Saturday, April 11, 2020
Sunday, October 12, 2014
HOW TO INSTALL OPENVPN on CENTOS
hope this will be useful
====================
1. enter to your server via putty
2. have to login with root access
---
ensure TUN TAP is activated
enter this command :
cat /dev/net/tun
the answer must be : file descriptor in bad state
---------------------------------
3. and then entering this command :
CENTOS 5 32bit
====================
1. enter to your server via putty
2. have to login with root access
---
ensure TUN TAP is activated
enter this command :
cat /dev/net/tun
the answer must be : file descriptor in bad state
---------------------------------
3. and then entering this command :
CENTOS 5 32bit
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
CENTOS 5 64bitwget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
CENTOS 6 32 bitwget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm
CENTOS 6 64bitwget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
ALL CENTOS 5
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.5.2-2.el5.rf.*.rpm
rpm -i rpmforge-release-0.5.2-2.el5.rf.*.rpm
ALL CENTOS 6
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt (abaikan jika gagal)
rpm -K rpmforge-release-0.5.3-1.el6.rf.*.rpm
rpm -i rpmforge-release-0.5.3-1.el6.rf.*.rpm
yum install openvpn -y
cp -r /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
PLEASE NOTICE CENTOS 6Need little change
yum -y install nano
nano /etc/openvpn/easy-rsa/2.0/vars
you have to edit this line :
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
to :
export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
and then SAVE (Ctrl+x) (Y) (ENTER)
cd /etc/openvpn/easy-rsa/2.0/
chmod +x *
source ./vars
./vars
./clean-all
./build-ca
press enter in all choice EXCEPT COMMON NAME (fill it as your desire)then :
./build-key-server server
watch this step carefully when notification showed up (twice) choose Y (y)
----------------------------------------
./build-dh
wait til the process is doneif so, enter this command :
cp -r /etc/openvpn/easy-rsa/2.0/keys/ /etc/openvpn/keys/
cp /etc/openvpn/keys/ca.crt /etc/openvpn/
cd /etc/openvpn/
making Response to TUN driver
cat > server.conf <<END
dev tun*
END
Making Server Configuration :
cat > groundworld.conf <<END
port 443
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.9.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
END
Forwarding Port
echo 1 > /proc/sys/net/ipv4/ip_forward
Iptables Route rules
iptables -t nat -A POSTROUTING -s 10.9.8.0/24 -o venet0 -j SNAT --to xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx above have to be changed with your VPS IP ADDRESS
Run VPN on your server:
service openvpn start
TUTORIAL - HOW TO CONFIGURE SQUID PROXY TRANSPARENT PORT 80 THAT CAN BE USED FOR LISTEN HTTP PROXY ON VPN OR SSH -SQUID 3.1 (CENTOS 6) - PORT BINDING SQUID
hello,
lets begin with this simple tutorial
all of us, face the difficulty to configure squid on port 80 or 8080 or 3128 that can be used for TCP protocol as HTTP_PROXY on VPN or something like that.
First :
PORT 80lets begin with this simple tutorial
all of us, face the difficulty to configure squid on port 80 or 8080 or 3128 that can be used for TCP protocol as HTTP_PROXY on VPN or something like that.
First :
1. Login to your server as root
yum -y install squid
yum - y install nano
2. Configuring Squid
nano /etc/squid/squid.conf
=======
| # squid.conf 3.1 # ------------- # GROUNDMANS MODIFICATION # -------------------------- auth_param basic casesensitive off # ACL acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 777 acl CONNECT method GET HEAD POST # HTTP ACCESS http_access allow localnet http_access allow SSL_ports http_reply_access allow localnet http_reply_access allow SSL_ports ##FINALLY--- http_access deny !SSL_ports http_access deny all http_reply_access deny all http_port 80 transparent # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # -------------------- # MEMORY CACHE OPTIONS # -------------------- cache_mem 16 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF # --------------------------- # cache_dir # --------------------------- cache_replacement_policy heap LFUDA cache_dir aufs /var/spool/squid 1000 14 256 minimum_object_size 0 KB maximum_object_size 64 MB cache_swap_low 98 cache_swap_high 99 # LOGFILE OPTIONS # --------------- access_log /var/log/squid/access.log squid cache_log /var/log/squid/cache.log #cache_store_log /var/log/squid/store.log cache_store_log none logfile_rotate 10 # OPTIONS FOR TROUBLESHOOTING # --------------------------- # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # OPTIONS FOR TUNING THE CACHE # ---------------------------- # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 10080 90% 43200 refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|pptx|doc|docx|xls|xlsx|tiff)$ 10080 90% 43200 refresh_pattern -i \.(zip|bz2|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 refresh_pattern -i \.(html|htm|css|js|php|asp|aspx) 1440 40% 40320 refresh_pattern -i download.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i download.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i update.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i ntservicepack.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i wustat.windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims # TIMEOUTS # -------- forward_timeout 2 minutes connect_timeout 1 minute read_timeout 10 minutes request_timeout 3 minutes persistent_request_timeout 1 minutes client_lifetime 1 day half_closed_clients off shutdown_lifetime 10 seconds # ADMINISTRATIVE PARAMETERS # ------------------------- cache_mgr groundmanlove@gmail.com cache_effective_user squid visible_hostname groundmans.tk # OPTIONS INFLUENCING REQUEST FORWARDING # -------------------------------------- prefer_direct off #always_direct allow ipserver always_direct deny all # DNS OPTIONS # ----------- dns_retransmit_interval 2 seconds dns_timeout 1 minutes dns_nameservers 8.8.8.8 8.8.4.4 hosts_file /etc/hosts ignore_unknown_nameservers on ipcache_size 1024 ipcache_low 90 ipcache_high 95 fqdncache_size 1024 |
|
| #now all setup |
| #squid config by groundmans.tk |
as you can see the red lines above
acl SSL_ports port 777The Proxy Squid Can Only Be Used for VPN // SSH on port defined above, in this case port 777
So, All you have to do is, Opening your VPN or SSH on Port 777
Note ***
----------
How If you Can not change the port into port 80
------------------------------------------------------------------------------------
Please follow this guide
see the line above, wrote :
http_port 80 transparentchange it to :
http_port 8080 transparentand then enter the following IPTABLES RULES :
or
http_port 3128 transparent
In Case you put Port 8080
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
service iptables save
in case you put Port 3128
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
service iptables save3. Starting Squid
We'll lets be clear, all we gonna do is used Port 80 that usually being used by HTTPD,
we gonna kill the process, and clear Port 80 for SQUID
enter this COMMAND :
killall httpdnow all setup, this squid proxy will on IP:80
service squid start
your configuration on VPN or SSH should Bind into Port 777
==========================================
thanks
Friday, September 5, 2014
HOW TO INSTALL OPENVPN on CENTOS
hope this will be useful
====================
1. Open Your VPS with putty
2. have to login with root access
---
ensure TUN /TAP is active
check it with type this command :
cat /dev/net/tun
the answer must be : file descriptor in bad state
---------------------------------
3. and then enter this command :
CENTOS 5 32bit
====================
1. Open Your VPS with putty
2. have to login with root access
---
ensure TUN /TAP is active
check it with type this command :
cat /dev/net/tun
the answer must be : file descriptor in bad state
---------------------------------
3. and then enter this command :
CENTOS 5 32bit
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
CENTOS 5 64bitwget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
CENTOS 6 32 bitwget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm
CENTOS 6 64bitwget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
ALL CENTOS 5
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.5.2-2.el5.rf.*.rpm
rpm -i rpmforge-release-0.5.2-2.el5.rf.*.rpm
ALL CENTOS 6
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt (abaikan jika gagal)
rpm -K rpmforge-release-0.5.3-1.el6.rf.*.rpm
rpm -i rpmforge-release-0.5.3-1.el6.rf.*.rpm
yum install openvpn -y
cp -r /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
TAKE A NOTE for CENTOS 6need a little modification
yum -y install nano
nano /etc/openvpn/easy-rsa/2.0/vars
then EDIT this line :
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
change line above with this :
export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
and then SAVE (Ctrl+x) (Y) (ENTER)
cd /etc/openvpn/easy-rsa/2.0/
chmod +x *
source ./vars
./vars
./clean-all
./build-ca
Just type enter, except for COMMON NAME (fill it with what ever you like)then :
./build-key-server server
Please take attentionwhen u got notification (twice) choose Y (y)
----------------------------------------
./build-dh
wait until its doneand then enter this command :
cp -r /etc/openvpn/easy-rsa/2.0/keys/ /etc/openvpn/keys/
cp /etc/openvpn/keys/ca.crt /etc/openvpn/
cd /etc/openvpn/
make response to TUN driver
cat > server.conf <<END
dev tun*
END
build server configuration :
cat > groundworld.conf <<END
port 443
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.9.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
END
Forwarding Port
echo 1 > /proc/sys/net/ipv4/ip_forward
Iptables Route rules
iptables -t nat -A POSTROUTING -s 10.9.8.0/24 -o venet0 -j SNAT --to xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx above, change it with your vps address
run openvpn on the server
service openvpn start
chkconfig openvpn on
chkconfig --add openvpn
DONE !!
Subscribe to:
Comments (Atom)