Ad_Feed

Tuesday, February 23, 2010

pfsense PPTP VPN setup

Setting up a PPTP VPN server in pfsense is easy. Before doing this, you need to ask your self a few questions.

  1. What is the external interface (public IP) at which users can terminate their PPTP connections on.
  2. An address range (/28) perferably in your LAN that the remote systems will acquire.
When this two issues are sorted, we can continue setting up the server.
  • Log into your pfsense gateway, click on VPN------PPTP
     
  • Enable PPTP server, specify the external interface IP address or public address, and the remote address (a subnet of the LAN address) and SAVE.

    • To create PPTP users, click on the user tab, then click on the add user sign. Enter username and password and SAVE.
     

    •  PPTP will automatically create a rule allowing traffic to the interface.

    Configure PPTP client under windows
    • Start --> Control Panel --> Network Connections
      File --> New Connection --> Next
      Connect to the network at my workplace --> Next
      Select VPN connection --> Next
      Enter descriptive name for connection --> Next
      Do not dial the initial connection --> Next
      Enter hostname or PUBLIC IP address of the PPTP server --> Next
      Note that in this example the IP here is RFC1918 private, however that’s only because in my lab environment the WAN IP is on a private segment.
      Select do not use smart card --> Next
      Click on Finish
      That is all that is required. Now, if you will be accessing resources on the VPN network that are not directly connected to the firewall itself, you will probably want to skip this step.
      If you do skip this step when you connect to the PPTP server, your default gateway for ALL traffic will be via the PPTP VPN. With the current ruleset I’ve created in this example, this means that you will be unable to reach any resources outside the LAN or DMZ subnets.
      To remedy the situation, click on Properties
      Click on Networking --> Internet Protocol
      Properties --> Advanced
      Uncheck “use default gateway on remote network”
      Click OK, OK, OK
      Now enter your username and password (configured during the PPTP User Setup process)
      Click on Connect
      Should get Connecting --> Verifying username & password --> Authenticated
      Now right click on the tray icon for the VPN connection --> Properties --> Details
      Ensure that we are using MSCHAP v2 and MPPE 128
    Posted by at No comments:
    Labels:

    Enable Apache "public_html" for users in Ubuntu

    Imagine you have a server with many users who are developers. You want each user to have their own public_html in their home directory. If a user with username val, can have test his own site or have his own website on: http://localhost/~val

    Enable mod_userdir
    To achieve that, first, what you need to do is to enable mod_userdir, which is installed by default with Apache2.
    sudo a2enmod userdir

    Create public_html directory
    Second, the user need to create public_html directory in their home directory
    mkdir public_html

    Restart Apache
    Finally, you should restart Apache.
    sudo /etc/init.d/apache2 restart

    You can test with http://localhost/~val or http://ip-address-of-system/~username
    Posted by at No comments:

    Saturday, February 6, 2010

    Setup ospf on pfsense

    Setting up ospf support for pfsense is easy. Pfsense is a freebsd flavor, but installing ospf support is done using the "pkg_add" command in the console, instead of the usual web administrative tool present.

    Below are the steps in installing ospf in pfsense.

    1. start by downloading the openospfd package from the freebsd website. In the console or terminal, type :
    2. #pkg_add ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/net/openospfd-4.3.tbz
    3. This will download and install (libevent-1.4.6 package) its dependency.
    4. Create a simple config file "/usr/local/etc/ospfd.conf", where 1.2.3.4 is the IP address of the interface, and rl0 is the interface:
      # cat /usr/local/etc/ospfd.conf
      router-id: 1.2.3.4
      area 0.0.0.0 {
      interface rl0
      }
    5. Change the permission for the configuration file :
      # chmod 600 /usr/local/etc/ospfd.conf
    6. Test the ospf config with the command below:
      # /usr/local/sbin/ospfd -n -v
    7. To start, use :
      # /usr/local/sbin/ospfd
    8. Rename the file below:
      # mv /usr/local/etc/rc.d/openospfd /usr/local/etc/rc.d/openospfd.sh
    9. Enable ospf from boot up
      # vi /usr/local/etc/rc.d/openospfd.sh <-- add line openospfd_enable="YES"


    When the config-check command (# /usr/local/sbin/ospfd -n -v) was run, below was the putput from my system.

    router-id 192.168.0.225
    fib-update yes
    rfc1583compact no
    spf-delay 1
    spf-holdtime 5

    area 0.0.0.0 {
    interface rl0:192.168.0.245 {
    hello-interval 10
    metric 10
    retransmit-interval 5
    router-dead-time 40
    router-priority 1
    transmit-delay 1
    auth-type none
    }
    }
    Posted by at No comments:

    Thursday, January 7, 2010

    Install Redmine in Ubuntu 9.10 using Mysql

    This tutorial demonstrates how to install Redmine on Ubuntu 9.10, using Mysql-server. The scenario here is that we want to install Redmine on the Ubuntu server using and configure IP-based Name virtual host to point to the Redmin installation.

    The redmine installation will be referenced with project.domain.com.

    For this to be possible, we need a system with two IP addresses. Either with two NIC or one NIC with possibly a virtual IP address.

    If the first IP address is 192.168.0.1 (eth0) and 192.168.0.2 (eth0:1), Redmine (project.domain.com) will be installed on eth0:1.

    • Update you ubuntu installation

    Issue the following commands to update your local package database and install any outstanding updates.

    apt-get update
    apt-get dist-upgrade

    • Basic system configuration
    Issue the following commands to set your system hostname. 
    echo "project" > /etc/hostname
    hostname -F /etc/hostname

    Edit your /etc/hosts file to resemble the following, substituting your IP address for 192.168.0.2:

    File: /etc/hosts

    127.0.0.1       localhost.localdomain   localhost
    192.168.0.1     mail.domain.com         mail
    192.168.0.2     project.domain.com      project

    • Install Required Packages

    Issue the following commands to install required packages. Note that the "apt-get install" command spans multiple lines.

    apt-get install make build-essential libapache2-mod-passenger
    rubygems ruby1.8-dev libopenssl-ruby apache2 apache2-doc
    apache2-utils rake zip libpq-dev libapache2-mod-ruby
    subversion mysql-server

    gem install fastthread
    gem install -v=2.1.2 rails


    • Setup database in mysql server
    Replace dbname with database name, username with the desired username and my_password with chosen password.
    create database dbname character set utf8;
    create user 'username'@'localhost' identified by 'my_password';
    grant all privileges on dbname.* to 'username'@'localhost';


    • Configure Apache
    Edit your /etc/apache2/ports.conf file to include a named reference to your project.domain.com IP address. Append to the file:

    NameVirtualHost 192.168.0.2:80

    Create a virtual host configuration file for your Redmine installation resembling the following:

    File: /etc/apache2/sites-available/project.domain.com


    ServerName project.domain.com
    ServerAlias www.    project.domain.com 
    DocumentRoot /    var/www/project.domain.com/redmine-0.8/public

    Issue the following commands to create the proper directory structure for your site and enable required Apache functionality: 
    mkdir -p /var/www/project.domain.com
    a2ensite project.domain.com
    /etc/init.d/apache2 reload


    • Obtain Redmine

    As of this writing, version 0.8 is stable; issue the following commands to check it out using subversion and create a link to the "public_html" location.

    cd /var/www/project.domain.com/
    svn co http://redmine.rubyforge.org/svn/branches/0.8-stable redmine-0.8
    ln -s redmine-0.8/public/ ./public_html

    ****You can use "svn up" from the redmine-0.8 directory to keep it up to date in the future.


    • Configure Redmine
    Issue the following commands to create a database configuration file: 
    cd redmine-0.8/
    cp config/database.yml.example config/database.yml

    Edit the file config/database.yml to match the following:

    File: config/database.yml


    production:
    adapter: mysql
    database: redmine
    host: localhost
    username: redmine
    password: my_password
    socket: /var/run/mysqld/mysqld.sock
    Issue the following commands to complete redmine database configuration:
    rake config/initializers/session_store.rb
    RAILS_ENV=production rake db:migrate
    RAILS_ENV=production rake redmine:load_default_data

    • Final Configuration and Testing

    Issue the following commands to set ownership and permissions on your Redmine files:

    chown -R www-data:www-data *
    chmod -R 755 files log tmp public/plugin_assets

    Issue the following command to start the WEBrick HTTP server, which may be used for testing your installation:

    ruby script/server webrick -e production

    Direct your browser to http://project.domain.com:3000. You should see the Redmine home page, and you should be able to log in with the username "admin" and password "admin". Provided Redmine is functioning correctly, you may press Ctrl+c in your terminal to stop WEBrick. Your Redmine installation should be accessible at http://project.domain.com.

    Posted by at No comments:
    Subscribe to: Posts (Atom)