Pages

Thursday, June 21, 2012

vim Function List


Install ctags
yum install ctags
Download and install vim taglist
Download taglist _45.zip from webpage http://vim.sourceforge.net/scripts/script.php?script_id=273
Unzip
unzip taglist_45.zip
Move plugin and doc to ~/.vim/
mv plugin doc ~/.vim/
Add "map <f9> :Tlist<CR>" to "/etc/vimrc"
echo "map <f9> :Tlist<CR>" >> /etc/vimrc

Use ctags in working directory
ctags -R *.c *.cpp *.h
Edit your source file
vim xxx.cpp

Toggle function list
Press <F9>
Posted by at No comments:
Labels: , ,

Saturday, June 9, 2012

OpenVPN with Public IP Assignments

OpenVPN with Public IP Assignments

VPN Server IP 
                a.b.c.99

VPN Subnet IP
                a.b.c.104 ~ a.b.c.107 (255.255.255.252)

VPN Server tun IP(a.b.c.105)
                a.b.c.105

Client tun IP   (a.b.c.106)
                a.b.c.106

Route:
                Use VPN server as default route

 


Server (a.b.c.99)
#Create conf

vi /etc/openvpn

# VPN server tun IP and VPN subnet netmask (size)
ifconfig a.b.c.105 255.255.255.252

# Some common settings
port 1194
proto tcp-server
mode server
tls-server
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
keepalive 10 120
comp-lzo

# VPN IP pool
ifconfig-pool a.b.c.106 a.b.c.107
# Use VPN server tun IP as gateway for VPN subnet
push "route-gateway a.b.c.105"
# vpn server use tun as route dev for vpn subnet
topology subnet
# vpn client use tun as route devo for vpn subnet
push "topology subnet"
#  Use VPN server as default gateway
push "redirect-gateway def1 bypass-dhcp"
# Make VPN client user use 8.8.8.8 as defualt DNS
push "dhcp-option DNS 8.8.8.8"
#Enable Client to client traffic
client-to-client

#Enable forward

iptables -I FORWARD -j ACCEPT
Posted by at 1 comment:
Labels: , ,

Thursday, June 7, 2012

OpenVPN


Server (IP 1.2.3.4, VPN Subnet 10.8.0.0 / 255.255.255.0)
Install OpenVPN
yum install openvpn
Generate Certificates (by using easy-rsa)
cd /usr/share/openvpn/easy-rsa/2.0/
#Setup parameters for certificate key generation
vi vars
source ./vars
#Clean all generated certificates and keys
./clean-all
#Generate server certificate
./build-ca
#Generate server key
./build-key-sever server
#Generate client key
./build-key client1
#Generate Diffie Hellman parameters
./build-dh
#Copy keys and certificates to openvpn conf folder (*crt: certificates; *key: private keys)
cd keys
cp -a ca.crt server.crt server.key dh1024.pem /etc/openvpn/
Create configuration
#copy sampel conf file to openvpn conf folder
cp -a /usr/share/doc/openvpn-x.x.x/sample-config-files/server.conf /etc/openvpn/
#Edit conf file
vi /etc/openvpn/server.conf
#Server IP
local 1.2.3.4
#Listen port
port 1194
#protocol tcp or udp (default)
proto tcp
#tunnel tun (default) or tap
dev tun
#SSL/TLS Certificate
ca ca.crt
#Certificate
cert server.crt
#Private key
key server.key
#Diffie hellman
dh dh1024.pem
#VPN subnet, comment out for bridge mode
server 10.8.0.0 255.255.255.0
#Persistent assignment and log filename
ifconfig-pool-persist ipp.txt
#bridge mode(10.8.0.4/255.25.255.0: ip and nm of bridge interface; ip pool 10.8.0.50 ~ 10.8.0.100)
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
#DHCP-proxy (use Server-side DHCP server to assign client IP)
;server-bridge
#enable compression
comp-lzo
#Maximum number of concurrently connected clients
;max-clients 100
#Server status
status openvpn-status.log
#Log
log-append
#verbosity
verb 3
#Start OpenVPN Service
service openvpn@server.service
Client
#Download ca.crt, client.crt, client.key from Server
cp -a ca.crt client1.crt client.key MyClient
#Copy sample client conf to folder
cp -a /usr/share/doc/openvpn-x.x.x/sample-config-files/client.conf MyClient
#Modify client conf (Linux) / ovpn file (windows)
#
vi client.conf
dev tun
proto tcp
remote 1.2.3.4 1194
ca ca.crt
cert client1.crt
key client1.key
#Execute client with .conf file
openvpn xxx.conf

#Execute client with .ovpn file
<Right-click ovpn file and select “Start OpenVPN on this config file” in Windows>
Posted by at No comments:
Labels: , , ,

Tuesday, June 5, 2012

SSH VPN with remote routing


VPN Client

tun0 Private IP
192.168.100.253


VPN Server

tun0 Private IP
192.168.100.254
Public IP
1.2.3.4
Public Interface
eth0


Server
Install Packages
yum install tunctl
Create tun0
tunctl -t tun0
Configure tun0
ifconfig tun0 192.168.100.254 netmask 255.255.255.0 pointopoint 192.168.100.253
Configure sshd for tunnel
vi /etc/ssh/sshd_config
PermitTunnel yes
Restart sshd for Modified Configuration
service sshd restart

Enable forward
sysctl –w net.ipv4.ip_forward=1
iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.100.253/24 -o eth0 -j MASQUERADE


Local
Install Packages
yum install tunctl
Create tun0
tunctl -t tun0
Configure tun0
ifconfig tun0 192.168.100.253 netmask 255.255.255.0 pointopoint 192.168.100.254
Connect
ssh -w0:0 1.2.3.4

Configure routing (special destination goes through remote gateway / VPN Server)
route add -net some_ip/prefix dev tun0
(e.g. route add -net 140.112.31.0/24 dev tun0)
 

Posted by at 2 comments:
Labels: ,

Linux Network Address Translation (NAT) Service

Variables
    iif: your intranet interface
    iip: your intranet IP
    wif: your internet (WAN) interface
    wip: your wan internet (WAN) IP
    inm: your intranet netmask


Enable Forwarding
    echo 1 > /proc/sys/net/ipv4/ip_forward

Enable IP Forwarding
  1.      iptables -I FORWARD -i $wif -o $iif -j ACCEPT
  2.      iptables -I FORWARD -i $iif -o $wif -j ACCEPT
  3.      iptables -t nat -A POSTROUTING -s $iip/$inm -o $wif -j MASQUERADE
               OR 
     iptables -t nat -I POSTROUTING -s $iip/$inm -j SNAT --to $wip
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)