How to install and configure OpenVPN OpenVZ Ubuntu

This howto will show you how to install OpenVPN inside an OpenVZ VPS on Ubuntu.

OpenVZ supports VPN inside a container via kernel TUN/TAP module and device.
First thing you need to do is to enable TUN/TAP if you didn’t already:

Enable TUN/TAP from your VPS Control Panel

Ubuntu 10.04

First, install the openvpn package:

sudo apt-get install openvpn

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn
cd /etc/openvpn/
sudo gunzip server.conf.gz

This will copy and unpack the example server config. The sample config uses the ip range 10.8.0.0 and subnet 255.255.255.255
Edit the server.conf file with your favorite editor:

nano /etc/openvpn/server.conf

Now you need to uncomment the following (remove the “;” in front of the line):
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS 208.67.222.222?
push “dhcp-option DNS 208.67.220.220?

Copy the necessary files to to create our certificates:

sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
cd /etc/openvpn/easy-rsa
We need to adjust the vars file, which contains the settings for the certificates.
Please keep in mind that the ‘country’ field may only contain 2 letters.

Open the vars file and go to the end.
The default file contains:

# These are the default values for fields
# which will be placed in the certificate.
# Don’t leave any of these fields blank.
export KEY_COUNTRY=”US”
export KEY_PROVINCE=”CA”
export KEY_CITY=”SanFrancisco”
export KEY_ORG=”Fort-Funston”
export KEY_EMAIL=”me@myhost.mydomain”
You can modify these values if you like.
After that create the necessary key and CA’s:

Creating server certificates

cd /etc/openvpn/easy-rsa/
source vars
./clean-all
./pkitool –initca
./pkitool –server server

This will build your proper certificates based up the example files slightly editted. I recommend this for non-advanced users and first-timers.

Creating client certificates

cd /etc/openvpn/easy-rsa/
source vars
./pkitool hostname

Remember to replace hostname with the name of the client you want to connect. This can be used as an identifier for example “client1”
You’ll need to do 1 thing more to fix the routing. That is to route the traffic from tun0 to the interface that provides internet (venet0:0 by default).

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source your_vps_ip
iptables-save

Since we can’t use the MASQUERADE command, we need to use SNAT. Also only full interfaces are supported (So venet0:0 isn’t compatible with the -o option). That’s why I cover this on a static IP based configuration. This will route all network traffic on 10.8.0.0 to the internet-supplying interface. comprare cialis 5 mg line

sudo /etc/init.d/openvpn restart

COnfigure your VPN client on your computer:

The client will need the following files
/etc/openvpn/easy-rsa/keys/ca.crt
/etc/openvpn/easy-rsa/keys/yourvpn.crt
/etc/openvpn/easy-rsa/keys/yourvpn.key

Create a config file, for example yourvpn.ovpn and change the certificate settings to include the files above:

In the line “remote hostname 1194” change “hostname” with your VPS hostname that will match the certificate.
Also change the ssl settings in case you used a different name for the client certificates then yourvpn:

#Sample config file

client
dev tun do i need a prescription to buy viagra in australia

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap purchase cialis

# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote hostname 1194
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don’t need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun efectos secundarios viagra generico

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description. It’s best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cert yourvpn.crt
key yourvpn.key

# Verify server certificate by checking
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don’t enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20

When this is done, import the client files into your favorite openVPN client and you should be ready to go.
To confirm the connection you can try to ping the server locally (10.8.0.1) or connect to the internet through a web browser.
If some things don’t work out, please contact us.

Posted in Tips and Tricks, VPS Hosting | Leave a comment

Memory usage seems too high inside a VPS

There are cases when you may notice that the memory usage is too high inside your VPS without a specific reason.

This may happen because of how OpenVZ calculates the memory used by your applications, most visible with Java applications or other servers using threads (Apache with mpm_worker or mpm_event).

You can read more here: http://wiki.openvz.org/Stack_size

A solution as explained in the article above is to decrease the stack size since the default value is too high in almost all cases.

For example, we installed Apache with mpm_worker in a VPS with MaxClients set to 25 and the threads per child set to 25 also. While 25 concurrent requests is not much the memory usage for that Apache spiked to 300MB. That’s a little too high.

We then edited /etc/init.d/httpd (on CentOS, for other distributions it may be called apache2) and added: ulimit -s 256 on a separate line in the file, at the beginning like this:

# Source function library.
. /etc/rc.d/init.d/functions
ulimit -s 128

if [ -f /etc/sysconfig/httpd ]; then
. /etc/sysconfig/httpd
fi

After restarting Apache, the total memory used went down to around 30MB, which is acceptable.

This also works for other applications like MySQL for example.

Posted in Tips and Tricks, VPS Hosting | Leave a comment

How to setup a VPN server on a CentOS OpenVZ VPS instantly

Hello world!

Posted in General, Tips and Tricks, VPS Hosting | Leave a comment

Coming soon: the new BGSA Web Services identity

We’ll soon launch our new web site, but in the meanwhile wanted to give you a taste of our new web services identity:

http://www.widd.org

 

Posted in Featured, General | Leave a comment

Reducing CPU usage for WordPress users!

WordPress is one of the most demanding content management system of recent days. Most of the users these days use wordpress for their blogs or websites. Around 85% sites of our servers are using wordpress and most of the clients are utilizing multiple wordpress blogs for their business. WordPress has been found to be using pretty good sum of CPU and Memory. Today’s shared hosting environments are more limited based on the CPU and memory rather than the Space and Bandwidth. It is always a wiser choice to spend little amount of time to reduce the overall cpu usage. This makes the blog running faster and hosting companies feel good to host sites which are nicer to their CPUs  Here are some tips to reduce the CPU usage on a wordpress blog and improve the site performance.The Lego Batman Movie (2017)

One of the first plugin I suggest all the wordpress users to install is “wp-super-cache”. You can download this plugin here:

http://wordpress.org/extend/plugins/wp-super-cache/

It is pretty easy to install. But a documentation can always be found in wordpress site:

http://wordpress.org/extend/plugins/wp-super-cache/installation/

wp-super-cache is the fastest caching plugin for wordpress blogs. It is always better to serve it from cache instead of running select command for each user of your blog. Enabling super cache would potentially reduce the cpu usage around 60-75%. One thing you should make sure that you are not using multiple caching plugin. I have seen couple of users think using multiple caching plugin would provide better result, but probably it is a bad idea for your blog to mix up both caching algorithm and result a potential mess.

If you are running scheduled posts on your blog, then it is probably a better idea to run wp-cron.php using cronjobs. WordPress calls wp-cron.php each time a user comes into your blog which is fairly a stupid idea. I am not sure why wordpress does so, but calling it once a 2 hours seems enough. You can set the cronjobs from cpanel. To set the cronjobs every two hour, you would need to set the timing something similar to the following:

0 */2 * * *

This would run at the very first minute of each even hours of the day. In the command section use something similar:

php -q /home/cpanelusername/public_html/wp-cron.php

Replace cpanelusername with your original cpanel username. If you have added the blog as addon then probably, wp-cron.php is not in the public_html, but in a subfolder, so you would need to change the path accordingly, something similar to the following:

/home/cpanelusername/public_html/addondomain.com/wp-cron.php

A very well written article regarding the High CPU usage of wp-cron.php can be found here for your reference:

http://trinity777.wordpress.com/2008/10/28/wordpress-26-the-issue-of-wp-cronphp/

Two more interesting plugins which are frequently used by the clients can cause excessive CPU usage, they are “All in SEO Pack” and “Featured Gallery Plugin like Nextgen”. If you have no other option than using a gallery, then probably, you would have to stick with the Gallery, but I strongly suggest not to use all in seo pack. Using all these modules one by one is better than using this all in one plugin. A very well written article for WordPress SEO can be found here and I suggest you better read it before blindly installing All in one SEO pack:

http://yoast.com/articles/wordpress-seo/

A good percentage of users run autoblogs. Autoblogs are pretty popular in these days with wordpress. Autoblogs tends to take high CPU with their cron executions. There isn’t much you can do to reduce those certain high cpu usage time to time but a better idea to set the cronjobs at odd timing. For example setting the cron to run at 17 minutes of each hour may improve the performance instead of setting it at very first minute of the hour. Most of the users tend to use their crons at very first minute. It sometimes cause a little load issues when lots of cron tries to run at the same time. So using odd timing is truly a pretty decent idea for both parties. You should also find the best timing interval for your autoblog updates. A reasonable gap of 2-4 hours is always a better idea as it reduces the frequency of your cronjob. But if you have no other option than running it every hour, then just don’t think, put it for every hour.

Posted in Featured, Tips and Tricks | Tagged , , , , , , , , , , , , | 1 Comment