
Membuat VPN Sendiri dengan OpenVPN – dengan menggunakan VPS, tentu kalian bisa gunakan untuk VPN lho. Caranya gampang kok. VPN adalah singkatan dari “Virtual Private Network” atau “Jaringan Pribadi Virtual”. VPN adalah layanan yang memungkinkan pengguna untuk mengakses internet melalui koneksi yang aman dan terenkripsi, seolah-olah mereka terhubung ke jaringan pribadi tentu Dengan VPN, alamat IP asli pengguna disembunyikan dan digantikan dengan alamat IP dari server VPN, sehingga aktivitas online lebih sulit dilacak.
Kita akan menggunakan OpenVPN yang berjalan di VPS (kalian beli sendiri VPS nya) murah kok per bulanan tergantung spesifikasinya. OpenVPN adalah perangkat lunak open-source yang menerapkan teknik Virtual Private Network (VPN) untuk membuat koneksi aman dan terenkripsi antara dua titik. OpenVPN banyak digunakan karena fleksibilitas, keamanan, dan kemampuannya untuk beroperasi di berbagai platform
Mari kita ikuti langkah berikut buka terminal setelah masuk via SSH
sudo su apt-get update curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh chmod +x openvpn-install.sh
Berikut tampilan install nya
[(base) root@upbeat-turing:/home/bejo# curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 40923 100 40923 0 0 77248 0 --:--:-- --:--:-- --:--:-- 77359 (base) root@upbeat-turing:/home/bejo# ls openvpn-install.sh (base) root@upbeat-turing:/home/bejo# bash openvpn-install.sh Welcome to the OpenVPN installer! The git repository is available at: https://github.com/angristan/openvpn-install I need to ask you a few questions before starting the setup. You can leave the default options and just press enter if you are ok with them. I need to know the IPv4 address of the network interface you want OpenVPN listening to. Unless your server is behind NAT, it should be your public IPv4 address. IP address: xxx.xx.xx.225 Checking for IPv6 connectivity... Your host appears to have IPv6 connectivity. Do you want to enable IPv6 support (NAT)? [y/n]: y What port do you want OpenVPN to listen to? 1) Default: 1194 2) Custom 3) Random [49152-65535] Port choice [1-3]: 1 What protocol do you want OpenVPN to use? UDP is faster. Unless it is not available, you shouldn't use TCP. 1) UDP 2) TCP Protocol [1-2]: 1 What DNS resolvers do you want to use with the VPN? 1) Current system resolvers (from /etc/resolv.conf) 2) Self-hosted DNS Resolver (Unbound) 3) Cloudflare (Anycast: worldwide) 4) Quad9 (Anycast: worldwide) 5) Quad9 uncensored (Anycast: worldwide) 6) FDN (France) 7) DNS.WATCH (Germany) 8) OpenDNS (Anycast: worldwide) 9) Google (Anycast: worldwide) 10) Yandex Basic (Russia) 11) AdGuard DNS (Anycast: worldwide) 12) NextDNS (Anycast: worldwide) 13) Custom DNS [1-12]: 11 Do you want to use compression? It is not recommended since the VORACLE attack makes use of it. Enable compression? [y/n]: n Do you want to customize encryption settings? Unless you know what you're doing, you should stick with the default parameters provided by the script. Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults) See https://github.com/angristan/openvpn-install#security-and-encryption to learn more. Customize encryption settings? [y/n]: n Okay, that was all I needed. We are ready to setup your OpenVPN server now. You will be able to generate a client at the end of the installation. Press any key to continue... Hit:1 http://autoinstall.plesk.com/pool/WPB_18.0.55_74 all InRelease Err:1 http://autoinstall.plesk.com/pool/WPB_18.0.55_74 all InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY BD11A6AA914BDF7E Hit:2 http://de.archive.ubuntu.com/ubuntu jammy InRelease Get:3 http://de.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB] Hit:4 http://de.archive.ubuntu.com/ubuntu jammy-backports InRelease Get:5 http://de.archive.ubuntu.com/ubuntu jammy-security InRelease [129 kB] Fetched 257 kB in 3s (85.2 kB/s) Reading package lists... Done W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://autoinstall.plesk.com/pool/WPB_18.0.55_74 all InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY BD11A6AA914BDF7E W: Failed to fetch http://autoinstall.plesk.com/pool/WPB_18.0.55_74/dists/all/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY BD11A6AA914BDF7E W: Some index files failed to download. They have been ignored, or old ones used instead. Reading package lists... Done Building dependency tree... Done Reading state information... Done gnupg is already the newest version (2.2.27-3ubuntu2.1). gnupg set to manually installed. The following packages were automatically installed and are no longer required: libruby3.0 rake ruby ruby-net-telnet ruby-rubygems ruby-webrick ruby-xmlrpc ruby3.0 rubygems-integration Use 'apt autoremove' to remove them. The following packages will be upgraded: ca-certificates 1 upgraded, 0 newly installed, 0 to remove and 246 not upgraded. Need to get 155 kB of archives. After this operation, 15.4 kB of additional disk space will be used. Get:1 http://de.archive.ubuntu.com/ubuntu jammy-updates/main amd64 ca-certificates all 20230311ubuntu0.22.04.1 [155 kB] Fetched 155 kB in 1s (105 kB/s) Preconfiguring packages ... (Reading database ... 166337 files and directories currently installed.) Preparing to unpack .../ca-certificates_20230311ubuntu0.22.04.1_all.deb ... Unpacking ca-certificates (20230311ubuntu0.22.04.1) over (20211016) ... Setting up ca-certificates (20230311ubuntu0.22.04.1) ... Updating certificates in /etc/ssl/certs... rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL 19 added, 9 removed; done. Processing triggers for man-db (2.10.2-1) ... Processing triggers for ca-certificates (20230311ubuntu0.22.04.1) ... Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done. done. Scanning processes... Scanning candidates... Scanning linux images... Running kernel seems to be up-to-date. Restarting services... systemctl restart test3.service No containers need to be restarted. No user sessions are running outdated binaries. No VM guests are running outdated hypervisor (qemu) binaries on this host. Reading package lists... Done Building dependency tree... Done Reading state information... Done ca-certificates is already the newest version (20230311ubuntu0.22.04.1). curl is already the newest version (7.81.0-1ubuntu1.16). The following packages were automatically installed and are no longer required: libruby3.0 rake ruby ruby-net-telnet ruby-rubygems ruby-webrick ruby-xmlrpc ruby3.0 rubygems-integration Use 'apt autoremove' to remove them. The following additional packages will be installed: libip4tc2 libip6tc2 libpkcs11-helper1 libxtables12 Suggested packages: firewalld resolvconf openvpn-systemd-resolved easy-rsa The following NEW packages will be installed: libpkcs11-helper1 openvpn The following packages will be upgraded: iptables libip4tc2 libip6tc2 libxtables12 openssl wget 6 upgraded, 2 newly installed, 0 to remove and 240 not upgraded. Need to get 2720 kB of archives. After this operation, 1774 kB of additional disk space will be used. Get:1 http://de.archive.ubuntu.com/ubuntu jammy-updates/main amd64 iptables amd64 1.8.7-1ubuntu5.2 [455 kB] Get:2 http://de.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libxtables12 amd64 1.8.7-1ubuntu5.2 [31.3 kB] Get:3 http://de.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libip6tc2 amd64 1.8.7-1ubuntu5.2 [20.3 kB] Get:4 http://de.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libip4tc2 amd64 1.8.7-1ubuntu5.2 [19.9 kB] Get:5 http://de.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssl amd64 3.0.2-0ubuntu1.17 [1186 kB] Get:6 http://de.archive.ubuntu.com/ubuntu jammy-updates/main amd64 wget amd64 1.21.2-2ubuntu1.1 [339 kB] Get:7 http://de.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libpkcs11-helper1 amd64 1.28-1ubuntu0.22.04.1 [50.3 kB] Get:8 http://de.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openvpn amd64 2.5.9-0ubuntu0.22.04.3 [618 kB] Fetched 2720 kB in 7s (394 kB/s) Preconfiguring packages ... (Reading database ... 166347 files and directories currently installed.) Preparing to unpack .../0-iptables_1.8.7-1ubuntu5.2_amd64.deb ... Unpacking iptables (1.8.7-1ubuntu5.2) over (1.8.7-1ubuntu5) ... Preparing to unpack .../1-libxtables12_1.8.7-1ubuntu5.2_amd64.deb ... Unpacking libxtables12:amd64 (1.8.7-1ubuntu5.2) over (1.8.7-1ubuntu5) ... Preparing to unpack .../2-libip6tc2_1.8.7-1ubuntu5.2_amd64.deb ... Unpacking libip6tc2:amd64 (1.8.7-1ubuntu5.2) over (1.8.7-1ubuntu5) ... Preparing to unpack .../3-libip4tc2_1.8.7-1ubuntu5.2_amd64.deb ... Unpacking libip4tc2:amd64 (1.8.7-1ubuntu5.2) over (1.8.7-1ubuntu5) ... Preparing to unpack .../4-openssl_3.0.2-0ubuntu1.17_amd64.deb ... Unpacking openssl (3.0.2-0ubuntu1.17) over (3.0.2-0ubuntu1.6) ... Preparing to unpack .../5-wget_1.21.2-2ubuntu1.1_amd64.deb ... Unpacking wget (1.21.2-2ubuntu1.1) over (1.21.2-2ubuntu1) ... Selecting previously unselected package libpkcs11-helper1:amd64. Preparing to unpack .../6-libpkcs11-helper1_1.28-1ubuntu0.22.04.1_amd64.deb ... Unpacking libpkcs11-helper1:amd64 (1.28-1ubuntu0.22.04.1) ... Selecting previously unselected package openvpn. Preparing to unpack .../7-openvpn_2.5.9-0ubuntu0.22.04.3_amd64.deb ... Unpacking openvpn (2.5.9-0ubuntu0.22.04.3) ... Setting up libip4tc2:amd64 (1.8.7-1ubuntu5.2) ... Setting up wget (1.21.2-2ubuntu1.1) ... Setting up libip6tc2:amd64 (1.8.7-1ubuntu5.2) ... Setting up libpkcs11-helper1:amd64 (1.28-1ubuntu0.22.04.1) ... Setting up libxtables12:amd64 (1.8.7-1ubuntu5.2) ... Setting up openssl (3.0.2-0ubuntu1.17) ... Setting up openvpn (2.5.9-0ubuntu0.22.04.3) ... Created symlink /etc/systemd/system/multi-user.target.wants/openvpn.service → /lib/systemd/system/openvpn.service. Setting up iptables (1.8.7-1ubuntu5.2) ... Processing triggers for man-db (2.10.2-1) ... Processing triggers for install-info (6.8-4build1) ... Processing triggers for libc-bin (2.35-0ubuntu3.1) ... Scanning processes... Scanning candidates... Scanning linux images... Running kernel seems to be up-to-date. Restarting services... /etc/needrestart/restart.d/systemd-manager systemctl restart systemd-journald.service systemd-networkd.service systemd-timesyncd.service Service restarts being deferred: systemctl restart systemd-logind.service systemctl restart user@0.service No containers need to be restarted. No user sessions are running outdated binaries. No VM guests are running outdated hypervisor (qemu) binaries on this host. --2024-08-02 11:01:04-- https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.2/EasyRSA-3.1.2.tgz Resolving github.com (github.com)... 20.205.243.166 Connecting to github.com (github.com)|20.205.243.166|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/4519663/c2688102-7cd5-4fcc-b272-083d48dc4b4d?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240802%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240802T040104Z&X-Amz-Expires=300&X-Amz-Signature=eed6333c5baeed7ae4f0911c7fde2c317165cf6f383fbb4086cc078f58d90fb0&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=4519663&response-content-disposition=attachment%3B%20filename%3DEasyRSA-3.1.2.tgz&response-content-type=application%2Foctet-stream [following] --2024-08-02 11:01:04-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/4519663/c2688102-7cd5-4fcc-b272-083d48dc4b4d?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240802%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240802T040104Z&X-Amz-Expires=300&X-Amz-Signature=eed6333c5baeed7ae4f0911c7fde2c317165cf6f383fbb4086cc078f58d90fb0&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=4519663&response-content-disposition=attachment%3B%20filename%3DEasyRSA-3.1.2.tgz&response-content-type=application%2Foctet-stream Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.110.133, 185.199.111.133, ... Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 68984 (67K) [application/octet-stream] Saving to: ‘/root/easy-rsa.tgz’ /root/easy-rsa.tgz 100%[============================================================================================>] 67.37K --.-KB/s in 0.03s 2024-08-02 11:01:06 (2.44 MB/s) - ‘/root/easy-rsa.tgz’ saved [68984/68984] Notice ------ 'init-pki' complete; you may now create a CA or requests. Your newly created PKI dir is: * /etc/openvpn/easy-rsa/pki * Using Easy-RSA configuration: /etc/openvpn/easy-rsa/vars * The preferred location for 'vars' is within the PKI folder. To silence this message move your 'vars' file to your PKI or declare your 'vars' file with option: --vars=<FILE> * Using x509-types directory: /etc/openvpn/easy-rsa/x509-types * Using SSL: openssl OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023) * Using Easy-RSA configuration: /etc/openvpn/easy-rsa/vars * The preferred location for 'vars' is within the PKI folder. To silence this message move your 'vars' file to your PKI or declare your 'vars' file with option: --vars=<FILE> Using configuration from /etc/openvpn/easy-rsa/pki/891aa396/temp.27c723aa ----- Notice ------ CA creation complete and you may now import and sign cert requests. Your new CA certificate file for publishing is at: /etc/openvpn/easy-rsa/pki/ca.crt * Using SSL: openssl OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023) * Using Easy-RSA configuration: /etc/openvpn/easy-rsa/vars * The preferred location for 'vars' is within the PKI folder. To silence this message move your 'vars' file to your PKI or declare your 'vars' file with option: --vars=<FILE> ----- Notice ------ Keypair and certificate request completed. Your files are: req: /etc/openvpn/easy-rsa/pki/reqs/server_2c6S9bzHQ4u9V91P.req key: /etc/openvpn/easy-rsa/pki/private/server_2c6S9bzHQ4u9V91P.key Using configuration from /etc/openvpn/easy-rsa/pki/91c2cb6b/temp.912edec5 Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'server_xxxxxxxxxx' Certificate is to be certified until Jul 31 04:01:07 2034 GMT (3650 days) Write out database with 1 new entries Database updated Notice ------ Certificate created at: * /etc/openvpn/easy-rsa/pki/issued/server_2c6S9bzHQ4u9V91P.crt Notice ------ Inline file created: * /etc/openvpn/easy-rsa/pki/inline/server_2c6S9bzHQ4u9V91P.inline * Using SSL: openssl OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023) * Using Easy-RSA configuration: /etc/openvpn/easy-rsa/vars * The preferred location for 'vars' is within the PKI folder. To silence this message move your 'vars' file to your PKI or declare your 'vars' file with option: --vars=<FILE> Using configuration from /etc/openvpn/easy-rsa/pki/b6c6343a/temp.3dc4673a Notice ------ An updated CRL has been created. CRL file: /etc/openvpn/easy-rsa/pki/crl.pem 2024-08-02 11:01:07 WARNING: Using --genkey --secret filename is DEPRECATED. Use --genkey secret filename instead. * Applying /etc/sysctl.d/10-console-messages.conf ... kernel.printk = 4 4 1 7 * Applying /etc/sysctl.d/10-ipv6-privacy.conf ... net.ipv6.conf.all.use_tempaddr = 2 net.ipv6.conf.default.use_tempaddr = 2 * Applying /etc/sysctl.d/10-kernel-hardening.conf ... kernel.kptr_restrict = 1 * Applying /etc/sysctl.d/10-magic-sysrq.conf ... kernel.sysrq = 176 * Applying /etc/sysctl.d/10-network-security.conf ... net.ipv4.conf.default.rp_filter = 2 net.ipv4.conf.all.rp_filter = 2 * Applying /etc/sysctl.d/10-ptrace.conf ... kernel.yama.ptrace_scope = 1 * Applying /etc/sysctl.d/10-zeropage.conf ... vm.mmap_min_addr = 65536 * Applying /usr/lib/sysctl.d/50-default.conf ... kernel.core_uses_pid = 1 net.ipv4.conf.default.rp_filter = 2 net.ipv4.conf.default.accept_source_route = 0 sysctl: setting key "net.ipv4.conf.all.accept_source_route": Invalid argument net.ipv4.conf.default.promote_secondaries = 1 sysctl: setting key "net.ipv4.conf.all.promote_secondaries": Invalid argument net.ipv4.ping_group_range = 0 2147483647 net.core.default_qdisc = fq_codel fs.protected_hardlinks = 1 fs.protected_symlinks = 1 fs.protected_regular = 1 fs.protected_fifos = 1 * Applying /usr/lib/sysctl.d/50-pid-max.conf ... kernel.pid_max = 4194304 * Applying /etc/sysctl.d/99-openvpn.conf ... net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 * Applying /usr/lib/sysctl.d/99-protect-links.conf ... fs.protected_fifos = 1 fs.protected_hardlinks = 1 fs.protected_regular = 2 fs.protected_symlinks = 1 * Applying /etc/sysctl.d/99-sysctl.conf ... * Applying /etc/sysctl.conf ... Created symlink /etc/systemd/system/multi-user.target.wants/openvpn@server.service → /etc/systemd/system/openvpn@.service. Created symlink /etc/systemd/system/multi-user.target.wants/iptables-openvpn.service → /etc/systemd/system/iptables-openvpn.service. Tell me a name for the client. The name must consist of alphanumeric character. It may also include an underscore or a dash. Client name: pamungkas Do you want to protect the configuration file with a password? (e.g. encrypt the private key with a password) 1) Add a passwordless client 2) Use a password for the client Select an option [1-2]: 1 * Using SSL: openssl OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023) * Using Easy-RSA configuration: /etc/openvpn/easy-rsa/vars * The preferred location for 'vars' is within the PKI folder. To silence this message move your 'vars' file to your PKI or declare your 'vars' file with option: --vars=<FILE> ----- Notice ------ Keypair and certificate request completed. Your files are: req: /etc/openvpn/easy-rsa/pki/reqs/pamungkas.req key: /etc/openvpn/easy-rsa/pki/private/pamungkas.key Using configuration from /etc/openvpn/easy-rsa/pki/8422412a/temp.15f24829 Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'pamungkas' Certificate is to be certified until Jul 31 04:01:57 2034 GMT (3650 days) Write out database with 1 new entries Database updated Notice ------ Certificate created at: * /etc/openvpn/easy-rsa/pki/issued/pamungkas.crt Notice ------ Inline file created: * /etc/openvpn/easy-rsa/pki/inline/pamungkas.inline Client pamungkas added. The configuration file has been written to /root/pamungkas.ovpn. Download the .ovpn file and import it in your OpenVPN client.
nanti kita download file /root/pamungkas.ovpn
Download aplikasi openvpn di https://openvpn.net/client-connect-vpn-for-mac-os/ nanti kita import ke openvpn nya
Berikut IP Address sebelum menggunakan VPN
dan setelah VPN
Setidaknya menggunakan VPN sendiri akan lebih baik dalam hal informasi yang tidak akan disimpan oleh VPN gratisan
ref: https://www.latcoding.com/2023/08/12/membuat-vpn-sendiri-di-vps/