All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Howto provide Automated vpn service?
Hi,
I would like to buy a dedicated server and provide free vpn service to my home country where twitter / facebook gets blocked sometimes. They also tend to block most p0rn sites, and some.
Although I'm not planning to work with government in case of inquiries, I probably should do some logging in case of abuse.
I also want to understand how major vpn providers like HMA doing it.
I'm playing with softether recently. With SecureNat disabled, it performs well. It also supports multi protocol and free.
If I understand correctly, to do logging, one must forward all port 80 / 443 requests to a transparent proxy. Port 80 is easy but https is not (and perhaps not necessary?). With iptables it can be done where transparent proxy squid can log http requests along with internal IP.
Or, perhaps there is a ready to use software package for this? Like iRedmail for mail server? Of course I'm not looking for a commercial solution as I'm not planning to make money over it.
Before I forget, there must be some way to prevent bandwidth abuses and perhaps block p2p usage aswell. IPtables could block ports for torrents perhaps, maybe block smtp port too. But how can QoS be applied and prevent high bandwidth (and cpu) usage without limiting surfing speed constantly? For example, my asus router uses QoS 0-512 kb = High, 512 kb - (unlimited) = low. Of course 512kb won't cut it, perhaps, up to 4 mbyte no speed limit, after 4 mbyte = speed limit or lowest priority for a single connection.
Any suggestions? Thanks.
Comments
I do not have much experience in this but I had done some research as I was eager to start VPN business like you.
You will need to use FreeRadius on your server and to automate it with WHMCS you can use the WHMCS module: http://docs.whmcs.com/FreeRadius_Addon_Module
I did not manage to get time to actually try this blend and do testing.
Keep us updated.
Also if you want to provide free access to only those sites, or only to websites, a transparent proxy would be better than a client I think. Otherwise it is troublesome to block p2p, keep logs etc.
Or you can disable known p2p trackers in your hosts file/dnsmasq.
Unfortunately, Turkey (my homecountry) has internet filtering software and they can inspect packets realtime so a proxy won't provide anonymity.
Also, public proxies can be used for spammer bots which would increase abuse emails.
You could always use Tor instead of VPN
Or is that blocked,too?
Tor is damn too slow. It is infamous due to deep web.
Managing a VPN network is not easy though. You will have to block access to many stuff including mail, p2p and some other services.
Softether with dnsmasq is powerful. But I don't know of any automation method for it and if I remember correct, it doesn't support Radius as well.
You're from Turkey? I suspected as well.
VPN sure does work. But you can check shadow proxy and likes of it as well. As much as I remember that even works in China.
I was looking for something similar since the pr0n ban in India, I am providing free IPSec/L2TP VPN to friends using this script temporarily https://github.com/philplckthun/setup-simple-ipsec-l2tp-vpn Do reply here if you manage to find one.
It seems softether supports radius.
https://www.softether.org/4-docs/1-manual/2._SoftEther_VPN_Essential_Architecture/2.2_User_Authentication#Authentication_Using_RADIUS_Server
However, I never used radius before. I was thinking php / mysql database for login details.