Step 1: Install OpenVpn to your slice(VPS on the SliceHost)!

As usual, we can install it either source or binary. I have installed it with binary via aptitude the built-in dpkg of the Ubuntu(well, I installed the image Ubuntu 8.04.2 LTS – hardy on my VPS).

install openvpn via dpkg

aptitude install openvpn

install openvpn via source

cd ~/sources #or your favor places to put source files always
wget http://openvpn.net/release/openvpn-2.0.5.tar.gz
tar -jxv -f openvpn-2.0.5.tar.gz
cd ./openvpn-2.0.5
./configure --with-lzo-headers=/usr/local/include --with-lzo-lib=/usr/local/lib --with-ssl-headers=/usr/local/include/openssl --with-ssl-lib=/usr/local/lib # please install lzo and openssl first
make
make check
make install

Step 2: PKI Configure and Keys Generated


cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/open/vpn
sudo -i #if you are not login as root but have sudo permitted as root
cd /etc/openvpn/easy-rsa/2.0
./vars #if it doesn't work, try [sh ./vars] or use the export command
./clean-all
./build-ca
./build-key-server server #change server to yours
./build-key username #set username here
./build-dh
openvpn --genkey --secret ta.key #find more about this comment in sample file server.conf
exit

You needn’t and shouldn’t to run clean-all and build-ca at the next time when you wanna add more user or server.

Step 3: Config the server.conf for OpenVPN


sudo cp /usr/share/doc/openvpn/example/sample-config-files/server.conf /etc/openvpn/
sudo vim /etc/openvpn/server.conf

It’s a good idea to read the comment in the server.conf. We have to uncomment the following settings.

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server x.x.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS x.x.x.x" #try to find it via comment cat /etc/resolv.conf
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/2.0/keys/ta.key 0
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3


Step 4: iptable if you have set firewall


sudo vim /etc/iptables.test.rules
# then add the following lines into your test rules
*nat
-t nat -A POSTROUTING -s x.x.0.0/24 -o eth0 -j MASQUERADE # x.x.0.0 should be identical with the one in your server.conf file
COMMIT
*filter #it may have already
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -o tun+ -j ACCEPT
-A INPUT -p udp --dport 1194 -j ACCEPT
.....
your origin chains
....
COMMIT
sudo iptables-restore < /etc/iptables.test.rules
sudo iptables -L
#.....output for your review
sudo -i
iptables-save > /etc/iptables.up.rules
exit


Step 5: VPN Client

Install OpenVPN on your local computer as well basically.
Copy the files ca.crt、ta.key、username.crt、username.key, they are lying in the folder /etc/openvpn/keys/. Please be aware of that the copy should in the ssh tunnel to keep it’s secret. Execute [sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/]. The finally setting client file as following:

client
dev tun
proto udp
remote yourserver 1194 #the public IP of your slice
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert username.crt
key username.key
ns-cert-type server
tls-auth ta.key 1
comp-lzo
verb 3


Step 6: Forward isn’t ready yet, enable Router

Till now, we can connect the VPN server. However, we are failed to access internet once the connection created. That’s because the ROUTER on the slice isn’t enabled yet. Try type [sudo sysctl -a | grep for]. We will see net.ipv4.ip_forward = 0 etc. Use command [sudo sysctl -w net.ipv4.ip_forward=1] to adjust the value of forward. The finally displaying after your run [sudo sysctl -a | grep for] as follow.

kernel.sched_domain.cpu0.domain0.forkexec_idx = 1
kernel.sched_domain.cpu1.domain0.forkexec_idx = 1
kernel.sched_domain.cpu2.domain0.forkexec_idx = 1
kernel.sched_domain.cpu3.domain0.forkexec_idx = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.force_igmp_version = 0
net.ipv4.conf.eth1.forwarding = 1
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.eth1.force_igmp_version = 0
net.ipv4.conf.tun0.forwarding = 1
net.ipv4.conf.tun0.mc_forwarding = 0
net.ipv4.conf.tun0.force_igmp_version = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.lo.force_mld_version = 0
net.ipv6.conf.eth0.forwarding = 0
net.ipv6.conf.eth0.force_mld_version = 0
net.ipv6.conf.eth1.forwarding = 0
net.ipv6.conf.eth1.force_mld_version = 0
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.force_mld_version = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.default.force_mld_version = 0
net.ipv6.conf.tun0.forwarding = 0
net.ipv6.conf.tun0.force_mld_version = 0

Alernately, you can modify the file /etc/sysctl.conf. There is an comment line[net.ipv4.ip_forward=1]. And run sudo sysctl -p to flush the modification. I have read some guides which use the command [echo "1" > /proc/sys/net/ipv4/ip_forward] to enable simple built-in router of kernel. It’s works. But it will be disabled once you reboot the computer. So try to add it to file /etc/rc.d/rc.local.

Step 7: Start Your VPN Server and try to use it


sudo /etc/init.d/openvps start

OR
append the command [/usr/local/sbin/openvpn --config /etc/openvpn/server.conf > dev/null 2>&1 &] to /etc/rc.local].
This is a tutorial based upon Ubuntu. You may need adjust the command to run if you wanna setup OpenVPN server in other unix-like system. If you wanna use OpenVPN on the Windows, I recommend GUI OpenVPN for windows.
Thanks for your reading!

auth_basic_user_file

syntax: auth_basic_user_file the_file

default: no

context: http, server, location, limit_except

This directive sets the htpasswd filename for the authentication realm. Since version 0.6.7 the filename path is relative to directory of nginx configuration file nginx.conf, but not to nginx prefix directory.

The format of file is the following:

user:pass
user2:pass2:comment
user3:pass3

Passwords must be encoded by function crypt(3). You can create the password file with the htpasswd program from Apache.

Then I go to connect another computer that install Window 2003 32bit as OS at my office, the all redirecting works well there. I believe that is not a bug when Googler want to handle redirect. Anyway, seems Google doesn’t use the user IP as the redirect condition. I really can not figure out how they to redirect the Google.com to Google.com.hk on both Chrome and Firefox. Could anyone see my articles give me a hint?

Will it reduce the Google’s marketing share in China?

IMHO, Absolute NOT! I even guess that more Chinese people will know Google. Google is successful one more time in Chinese marketing:)

In terms of Google’s wider business operations, we intend to continue R&D work in China and also to maintain a sales presence there, …… Google.com.hk.

Google filter the search result at the same time

I have tried to use some sexual words to search at Google.com.hk. The content filter of Google Safesearch is active automatically. I even can’t close it via Google Preferences Page in Firefox as the parameter(&safe=active) is added explicitly compared with Google chrome. Fortunately, it can be set to off manually throughout URL modification with ease.

Today, I did the optimization for the blog as usual after the blog(buy STO credit) has been set up. The blog is hosted by Godaddy Sharing Host(Specially, Linux economy plan. Why? As it’s cheap prices and decent CS. If you have any suggestion to me, I appreciate!). After the bog got a nice score with YSlow, I noticed that the title rewrite has been all death. I have used the famous WordPress plugin titled All in One SEO by Michael Torbert. Sincerely, I am so lazy so that I didn’t read the sources code ever. I have to read the code to understand how it works. aha..It uses the function ob_start() to get call callback function in the class to rewrite the original title. That’s where the collision comes from. I have used the ob_start(“gz_handler”) to enable Gzip for buystocredit.com. Read the PHP manual for function ob_end_flush() to know the collision well if you want to know more.
So, the issue I met when I enabled Gzip was clear.

There are many way to enabled Gzip as following.

Apache 2.0.x – if the mod_felate enabled by your host provider.

Enable Gzip via Mod_deflate

Apache 1.3.x – if the mod_gzip installed and enabled by your host provider

Official Mod_Gzip Manual or Fast Usage Tips

PHP 4.0.4 or higher Ob_start(“ob_gzhandler”)

Fast Effective PHP Gzip Compression

PHP zlib.output_compression

The method in my post!

Other resouces:

Gzip with .htaccess and PHP

Better Explained? Interesting domain

Ignore the estimated pricing above, that’s only my evaluations based upon my experiences. Just for funny!
The all 9 domains were registered via Direct Nic ago. So I suppose they are belongs to one guy who finally decided to out of the domain business or became insolvent. Those Digital domains are all registered since 1999 without any dropping.