Aici veti gasi detalii tehnice despre cum se pot realiza configurari software+ hardware.
Here you can find tehnical details about software/hardware configuration.

vineri, 10 iunie 2011

Openvpn network with tap (bridge mode)

In this configuration all clients are in bridge.
This config is without encryption.

Before you start you need to generate ca.crt, server.crt, server.key, dh1024.pem and clients keys and certificates


#Begin server.conf

local x.x.x.x
port 1194
proto udp
dev tap
server-bridge 192.168.100.10 255.255.255.0 192.168.100.129 192.168.100.254
ca /usr/local/etc/keys/ca.crt
cert /usr/local/etc/keys/server.crt
key /usr/local/etc/keys/server.key # This file should be kept secret
dh /usr/local/etc/keys/dh1024.pem
# Don't put this in the keys directory unless user nobody can read it
#crl-verify /usr/local/etc/keys/crl.pem

#Make sure this is your tunnel address pool
#server 10.10.101.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#This is the route to push to the client, add more if necessary

#push "dhcp-option DNS 10.0.0.2"
keepalive 10 120
#cipher BF-CBC #Blowfish encryption
cipher none
###comp-lzo
user nobody
group nobody
persist-key
persist-tun
client-to-client
status openvpn-status.log
verb 6
mute 20
#client-config-dir /usr/local/etc/openvpn/ccd
ping-restart 0

=====================================================

cat ipp.txt

1.example.com,10.10.101.8
2.example.com,10.10.101.12
3.example.com,10.10.101.16
4.example.com,10.10.101.20
5.example.com,10.10.101.24
6.example.com,10.10.101.28
7.example.com,10.10.101.32
8.example.com,10.10.101.36
9.example.com,10.10.101.40
10.example.com,10.10.101.44
11.example.com,10.10.101.48

===============================================================
===============================================================
CLIENT SIDE


client
dev tap
proto udp
remote x.x.x.x 1194 #server ip address
resolv-retry infinite
nobind
persist-key
persist-tun
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
#comp-lzo
ping-restart 0
cipher none

Openvpn network with tun

SERVER SIDE

Before you start you need to generate ca.crt, server.crt, server.key, dh1024.pem and clients keys and certificates


#Begin server.conf
local x.x.x.x (server ip address)
port 1194
proto tcp
dev tun

ca /usr/local/etc/keys/ca.crt
cert /usr/local/etc/keys/server.crt
key /usr/local/etc/keys/server.key # This file should be kept secret
dh /usr/local/etc/keys/dh1024.pem
# Don't put this in the keys directory unless user nobody can read it
#crl-verify /usr/local/etc/keys/crl.pem

#Make sure this is your tunnel address pool
server 10.10.101.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#This is the route to push to the client, add more if necessary
push "route 192.168.101.0 255.255.255.0"
push "route 192.168.102.0 255.255.255.0"
push "route 192.168.103.0 255.255.255.0"
push "route 192.168.104.0 255.255.255.0"
push "route 192.168.105.0 255.255.255.0"
push "route 192.168.106.0 255.255.255.0"
push "route 192.168.107.0 255.255.255.0"
push "route 192.168.108.0 255.255.255.0"
push "route 192.168.109.0 255.255.255.0"
push "route 192.168.110.0 255.255.255.0"
push "route 192.168.111.0 255.255.255.0"
push "route 192.168.112.0 255.255.255.0"

#push "dhcp-option DNS 10.0.0.2"
keepalive 10 120
cipher BF-CBC #Blowfish encryption
comp-lzo
user nobody
group nobody
persist-key
persist-tun
client-to-client
status openvpn-status.log
verb 6
mute 20
client-config-dir /usr/local/etc/openvpn/ccd
route 192.168.102.0 255.255.255.0
route 192.168.103.0 255.255.255.0
route 192.168.104.0 255.255.255.0
route 192.168.105.0 255.255.255.0
route 192.168.106.0 255.255.255.0
route 192.168.107.0 255.255.255.0
route 192.168.108.0 255.255.255.0
route 192.168.109.0 255.255.255.0
route 192.168.110.0 255.255.255.0
route 192.168.111.0 255.255.255.0
route 192.168.112.0 255.255.255.0



============================================================
cat ipp.txt

1.example.com,10.10.101.8
2.example.com,10.10.101.12
3.example.com,10.10.101.16
4.example.com,10.10.101.20
5.example.com,10.10.101.24
6.example.com,10.10.101.28
7.example.com,10.10.101.32
8.example.com,10.10.101.36
9.example.com,10.10.101.40
10.example.com,10.10.101.44
11.example.com,10.10.101.48

========================================================
# cd /usr/local/etc/openvpn/ccd
# ls

1.example.com
2.example.com
3.example.com
4.example.com
5.example.com
6.example.com
7.example.com
8.example.com
9.example.com
10.example.com
11.example.com


# cat 1.example.com
iroute 192.168.102.0 255.255.255.0
#
# cat 2.example.com
iroute 192.168.103.0 255.255.255.0
#
.......

===============================================================
===============================================================
CLIENT SIDE


client
dev tun
proto tcp
remote x.x.x.x 1194 (Server address)
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
comp-lzo

FreeBSD Qmail Install

cd /usr/ports/mail/qmail
make config
make install

#TcpServer

cd /usr/ports/sysutils/ucspi-tcp
make install clean

#Daemontools
cd /usr/ports/sysutils/daemontools
make install clean
echo 'svscan_enable="YES"' >> /etc/rc.conf


#vpopmail
cd /usr/ports/mail/vpopmail
make install clean -DWITH_DOMAIN_QUOTAS -DWITH_SPAMASSASSIN SPAM_THRESHOLD=10

#courierimap
cd /usr/ports/mail/courier-imap
make config
make install clean

#qmailadmin

cd /usr/ports/mail/qmailadmin
make all install clean CGIBINDIR=www/cgi-bin-dist WEBDATADIR=www/data-dist


#qmail-scanner
cd /usr/ports/mail/qmail-scanner
make install

#$clamav
cd /usr/ports/security/clamav
make install

#vqadmin
cd /usr/ports/mail/vqadmin/
make install

miercuri, 1 iunie 2011

To Recreate Qmail's Queue

To Recreate Qmail's Queue

1. Log in to your server using SSH.
2. Type su -.
3. Enter the password for the root user on your server.
4. At the command prompt, stop Qmail by typing /etc/init.d/qmail stop.
cd /var/qmail/queue
rm -rf info intd local mess remote todo

mkdir mess

for i in `seq 0 22`; do
mkdir -p mess/$i
done

cp -r mess info
cp -r mess intd
cp -r mess local
cp -r mess remote
cp -r mess todo

chmod -R 750 mess todo
chown -R qmailq:qmail mess todo

chmod -R 700 info intd local remote
chown -R qmailq:qmail intd
chown -R qmails:qmail info local remote

5. Then, type the following:
6. Start Qmail by typing /etc/init.d/qmail start.

Map


Visitor Map