.0.1 -p 9035 -S 127.0.0.1 -s 9999 
fi

It will now listen on 127.0.0.1:9035 for TCP connections. We still need to point all our clients to that port and iptables rules will be discussed at the end of this tutorial.

Now, as I promised, the alternative config for redsocks with the same function:

base {
 log_debug = off;
 log_info = off;
 daemon = on;
 user = redsocks;
 group = redsocks;
 redirector = iptables;
}

redsocks {
 local_ip = 127.0.0.1;
 local_port = 9035;
 ip = 127.0.0.1;
 port = 9999;  // haproxy
 type = socks5;
}

Configuring DNSCrypt

Tor's DNSPort is able to resolve all the clearnet requests as well, but it is very slow and gives significant decrease in performance. DNSCrypt is a compromise between security and performance, though providers for our DNS requests should be selected carefully, because some of them may store logs. Full list of them can be found on (https://dnscrypt.info/public-servers), alternatively, you may host a DNSCrypt server by yourself.

ResolverName bn-nl0
ResolverName d0wn-nl-ns4
ResolverName scaleway-fr
Daemonize yes

# DNSCrypt will listen on this port
LocalAddress 127.0.0.1:5399

Configuring Unbound

Unbound will listen on 127.0.0.1:53 and act as a router for domain names. .onion domains will be resolved by our main Tor instance, that is listening on 127.0.0.1:5301. Everything else will be resolved through dnscrypt-proxy.

server:
    access-control: 10.0.0.0/8 allow
    access-control: 127.0.0.0/8 allow
    access-control: 192.168.0.0/16 allow
    cache-max-ttl: 14400
    cache-min-ttl: 900
    hide-identity: yes
    hide-version: yes
    interface: 127.0.0.1 # Unbound will listen as a DNS resolver on the port 53
    minimal-responses: yes
    prefetch: yes
    rrset-roundrobin: yes
    use-caps-for-id: yes
    verbosity: 0
    do-not-query-localhost: no
    local-zone: "onion." nodefault
    local-zone: "." nodefault

    forward-zone:
        name: "onion"
        forward-addr: 127.0.0.1@5301 # this is our main Tor DNSPort
        forward-first: no
    forward-zone:
        name: "."
        forward-addr: 127.0.0.1@5399  # this is our dnscrypt-proxy instance port

Glue everything together with iptables

Now, everything we have configured above won't work without proper iptables rules.

Firstly, add a rule that redirects all outbound UDP requests made by clients to port 53 to Unbound's 53. -A PREROUTING -i tun0 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:53

.onion resolved domains will be mapped to 10.192.0.0/10 range, thus we redirect this range to our main Tor instance -A PREROUTING -d 10.192.0.0/10 -i tun0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9041

The restant clearnet connections will be redirected to transocks or redsocks. -A PREROUTING -i tun0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9035

It's everything and your ultra-fast VPN should be working now. Sorry if I have disappointed you because you were expecting 100500 lines of boring configurations, along with examples using a 'sudo' command.

Bottom line I am using this configuration for 2 years already and it has become best for me among many other configurations I've been using in the past. Please share your own practice and experience as I am very eager to learn other ways of realizing this task.

This tutorial is special for LET.

DDos attacks are one of the major dilemmas among hosting world, We used to get attacks from china recently and implementing below rules could prevent ddos.

1. Need to create a bash file with below script

denychina.sh(any name)

ipset -N china hash:net

rm cn.zone

wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone

for i in $(cat /root/cn.zone ); do ipset -A china $i; done

iptables -I INPUT -p tcp -m set --match-set china src -j DROP

ipset // is a command utitlity comes along with ipconfig, we can set specific rules with this command

-N // indicates name of the set of rules

rm cn.zone // remove any existing zone configured

wget // Download the latest Chinese ips form ipdeny.com

-----------apply the for loop for adding ips to the hash set "china"------------------------

----------apply iptables command to block ips which match the condition in 'china' ipset------------

Last Step

Run the bash script

sh denychina.sh

=================If you wish to unblock the rules/ips in the future, simply create another file or in the same file , edit the last line to the following

iptables -D INPUT -p tcp -m set --match-set china src -j DROP

The -D option will delete the china of rules that we implemented.

==========================###############================================

These are pretty simple and advanced users may not be interested, however they can get beginners or those wishing to switch away from their current control panel a quick idea of what Webuzo offers. I have used many control panels and this is a good one (NOTE: there is NO reseller option I can see): https://www.youtube.com/playlist?list=PLGRgrAAYBcFkmSnFju_MadWCvHE3WznEV

This is bit old tutorial I found it here as the original page expired I'll repost it in case could help someone else ... first down this tool wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/tb-tun/tb-tun_r18.tar.gz Extract

tar xzf tb-tun_r18.tar.gz

run it directly : Chang Server4IPwith tunnel broker server IP MyIP4with your vps IPv4 (if using NAT use your internal IP )

setsid ./tb_userspace tb0 Server4IP MyIP4 sit > /dev/null

startup the new network

ifconfig tb0 up

now Add IPv6 you got from tunnel broker (change the Numbers )

ifconfig tb0 inet6 add 2000:470:e765:76::/64

ifconfig tb0 mtu 1480

Now Use the tunnel broker as the default route for IPv6:

route -A inet6 add ::/0 dev tb0

credit

http://web.archive.org/web/20140716230417/http://wiki.nyr.bz/ipv6_tunnel_broker_openvpn_openvz

Many of us using Magento websites nowadays.Magento is the leading e-commerce platform and it is a large open source .

Here are some suggestions to improve the performance of Magento sites

System Requirement

It is imperative to select a Magento specialized hosting provider with good server configuration and a satisfying installed version of Magento system requirement.

Enable Magento Cache

System –> Cache Management, Click “Select All” and choose “Enable” under “Actions”.

**Implement Content Delivery Network **(CDN)

We can use CDN with Magento store. It will help your website’s static contents (Images, JavaScripts, CSS, etc) to be delivered from the nearest CDN Edge Server when users are accessing it.

**Implement Magento Full Page Cache **

There is Full Page Cache which ppays and important role in magento websites. LiteMage cache and Extendware Full Page Cache,varnish cache are full page cache options for the Magento sites. It helps to cache the static contents of the website and reduce the loading time.

Enable Frontend Flat Catalog

Frontend Flat Catalog is especially useful when you have a large store with a lot of products.

Enable Log Cleaning

Configuration >> Advanced >> System >> Log Cleaning then Choose Yes to “Enable Log Cleaning”.

Consider reducing “Save Log, Days” as well. The Magento logs can grow to a very large size over time and this will seriously affect performance, which is why log cleaning must be enabled to keep it in control. It is imperative to enable Magento Cron job in order to run the log cleaning properly.

Merge JavaScript and CSS Files

Configuration >> Advanced >> Developer >> JavaScript Settings/CSS Settings

Choose Yes for both “Merge JavaScript Files”

and Merge CSS Files.

Disable Mage_Log

Disabling Mage_Log will improve performance, also magento logs won't help much, which will significantly reduce the queries to the MySQL database and thus speed up loading time.

Enable Compilation

System –> Tools –> Compilation, Click “Run Compilation Process”.

This compiles all files of a Magento installation to make one embody path to extend performance. Disable Magento Compiler before making any changes to the website like adding a replacement extension or initiating upgrade/downgrade/installation or removal of any Magento module.

GZip Compression

Enable the Gzip compression by uncommenting the rules in the .htaccess file so that it compresses the web pages and style sheets before sending them over to the browser.

Expire Headers

This helps to request the files from the browser cache and reduce the loading time.

Use Fewer Extensions/Modules

It is better to use fewer extensions/modules with Magento to improve the site performance. Some Magento extensions/modules reduce the site performance and slow down sites. If the site is slow, try to disable the extensions/modules one by one and find which is causing the issue

Optimize images

Optimize all site images and reduce the size and that will help to improve the website speed.

Defer loading of JavaScript

It is not necessary to load and execute all the scrips in the initial page render. So, deactiavate the JavaScripts after the initial render or after other critical parts of the page have finished loading. This will help to reduce resource contention and improve performance.

Minify JavaScript

Minify the JavaScripts to reduce their space and speed them up. Check with your web designer or theme developer as it may break the website for some themes or make conflict issue with the JS/Jquery theme and modules.

Minify CSS

Minify the CSS to reduce their space and speed them up. Check with your web designer or theme developer as it may break the website for some themes.

You are able to use this tool to view system information and test the network, disk of your Linux server by using the command as follows

wget -qO- bench.sh | bash

or

curl -Lso- bench.sh | bash

hi, im used templates for install OS in new ovh dedicated 2017. im install template, but later when try to join with RDP not possible, maybe this templates not have drivers network? im need windows 2008 r data center or enterprise, im try with this 2, but same problem with RDP, help me?

Hi, I want to know what I need to install this program MEmu on an server? Do I must have a dedicated server to be able to install it? or just an VPS.

Thanks in advance..

Hi!

I am looking for a tutorial to setting up a /24 manually. I tried searching and I can't find. If you know where I can find please help via centos 6 or 7

Software: 3proxy.

HTTP proxy setup with SSL support.

OS: Debian or Ubuntu.

1. sudo apt-get install gcc make

2. wget https://github.com/z3APA3A/3proxy/archive/0.8.9.tar.gz

3. tar -xvzf 0.8.9.tar.gz

4. cd 3proxy-0.8.9

5. make -f Makefile.Linux

6. cd src

7. mkdir /etc/3proxy/

8. mv 3proxy /etc/3proxy/

9. cd /etc/3proxy/

10. nano 3proxy.cfg

    nserver 80.80.80.80

    nserver 80.80.81.81

    nscache 65536

    timeouts 1 5 30 60 180 1800 15 60

    users $/etc/3proxy/.proxyauth

    daemon

    log /dev/null

    authcache user 60

    auth strong cache

    deny * * 127.0.0.1,192.168.1.1

    allow * * * 80-88,8080-8088 HTTP

    allow * * * 443,8443 HTTPS

    proxy -n -p80 -a

    admin -p3200

chmod 600 /etc/3proxy/3proxy.cfg

1. nano .proxyauth

   user:CL:password

   user1:CL:password1

   user2:CL:password2

chmod 600 /etc/3proxy/.proxyauth

1. cd /etc/init.d/

nano 3proxyinit

case "$1" in
   start)
       echo Starting 3Proxy

       /etc/3proxy/3proxy /etc/3proxy/3proxy.cfg
       ;;

   stop)
       echo Stopping 3Proxy
       /usr/bin/killall 3proxy
       ;;

   restart|reload)
       echo Reloading 3Proxy
       /usr/bin/killall -s USR1 3proxy
       ;;
   *)
       echo Usage: \$0 "{start|stop|restart}"
       exit 1
esac
exit 0

chmod +x /etc/init.d/3proxyinit

1. reboot The machine will restart.

2. /etc/init.d/3proxyinit restart

Finish. Use port 80. Works in China, Iran and Pakistan.

ISPs in high authorian regimes such as in China , Iran and Pakistan can easily detect and block standard VPN traffic.This bash script automatically install OpenVPN and Obfsproxy to obsfucate openvpn traffic making it very difficult to detect and block.At the time of this writing this method successfully bypasses current firewalls and internet filters.

This script is a major upgrade from the [old one i coded in 2014].(https://www.lowendtalk.com/discussion/23555/scrambled-openvpn-auto-installer-script).

Changelog :

• Uses a completely new method ( OpenVPN + obfsproxy) that requires no patching making it very easy to update via yum.

• OpenVPN config has been upgraded to meet current security standards

• Added compatibility with cloud platforms like Google Compute Engine

As always it is fully opensource and i welcome contributions via github.

Github : https://github.com/khavishbhundoo/obfsproxy-openvpn

I hope you guys will like it and use it ....

Regards, Khav

Hi!

First and foremost, I wish to state that I do not have extensive knowledge in the matters of what I am sharing here. I am writing this a form of documentation of the processes I went through and decided to share it to those who are interested.

Introduction

That said, in this post, I am going to share the way I setup my OpenVPN on my VPS with IPv6 enabled which assigns public IPv6 addresses to clients connected to it. This is perfect for people who want a public IPv6 address but do not have native IPv6 on their internet connection. You will need a VPS which has an IPv6 subnet (a /64 will do just fine). It does not matter if it is 'routed' to you or you need to manually assign addresses from within the VPS control panel such as SolusVM. In my case, it is the latter. If you use a tunnel broker service such as Hurricane Electric's Tunnel Broker [1], you may refer to this guide [2] (it is an inspiration for this guide as well). As for IPv4, either public or NAT address works just fine.

In addition, since OpenVPN traffic is distinguishable from normal HTTPS traffic that setting up OpenVPN on port 443 would not be able to fool some advanced firewalls, I will also be sharing how I encapsulate the OpenVPN traffic in HTTPS using a combination of TLS/SSL tunneling application and a protocol multiplexer application so that passive firewalls (which just observe traffic as compared to an active firewall which probes the connection; refer to this relevant information [3]) would not be able to tell that the payload is the OpenVPN traffic.

Since we are using a protocol multiplexer which supports connection to multiple protocol under a single HTTPS connection and directs the traffic based on their pattern, we are going to install a simple web server as well that is running on port 443 (or any port of your choosing) so that -- for instance -- if people are curious about the connection and decide to enter the VPS IP using a browser will be connected to the web server instead of the OpenVPN server.

As a bonus, inspired by an iptables tutorial [4], we are also including a few iptables rules for the purposes of port forwarding to be used by our OpenVPN clients just in case they wish to have the ability to bind a port so the outside world may connect to them using IPv4. If you are using a NAT VPS, these ports will be made available to you by your host. As for IPv6 this is not necessary as we are assigning globally routable addresses for them.

This guide is based on my OS install which is Debian 9 (Stretch) on a KVM platform. Your mileage may vary depending on your OS and virtualisation technology. I apologise as I might be unable to help if your setup is different than what I have.

Please note that all commands need to be run as root.

The application and script we will be using are:

• OpenVPN [5] (using Nyr's script [6])
• sslh [7]
• stunnel [8]
• nginx [9]

Steps

1. Add a subnet from our /64 (for example a /112) for our OpenVPN server. This will be dependent upon two things:

   [1a] If you have a 'routed' /64 (that is, the provider routed a subnet directly to your single /64 address), then you do not have to do anything on this stage.

   [1b] If your /64 is assigned to a control panel such as SolusVM (as with the case of many providers), then you will need to manually add the addresses from within the panel. You will need to add three types of address (let us assume our /64 subnet is 2001:0db8:85a3:1ab2::/64):

   • Main VPS address: This one you can just assign any address from your /64 as it will be used as the primary IPv6 address of your VPS. Example in our scenario: 2001:0db8:85a3:1ab2::1

   • Main OpenVPN server address: In our case, we choose a /112 subnet and assigned a primary IP to be used as the main OpenVPN server address. For example, as the subnet for our VPS is 2001:0db8:85a3:1ab2::/64, we are going to assign 2001:0db8:85a3:1ab2:0:0:2b1a::/112 for OpenVPN. With that, we choose 2001:0db8:85a3:1ab2:0:0:2b1a:1 as the main OpenVPN server address, so we add that IP to SolusVM.

   • OpenVPN clients addresses: By default, OpenVPN assigns addresses from :1000 (example: 2001:0db8:85a3:1ab2:0:0:2b1a:1000). This one depends on your preference. If you have five clients, then add :1000 until :1004. Please note that IPv6 uses hexadecimal addressing, so if you add 11 clients, the 10th client would be :1009 and the 11th client would be :100a (followed until :100f, then :1010, and so on). Note also the subnet. In our case, it is a /112, so we need to add ::2b1a:1000, ::2b1a:1001, and so on in the control panel.

   For this guide, we are going to assume we have the following IP information:

       VPS IPv4 IP: 8.8.8.100
       VPS IPv4 NM: 255.255.255.0
       VPS IPv4 GW: 8.8.8.1
   
       VPS IPv6 IP: 2001:0db8:85a3:1ab2::1
       VPS IPv6 NM: /48
       VPS IPv6 GW: 2001:0db8:85a3::1
   
       OVPN IPv4 IP: 10.8.0.1 (server)
                     10.8.0.2 and above (clients)
       OVPN IPv4 NM: /24
   
       OVPN IPv6 IP: 2001:0db8:85a3:1ab2:0:0:2b1a:1 (server)
                     2001:0db8:85a3:1ab2:0:0:2b1a:1000 and above (clients)
       OVPN IPv6 NM: /112
   

   Please refer to the information provided by your host regarding gateway and netmask settings, especially for IPv6.

2. Apply the IP information to our /etc/network/interfaces file. Please take note the interface name (check using "ip addr" command; in my case it is "enp0s3") I prefer to rewrite the file using this template:

   source /etc/network/interfaces.d/*
   
   auto lo
   iface lo inet loopback
   iface lo inet6 loopback
   
   auto enp0s3
   iface enp0s3 inet static
           address 8.8.8.100
           netmask 255.255.255.0
           gateway 8.8.8.1
   iface enp0s3 inet6 static
           address 2001:0db8:85a3:1ab2::1
           netmask 48
           gateway 2001:0db8:85a3::1
   

3. Edit your /etc/resolv.conf to include both IPv4 and IPv6 DNS addresses. In my case it is Google DNS:

   nameserver 8.8.8.8
   nameserver 8.8.4.4
   nameserver 2001:4860:4860::8888
   nameserver 2001:4860:4860::8844
   

4. Install OpenVPN using Nyr's script [6]. During setup, choose TCP and not UDP. You may choose any port (I suggest the default port) but if you use NAT VPS, please use the provided port by your host and take note of it.

5. Add these lines to the end of /etc/openvpn/server.conf file (note the OpenVPN /112 subnet and the VPS IPv4 address):

   server-ipv6 2001:0db8:85a3:1ab2:0:0:2b1a::/112
   push "redirect-gateway-ipv6 def1 bypass-dhcp-ipv6"
   push "route-ipv6 2000::/3"
   push "route 8.8.8.100 255.255.255.255 net_gateway"
   

   You may need to push an IPv6 route to your /64 (I do not apply it but some tutorials include this, so if you have IPv6 problems later on, you might need to add it):

   push "route-ipv6 2001:0db8:85a3:1ab2::/64"
   

   If you need to push IPv6 DNS, add:

   push "dhcp-option DNS6 2001:4860:4860::8888"
   push "dhcp-option DNS6 2001:4860:4860::8844"
   

   If you wish for the clients to be able to connect each other through the internal OpenVPN network, add:

   client-to-client
   

   Restart the OpenVPN server using "systemctl restart openvpn@server.service".

6. Add these lines to the end /etc/sysctl.conf file:

   net.ipv6.conf.all.forwarding = 1
   net.ipv6.conf.all.proxy_ndp = 1
   

   Then, run "sysctl -p".

7. In Debian 9, /etc/rc.local is no longer supported (replaced by systemd). As Nyr's script is still using /etc/rc.local to implement some iptables rules and we are also going to use it to include our own iptables rules, we need to enable it. Following the guide on [10], we can enable it as a systemd service.

   First, create /etc/systemd/system/rc-local.service file with this:

   [Unit]
   Description=/etc/rc.local Compatibility
   ConditionPathExists=/etc/rc.local
   
   [Service]
   Type=forking
   ExecStart=/etc/rc.local start
   TimeoutSec=0
   StandardOutput=tty
   RemainAfterExit=yes
   SysVStartPriority=99
   
   [Install]
   WantedBy=multi-user.target
   

   Run "systemctl enable rc-local.service" and "systemctl start rc-local.service".

8. As our OpenVPN server assigns global addresses to clients, we need to instruct our VPS to add NDP proxy to the OpenVPN IPv6 addresses (refer to [11]). Create a file in your home directory (/root) called openvpn-rules.sh containing this:

   #!/bin/bash
   
   echo -e "ip -6 neigh add proxy 2001:0db8:85a3:1ab2:0:0:2b1a:1 dev enp0s3"
   
   for i in {0..5}; do
       echo -e "ip -6 neigh add proxy 2001:0db8:85a3:1ab2:0:0:2b1a:$(printf %x $(($i+0x1000))) dev enp0s3"
   done
   

   Change {0..5} accordingly to suit your needs. For example, we have six IPv6 addresses assigned to clients.

   If you have a 'routed' subnet, then you may skip this step (no need for NDP).

9. To allow port forwarding for your clients, add these lines in the same file (/root/openvpn-rules.sh):

   for i in {0..5}; do
       echo -e "iptables -t nat -A PREROUTING -p tcp --dport $((10000+$i+2)) -j DNAT --to 10.8.0.$(($i+2)):$((10000+$i+2))"
       echo -e "iptables -A FORWARD -d 10.8.0.$(($i+2)) -p tcp --dport $((10000+$i+2)) -j ACCEPT"
   done
   

   Please adjust {0..5} accordingly to align with the NDP proxy lines. In the case above, our base port is 1000. I had offset the number by 2, so it will align the internal IPv4 address of the clients. So, the server will assign the ports as such:

   10.8.0.2 -> 10002
   10.8.0.3 -> 10003
   [...]
   

10. The commands above, when made executable and executed, will not run as I had made it to only echo the output (just a preference; you may edit it so it runs directly).

    That said, we need to run openvpn-rules.sh and output it to a text file which we will later add to /etc/rc.local file.

    # chmod +x /root/openvpn-rules.sh
    # /root/openvpn-rules.sh > /root/openvpn-rules_output.txt
    

    Verify the contents of the openvpn-rules_output.txt as such:

    # cat /root/openvpn-rules_output.txt
    
    ip -6 neigh add proxy 2001:0db8:85a3:1ab2:0:0:2b1a:1 dev enp0s3
    ip -6 neigh add proxy 2001:0db8:85a3:1ab2:0:0:2b1a:1000 dev enp0s3
    ip -6 neigh add proxy 2001:0db8:85a3:1ab2:0:0:2b1a:1001 dev enp0s3
    ip -6 neigh add proxy 2001:0db8:85a3:1ab2:0:0:2b1a:1002 dev enp0s3
    ip -6 neigh add proxy 2001:0db8:85a3:1ab2:0:0:2b1a:1003 dev enp0s3
    ip -6 neigh add proxy 2001:0db8:85a3:1ab2:0:0:2b1a:1004 dev enp0s3
    ip -6 neigh add proxy 2001:0db8:85a3:1ab2:0:0:2b1a:1005 dev enp0s3
    iptables -t nat -A PREROUTING -p tcp --dport 10002 -j DNAT --to 10.8.0.2:10002
    iptables -A FORWARD -d 10.8.0.2 -p tcp --dport 10002 -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp --dport 10003 -j DNAT --to 10.8.0.3:10003
    iptables -A FORWARD -d 10.8.0.3 -p tcp --dport 10003 -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp --dport 10004 -j DNAT --to 10.8.0.4:10004
    iptables -A FORWARD -d 10.8.0.4 -p tcp --dport 10004 -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp --dport 10005 -j DNAT --to 10.8.0.5:10005
    iptables -A FORWARD -d 10.8.0.5 -p tcp --dport 10005 -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp --dport 10006 -j DNAT --to 10.8.0.6:10006
    iptables -A FORWARD -d 10.8.0.6 -p tcp --dport 10006 -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp --dport 10007 -j DNAT --to 10.8.0.7:10007
    iptables -A FORWARD -d 10.8.0.7 -p tcp --dport 10007 -j ACCEPT
    

11. Run the text file from /etc/rc.local file. Add this line in /etc/rc.local before "exit 0".

    bash /root/openvpn-rules_output.txt
    

12. I suggest that you reboot your VPS and test your connection to the OpenVPN with your desktop and/or phone using the generated client file (transfer the .ovpn file to your device). Ensure that everything works well, including the port forwarding. Use applications such as netcat [12] to test it (one tutorial can be found here [13]).

    Check whether port forwarding is setup correctly by using netcat and verifying it with external sites like this [14].

    If everything works, we can go on to the next phase, which is to setup HTTPS encapsulation.

13. Install stunnel4 and sslh ("apt-get install stunnel4 sslh"). Choose "inetd" when presented with the configuration of sslh.

14. Generate a self-signed certificate [15]. You may use services such as Let's Encrypt but I find it easier to just use a self-signed certificate. In this instance, we are generating a 2048-bits certificate with 10 years validity. Change according to your needs.

    # openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes
    # cat key.pem cert.pem > fullcert.pem
    # cp fullcert.pem /etc/ssl/private/.
    # chmod 600 /etc/ssl/private/fullcert.pem
    

15. Configure stunnel4 and sslh on the VPS.

    Create /etc/stunnel/stunnel.conf file containing this:

    [sslh]
    accept = 443
    cert = /etc/ssl/private/fullcert.pem
    exec = /usr/sbin/sslh
    execArgs = sslh -t 5s -i --http 127.0.0.1:80 --openvpn 127.0.0.1:1194
    

    Edit /etc/default/stunnel4 file and change "ENABLED=0" to "ENABLED=1".

    Run "systemctl restart stunnel4.service".

    Reboot just to be on the safe side.

16. Install stunnel4 on your computer or phone. Setup the configuration file (create /etc/stunnel/stunnel.conf file if you are on Linux; edit it from within the stunnel application if you are on Windows):

    [sslh]
    client = yes
    accept = 8443
    connect = 8.8.8.100:443
    

    "accept = 8443" can be any port number that is available on your computer or phone.

    Reload the configuration file by running "systemctl restart stunnel4.service" on Linux or choose the menu "Reload configuration file" on Windows.

    If you use Android, you can use the SSLDroid [16] application with the following configuration:

    Tunnel name: (Anything)
    Local port: 8443
    Remote host: 8.8.8.100
    Remote port: 443
    

17. Create a copy of the .ovpn file with the necessary changes to connect to the OpenVPN server through stunnel.

    Change "remote 8.8.8.100 1194" line in our copy of client .ovpn file to "remote 127.0.0.1 8443".

18. We may now connect to the OpenVPN server using the second profile if we wish to connect through 443 and the first profile for a direct connection. It is recommended to use direct connection whenever possible so that we do not add unnecessary overhead by having two forms of encryption.

    Check IPv4 and IPv6 connectivity with sites like [17], [18] and [19].

    Please note if you use Windows, you may need to configure Windows Firewall to allow ICMP ping (I just disable Windows Firewall; I know it is bad but I am okay with it). Refer to this guide [20]. Follow similar steps if you use other firewalls.

    Test reachability of clients's IPv6s address by going to ping sites like this [21].

Well, that is about it! This guide is written in one go, so I apologise for any mistakes and oversight I may have made.

Good luck and enjoy your OpenVPN connection!

References:

[1] https://tunnelbroker.net/ [2] https://lasse-it.dk/2015/08/how-to-setting-up-openvpn-with-individual-public-ipv6s-for-clients/ [3] https://serverfault.com/a/681497 [4] https://www.systutorials.com/816/port-forwarding-using-iptables/ [5] https://openvpn.net/ [6] https://github.com/Nyr/openvpn-install [7] http://www.rutschle.net/tech/sslh.shtml [8] https://www.stunnel.org/ [9] https://nginx.org/en/ [10] https://www.linuxbabe.com/linux-server/how-to-enable-etcrc-local-with-systemd [11] https://unix.stackexchange.com/a/136819 [12] http://nc110.sourceforge.net/ [13] http://www.binarytides.com/netcat-tutorial-for-beginners/ [14] http://www.canyouseeme.org/ [15] https://stackoverflow.com/a/10176685 [16] https://play.google.com/store/apps/details?id=hu.blint.ssldroid&hl=en [17] http://ipv6-test.com/ [18] http://test-ipv6.com/ [19] http://ds.testmyipv6.com/ [20] https://technet.microsoft.com/en-us/library/cc749323(v=ws.10).aspx [21] http://centralops.net/co/