Creating a usergroup and users for friends VPN usage. (deb7)
 

Hi, i subscribed to a VPS with average specifications, on which i installed Debian 7, apache2, mysql, php and wordpress because i want to learn to make websites for friends etc., however this isn't the focus of my question today.

I want to connect to the server with another user account, i currently login with root 100% of the time, i don't think its good practice. I use google-auth PAM, and want the other users to be required to use it.

i just finished installing OpenVPN following a digitalocean guide (not my vps provider but they have plenty of straightforward guides that are helpful).

I tried logging in with a user i made but i could not login even after changing his password from root account.

Any help?

You created a vpn user or a regular user on the system? What VPN software did you install? What do your friends need the VPN for? If it's just for web browsing you can do it far easier and far less intrusively with a simple ssh proxy.

Just want my friends to get access to us netflix library. Canada doesnt have much.

Vpn software? I mentioned openvpn.

Will try going the proxy route.

Didn't catch that.

Anyway, OpenVPN "users" are not like Linux "users". They're special accounts with keys that only work through OpenVPN. An OpenVPN client doesn't have a Linux account that they can log into, and vice versa, unless you specifically create both accounts for them.

As for an ssh proxy, just run this:
That command will automatically open whatismyip.com, which is useful so you can compare the IP to your system's normal public IP, to confirm that the traffic through that web browser is actually going through the tunnel.

Your friends can do the same with their own accounts. You don't even need real accounts with shell access on the host, a jailkit account with no shell access can still use it for ssh proxy tunneling. You can do it on Windows systems too through Cygwin, the syntax is almost identical. Make a script to run it and then put it in a shortcut, and they can run the shortcut just like they can any other, to create the tunnel and open chrome automatically, provided the necessary ssh keys are set up to allow authentication without a password.

I do this when I'm on the road all the time. My home server is in the US, and when I'm out of the country I just tunnel home and watch Netflix with normal privileges.

The nice thing about doing it this way is ONLY the traffic through that one web browser will go through the tunnel. Everything else works normally through the user's normal internet connection. So it doesn't screw up local shares, printers, etc. like a VPN does. And you don't need to worry about subnet conflicts.

Thank you for the help,

if i expect someone from outside to connect to netflix using an ipad or a windows computer, i assume the procedure will be different, will try looking that up.

i'm also using google-authenticator, is it possible NOT to use google-auth for these jailkit/proxy accounts?

i will check a guide to make a proper non-root account for my own use (so i haveto use su or sudo like I should)

will do that during the day tomorrow, i'll let you know how that went.

:)