I wanted a quick and easy way to VPN into my house from anywhere. Enter OpenVPN an Open source VPN solution was perfect for what I needed. What I wanted to do is setup a VPN client on my laptop so I could get into my home network. I found Tunnelblick client for Mac OS X. There is an OpenVPN client for windows as well.
See http://openvpn.se/ for details.
There is two modes to run OpenVPN in Tap or Tun this is import to understanding how openvpn works.
Here is a excerpt from the OpenVPN FAQ
"The difference between a tun and tap device is this: a tun device is a virtual IP point-to-point device and a tap device is a virtual Ethernet device. So getting back to the "long cable" analogy, using a tun device would be like having a T1 cable connecting the computers and using a tap device would be like having an Ethernet network connecting the two computers. People who are running applications that need the special features of Ethernet (which won't work on an IP-only network) will often bridge their physical local Ethernet with a tap device (using a utility such as brctl on Linux), then VPN the tap device to another similar setup at the other end. This allows OpenVPN to route Ethernet broadcasts and non-IP protocols such as Windows NetBIOS over the VPN. If you don't need the special features of Ethernet (such as bridging capability), it's better to use a tun device."
Setting up The Server
Setting up the CA for easy-rsa that comes with OpenVPN.
The easy-rsa directory can usually be found in /usr/share/doc/packages/openvpn or /usr/share/doc/openvpn-2.0
Make sure all the scripts that are running are chmod 755 so they get executed properly. Running the vars script sets up the directory to store the keys and such but you might have to create the directory.
. ./vars
./clean-all
./build-ca
Walk through the steps on setting up the CA.
For example common name should be a domain named mycompany.org.
Make sure you don’t do host.mycompany.org just mycompany.org for the common name setting up the CA.
Ok now the server CA key is setup lets work on the Server keys
./build-key-server server.mycompany.org
Ok now lets build the client key.
./build-key client1.mycompany.org
Move the CA.crt and Server.crt and key to your ~/Library/OpenVPN directory on the Mac.
Now lets look at the server configuration
Here is my server config and I will break it down so it makes sense.
#daemon means it running in daemon mode
daemon
port 4444
proto udp
# Dev Tun interface
dev tun
#Server External IP Address
local 67.180.145.190 1194
#Tls protocol
tls-server
# CA Cert
ca ca.crt
cert mycert.company.com.crt
key mycert.company.com.key
dh dh1024.pem
#Server internal IP Adress
server 192.168.3.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
#pushes the route route to the client
push "route 192.168.10.0 255.255.255.0"
keepalive 10 120
persist-key
persist-tun
comp-lzo
status /var/log/openvpn-status.log
verb 3
mute 20
Setting up the client
OK at this time download the tunnelblick client dmg and install it.
The Client configuration goes in ~/Library/openvpn/
Become root on your machine
sudo bash
cd ~/Library/openvpn
Mv openvpn.conf to openvpn.org
Create the configuration with the following entries.
Client Config
# Remove Server
remote 67.180.145.190
port 4444
dev tun
client
dev tun
proto udp
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
comp-lzo
verb 3
log openvpn.log
That’s it as always if you have any questions contact me a gryanfawcett At gmail dot com.
Saturday, January 31, 2009
Sunday, January 18, 2009
Kickstart Package Selection and Base Kickstart
So a while back I was looking at the Kickstart docs on the Package selection. I searched the net for a list of Packages to install other then @ base & @ core. Well buried in the docs, the following paragraph told me where to look.
"Packages can be specified by group or by individual package name, including with globs using the asterisk. The installation program defines several groups that contain related packages. Refer to the
I took the liberty of going though the file, pulling out all the package info for you, excluding the language packages.
admin-tools
authoring-and-publishing
base
base-x
core
development-libs
development-tools
dialup
dns-server
editors
engineering-and-scientific
ftp-server
games
gnome-desktop
gnome-software-development
graphical-internet
graphics
java
java-development
kde-desktop
kde-software-development
legacy-network-server
legacy-software-development
legacy-software-support
mail-server
mysql
network-server
news-server
office
openfabrics-enterprise-distribution
printing
ruby
server-cfg
smb-server
sound-and-video
sql-server
system-tools
text-internet
web-server
x-software-development
language-support
desktops
apps
development
servers
base-system
I also wanted to post my base.ks file for those who want to use it as a template for starting off with a basic Kickstart. The base OS install image size is about 1.9 gigs. This includes all the system admin tools, development stuff for gcc/make, development libs, emacs and pico. Remember to use grub-md5-crypt to create a hash for the root password.
"Packages can be specified by group or by individual package name, including with globs using the asterisk. The installation program defines several groups that contain related packages. Refer to the
variant/repodata/comps-*.xmlI took the liberty of going though the file, pulling out all the package info for you, excluding the language packages.
admin-tools
authoring-and-publishing
base
base-x
core
development-libs
development-tools
dialup
dns-server
editors
engineering-and-scientific
ftp-server
games
gnome-desktop
gnome-software-development
graphical-internet
graphics
java
java-development
kde-desktop
kde-software-development
legacy-network-server
legacy-software-development
legacy-software-support
mail-server
mysql
network-server
news-server
office
openfabrics-enterprise-distribution
printing
ruby
server-cfg
smb-server
sound-and-video
sql-server
system-tools
text-internet
web-server
x-software-development
language-support
desktops
apps
development
servers
base-system
I also wanted to post my base.ks file for those who want to use it as a template for starting off with a basic Kickstart. The base OS install image size is about 1.9 gigs. This includes all the system admin tools, development stuff for gcc/make, development libs, emacs and pico. Remember to use grub-md5-crypt to create a hash for the root password.
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
#Do Text install
text
# Firewall configuration
firewall --disabled
# Run the Setup Agent on first boot
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
#Install method
url --url http://192.168.1.11/install/
#network configuration
network --bootproto=dhcp
# Installation logging level
logging --level=info
#Clear all linux partiions
clearpart --all
#Create Linux Paritions
part swap --size=1024
part / --size 5000 --fstype ext3
#Tying in Custom Repo
repo --name=myrepo --baseurl=http://192.168.1.11/server/
#Root password
# use grub-md5-crypt to generate a md5 crypt hash
# default password is redhat
rootpw --iscrypted $1$GRwvp$HcYuBdNae5mlPyXwVUc1E0
#RHN Key
key --skip
# SELinux configuration
selinux --disable
# System timezone
timezone America/Los_Angeles
# Install OS instead of upgrade
install
%packages
@admin-tools
@base
@core
@development-tools
@development-libs
@editors
@text-internet
@system-tools
Thursday, January 8, 2009
Custom Yum Repos
If you have gotten your development team to do releases in rpm format you already won half the battle. So here is a quick Howto on setting up custom Yum repos. So in this example I took the RHEL 5.2 CDROM and created my own repo for all the packages on the CD. It takes care of all the basic stuff for using yum and gets ride of the nasty rpm dependencies.
Note that this works for custom repos anywhere you want to put rpm packages that can be part of the OS or custom RPMS for company releases repo.
First things make sure apache is installed or install it from the media.
rpm -ivh /mnt/cdrom/server/httpd-2.2.3-11.el5_1.3.i386.rpm
rpm -hiv /mnt/cdrom/server/yum*
Then you will need to pull this package from dags website.
rpm -ivh http://dag.wieers.com/rpm/packages/createrepo/createrepo-0.4.8-1.el5.rf.noarch.rpm
Now copy the server directory of all the rpms to
cp /mnt/cdrom/server/*.* /var/www/html/server/
chown -R apache:apache /var/www/html/server/
chmod -R 755 /var/www/html/server/
Nows lets build the repo xml files
cd /var/www/html/server
createrepo .
Now comes the interesting part - now we need to add the yum repo to yum's repositories.
You can use this file as a template and distribute to all your servers. A good idea is to use my rpm building script to make a custom rpm package. Tar up all your repos from a tar up /etc/yum.repos.d. Create the rpm and add it to your kickstart install.
Script is here
[My Repo]
name=Red Hat Enterprise Linux $releasever - $basearch - Debug
baseurl=http://yoursever.yourdoamin.org/server
enabled=1
gpgcheck=0
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Save it to /etc/yum.repos.d/my.repo
Now lets restart yum update demon.
service restart yum-updatesd
Now lets run the yum command to test it.
yum list ruby*
There a fully functional yum repository.
Note that this works for custom repos anywhere you want to put rpm packages that can be part of the OS or custom RPMS for company releases repo.
First things make sure apache is installed or install it from the media.
rpm -ivh /mnt/cdrom/server/httpd-2.2.3-11.el5_1.3.i386.rpm
rpm -hiv /mnt/cdrom/server/yum*
Then you will need to pull this package from dags website.
rpm -ivh http://dag.wieers.com/rpm/packages/createrepo/createrepo-0.4.8-1.el5.rf.noarch.rpm
Now copy the server directory of all the rpms to
cp /mnt/cdrom/server/*.* /var/www/html/server/
chown -R apache:apache /var/www/html/server/
chmod -R 755 /var/www/html/server/
Nows lets build the repo xml files
cd /var/www/html/server
createrepo .
Now comes the interesting part - now we need to add the yum repo to yum's repositories.
You can use this file as a template and distribute to all your servers. A good idea is to use my rpm building script to make a custom rpm package. Tar up all your repos from a tar up /etc/yum.repos.d. Create the rpm and add it to your kickstart install.
Script is here
[My Repo]
name=Red Hat Enterprise Linux $releasever - $basearch - Debug
baseurl=http://yoursever.yourdoamin.org/server
enabled=1
gpgcheck=0
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Save it to /etc/yum.repos.d/my.repo
Now lets restart yum update demon.
service restart yum-updatesd
Now lets run the yum command to test it.
yum list ruby*
There a fully functional yum repository.
Subscribe to:
Posts (Atom)
Posts
