Tuesday, August 03, 2010

Install OpenVPN-2.0.9 on Server CentOS 5.5

First check whether your server supports the device dev/tun
# ls -al /dev/net/tun

You'll get results like the following if it supports
# ls -al /dev/net/tun
crw------- 1 root root 10, 200 Aug  1 14:12 /dev/net/tun

Then also check whether the device dev/tun has been enabled or not
# cat /dev/net/tun

You'll get results like the following if it is enabled
# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state

If it has not enabled you should contact the staff of VPS providers


Install the required supporting dependency
# yum -y install gcc make zlib-devel pam-devel openssl-devel rpm-build autoconf.noarch nano openssl lzo2

Install OpenVPN
# cd /tmp
# wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
# wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
# rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
# rpmbuild -tb openvpn-2.0.9.tar.gz

For server CentOS x86 (i386)
# rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
# rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm

For server CetOS x64 (x86_64)
# rpm -Uvh /usr/src/redhat/RPMS/x86_64/lzo-*.rpm
# rpm -Uvh /usr/src/redhat/RPMS/x86_64/openvpn-2.0.9-1.x86_64.rpm

Build certificate
# cp -R /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
# cd /etc/openvpn/easy-rsa/2.0
# nano ./vars
Find following line
export KEY_DIR=$EASY-RSA/keys
Change like the following
export KEY_DIR="/etc/openvpn/keys"

# chmod 755 *
# source ./vars
# ./vars
# ./clean-all
# ./build-ca

will then appear like the following posts:
Generating a 1024 bit RSA private key
....................................................................++++++
..............................................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [Fort-Funston CA]:
Email Address [me@myhost.mydomain]:

Just hit enter in each field, which needs to fill only the "Common Name" fill it with anything you want.


Build Server Key
# ./build-key-server server

will then appear like the posts before, just hit enter in each field, which needs to fill only the "Common Name" fill it with servers, then follow the next steps to complete build server key.

Build DH Key
# ./build-dh


Create OpenVPN configuration file.
# nano /etc/openvpn/server.conf

The following is an example configuration:

local xxx.xxx.xxx.xxx #Replace with your server IP address
port xxxx #Replace with the desired port
proto udp #Choose between tcp and udp (remove instructions in bold)
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 192.168.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-vpn.log
verb 3

Start Service OpenVPN
# service openvpn start
# chkconfig openvpn on

Setting Firewall
# nano /etc/sysctl.conf
find net.ipv4.ip_forward  and give value = 1
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -s 192.168.0.0/24  -j SNAT –to xxx.xxx.xxx.xxx
Change xxx.xxx.xxx.xxx with your server IP address
# iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
Save iptables
# service iptables save

Build Client Key
# cd /etc/openvpn/easy-rsa/2.0
# source ./vars
# ./vars
# ./build-key ClientName

File keys we have made earlier is stored in the directory /etc/openvpn/keys
save to your PC file "ClientName.key", "ClientName.crt" and "ca.crt"

Create a configuration file for the client and name it "ClientName.ovpn"

The following is a sample configuration for the clients based on server configuration:
client
dev tun
proto udp
remote xxx.xxx.xxx.xxx xxxx
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
cert ClientName.crt
key ClientName.key
comp-lzo
verb 3

Replace xxx.xxx.xxx.xxx with the server ip and  xxxx with port that has been in setting on the server.
Save files "ClientName.key", "ClientName.crt", "ClientName.ovpn" and "ca.crt" in the directory OpenVPN.
for example on C:\Program Files\OpenVPN\config\ClientName.

Install phpMyAdmin on Server CentOS 5.5

      phpMyAdmin is a free software tool written in PHP intended to handle the administration of MySQL over the World Wide Web. phpMyAdmin supports a wide range of operations with MySQL. The most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, indexes, users, permissions, etc), while you still have the ability to directly execute any SQL statement.

Install repository from rpmforge to server
# cd /tmp

On Centos x86 (i386)
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.i386.rpm
# rpm -Uvh rpmforge-release-0.5.1-1.el5.rf.i386.rpm

On Centos x64 (x86_64)
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm
# rpm -Uvh rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm
Command to view version of CentOS is x86 (32bit) or x86_64 (64bit)
# uname -i

Install phpMyAdmin
# yum -y install phpmyadmin
edit file phpmyadmin.conf
# vi /etc/httpd/conf.d/phpmyadmin.conf
delete the other settings and leave only the following:
Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
Alias /mysqladmin /usr/share/phpmyadmin
save (press key "Esc" and then type ":wq")

edit file config.inc.php
# vi /usr/share/phpmyadmin/config.inc.php
find the following line
$cfg['Servers'][$i]['auth_type'] = 'cookie';
and replace 'cookie' with 'http'

Restart Apache
# service httpd restart

go to http://ServerIPaddress/phpmyadmin  and you'll find a page like this after login with user and password mysqladmin which was created when installing MySQL.


Install LAMP on Server CentOS 5.5

      LAMP is an acronym for a solution stack of free, open source software, originally coined from the first letters of Linux (operating system), Apache HTTP Server, MySQL (database software), and PHP, principal components to build a viable general purpose web server.

1. Install MySQL
# yum install mysql mysql-server
Adding MySQL to startup
# chkconfig --levels 235 mysqld on
# /etc/init.d/mysqld start
Create MySQLadmin User and Password
# mysqladmin -u root password YourPassSQL
# mysqladmin -h HostNameServer -u root password YourPassSQL
You can find HostNameServer on terminal console  [root@HostNameServer ~]#


2. Install Apache.
# yum -y install httpd
Adding Apache to startup, so it can automatic loaded if system restarted.
# chkconfig --levels 235 httpd on
# service httpd start
To check Apache has installed on server go to http://YourIPAddress/ and if you see as in the screenshoot that means Apache has been installed on your server.

If you get message "No Route To Host" that means you must open port 80 that still closed by firewall.
To open port 80 simply do this step:
# vi /etc/sysconfig/iptables
Add this command and save (to save press key "Esc" and then type ":wq")
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
And then restart IPTABLES
# service iptables restart


3. Install PHP
# yum install php php-mysql php-mbstring php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc
Restart Apache
# service httpd restart
To check php has been installed on server simply do following step:
# vi /var/www/http/php/index.php
and type following php code:
<?php
phpinfo();
?>
Save and go to http://YourIPAddress/php 
if php has been installed on your server, you will see a page like this:


DONE!!!
Now you can build a website on your server.

Monday, August 02, 2010

Install Webmin on CentOS 5.5 for Linux Administration

      Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms (and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing and so on.

      Webmin consists of a simple web server, and a number of CGI programs which directly update system files like /etc/inetd.conf and /etc/passwd. The web server and all CGI programs are written in Perl version 5, and use no non-standard Perl modules.

Here the step to install webmin:

First install some dependencies:
# yum -y install perl-Net-SSLeay
 Download latest webmin (you can find it here)
# cd /tmp/
# wget http://prdownloads.sourceforge.net/webadmin/webmin-1.510-1.noarch.rpm
 Install the webmin
 # rpm -Uvh  webmin-1.510-1.noarch.rpm
Remove installer webmin
 # rm  webmin-1.510-1.noarch.rpm
Done!!!
Now you can access webmin at http://YourServerIP:10000/ with yours root user and password.

To change standard port webmin (ex. from 10000 to 8888)
# vi /etc/webmin/miniserv.conf
Change value of "port" and  "listen" from 10000 to 8888.
# service webmin restart

Now you can access webmin at http://YourIpServerIP:8888/ with yours root user and password.

Install ptunnel on Server CentOS 5.5 for Tunneling via ICMP

      Ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies. It is not a feature-rich tool by any means, but it does what it advertises. So here is what it can do:

  • Tunnel TCP using ICMP echo request and reply packets
  • Connections are reliable (lost packets are resent as necessary)
  • Handles multiple connections
  • Acceptable bandwidth (150 kb/s downstream and about 50 kb/s upstream are the currently measured maximas for one tunnel)
  • Authentication, to prevent just anyone from using your proxy
    

      PTunnel will not work in the condition that when an outgoing/incoming ping not allowed, or filtered by a gateway somewhere along the way. Also, it does not involve any congestion control. But a good thing is that it is open source and supports both Linux, Windows & Mac. For Windows, you will also need WinPcap.

There is the step for installing ptunnel 0.71:

ON SERVER

# yum -y install gcc*
# yum -y install libpcap*
# mkdir /tmp
# cd /tmp
# wget http://www.cs.uit.no/~daniels/PingTunnel/PingTunnel-0.71.tar.gz
# tar -zxvf PingTunnel-0.71.tar.gz
# cd PingTunnel
# make
# make install

On server  CentOS 5.5 32bit

# ptunnel &



On server  CentOS 5.5 64bit

# ptunnel > /dev/null 2 >&1 &


Open Port on Server (8000 or whatever it that will be used for tunneling)

# setup

and then choose Firewall configuration >> Customize

do as shown in the picture:



ON CLIENT

ptunnel -p ptunnel.example.org -lp 8000 -da ssh.example.org -dp 22

If you using ptunnel client on windows, make sure you copy ptunnel.exe to folder system32 before running that command on command prompt and WinPcap has installed on your system.

ON SSH CLIENT

Using PuTTY or Bidvise Tunnelier to login to your SSH.

Setting on SSH Client:
Host : 127.0.0.1
Port : 8000