In this configuration all clients are in bridge.
This config is without encryption.
Before you start you need to generate ca.crt, server.crt, server.key, dh1024.pem and clients keys and certificates
#Begin server.conf
local x.x.x.x
port 1194
proto udp
dev tap
server-bridge 192.168.100.10 255.255.255.0 192.168.100.129 192.168.100.254
ca /usr/local/etc/keys/ca.crt
cert /usr/local/etc/keys/server.crt
key /usr/local/etc/keys/server.key # This file should be kept secret
dh /usr/local/etc/keys/dh1024.pem
# Don't put this in the keys directory unless user nobody can read it
#crl-verify /usr/local/etc/keys/crl.pem
#Make sure this is your tunnel address pool
#server 10.10.101.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#This is the route to push to the client, add more if necessary
#push "dhcp-option DNS 10.0.0.2"
keepalive 10 120
#cipher BF-CBC #Blowfish encryption
cipher none
###comp-lzo
user nobody
group nobody
persist-key
persist-tun
client-to-client
status openvpn-status.log
verb 6
mute 20
#client-config-dir /usr/local/etc/openvpn/ccd
ping-restart 0
=====================================================
cat ipp.txt
1.example.com,10.10.101.8
2.example.com,10.10.101.12
3.example.com,10.10.101.16
4.example.com,10.10.101.20
5.example.com,10.10.101.24
6.example.com,10.10.101.28
7.example.com,10.10.101.32
8.example.com,10.10.101.36
9.example.com,10.10.101.40
10.example.com,10.10.101.44
11.example.com,10.10.101.48
===============================================================
===============================================================
CLIENT SIDE
client
dev tap
proto udp
remote x.x.x.x 1194 #server ip address
resolv-retry infinite
nobind
persist-key
persist-tun
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
#comp-lzo
ping-restart 0
cipher none
vineri, 10 iunie 2011
Openvpn network with tun
SERVER SIDE
Before you start you need to generate ca.crt, server.crt, server.key, dh1024.pem and clients keys and certificates
#Begin server.conf
local x.x.x.x (server ip address)
port 1194
proto tcp
dev tun
ca /usr/local/etc/keys/ca.crt
cert /usr/local/etc/keys/server.crt
key /usr/local/etc/keys/server.key # This file should be kept secret
dh /usr/local/etc/keys/dh1024.pem
# Don't put this in the keys directory unless user nobody can read it
#crl-verify /usr/local/etc/keys/crl.pem
#Make sure this is your tunnel address pool
server 10.10.101.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#This is the route to push to the client, add more if necessary
push "route 192.168.101.0 255.255.255.0"
push "route 192.168.102.0 255.255.255.0"
push "route 192.168.103.0 255.255.255.0"
push "route 192.168.104.0 255.255.255.0"
push "route 192.168.105.0 255.255.255.0"
push "route 192.168.106.0 255.255.255.0"
push "route 192.168.107.0 255.255.255.0"
push "route 192.168.108.0 255.255.255.0"
push "route 192.168.109.0 255.255.255.0"
push "route 192.168.110.0 255.255.255.0"
push "route 192.168.111.0 255.255.255.0"
push "route 192.168.112.0 255.255.255.0"
#push "dhcp-option DNS 10.0.0.2"
keepalive 10 120
cipher BF-CBC #Blowfish encryption
comp-lzo
user nobody
group nobody
persist-key
persist-tun
client-to-client
status openvpn-status.log
verb 6
mute 20
client-config-dir /usr/local/etc/openvpn/ccd
route 192.168.102.0 255.255.255.0
route 192.168.103.0 255.255.255.0
route 192.168.104.0 255.255.255.0
route 192.168.105.0 255.255.255.0
route 192.168.106.0 255.255.255.0
route 192.168.107.0 255.255.255.0
route 192.168.108.0 255.255.255.0
route 192.168.109.0 255.255.255.0
route 192.168.110.0 255.255.255.0
route 192.168.111.0 255.255.255.0
route 192.168.112.0 255.255.255.0
============================================================
cat ipp.txt
1.example.com,10.10.101.8
2.example.com,10.10.101.12
3.example.com,10.10.101.16
4.example.com,10.10.101.20
5.example.com,10.10.101.24
6.example.com,10.10.101.28
7.example.com,10.10.101.32
8.example.com,10.10.101.36
9.example.com,10.10.101.40
10.example.com,10.10.101.44
11.example.com,10.10.101.48
========================================================
# cd /usr/local/etc/openvpn/ccd
# ls
1.example.com
2.example.com
3.example.com
4.example.com
5.example.com
6.example.com
7.example.com
8.example.com
9.example.com
10.example.com
11.example.com
# cat 1.example.com
iroute 192.168.102.0 255.255.255.0
#
# cat 2.example.com
iroute 192.168.103.0 255.255.255.0
#
.......
===============================================================
===============================================================
CLIENT SIDE
client
dev tun
proto tcp
remote x.x.x.x 1194 (Server address)
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
comp-lzo
Before you start you need to generate ca.crt, server.crt, server.key, dh1024.pem and clients keys and certificates
#Begin server.conf
local x.x.x.x (server ip address)
port 1194
proto tcp
dev tun
ca /usr/local/etc/keys/ca.crt
cert /usr/local/etc/keys/server.crt
key /usr/local/etc/keys/server.key # This file should be kept secret
dh /usr/local/etc/keys/dh1024.pem
# Don't put this in the keys directory unless user nobody can read it
#crl-verify /usr/local/etc/keys/crl.pem
#Make sure this is your tunnel address pool
server 10.10.101.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#This is the route to push to the client, add more if necessary
push "route 192.168.101.0 255.255.255.0"
push "route 192.168.102.0 255.255.255.0"
push "route 192.168.103.0 255.255.255.0"
push "route 192.168.104.0 255.255.255.0"
push "route 192.168.105.0 255.255.255.0"
push "route 192.168.106.0 255.255.255.0"
push "route 192.168.107.0 255.255.255.0"
push "route 192.168.108.0 255.255.255.0"
push "route 192.168.109.0 255.255.255.0"
push "route 192.168.110.0 255.255.255.0"
push "route 192.168.111.0 255.255.255.0"
push "route 192.168.112.0 255.255.255.0"
#push "dhcp-option DNS 10.0.0.2"
keepalive 10 120
cipher BF-CBC #Blowfish encryption
comp-lzo
user nobody
group nobody
persist-key
persist-tun
client-to-client
status openvpn-status.log
verb 6
mute 20
client-config-dir /usr/local/etc/openvpn/ccd
route 192.168.102.0 255.255.255.0
route 192.168.103.0 255.255.255.0
route 192.168.104.0 255.255.255.0
route 192.168.105.0 255.255.255.0
route 192.168.106.0 255.255.255.0
route 192.168.107.0 255.255.255.0
route 192.168.108.0 255.255.255.0
route 192.168.109.0 255.255.255.0
route 192.168.110.0 255.255.255.0
route 192.168.111.0 255.255.255.0
route 192.168.112.0 255.255.255.0
============================================================
cat ipp.txt
1.example.com,10.10.101.8
2.example.com,10.10.101.12
3.example.com,10.10.101.16
4.example.com,10.10.101.20
5.example.com,10.10.101.24
6.example.com,10.10.101.28
7.example.com,10.10.101.32
8.example.com,10.10.101.36
9.example.com,10.10.101.40
10.example.com,10.10.101.44
11.example.com,10.10.101.48
========================================================
# cd /usr/local/etc/openvpn/ccd
# ls
1.example.com
2.example.com
3.example.com
4.example.com
5.example.com
6.example.com
7.example.com
8.example.com
9.example.com
10.example.com
11.example.com
# cat 1.example.com
iroute 192.168.102.0 255.255.255.0
#
# cat 2.example.com
iroute 192.168.103.0 255.255.255.0
#
.......
===============================================================
===============================================================
CLIENT SIDE
client
dev tun
proto tcp
remote x.x.x.x 1194 (Server address)
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
comp-lzo
FreeBSD Qmail Install
cd /usr/ports/mail/qmail
make config
make install
#TcpServer
cd /usr/ports/sysutils/ucspi-tcp
make install clean
#Daemontools
cd /usr/ports/sysutils/daemontools
make install clean
echo 'svscan_enable="YES"' >> /etc/rc.conf
#vpopmail
cd /usr/ports/mail/vpopmail
make install clean -DWITH_DOMAIN_QUOTAS -DWITH_SPAMASSASSIN SPAM_THRESHOLD=10
#courierimap
cd /usr/ports/mail/courier-imap
make config
make install clean
#qmailadmin
cd /usr/ports/mail/qmailadmin
make all install clean CGIBINDIR=www/cgi-bin-dist WEBDATADIR=www/data-dist
#qmail-scanner
cd /usr/ports/mail/qmail-scanner
make install
#$clamav
cd /usr/ports/security/clamav
make install
#vqadmin
cd /usr/ports/mail/vqadmin/
make install
make config
make install
#TcpServer
cd /usr/ports/sysutils/ucspi-tcp
make install clean
#Daemontools
cd /usr/ports/sysutils/daemontools
make install clean
echo 'svscan_enable="YES"' >> /etc/rc.conf
#vpopmail
cd /usr/ports/mail/vpopmail
make install clean -DWITH_DOMAIN_QUOTAS -DWITH_SPAMASSASSIN SPAM_THRESHOLD=10
#courierimap
cd /usr/ports/mail/courier-imap
make config
make install clean
#qmailadmin
cd /usr/ports/mail/qmailadmin
make all install clean CGIBINDIR=www/cgi-bin-dist WEBDATADIR=www/data-dist
#qmail-scanner
cd /usr/ports/mail/qmail-scanner
make install
#$clamav
cd /usr/ports/security/clamav
make install
#vqadmin
cd /usr/ports/mail/vqadmin/
make install
miercuri, 1 iunie 2011
To Recreate Qmail's Queue
To Recreate Qmail's Queue
1. Log in to your server using SSH.
2. Type su -.
3. Enter the password for the root user on your server.
4. At the command prompt, stop Qmail by typing /etc/init.d/qmail stop.
cd /var/qmail/queue
rm -rf info intd local mess remote todo
mkdir mess
for i in `seq 0 22`; do
mkdir -p mess/$i
done
cp -r mess info
cp -r mess intd
cp -r mess local
cp -r mess remote
cp -r mess todo
chmod -R 750 mess todo
chown -R qmailq:qmail mess todo
chmod -R 700 info intd local remote
chown -R qmailq:qmail intd
chown -R qmails:qmail info local remote
5. Then, type the following:
6. Start Qmail by typing /etc/init.d/qmail start.
1. Log in to your server using SSH.
2. Type su -.
3. Enter the password for the root user on your server.
4. At the command prompt, stop Qmail by typing /etc/init.d/qmail stop.
cd /var/qmail/queue
rm -rf info intd local mess remote todo
mkdir mess
for i in `seq 0 22`; do
mkdir -p mess/$i
done
cp -r mess info
cp -r mess intd
cp -r mess local
cp -r mess remote
cp -r mess todo
chmod -R 750 mess todo
chown -R qmailq:qmail mess todo
chmod -R 700 info intd local remote
chown -R qmailq:qmail intd
chown -R qmails:qmail info local remote
5. Then, type the following:
6. Start Qmail by typing /etc/init.d/qmail start.
Abonați-vă la:
Postări (Atom)
Map
