Quickly build VPN from VPS

| /

We use VPNs a lot these days, both on a business and personal level.

As a company, in order to facilitate employees to work remotely, they often provide VPNs based on commercial companies such as Cisco. As an individual, for convenience, most scenarios may also choose a mature third-party VPN provider.

But sometimes we may already have our own VPS, or a third-party VPN cannot meet our demands in some aspects. At this time, it is also a common choice to build a VPN based on VPS. Of course, there are also many people who simply feel that they are happier with their own hands. XD

For some reason, we may often need to change the IP, and we can usually use the mirroring method to save and quickly restore the environment we have built.

But sometimes we may still need to do it ourselves. Here is a brief description of a quick way to build a VPN from a VPS, and I leave it for myself as a reference.

In terms of security, it is better to build a complete L2TP VPN, but the construction process will be more troublesome. If it is just for quick construction, simple SS (shadowsocks) may be more suitable.


1. Create a VPS server.

The first step is to create a VPS server.

I personally use the VPS service provided by Linode, similar to other service providers.

For convenience, it is recommended to choose the CentOS operating system.

2. Modify SSH port

For security reasons, it is recommended to modify the port of SSH. I personally think this step is necessary, otherwise it will be very annoying to be tried to log in every day.

Taking CentOS as an example, the system modification methods of different versions are slightly different.

  • CentOS 7

    1. /etc/ssh/sshd_config Modify the Port configuration. Port 22 Port 50000 can configure two ports.
    2. (ignorable) Use the following command to view the ssh ports currently allowed by SElinux: semanage port -l | grep ssh
    3. (ignorable) Add port to SELinux: semanage port -a -t ssh_port_t -p tcp port number
    4. (ignorable) Confirm: semanage port -l | grep ssh
    5. Restart ssh: systemctl restart sshd.service
    6. (The following can be ignored when iptables is not installed) At the same time, it is best to edit /etc/sysconfig/iptables to ensure that the firewall is friendly to the new port. For the method of adding/changing, please refer to port 22.

      Steps 2~4, and Step 6, most of the scenarios can be ignored, if you encounter some network abnormalities, you can pay attention to it as an investigation.

  • CentOS 6.5 / 6.6

    1. vi /etc/sysconfig/iptables find port 22 and modify it to the new port
    2. Save: service iptables save
    3. Restart: service iptables restart
    4. vi /etc/ssh/sshd_config Modify Port configuration
    5. Restart: service sshd restart

Install Shadowsocks

The one-click installation script is used here. It is recommended to create a directory similar to install for operation.

  1. Install wget first yum -y install wget
  2. Install. wget --no-check-certificate -O shadowsocks-libev.sh https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-libev.sh
  3. chmod +x shadowsocks-libev.sh
  4. ./shadowsocks-libev.sh 2>&1 | tee shadowsocks-libev.log
  5. Configuration
    1. Configuration file path: /etc/shadowsocks-libev/config.json
    2. As follows:
      "server_port":9898, // this is the port outside
      "local_port": 1080,
      "method":"aes-256-gcm", // The default installation may be aes-256-gcm, the new version of the client supports
      "fast_open": false
      If you need to support ipv6, change "server":"" in the config.json file to "server":["[::0]", ""] i.e. Can.
  6. Start: /etc/init.d/shadowsocks start

Other useful commands

  1. Start: /etc/init.d/shadowsocks start
  2. Stop: /etc/init.d/shadowsocks stop
  3. Restart: /etc/init.d/shadowsocks restart
  4. Check the status: /etc/init.d/shadowsocks status
  5. If you need to uninstall, execute: ./shadowsocks-libev.sh uninstall. Note that it needs to be executed in the directory where the downloaded script is located.


Clients recommend using ShadowsocksX-NG.

Note that when configuring, the ip, port, and encryption method must be consistent, especially the encryption method.

If all goes well, you can start enjoying your own VPN.