Making a VPN the lazy way.

Posted on Jul 7, 2017

This was a lot easier than I remember it. I set one up years ago on an old OVH VPS and it was a nightmare, probably because I was still pretty green.

I set one up this afternoon on Scaleway. I chose Scaleway because they offer a package that works well with VPNs, higher guaranteed bandwidth than OVH (200v100Mbit/s), otherwise system specs don’t really matter too much. I didn’t choose their ARM offerings, went instead for the cheapo 2.99 monthly, dual core 2gb ram 50gb SSD.

After spinning up your new node, change the kernel. You can do this in their control panel instead of shell, just click on advanced and change the bootscript to x86_64 4.10.8 std #1 (stable). Reboot afterwards.

Then grab this bitchin script right here and install that. Don’t bother with editing the user beforehand, it’s just as easy to modify it afterwards if you want to. You can find it in /etc/ppp/chap-secrets. The PSK is in /etc/ipsec.secrets.

Just remember to service ipsec restart & service xl2tpd restart afterwards.

The best part of all this was I could connect to this natively in OSX without installing a client. Scaleway does offer an image with OpenVPN pre-installed if that’s your thing. The second best part is IPsec/L2TP is theoretically secure, the best kind of secure. Stay away from PPTP.