Main Menu

Comments

Tags Cloud

There are no tagged articles!

+ All tags

somertechs.com

Openvpn installation

Print PDF

Server management - Vps and dedicated

Sunday, 01 March 2009 18:31 Last Updated on Sunday, 01 March 2009 18:52 Written by somer orbay

Before starting you have to add dag wieers repo from here
http://dag.wieers.com/rpm/FAQ.php#B 
If you are on a  vps then you`ll need your vps provider enable tun/tap devices for you.  If you are on a dedicated server you can issue following commands at ssh to create the device
mknod /dev/net/tun c 10 200
modprobe tun
Go to ssh
yum install openssl openssl-devel

2. Right, now you want to install OpenVPN, here are the commands,


yum install openvpn -y
#Now check that it works
service openvpn start
service openvpn stop
3. A few things to setup before you can make certificates, issue these commands,

find / -name "easy-rsa"
#you should get an output like this…
/usr/share/doc/openvpn-2.0.7/easy-rsa
#Now, make a copy of the easy-rsa directory, to /etc/openvpn/ ( make sure you #have put the right version number in i.e. mine was -2.0.7, change if needed)
cp -R /usr/share/doc/openvpn-2.0.7/easy-rsa /etc/openvpn/
cd /etc/openvpn/easy-rsa
chmod 777 *
mkdir /etc/openvpn/keys
4. You need to edit the vars file, located in /etc/openvpn/easy-rsa
You can use any editor you like, I used vi.
Change the line
export KEY_DIR=$D/keysto

export KEY_DIR=/etc/openvpn/keysAlso at the bottom of this file you will see something similar to this,

export KEY_COUNTRY=US
export KEY_PROVINCE=CA
export KEY_CITY=SOMEWHERE
export KEY_ORG="My Org"
export KEY_EMAIL=me@mydomain.comChange this to your own values.
5. Now its time to make the certificates, enter these commands

. ./vars
./clean-all
./build-ca  # just hit enter to the defaults apart from Common Name, this must be unique
# call it something like mydomain-ca

./build-key-server server
./build-key client1   # remember that common name must be unique e.g. use mydomain-client1
# and YES you want to sign the keys

./build-key client2  # do this step for as many clients as you need.

./build-dh
6. We are almost done now… right we need to create a few config files, you can download my template from here,

cd /etc/openvpnCode:
wget www.designpc.co.uk/downloads/server.conf   # make sure you change a few things in the server.conf file, like DNS
# servers

touch server-tcp.log~ this makes the log file..

touch ipp.txt this makes the IP reservation list.

7. You need to make a few changes to OpenVPN itself. Go to..


cd /etc/init.d/edit the openvpn file
#Uncomment this line (line 119)

echo 1 > /proc/sys/net/ipv4/ip_forward Add these lines below it, changing 123.123.123.123 to your public IP address,


 iptables -t nat -A POSTROUTING -s 192.168.2.3 -j SNAT --to 123.123.123.123
 iptables -t nat -A POSTROUTING -s 192.168.2.4 -j SNAT --to 123.123.123.123
 iptables -t nat -A POSTROUTING -s 192.168.2.5 -j SNAT --to 123.123.123.123
 iptables -t nat -A POSTROUTING -s 192.168.2.6 -j SNAT --to 123.123.123.123
 iptables -t nat -A POSTROUTING -s 192.168.2.7 -j SNAT --to 123.123.123.123
 iptables -t nat -A POSTROUTING -s 192.168.2.8 -j SNAT --to 123.123.123.123
 iptables -t nat -A POSTROUTING -s 192.168.2.9 -j SNAT --to 123.123.123.123
 iptables -t nat -A POSTROUTING -s 192.168.2.10 -j SNAT -to 123.123.123.123
Now install iptables if you don’t have it already,


yum install iptables
#test it
service iptables start
service iptables stop
8. Now for the client config files. If your client is a Windows machine, make sure you have installed OpenVPN, use the gui version, downloadable from here;
http://www.designpc.co.uk/downloads/openvpn-2.0.9-gui-1.0.3-install.exe
You need to copy a few files from the server to your client machine, here is the list, located in /etc/openvpn/keys/
## WARNING ## Use a secure way of transferring these files off the server, something like WinSCP.
ca.crt
client1.csr
client1.key
client1.crt
Put these files in this directory C:\Program Files\OpenVPN\config\
Now you need to make a client config, here is an example..

client
dev tun
proto tcp
#Change my.publicdomain.com to your public domain or IP address
remote my.publicdomain.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun

ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
#DNS Options here, CHANGE THESE !!
push "dhcp-option DNS 123.123.123.123"
push "dhcp-option DNS 123.123.123.124"
comp-lzo
verb 3
Make sure you edit any of the lines with comments above them.
Call this file client1.opvn and put it in C:\Program Files\OpenVPN\config\
Make sure the file extension is .opvn not .txt
To connect right click on OpenVPN in the taskbar >> Connect
To test ping 192.168.2.1
If you get a response, you in business
...........................................................................................
Credits
Stanton Finley, for all the YUM configs
OpenVPN.net
Originally posted by stuartornum of webhostingtalk. http://www.webhostingtalk.com/member.php?u=58423

Setting up vnc server for a gui

Print PDF

Server management - Vps and dedicated

Sunday, 01 March 2009 17:57 Last Updated on Sunday, 01 March 2009 18:24 Written by somer orbay

I`m going to show you step by step installation of vnc-server on a vps or dedicated server.  
Go to ssh  
yum -y groupinstall "X Window System"
and then
yum -y groupinstall "KDE (K Desktop Environment)"
and finally  
yum -y install vnc vnc-server firefox x11-xorg
I used to work on kde but you can also install gnome.  
Now you need to edit one file, open it with a text editor, i used "vi" in this example 
vi /root/.vnc/xstartup
and put the following code in it
#!/bin/sh
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
startkde &
Now you can start vnc by this command at ssh
vncserver
To connect your server via gui, use realvnc from http://www.realvnc.com/products/free/4.1/download.html

 

You can kill vncserver by "killall -9 Xvnc" command at ssh.
Enjoy your gui.
Add your comment

Openvz and udev problems

Print PDF

Server management - Vps and dedicated

Sunday, 01 March 2009 09:51 Last Updated on Sunday, 01 March 2009 11:53 Written by somer orbay

This issue is very rare but when you install udev in an openvz virtualized vps then you`ll have no longer access to ssh with it.
Thats because openvz is not compatible with udev and it causes pty errors which will prevent you login to ssh.
Solution :
To prevent this from happening add following to /etc/rc.local
/bin/rm -rf /dev/null
/bin/rm -rf /dev/random
/bin/rm -rf /dev/tty*
/bin/rm -rf /dev/pty*
/bin/mknod /dev/null c 1 3
/bin/mknod /dev/random c 1 8
/sbin/MAKEDEV tty
/sbin/MAKEDEV pty
Thanks to Pierre at vpslink.
What happens if you already installed the udev in your vps and made your vps inoperable ?
My solution :
To fix that ugly (ssh refused to allocate pty) error go to hypervm and click fix centos dev, this will render a fresh /dev for you and you`ll be able to ssh into your server until you reboot your vps.
To fix this issue permanently issue these two commands at ssh when you have got access with "fix centos dev" via hypervm
chmod -x /sbin/udevd
chmod -x /sbin/udevd.static
Be advised, you may only chmod /sbin/udevd because openvz uses static.
Good Luck.
Add your comment

Opening ports with iptables

Print PDF

Server management - Vps and dedicated

Sunday, 01 March 2009 17:36 Written by somer orbay

To open a port is very simple, logged in as root do this.
iptables -A INPUT -p udp -m udp --dport PORT -m state --state NEW -j ACCEPT
Where i have written PORT this is the port number you want opened
This example is when opening a sensitive port such as ssh, for security you can have only your IP address access it.
iptables -A INPUT -s YOURIPHERE -p tcp -m tcp --dport PORT -m state --state NEW -j ACCEPT
YOURIPHERE = your ip address
PORT = port you want opened
Add your comment