Archive for the 'Linux How to' Category
Heh just got chance to configure openvpn on my AAO. Weird when openvpn which come with Linpus but there is no “tun.ko” as a module and this can cause your openvpn not working properly or at all. Fortunately there’s guy who already compiled the module an uploaded it for public download (here).
Once download, copy to your “/lib/modules/220.127.116.11lw/kernel/drivers/net/” then run “depmod -a” and “modprobe tun” before you can start using openvpn.
Now, I can ssh happily through vpn connection to my server from my Acer Aspire One.
Just wan’t to share with those who having Endian Firewall in their current environment and their HTTPS is not working on Transparent Proxy setup. There’s nothing to do with your transparent proxy setup since we really can’t redirect https encrypted packets to another port.
- Endian Proxy + authenticate + Browser setting https port 8080 = http & https (OK)
- Endian Proxy + transparent = http (OK) & https (KO)
For those having this issue you probably can do as below :
- Endian 2.2 rc1 = $iptables -I FORWARD -j ACCEPT
- Endian 2.2 rc3 = $iptables -t nat -I POSTROUTING -o br0 -j MASQURADE
Both method has been used and tested working on my & customers Endian Firewall.
athlon_crazy 21:02PM3 comments
It’s came to my mind to let my vpn server (Linux) do port forward for port 3389 to my back-end Windows server for ESX monitoring purposes. I knew we can accomplish this with “iptables” but is this enough when I communicate to my internal server from outside via vpn?
What I want :-
- Internet — [vpn] –> linux —> [Port Forward | RDP] –> windows
- vpn server (linux) : 10.8.0.1 & 192.168.0.3
- rdp server (windows) : 192.168.0.10
On the linux vpn server I run this two command :
- $iptables -t nat -A PREROUTING -p tcp -i tun0 –dport 3389 -j DNAT –to 192.168.0.10:3389
- $iptables -A FORWARD -p tcp -m state –state NEW –dport 3389 -i tun0 -j ACCEPT
Above command should forward any destination port 3389 to my rdp server (192.168.0.10) via my linux tun0 (vpn) interface and when I launched remote session internally, the above command working flawlessly without problem. This is because the remote session actually happened via my linux 192.168.0.3 ip instead 10.8.0.1. But when I try to initiate remote desktop session from outside and it’s failed. By the way, iptraf telling me that it’s successfully forward me to my rdp server.
Since I’m not good enough with networking related issue, I seeked an advice from my Sifu “Steelburned” and thanks to him because he also had this problem before. As per his explanation, without doubt vpn server successfully forward me to the rdp server via tun0 but he doubted that the rdp server manage to reply back the connection via his default gateway (192.168.0.0).
So, it’s something to do with my rdp server routing table. How my rdp server want to communicate back to back between 10.8.0.0 and 192.168.0.0 subnet?. By adding new gateway to the rdp server as below, I managed to solve the problem.
C:\route ADD 10.8.0.0 MASK 255.255.255.0 192.168.0.3
athlon_crazy 22/02/2009 04:38amNo comments
Pound Reverse Proxy
Pound is http reverse proxy services which passes all client browser requests to one or more back-end http server. Pound also can be use as load balancer to distribute the load of multiple client requests among several servers.
Below is the mini HOWTO Pound with noguix linux and already been tested with my current environment without problem.
Latest Pound-2.4.3.tar.gz http://www.apsis.ch/pound/
Noguix Official Development Packages
Note: You can have pound running together with apache on the same server but pound must be running on port 80 while apache on another port let say port 8080
My EnvironmentNo comments
If you facing a problem while using firefox to run java application simply follow this guide :
1) Make sure java run time installed already onto your nox linux or
2) Download from nox linux ftp
3) Installed it $~:modinstall jre-x.x.x.mo
4) cd /home/user/.mozilla/plugin
5) make symbolic link to java lib as below
$~:ln -s /usr/lib/jre1.5.0_06/plugin/i386/ns7/libjavaplugin_oji.so libjavaplugin_oji.so
6) close & restart your firefox browser..
Hamachi also known as instant vpn is good vpn solution in term of configuration & usage compare to others vpn. Download, install, configure it as server or client & you are ready to go.
With Hamachi We can :
- SSH, VNC, any remote
- Samba File Sharing
- Hamachi-0.9.9.2.mo - (download from noguix ftp)
- tun driver - (default comewith noguix)
- module installer - (default)
- load tun module ~$:modprobe tun
- Check the module loaded ~$:lsmod | grep tun
- Build directory ~$:mkdir /dev/net
- Configure tun ~$:mknode /dev/net/tun c10 200
- Install hamachi ~$: modinstall ../location/hamachi-0.9.9.1.mo
- Start tuncfg ~$:tuncfg
- Start hamachi ~$:hamachi start
- Nickname hamachi ~$:hamachi set-nick name
- Login hamachi ~$:hamachi login
- Create Hamachi Server ~$:hamachi create network password
- Join Hamachi Server ~$:hamachi join network password
- Leave Hamachi Server ~$:hamachi leave network
- Online hamachi ~$:hamachi go-online network
- Offline hamahci ~$:hamachi go-offline network
- Hamachi network / client / server listing ~$:hamachi list
- Hamachi help ~$:hamachi -h
p/s : Additional info for those having connection problem
- iptables allow ham0 ~$:iptables -A POSTROUTING -t nat -o ham0 -j MASQUERADE
- Port forwarding for specific port.