Ad_Feed

Tuesday, February 23, 2010

pfsense PPTP VPN setup

Setting up a PPTP VPN server in pfsense is easy. Before doing this, you need to ask your self a few questions.

  1. What is the external interface (public IP) at which users can terminate their PPTP connections on.
  2. An address range (/28) perferably in your LAN that the remote systems will acquire.
When this two issues are sorted, we can continue setting up the server.
  • Log into your pfsense gateway, click on VPN------PPTP
     
  • Enable PPTP server, specify the external interface IP address or public address, and the remote address (a subnet of the LAN address) and SAVE.

    • To create PPTP users, click on the user tab, then click on the add user sign. Enter username and password and SAVE.
     

    •  PPTP will automatically create a rule allowing traffic to the interface.

    Configure PPTP client under windows
    • Start --> Control Panel --> Network Connections
      File --> New Connection --> Next
      Connect to the network at my workplace --> Next
      Select VPN connection --> Next
      Enter descriptive name for connection --> Next
      Do not dial the initial connection --> Next
      Enter hostname or PUBLIC IP address of the PPTP server --> Next
      Note that in this example the IP here is RFC1918 private, however that’s only because in my lab environment the WAN IP is on a private segment.
      Select do not use smart card --> Next
      Click on Finish
      That is all that is required. Now, if you will be accessing resources on the VPN network that are not directly connected to the firewall itself, you will probably want to skip this step.
      If you do skip this step when you connect to the PPTP server, your default gateway for ALL traffic will be via the PPTP VPN. With the current ruleset I’ve created in this example, this means that you will be unable to reach any resources outside the LAN or DMZ subnets.
      To remedy the situation, click on Properties
      Click on Networking --> Internet Protocol
      Properties --> Advanced
      Uncheck “use default gateway on remote network”
      Click OK, OK, OK
      Now enter your username and password (configured during the PPTP User Setup process)
      Click on Connect
      Should get Connecting --> Verifying username & password --> Authenticated
      Now right click on the tray icon for the VPN connection --> Properties --> Details
      Ensure that we are using MSCHAP v2 and MPPE 128
    Posted by at No comments:
    Labels:

    Enable Apache "public_html" for users in Ubuntu

    Imagine you have a server with many users who are developers. You want each user to have their own public_html in their home directory. If a user with username val, can have test his own site or have his own website on: http://localhost/~val

    Enable mod_userdir
    To achieve that, first, what you need to do is to enable mod_userdir, which is installed by default with Apache2.
    sudo a2enmod userdir

    Create public_html directory
    Second, the user need to create public_html directory in their home directory
    mkdir public_html

    Restart Apache
    Finally, you should restart Apache.
    sudo /etc/init.d/apache2 restart

    You can test with http://localhost/~val or http://ip-address-of-system/~username
    Posted by at No comments:

    Saturday, February 6, 2010

    Setup ospf on pfsense

    Setting up ospf support for pfsense is easy. Pfsense is a freebsd flavor, but installing ospf support is done using the "pkg_add" command in the console, instead of the usual web administrative tool present.

    Below are the steps in installing ospf in pfsense.

    1. start by downloading the openospfd package from the freebsd website. In the console or terminal, type :
    2. #pkg_add ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/net/openospfd-4.3.tbz
    3. This will download and install (libevent-1.4.6 package) its dependency.
    4. Create a simple config file "/usr/local/etc/ospfd.conf", where 1.2.3.4 is the IP address of the interface, and rl0 is the interface:
      # cat /usr/local/etc/ospfd.conf
      router-id: 1.2.3.4
      area 0.0.0.0 {
      interface rl0
      }
    5. Change the permission for the configuration file :
      # chmod 600 /usr/local/etc/ospfd.conf
    6. Test the ospf config with the command below:
      # /usr/local/sbin/ospfd -n -v
    7. To start, use :
      # /usr/local/sbin/ospfd
    8. Rename the file below:
      # mv /usr/local/etc/rc.d/openospfd /usr/local/etc/rc.d/openospfd.sh
    9. Enable ospf from boot up
      # vi /usr/local/etc/rc.d/openospfd.sh <-- add line openospfd_enable="YES"


    When the config-check command (# /usr/local/sbin/ospfd -n -v) was run, below was the putput from my system.

    router-id 192.168.0.225
    fib-update yes
    rfc1583compact no
    spf-delay 1
    spf-holdtime 5

    area 0.0.0.0 {
    interface rl0:192.168.0.245 {
    hello-interval 10
    metric 10
    retransmit-interval 5
    router-dead-time 40
    router-priority 1
    transmit-delay 1
    auth-type none
    }
    }
    Posted by at No comments:
    Subscribe to: Posts (Atom)