TOP

New POP in Montreal Online

March 4, 2013 — We have gone live with our new 100% Juniper network in a new state of the art data center in the Montreal Stock Exchange building. The network is currently in the testing phases as we await cross connects to be completed. Over the coming month, we will be deploying new Intel E5 based VPS nodes for Large and Extra Large VPS accounts. Current customers will be migrated seamlessly once they are available.

We will also be increasing resources on the Small and Medium plans as we have added more bandwidth capacity.

Read More
TOP

IPv6 Addresses now available on all OpenVZ VPS accounts at OpenVZ.ca

IPv6 addesses are available on the Medium, Large and Extra large VPS accounts at no additional cost.

There is a one time setup fee of $19.99 to activate IPv6 addresses on the Small VPS package.

For more information on IPv6 click here

We are proud to announce, that our IPv6 network is now online. We have connectivity to the following upstream providers as of today:

  • Cogent Communications (AS174)
  • NeTELLIGENT Hosting Services (AS10929)
  • Hurricane Electric (AS6939)

If you are a current customer looking to add IPv6 connectivity to your existing VPS, please open a support ticket.

Note: While these IP addresses do not have a monthly per-unit cost. Justifications are still required for larger amounts of IP addresses to be allocated. Please refer to the ARIN policy regarding the exact policy that we follow.

IPv6 Addresses now available at OpenVZ.ca on all OpenVZ VPS servers

IPv6 Addresses now available

Read More
TOP

New Juniper Gear has Arrived!

As OpenVZ.ca continues to grow beyond what we initially thought was possible, we have had to plan ahead into our network infrastructure.

We are very proud to announce that we will be migrating all of our services to the Juniper platform due to the reliability and scalability of their platforms, as well as using one OS (JUNOS) for all devices.

Over the next few weeks (step 1) we will be implementing our new EX series switches to replace all of the legacy equipment. While no downtime will be scheduled, all customers will be updated with maintenance windows as they become available.

We hope to cut power consumption, reduce latency and increase bandwidth for everyone.

Read More
TOP

Setup a Tun/Tap OpenVPN Server on OpenVZ in Under 5 Minutes

How can I install a VPN server on my VPS in order to access the internet through it? If you want to skip the background and methodology behind the script, skip to the section called “Installing OpenVPN on OpenVZ.”

One of the pre-requisites to run common PPTP and IPSEC VPN protocols is PPP. Due to the nature of OpenVZ virtualization, it requires it’s own custom version of the Linux Kernel to run. As a result, ppp is not available for us to use.

So, OpenVPN is the simplest way to get a VPN server running on your VPS since it utilizes the TUN interface /dev/net/tun and creates a tunnel to your client software running on your PC. Then, using simple IPTables rules, you can masquerade or NAT your traffic to your public interface. Sounds complicated? to a degree it can be (depending on your linux knowledge level).

So we have come up with  a script that will allow you to install a “simple” version of OpenVPN server and allow you to download the appropriate configuration file (.ovpn & certificate) to import into the OpenVPN client software. This requires no configuration from your side other than running the script and answering some questions in the wizard.

Installing OpenVPN on OpenVZ

The following script will do the following things:

  1. It will check to ensure tun/tap is enabled. If it isn’t you will need to contact your support department and have it enabled before continuing.
  2. It will download and install the RPMForge Repository for CentOS (where OpenVPN packages are located)
  3. It will use YUM and install all the required packages (openvpn openssl openssl-devel)

Once the required packages are installed the script will create a sample easy to use configuration for OpenVPN and put the required files you will need for your Client to connect in /root/openvpn-keys.tgz

It will set OpenVPN to run on boot and create the necessary iptables NAT rules to route your traffic to your primary Public IP address and save it so it will remember when iptables is restarted.

Installation Steps

Download the following script (tested and supported on CentOS 5 32bit) and run as root:  OpenVPN Install Script

or

Type the following commands as root:

cd ~
wget http://www.openvz.ca/scripts/install-openvpn.sh
chmod 700 install-openvpn.sh
./install-openvpn.sh

Wizard Instructions:

  • When asked to enter a “Passphrase” do not enter one, leave it blank and just press “enter”
  • When asked for Country Code, Province, City… These do not have the be accurate. Any values will do.
  • When asked if you want to build/sign the generated certificates enter yes (y).
  • It is normal for it to ask you two times for the same information (Since you are generating both client/server keys)

The final step is to download the /root/openvpn-keys.tgz archive, unzip it on your PC and import the .ovpn file in your OpenVPN Client (you can download it here if you haven’t already). This will create a simple button in your client and allow you to quickly establish a VPN connection to your VPS whenever you need it.

Questions? Contact Us or post a comment on this blog so we can clarify anything not mentioned.

pre-requisites

Read More
TOP

Simple Ways to Secure the SSH Port on your VPS

One of the most important things to do once your VPS has been created is to secure the standard SSH port.

Since SSH is the main method to communicate with any VPS it is the first target for any non-authorized person trying to gain access.

There are a few different ways to add more security to this vulnerable port. You can choose to do one of the following or all of the following depending on your needs.

Change the common port 22

This is the easiest and quickest starting point. Since the default port is 22, most hackers will scan to see if this port is open to start an attack. Changing it to a non-standard port will make it harder to identify where the SSH service is running.

Steps: Login to your VPS through SSH and type the following as root:

vi /etc/ssh/sshd_config

Scroll until you see:

#Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

Press “i” to enter insert mode in vi and then move to the line that says #port 22. Remove the “#” and specify a different port (example: 22122, 3355 etc…) Make it random but within the acceptible tcp range.

Once this is done, press “escape” then colon (:) and then “x”. Hit enter and this will save your changes.

At the command prompt type (On CentOS):

service sshd restart

On other OS’s you may need to type: /etc/init.d/sshd restart

At this point you may loose connectivity because you changed the port! If you didn’t you will need to exit the current session and reconnect to your server using the new port that you specified.

(Optional) at this point, if your VPS has more than one IP address assigned to it, you can specify only one by changing the “ListenAddress 0.0.0.0” to one of your IP addresses. This way, you can only access SSH through the one interface.

Disable root login through SSH

Using the same methods in step 1 edit /etc/ssh/sshd_config and scroll until you see

#PermitRootLogin yes

Remove the “#” symbol and change the “yes” to “no”, save the file and restart sshd service.

Next time you try to login as root it will deny you.

Note: SSH will still allow you to try and login as root if you specify “root” as the username. It will reject the login even though you specify the right password.

IP Restriction

This step may not appeal to the users who are on Dynamic IP addresses. But it is a very effective way to secure the SSH port even more.

IP restriction will reject a user trying to login from a non specified source IP address. This will allow you to control which hosts will have access and which do not.

If you have many users using your VPS who require SSH access, this is not a good idea as you will block their traffic when implementing this method.

In order to specify the incoming IP address you can use the “/etc/hosts.allow” and “/etc/hosts.deny” files.

Edit “/etc/hosts.deny” and add a line with the following:

sshd:*

This will deny all traffic. Once this is completed you will allow your IP address.

Edit “/etc/hosts.allow” and add a line with your ip address:

sshd: <your ip> (Example: sshd:192.168.1.1)

Note: The allow file will get processed first. So if an ip address matches in the allow file first, traffic will be allowed even if it is specified in the deny file.

Once this is completed the only host that will be able to SSH to your VPS will be the one specified in your hosts.allow file.

Read More