In this tutorial, we will guide you through the installation process of Ocserv on Debian which is a VPN server that allows clients to connect securely to remote networks using the SSL/TLS protocol.
Before installing Ocserv, it is always good practice to update and upgrade the system to ensure that all packages are up-to-date.
To do this, open the terminal and run the following command:
sudo apt update && sudo apt upgrade
Ocserv requires some packages to be installed on the system before it can be installed.
We will install these packages by running the following command:
sudo apt install ocserv net-tools iptables ufw libgnutls28-dev libkrb5-dev gperf build-essential pkg-config autoconf automake libpam0g-dev libev-dev libopts25-dev libnl-route-3-dev libseccomp-dev
In this step, we will download and install Ocserv from the official website.
To download the latest version of Ocserv, run:
wget http://www.infradead.org/ocserv/download.html -O ocserv.tar.xz
Once the download is complete, extract the archive using the tar
command:
tar -xf ocserv.tar.xz
Change into the extracted directory:
cd ocserv-*
Now, execute the configure
script:
./configure
Then, build and install the source code:
make && make install
After installing Ocserv, it needs to be configured to enable the SSL/TLS connection protocol.
The configuration file is located in /etc/ocserv/ocserv.conf
.
Open the configuration file using your preferred text editor:
sudo nano /etc/ocserv/ocserv.conf
Within this file, make sure to set the following parameters:
Once you have made the necessary changes, save and close the file.
To enable clients to connect to the VPN server, we need to allow the necessary ports through the firewall.
By default, Ocserv uses port 443 for communication, which is the same port used by HTTPS.
We will allow incoming connections on port 443 by running the following command:
sudo ufw allow 443/tcp
In addition, we need to enable IP forwarding, which is required for VPN clients to be able to access the internet:
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
Finally, we need to configure NAT (Network Address Translation) to allow VPN clients to access the internet.
To configure NAT, we need to create a new file in /etc/ufw/before.rules
. Open the file for editing:
sudo nano /etc/ufw/before.rules
Add the following lines at the end of the file:
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.10.10.0/24 -o [internet interface name here] -j MASQUERADE
COMMIT
Be sure to replace [internet interface name here]
in the third line above with the name of your internet-facing network interface.
Save and close the file.
Finally, restart ufw
for the changes to take effect:
sudo systemctl restart ufw
Before clients can connect to the VPN, we need to start the Ocserv service.
Run the following command to start the service:
sudo systemctl start ocserv
To check if the service has started successfully, run the following command:
sudo systemctl status ocserv
If the service is up and running, the output should indicate so.
You have successfully installed Ocserv on Debian and configured it to allow secure client connections to your remote server through an SSL/TLS connection.
If you want to self-host in an easy, hands free way, need an external IP address, or simply want your data in your own hands, give IPv6.rs a try!
Alternatively, for the best virtual desktop, try Shells!