I just installed the Firefox 5 tar file from Mozilla and extracted it to /opt directory and everything loaded fine but the Adobe Flash is not seen though it is loading in the other browser.
My OS is a 64 bit Ubuntu Karmic and found out that Firefox did not use the old flash plugin so I did a little research and this is what I found...
The old plugins in my system is found in /usr/lib64/mozilla/plugins/ but the downloaded firefox does not look there instead it looks in the...
/usr/lib/mozilla/plugins/
so I just symlinked the flash plugin from /usr/lib64/mozilla/plugins/ to /usr/lib/mozilla/plugins/ and it just worked!
Wednesday, July 6, 2011
Tuesday, May 3, 2011
Static IP for OpenVPN Clients
To set your vpn clients to have a static IP uncomment the line from the server config
client-config-dir /etc/openvpn/ccdthen create a directory...
# mkdir /etc/openvpn/ccdthen create a file in the /etc/openvpn/ccd directory with the same name as the created client certificate (ex Juan)
# vim /etc/openvpn/ccd/JuanBelow is a sample content:
ifconfig-push 192.168.1.20 255.255.255.0Save it and restart your OpenVPN server...
# /etc/init.d/openvpn restartYou can create as many as you like as long the certificate is the same as the config file in ccd directory
Monday, May 2, 2011
OpenVPN Client how to
Generating Client Certificate and Key
Generating certificates and keys for a client is very similar to the process used for generating server certificates. It is assumed that you have already set up the /etc/openvpn/easy-rsa/ directory and updated the /etc/openvpn/easy-rsa/vars file as described above. You should have already setup your Certificate Authority and created a server certificate and keys.
Note: You can change the name of your client certificate like your name Ex: ./pkitool Juan
Then you will need the following files to be placed on the client PC...
=== End of file
Extra windows settings:
Edit the registry value below to enable LAN Routing in Vista and higher
To start OpenVPN in Windows just load the OpenVPN GUI
Note: make sure the config file extension name is ovpn and all the certificates are inside the config directory
To start OpenVPN in linux just type the ff. below...
# /etc/init.d/openvpn restart
Note: make sure the extension name is conf and all the certificates are inside the OpenVPN directory
Generating certificates and keys for a client is very similar to the process used for generating server certificates. It is assumed that you have already set up the /etc/openvpn/easy-rsa/ directory and updated the /etc/openvpn/easy-rsa/vars file as described above. You should have already setup your Certificate Authority and created a server certificate and keys.
cd /etc/openvpn/easy-rsa/
source ./vars
./pkitool client
Note: You can change the name of your client certificate like your name Ex: ./pkitool Juan
Then you will need the following files to be placed on the client PC...
- client.ovpn (config file. extension is conf if using linux)
- ca.crt
- client.crt
- client.key
- ta.key
client
dev tap
proto tcp
remote server1 1194
#remote server2 1194
#remote server 3 8080
nobind
persist-key
comp-lzo
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
ns-cert-type server
cipher BF-CBC
verb 3
ping 10
ping-restart 120
# uncomment below if Vista or higher is the client
#route-method exe
#route-delay 2
#uncomment this if you wish to prevent the client to get route info from server
#route-nopull
=== End of file
Extra windows settings:
Edit the registry value below to enable LAN Routing in Vista and higher
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value: IPEnableRouter
Type: REG_DWORD
Data: 0x00000001 (1)
To start OpenVPN in Windows just load the OpenVPN GUI
Note: make sure the config file extension name is ovpn and all the certificates are inside the config directory
To start OpenVPN in linux just type the ff. below...
# /etc/init.d/openvpn restart
Note: make sure the extension name is conf and all the certificates are inside the OpenVPN directory
Sunday, May 1, 2011
OpenVPN Server on Ubuntu
source: https://help.ubuntu.com/community/OpenVPN
# aptitude install openvpn bridge-utils
To set the Bridge:
- Edit /etc/network/interfaces
When a Linux server is behind a NAT firewall, the /etc/network/interfaces file commonly looks like
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo eth0
iface lo inet loopback
# The primary network interface
## This device provides internet access.
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1
- Edit this and add a bridge interface so that it look similar to:
## This is the network bridge declaration
## Start these interfaces on boot
auto lo br0
iface lo inet loopback
iface br0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1
bridge_ports eth0
iface eth0 inet manual
up ip link set $IFACE up promisc on
down ip link set $IFACE down promisc off
- Restart networking:
# sudo /etc/init.d/networking restart
After installation of OpenVPN let's create the Certificates to be used...
Step 1:
Copy files to the /etc/openvpn/easy-rsa/ directory
sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
Step 2:
Edit /etc/openvpn/easy-rsa/vars
sudo vi /etc/openvpn/easy-rsa/vars
Change these lines at the bottom so that they reflect your new CA.
export KEY_COUNTRY="PH"
export KEY_PROVINCE="BC"
export KEY_CITY="Makati"
export KEY_ORG="verzion"
export KEY_EMAIL="me@myhost.mydomain"
Step 3:
Setup the CA and create the first server certificate. Follow them as is.
cd /etc/openvpn/easy-rsa/
sudo chown -R root:admin .
sudo chmod g+w .
source ./vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server server
cd keys
openvpn --genkey --secret ta.key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key ../../
The Certificate Authority is now setup and the needed keys are in /etc/openvpn/
Configuring the Server
By default all servers specified in *.conf files in the /etc/openvpn/ directory are started on boot. Therefore, all we have to do is creating a new file named server.conf in the /etc/openvpn/ directory.
First, we're going to create a couple of new scripts to be used by the openvpn server.
sudo vi /etc/openvpn/up.sh
This script should contain the following
#!/bin/sh
BR=$1
DEV=$2
MTU=$3
/sbin/ip link set "$DEV" up promisc on mtu "$MTU"
/usr/sbin/brctl addif $BR $DEV
Now, we'll create a "down" script.
sudo vi /etc/openvpn/down.sh
It should contain the following.
#!/bin/sh
BR=$1
DEV=$2
/usr/sbin/brctl delif $BR $DEV
/sbin/ip link set "$DEV" down
Now, make both scripts executable.
sudo chmod +x /etc/openvpn/up.sh /etc/openvpn/down.sh
And now on to the server configuration itself...
# vim /etc/openvpn/server.conf
here are the content:
mode server
tls-server
# the local ip addr of the server
local 192.168.11.1
# the port can be changed
port 1194
proto tcp
#proto udp
mssfix 1400
#bridging directive
dev tap0
up "/etc/openvpn/up.sh br0"
down "/etc/openvpn/down.sh br0"
# the certificates
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
cipher BF-CBC
comp-lzo
# the VPN ip addr
server-bridge 192.168.1.50 255.255.255.0 192.168.0.100 192.168.1.120
# this will make the other VPN client to communicate
client-to-client
# uncomment below if you wish to have static IP on you clients
#client-config-dir /etc/openvpn/ccd
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway"
keepalive 10 120
# may be changed if more or less users are to connect
# remember to create more VPN tap devices if more users are to connect
max-clients 9
user nobody
group nogroup
persist-key
persist-tun
status /etc/openvpn/openvpn-status.log
verb 3
ping 10
ping restart 120
=== End of file
then to start the OpenVPN server type...
Monday, April 25, 2011
Updated my template
Just made a few changes in the design of my Blog UI by using the available templates here in google blogs and also reposted my transparent squid article.
Hope you people liked it! Cheers!!!
Hope you people liked it! Cheers!!!
DHCP for transparent Squid
And last but not the least the DHCP server
here are the content:
ddns-update-style none;
# option definitions common to all supported networks...
option domain-name "verZion.com";
# If this DHCP server is the official DHCP server for the local
=== End of file
After placing all the basic setting now let's get it on!!!
# aptitude install dhcp3-serverThen to edit the configuration file...
# vim /etc/dhcp3/dhcpd.conf
here are the content:
ddns-update-style none;
# option definitions common to all supported networks...
option domain-name "verZion.com";
option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 600; max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file
authoritative;
# Use this to send dhcp log messages to a different log file
log-facility local7;
# gateway on your internal interface
option routers 192.168.1.1;
# This is a very basic subnet declaration.
subnet 192.168.1.0 netmask 255.255.255.0 {
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.150 192.168.1.250;
}
=== End of file
After placing all the basic setting now let's get it on!!!
# /etc/init.d/dhcp3-server restartAnd that's it! All client PC will have their own IP assigned by the server and they should be able use the invisible proxy on your server without any need to configure every PC.
IPTABLES for transparent Squid
In this post I created an iptables script and I name the file as fw.sh
here's the sample content:
#!/bin/bash
#
#iptables ko... by verzion
# init string
ipt="/sbin/iptables"
SQUID_SERVER="ip_addr of your squid server"
WAN="eth0"
LAN="eth1"
SQUID_PORT="3128"
# how to use:
# $ipt -F
# rather than...
# /sbin/iptables -F
#!/bin/bash
#
#iptables ko... by verzion
# init string
ipt="/sbin/iptables"
SQUID_SERVER="ip_addr of your squid server"
WAN="eth0"
LAN="eth1"
SQUID_PORT="3128"
# how to use:
# $ipt -F
# rather than...
# /sbin/iptables -F
# Flush all config
$ipt -t filter -F
$ipt -t nat -F
# Policy settings
$ipt -P INPUT ACCEPT
$ipt -P FORWARD DROP
$ipt -P OUTPUT DROP
# Enabling IP forwarding.
echo "1" > /proc/sys/net/ipv4/ip_forward
# no firewall for LAN
$ipt -A INPUT -i $LAN -p all -j ACCEPT
$ipt -A OUTPUT -o $LAN -p all -j ACCEPT
# Allow SSH. Uncomment if you wish to use SSH
$ipt -A INPUT -p tcp --dport 22 -j ACCEPT
# Allow ICMP. Zero (0) is for echo-reply. Eight (8) is for echo-request.
$ipt -A INPUT -p icmp --icmp-type 8 -j ACCEPT
# Allow internet connection to this PC.
$ipt -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
$ipt --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
$ipt --append FORWARD --in-interface $LAN -j ACCEPT
$ipt -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $WAN -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# save settings to iptables (uncomment either of the two lines below to save the firewall settings)
#$ipt -L
#iptables-save
=== End of file
then make the script executable
# chmod a+x fw.sh
then to execute the script
# ./fw,sh
This ends the IPTABLES to forward the port 80 (www) requests to 3128 (squid). Now to automatically set the client PC's to have their own network IP by using DHCP
There is an update for this post. see http://linuxverzion.blogspot.com/2013/09/update-for-my-iptables-for-transparent.html
Cheers!
There is an update for this post. see http://linuxverzion.blogspot.com/2013/09/update-for-my-iptables-for-transparent.html
Cheers!
Subscribe to:
Posts (Atom)