How to setup OpenVPN in Xen with Centos 5

Posted on July 23, 2011 by Administrator

Please select CentOS 5 as your OS when you purchase your VPS from BGSA Web Hosting Services or rebuild the VPS via SolusVM control Panel.
Installing OpenVPN:

The packages required to install OpenVPN and it’s dependencies are not available in the standard CentOS repositories. As a result, in order to install OpenVPN, we must install the “EPEL” system. EPEL, or “Extra Packages for Enterprise Linux,” is a product of the Fedora Project that attempts to provide Enterprise-grade software that’s more current than what is typically available in the CentOS repositories. Enable EPEL with the following command:

On 32bit (i386):
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

On 64bit (x86_64):
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

Make sure your package repositories and installed programs are up to date by issuing the following command:

yum update -y
Now we can begin installing the OpenVPN software with the following command:

yum install openvpn -y
The OpenVPN package provides a set of encryption-related tools called “easy-rsa”. These scripts are located by default in the /usr/share/doc/openvpn/examples/easy-rsa/ directory. However, in order to function properly, these scripts should be located in the /etc/openvpn directory. Copy these files with the following command:

cp -R /usr/share/openvpn/easy-rsa/ /etc/openvpn
Most of the relevant configuration for the OpenVPN public key infrastructure is contained in /etc/openvpn/easy-rsa/2.0/, and much of our configuration will be located in this directory.
Configure Public Key Infrastructure Variables:

Before we can generate the public key infrastructure for OpenVPN we must configure a few variables that the easy-rsa scripts will use to generate the scripts. These variables are set near the end of the /etc/OpenVPN/easy-rsa/2.0/vars file. Here is an example of the relevant values:

File: /etc/OpenVPN/easy-rsa/2.0/vars :

export KEY_COUNTRY=”US”

export KEY_PROVINCE=”CA”

export KEY_CITY=”SanFrancsico”

export KEY_ORG=”VPN-Organization”

export KEY_EMAIL=”ssl@mydomain.com
Alter the examples to reflect your configuration. This information will be included in certificates you create and it is important that the information be accurate, particularly theKEY_ORG and KEY_EMAIL values.

Initialize the Public Key Infrastructure (PKI)
Issue the following three commands in sequence to initialize the certificate authority and the public key infrastructure:

cd /etc/OpenVPN/easy-rsa/2.0/

./etc/OpenVPN/easy-rsa/2.0/vars

./etc/OpenVPN/easy-rsa/2.0/clean-all

./etc/OpenVPN/easy-rsa/2.0/build-ca
These scripts will prompt you to enter a number of values. By configuring the vars you can be sure that your PKI is configured properly. If you set the correct values in vars, you will be able to press return at each prompt.

Generate Certificates and Private Keys
With the certificate authority generated you can generate the private key for the server. To accomplish this, issue the following command:

./etc/OpenVPN/easy-rsa/2.0/build-key-server server
This script will also prompt you for additional information. By default, the Common Name for this key will be “server”. You can change these values in cases where it makes sense to use alternate values. The challenge password and company names are optional and can be left blank. When you’ve completed the question section you can confirm the signing of the certificate and the “certificate requests certified” by answering “yes” to these questions.

With the private keys generated, we can create certificates for all of the VPN clients. Issue the following command:

./etc/OpenVPN/easy-rsa/2.0/build-key client1
Replace the client1 parameter with a relevant identifier for each client. You will want to generate a unique key for every user of the VPN. Each key should have it’s own unique identifier. All other information can remain the same. If you need to add users to your OpenVPN at any time, repeat this step to create additional keys.

Generate Diffie Hellman Parameters
The “Diffie Hellman Parameters” govern the method of key exchange and authentication used by the OpenVPN server. Issue the following command to generate these parameters:

./etc/OpenVPN/easy-rsa/2.0/build-dh

This should produce the following output:

Generating DH parameters, 1024 bit long safe prime, generator 2

This is going to take a long time

This will be followed by a quantity of seemingly random output.

The task has succeeded.

 

Relocate Secure Keys:

The /etc/OpenVPN/easy-rsa/2.0/keys/ directory contains all of the keys that you have generated using the easy-rsa tools.
In order to authenticate to the VPN, you’ll need to copy a number of certificate and key files to the remote client machines. They are:

- ca.crt
- client1.crt
- client1.key

You can use the scp tool, filezilla, or any other means of transferring. Be advised, these keys should transferred with the utmost attention to security. Anyone who has the key or is able to intercept an unencrypted copy of the key will be able to gain full access to your virtual private network.

Typically we recommend that you encrypt the keys for transfer, either by using a protocol like SSH, or by encrypting them with the PGP tool.

The keys and certificates for the server need to be relocated to the /etc/openvpn directory so the OpenVPN server process can access them. These files are:

- ca.crt
- ca.key
- dh1024.pem
- server.crt
- server.key

Issue the following commands:

cd /etc/OpenVPN/easy-rsa/2.0/keys

cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn

These files need not leave your server. Maintaining integrity and control over these files is of the utmost importance to the integrity of your server. If you ever need to move or back up these keys, ensure that they’re encrypted and secured. If these files are compromised, they will need to be recreated along with all client keys.
Revoking Client Certificates:

If you need to remove a user’s access to the VPN server, issue the following command sequence.

./etc/OpenVPN/easy-rsa/2.0/vars

./etc/OpenVPN/easy-rsa/2.0/revoke-full client1

This will revoke the ability of users who have the client1 certificate to access the VPN. For this reason, keeping track of which users are in possession of which certificates is crucial.

=====DON’T REVOKE IT AT THIS MOMENT=====

Configuring the Virtual Private Network
We’ll now need to configure our server file. There is an example file in /usr/share/doc/openvpn-2.1.1/examples/sample-config-files. Issue the following sequence of commands to retrieve the example configuration files and move them to the required directories:

cp /usr/share/doc/openvpn-2.1.1/sample-config-files/server.conf /etc/OpenVPN/

cp /usr/share/doc/openvpn-2.1.1/sample-config-files/client.conf ~/

cd ~/

Modify the remote line in your ~/client.conf file to reflect the OpenVPN server’s name or IP.

File: ~/client.conf

# The hostname/IP and port of the server.

# You can have multiple remote entries

# to load balance between the servers.

remote VPS_IP 1194

Edit the client.conf file to reflect the name of your key. In this example we use client1 for the file name.

File: ~/client1.conf

# SSL/TLS parms.

# See the server config file for more

# description.  It’s best to use

# a separate .crt/.key file pair

# for each client.  A single ca

# file can be used for all clients.

ca ca.crt

cert client1.crt

key client1.key

Copy the ~/client1.conf file(which is the client1.ovpn file mentioned below for the openvpn client in Windows) to your client system. You’ll need to repeat the entire key generation and distribution process for every user and every key that will connect to your network.
Using OpenVPN:

Connect Remote Networks Securely With the VPN

Once configured, the OpenVPN server allows you to encrypt traffic between your local computer and your Linode’s local network. While all other traffic is handled in the conventional manner, the VPN allows traffic on non-public interfaces to be securely passed through your Linode. This will also allow you to connect to the local area network in your Linode’s data center if you are using the LAN to connect to multiple Linodes in the same datacenter. Using OpenVPN in this manner is supported by the default configuration, and if you connect to the OpenVPN you have configured at this point, you will have access to this functionality.

Tunnel All Connections through the VPN
By deploying the following configuration, you will be able to forward all traffic from client machines through your Linode, and encrypt it with transport layer security (TLS/SSL) between the client machine and the Linode. Begin by adding the following parameter to the /etc/OpenVPN/server.conf file to enable “full tunneling”:

File excerpt: /etc/OpenVPN/server.conf

push “redirect-gateway def1″

push “dhcp-option DNS 8.8.8.8″

 

Now edit the /etc/sysctl.conf file to modify the following line to ensure that your system is able to forward IPv4 traffic:

File excerpt: /etc/sysctl.conf

net.ipv4.ip_forward = 1

#net.ipv4.tcp_synccookies = 1 ‘comment this line’

Issue the following command to config it:

sysctl -p
Issue the following commands to configure iptables to properly forward traffic through the VPN:

iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT

iptables -A FORWARD -j REJECT

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

/etc/init.d/iptables save

 

Connect to the OpenVPN:

To initialize the OpenVPN server process, run the following command:

/etc/init.d/openvpn start
This will scan the /etc/openvpn directory on the server for files with a .conf extension. For every file that it finds, it will create and run a VPN daemon (server). Enable OpenVPN to start on the following boot, issue the following command:

chkconfig openvpn on

chkconfig iptables on
The process for connecting to the VPN varies depending on your specific operating system and distribution running on the client machine. You will need to install the OpenVPN package for your operating system if you have not already.

Most network management tools provide some facility for managing connections to a VPN. Configure connections to your OpenVPN through the same interface where you might configure wireless or ethernet connections. If you choose to install and manage OpenVPN manually, you will need to place the the client1.conf file and the requisite certificate files in the local machine’s /etc/openvpn directory, or equivalent location.

So far the openvpn server is setup and running on your yardvps.

Let’s setup your openvpn client on your windows.

Download your windows client at http://openvpn.net/index.php/open-source/downloads.html

Install it.(all next buttons)

- Copy the client1.conf ca.crt  client1.crt  client1.key 4 files into your openvpn <installation directory>\config\ (defaults to C:\Program Files\Openvpn\config)

- Rename client1.conf to client1.ovpn
Edit the remote line with the format:

remote vps_ip 1194

Now run openvpn-gui and right click the tray icon, select connect. You should be now on your openvpn network.

Posted in General, Tips and Tricks | Leave a comment

How to stop wp-cron.php from firing!

Posted on March 12, 2011 by Administrator

Recently, I have written an article about reducing the cpu usage for a wordpress blog. My post contains some information about the wp-cron.php, but it doesn’t explain how you can stop wp-cron.php from taking high CPU. Couple of our twitter followers and facebook clients were asking for a post describing how they can stop wp-cron.php from taking high CPU or firing up. Here are some small tricks to reduce the CPU usage from wp-cron.php.

First of all, if you have root access to your server, you can eventually block wp-cron.php using mod_security, this would prevent wp-cron.php usage throughout the web server. But you can still call it using the cronjobs. How to setup wp-cron.php manual cronjobs, can be found in my blog post “Reducing CPU Usage for WordPress blog” post.

If you are on a shared hosting or want to permanently stop this culprit, you would need to stop spawning this php file. wp-cron.php calls cron.php file which is located under your wordpress root/wp-includes/ folder. Open the file in your file manager or using FTP browser and find the line stating:

spawn_cron( $local_time );

Now comment this line and you should stop wp-cron.php spawning everytime an user enters your site. You can comment it with two slashes as following:

// spawn_cron( $local_time );

You have to keep in mind, this would stop all sort of scheduled event as well.

I could discover another alternative that would stop wp-cron.php from running using http request, but would work fine using cronjobs. Open cron.php and find the following line:

if ( strpos($_SERVER['REQUEST_URI'], ‘/wp-cron.php’) !== false || ( defined(‘DISABLE_WP_CRON’) && DISABLE_WP_CRON ) )

Now, replace this line of code with the following:

if ( strpos($_SERVER['REQUEST_URI'], ‘/wp-cron.php’) === false || ( defined(‘DISABLE_WP_CRON’) && DISABLE_WP_CRON ) )

Make sure the immediate next line “return” must remain in the immediate line.

You can also put the following in your wp-config.php file to set DISABLE_WP_CRON global variable to TRUE:

define(‘DISABLE_WP_CRON’, true);

At last, you should make sure wp-cron.php runs using cronjobs for your scheduled events, but if you don’t have scheduled events, then you better stay away from adding it in cronjobs as well. But if you do, then have a look at my previous post for setting up the manual cronjobs of wp-cron.php using cpanel.

Any of the above solution should prevent your wp-cron.php from firing and taking high CPU.

Posted in Featured, General, Tips and Tricks | Tagged , , , , , , , , | Leave a comment

My DNS isn’t working!

Posted on August 30, 2010 by Administrator

This article is about a couple of small tips to check your dns health using public tools. These are pretty easy tools and helps you to understand whether is it your DNS or your ISP having issues or something else.

First of all, check if your DNS is responding in different ISP or not. Simply enter your domain here and use the “A” check:

http://www.whatsmydns.net/

It should return the same IP in all the dns without any error. If it is returning multiple IPs, then looks like, you have ambiguous nameservers in your domain registry. Check if your set DNS nameservers are correct.

If it is returning any error, then, first trace using the “DNS Trace” option you can find here:

http://www.afraid.org

If they are responding with “Got Authoritative Answer”, then try any of the following dns health test to see if there are some internal command error:

http://tools.pingdom.com

or

http://intodns.com

It could be an error related to custom nameserver or some specific dns entry. The above tools would specify where do you have the error.

Posted in Featured, Tips and Tricks | Tagged | Leave a comment

Reducing CPU usage for WordPress users!

Posted on August 22, 2010 by Administrator

WordPress is one of the most demanding content management system of recent days. Most of the users these days use wordpress for their blogs or websites. Around 85% sites of our servers are using wordpress and most of the clients are utilizing multiple wordpress blogs for their business. WordPress has been found to be using pretty good sum of CPU and Memory. Today’s shared hosting environments are more limited based on the CPU and memory rather than the Space and Bandwidth. It is always a wiser choice to spend little amount of time to reduce the overall cpu usage. This makes the blog running faster and hosting companies feel good to host sites which are nicer to their CPUs  Here are some tips to reduce the CPU usage on a wordpress blog and improve the site performance.

One of the first plugin I suggest all the wordpress users to install is “wp-super-cache”. You can download this plugin here:

http://wordpress.org/extend/plugins/wp-super-cache/

It is pretty easy to install. But a documentation can always be found in wordpress site:

http://wordpress.org/extend/plugins/wp-super-cache/installation/

wp-super-cache is the fastest caching plugin for wordpress blogs. It is always better to serve it from cache instead of running select command for each user of your blog. Enabling super cache would potentially reduce the cpu usage around 60-75%. One thing you should make sure that you are not using multiple caching plugin. I have seen couple of users think using multiple caching plugin would provide better result, but probably it is a bad idea for your blog to mix up both caching algorithm and result a potential mess.

If you are running scheduled posts on your blog, then it is probably a better idea to run wp-cron.php using cronjobs. WordPress calls wp-cron.php each time a user comes into your blog which is fairly a stupid idea. I am not sure why wordpress does so, but calling it once a 2 hours seems enough. You can set the cronjobs from cpanel. To set the cronjobs every two hour, you would need to set the timing something similar to the following:

0 */2 * * *

This would run at the very first minute of each even hours of the day. In the command section use something similar:

php -q /home/cpanelusername/public_html/wp-cron.php

Replace cpanelusername with your original cpanel username. If you have added the blog as addon then probably, wp-cron.php is not in the public_html, but in a subfolder, so you would need to change the path accordingly, something similar to the following:

/home/cpanelusername/public_html/addondomain.com/wp-cron.php

A very well written article regarding the High CPU usage of wp-cron.php can be found here for your reference:

http://trinity777.wordpress.com/2008/10/28/wordpress-26-the-issue-of-wp-cronphp/

Two more interesting plugins which are frequently used by the clients can cause excessive CPU usage, they are “All in SEO Pack” and “Featured Gallery Plugin like Nextgen”. If you have no other option than using a gallery, then probably, you would have to stick with the Gallery, but I strongly suggest not to use all in seo pack. Using all these modules one by one is better than using this all in one plugin. A very well written article for WordPress SEO can be found here and I suggest you better read it before blindly installing All in one SEO pack:

http://yoast.com/articles/wordpress-seo/

A good percentage of users run autoblogs. Autoblogs are pretty popular in these days with wordpress. Autoblogs tends to take high CPU with their cron executions. There isn’t much you can do to reduce those certain high cpu usage time to time but a better idea to set the cronjobs at odd timing. For example setting the cron to run at 17 minutes of each hour may improve the performance instead of setting it at very first minute of the hour. Most of the users tend to use their crons at very first minute. It sometimes cause a little load issues when lots of cron tries to run at the same time. So using odd timing is truly a pretty decent idea for both parties. You should also find the best timing interval for your autoblog updates. A reasonable gap of 2-4 hours is always a better idea as it reduces the frequency of your cronjob. But if you have no other option than running it every hour, then just don’t think, put it for every hour.

Posted in Featured, Tips and Tricks | Tagged , , , , , , , , , , , , | 3 Comments

Finding the best hosting service for your website can be complicated.

Posted on March 11, 2010 by Administrator

The internet is one of the most important tools in the modern times. What started off as simply a mode of transfer of data is today used for a wide variety of purposes. Today, it plays a very important role in commerce and finance, all across the globe. These days, a large number of products are sold over the net. So, you will find products ranging from safety pins to cars and nails to large factories on sale on the internet. It is perhaps due to this ever growing popularity, that a large number of firms, enter the arena of internet marketing.

As a result of this, more and more websites are coming up each day. As a matter of fact, it does not seem to be a distant reality, that some day, every person would be having a separate website of his or her own. In order to cater to this growing demand for websites, web hosting services have come up as an effective tool.

Finding the best hosting service for your website can be complicated. There are almost endless options all clamoring to be the top hosts or the least expensive service, and this can make it almost impossible for webmasters to sort fact from fiction. The best way to select a quality web host is to take the selection process one step at a time:

Assess Your Needs
The very first item to address in selecting the best hosting service for your needs is to actually identify what those needs are. What sorts of website are looking to host?

Rate
Of course a low rate but high in quality!

Data Transfer and Disk Space
Bandwidth requirements grow with your site. Web hosting companies pay for bandwidth, so you, the one using that bandwidth will be billed accordingly. It is far better to pay for the required amount of data transfer upfront rather than get a surprise bill in the mail for having gone considerably over your allotted amount. By the same token, be sure you have an appropriate amount of disk space reserved.

Reliability and Speed
The best hosting services will offer uptime of over 99%. This should be a guarantee to motivate the company to keep all servers up all the time. Of course, visitors should also be able to access your site quickly.

Scripts and Special Features
Different websites have different needs, and the best hosting service for you should accommodate those needs. Email addresses should be standard as well as the capacity for a variety of scripts. Be sure to see if other features like shopping carts and secure servers are available or standard.

Technical Support
It is very important to be able to reach the hosting company if your website begins experiencing problems. The best hosting support one can hope for is available twenty-four hours a day, seven days a week. Most companies know this, so take their stated hours with a grain of salt. Always spot check the companies with email at random times to see if they really have someone available to help 24/7.

Control Panel
How much control does the hosting company offer webmasters? It is inconvenient to work through customer service every time to modify a password or to change email addresses.

Load Balancing
Once the resources are exhausted and the web-server is encountering heavy traffic, a problem would surely arise.

A problematic situation pertaining to difficulty in handling high volumes of incoming traffic can be solved either through installing more RAM on existing machines or replacing the CPU with a faster one. The use of faster or dedicated SCSI controllers and disks with shorter access time can also be done. Software can be tuned so that the operating system parameters and web server software can be adjusted to achieve better performance.

An alternative approach is to improve performance by increasing the number of web servers. This approach would attempt to distribute traffic unto a cluster of back-end web servers that need not be large-scale machines. Web server scalability is achieved when more servers are added to distribute the load among the group of servers or server cluster.


Note that BGSA Web Hosting is more than qualified to suit the above qualities!

BGSA Web Hosting is the fastest growing Web Hosting services in the internet. They host both small and medium-sized and multi-national businesses both local and international. We have been in existence for 3 years and all our customers are very satisfied.

They partnered with the biggest hosting company in the US, You will be assured of a high quality of service, customizability, fast connection here in Asia, 99.9% uptime guarantee and excellent customer support and very affordable rates.

We offer a 30-day money back guarantee with no obligation! The best way for you to know exactly what we mean is for you to try our services. Contact us now and see for yourself why many companies prefer BGSA Web Hosting for their web services needs!

BGSA Web Hosting proudly gives High Performance with our Full-Managed Web Hosting services at a low cost. We provide both cPanel and WHM for Linux Shared and Resellers and PLesk for Windows shared hosting along with 24/7 technical support.

SERVER SPECIFICATION:

We have New Servers comes with deferent Node configurations:
We have implemented the best server technologies to take high load and get it balanced at loaded situation. We are also using the world’s best hardware and networks.

The Linux Node comes with the following configuration:

Server Specification:

Washington DC, USA (SoftLayer) – HARPERTOWN Node
Intel Dual Processors Xeon Quad Core 2.00 X 8 GHz (2 X 12 MB Cache)
8 GB DDR2 RAM
1TB SCSI Hard Drive (10K RPM)

GERMANY – EUROPE Node
Intel i5 750 (4x 2.76+ GHz)
8 GB DDR3 RAM
2 x 1 TB (RAID 1) 1TB

Linux Server Features:

1. Host Unlimited Domains
2. Unlimited Parked & Addon Domains
3. Unlimited FTP, Email, Mysql Databases
4. Cpanel With Fantastico
5. Awstats For Statistical Software
6. Password Protected Directories, Hotlinking Protection
7. Unlimited Subdomains
8. ImageMagik with GD
9. Ruby on Rails
10. Frontpage Extension
11. Per, PHP5, CGI-BIN Support
12. Zend Optimizer
13. Runtime Ioncube Loading
14. Fantastico with RVSkin
15. Zamfoo Alpha Master Reseller Plugins

Windows 2003 Server Features

The Windows Node comes with the following configuration:
Intel Xeon Nehalem with Hyper Threading & Turbo Boost,
12GB DDR3 RAM, 10K RPM Hard Disk in RAID1.

1. Unlimited FTP, Email, MSAccess, MSSQL, MySQL
2. Password Protected Directories, Secure folders
3. Unlimited Parked & Addon Domains
4. Unlimited Subdomains
5. Plesk with Application Packs
6. Scripting Support
7. Statistics
8. Isolated Apps Pool
9. ODBC DSN
10. DSN-less connection
11. MS XML parser,.NET Framework
12. Frontpage Extension
13. ASP, .NET, Perl, Python, PHP5, CGI-BIN Support
14. Bandwidth Meter
15. AntiVirus protection

Virtual PrivateServer Hosting

A virtual private server called VPS hosting is a virtual machine for use exclusively by an individual customer of the service. Each virtual server can run its own full-fledged operating system and can be independently rebooted.

Shared Web Hosting

A shared web hosting service or virtual hosting service or derive host refers to a web hosting service where many websites reside on one web server connected to the Internet. Each site “sits” on its own partition, or section/place on the server to keep it separate from other sites. This is generally the most economical option for hosting as many people share the overall cost of server maintenance.

Do you want web hosting at a low price? Then shared web hosting is the thing for you,

Reseller Hosting

You would be amazed how easy, lucrative, and cheap it is to become your very own web hosting company! We give you all the tools and support needed to have you up and running in just a few minutes time. All of our reseller hosting plans allow you to create unlimited web sites under your own packages, prices, and brand. The best part is that you keep 100% of the money you collect.

Ecommerce Web Hosting

Everything you need for your Business website in one All-Inclusive e-Commerce Hosting Package! Merchant accounts, SSL and PayPal support, fast and secure servers, multiple extras and high quality customer assistance!

Enjoy our set of pack for creating and growing your Full-Managed e-Commerce hosting just to select a Linux or Windows hosting plan above and get e-Commerce hosting pack from Product Addons.

Posted in Featured, General | Tagged , , | 4 Comments