How to connect Windows XP and Debian Linux using secure connection over OpenVPN.
Prepare your working tools
su
apt-get install openvpn
cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/
gzip -d *.gz
mkdir -p /etc/openvpn/tools
ln -s tools/keys /etc/openvpn/keys
make install DESTDIR=/etc/openvpn/tools
cd /etc/openvpn/tools
Change key size (optionally):
Open file: /etc/openvpn/tools/vars
Change: export KEY_SIZE=1024
To value: 2048
or change key size by executing following commands (still optional):
cp vars vars.bak
cat vars.bak | \
sed -e 's/export KEY_SIZE=1024/export KEY_SIZE=2048' > vars
Generate keys:
source vars
./clean-all # Warning: this will delete all your previous keys!
# optionally: mv keys .. ; ln ../keys keys
./build-ca
./build-dh
./build-key-server server
./build-key client1
./build-key client2
./build-key client3
In future you can add new client certificate by following commands:
source ./vars
./build-key client4
# Optionally:
mkdir logs
mkdir var
Your client key is stored to files client1 - 3. Copy appropriate client file with certificates to your Windows desktop.
Customize configuration files:
On Linux: server.conf / client.conf
On Windows: server.ovpn / client.ovpn
Further settings:
Setup firewall rules
Open access through firewall to OpenVPN server:
iptables -I INPUT -s trusted-client.com -p UDP --dport 1194 -j ACCEPT
iptables -I FORWARD -s trusted-client.com -p UDP --dport 1194 -j ACCEPT
Allow forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Allow access from VPN to anywhere around the world (optional):
iptables -I INPUT -i tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT
Allow NAT for VPN
iptables -F -t nat
iptables -t nat -A POSTROUTING -s 10.1.0.0/24 -o eth0 -j MASQUERADE
Setup OpenVPN server on Debian Linux:
Copy files: ca.crt, server.key, server.crt
To: /etc/openvpn
Setup OpenVPN client on Windows XP:
Copy files: cli/*, ca.crt, server.crt, client3.key, client3.crt
To: C:\Progra~1\OpenVPN\config
Start OpenVPN server on Debian Linux:
/etc/init.d/openvpn restart
or
openvpn --config /etc/openvpn/server.conf
Start OpenVPN client on Windows XP:
right click OpenVPN tray icon, choose "connect"
or run from command line:
openvpn --config C:\Progra~1\OpenVPN\config\client3.ovpn
... can be stopped by the F4 key.
Start or shutdownOpenVPN on Windows7 as a service:
net start OpenVPNService
net stop OpenVPNService
Sunday, November 23, 2008
SSH without password
You can access your remote Linux server over SSH without password. This is faster and some cases prefered way.
The goal is in generating of pair of public-private keys which will authorize your access. You will leave your private key on your local computer (kept in secret) and copy public key to any remote server you want to access. After registering the public key you will be able to access remote server without entering passowrd.
Generate public-private key pair on your local Linux desktop:
$ ssh-keygen -b 2048 -t dsa
Distribute your public key to remote server:
user@server.com:.ssh/id_dsa.pub.tmp
or alternatively you can use:
ssh-copy-id -i ~/.ssh/id_dsa.pub user@server.com
Register your public key on your remote server:
$ ssh user@server.com
$ cat ~/.ssh/id_dsa.pub.tmp >> ~/.ssh/authorized_keys2
Access your remote server without password:
$ ssh user@server.com
step by step guide in Czech
The goal is in generating of pair of public-private keys which will authorize your access. You will leave your private key on your local computer (kept in secret) and copy public key to any remote server you want to access. After registering the public key you will be able to access remote server without entering passowrd.
Generate public-private key pair on your local Linux desktop:
$ ssh-keygen -b 2048 -t dsa
Distribute your public key to remote server:
$ scp ~/.ssh/id_dsa.pub \
user@server.com:.ssh/id_dsa.pub.tmp
or alternatively you can use:
ssh-copy-id -i ~/.ssh/id_dsa.pub user@server.com
Register your public key on your remote server:
$ ssh user@server.com
$ cat ~/.ssh/id_dsa.pub.tmp >> ~/.ssh/authorized_keys2
Access your remote server without password:
$ ssh user@server.com
step by step guide in Czech
Wednesday, November 19, 2008
Time synchronization in Linux
Date and time settings in Debian Linux
Set date and time approximately (optional step):
$ sudo su
# apt-get install ntpdate
# ntpdate ntp.cesnet.cz
Install NTP for higher precission with automatic time synchronization:
# apt-get install ntp ntp-server ntp-simple ntp-doc
Configure NTP for automatic time synchronization:
Open file /etc/ntp.conf
Add lines:
server clock1.zcu.cz
server clock2.zcu.cz
server ntp.cesnet.cz
Comment out everything except following directives:
driftfile, statsdir, statistics, filegen (more lines in sequence)
Start NTP server:
# /etc/init.d/ntp-server restart
Display current time settings:
# ntpq -p
- shows table of servers accessibility and accuracy
- main server is marked by star (*), else automatic synchronization does not work
Store date and time to hardware clock:
# /usr/sbin/ntpdate -s
# /sbin/hwclock --adjust
# /sbin/hwclock --systohc
Set date and time approximately (optional step):
$ sudo su
# apt-get install ntpdate
# ntpdate ntp.cesnet.cz
Install NTP for higher precission with automatic time synchronization:
# apt-get install ntp ntp-server ntp-simple ntp-doc
Configure NTP for automatic time synchronization:
Open file /etc/ntp.conf
Add lines:
server clock1.zcu.cz
server clock2.zcu.cz
server ntp.cesnet.cz
Comment out everything except following directives:
driftfile, statsdir, statistics, filegen (more lines in sequence)
Start NTP server:
# /etc/init.d/ntp-server restart
Display current time settings:
# ntpq -p
- shows table of servers accessibility and accuracy
- main server is marked by star (*), else automatic synchronization does not work
Store date and time to hardware clock:
# /usr/sbin/ntpdate -s
# /sbin/hwclock --adjust
# /sbin/hwclock --systohc
Tuesday, November 18, 2008
Command com in Linux Shell
If you liked it and if you miss it...
while `/bin/true` ; do
read -p 'C:\> ' cmd
if [ "$cmd" != "" ]
then
echo Bad command or file name
# echo $cmd
echo
fi
done
while `/bin/true` ; do
read -p 'C:\> ' cmd
if [ "$cmd" != "" ]
then
echo Bad command or file name
# echo $cmd
echo
fi
done
Monday, November 17, 2008
Shell regular expressions
Sedatives with sed
sed -i -e 's/template/supplement/g'
parameters:
-e allows to chain more rules for replace
/g replaces all occurences (global)
-i edit current file in place (use -ibackup for backup)
Fresh grepfruit
grep -P 'template' file
prints lines from file which match regex template.
-P uses Perl-compatible regular expressions (if not available, try -E instead)
-E uses extended regular expressions
Awkward tasks
who | awk -F ' ' '{print $1}'
prints first item of each line.
-F specifies item delimiter, default is white character.
sed -i -e 's/template/supplement/g'
parameters:
-e allows to chain more rules for replace
/g replaces all occurences (global)
-i edit current file in place (use -ibackup for backup)
Fresh grepfruit
grep -P 'template' file
prints lines from file which match regex template.
-P uses Perl-compatible regular expressions (if not available, try -E instead)
-E uses extended regular expressions
Awkward tasks
who | awk -F ' ' '{print $1}'
prints first item of each line.
-F specifies item delimiter, default is white character.
Tuesday, November 11, 2008
Faster scp with tar
scp using tar:
Following sequence retrieves data from remote server immediately without need to store compressed tar to file.
ssh root@server tar -c /www/domain.com | tar -x
Following sequence sends local data via ssh to the remote server.
tar -c /www/domain.com | \
ssh root@server cd /www/domain.com '&&' tar -x
Following sequence retrieves data from remote server immediately without need to store compressed tar to file.
ssh root@server tar -c /www/domain.com | tar -x
Following sequence sends local data via ssh to the remote server.
tar -c /www/domain.com | \
ssh root@server cd /www/domain.com '&&' tar -x
Bash - functions, timestamp, date diff
Bash function - command line calculator
calcfn () { echo "$*" | bc -l; }
Bash timestamp of specific date
date +%s -d 20070103
Date difference in Bash
dateOfPast='20080103'
today=`date +%Y%m%d`
timeStampToday=`date +%s -d $today`
timeStampOfPast=`date +%s -d $dateOfPast`
secondsInDay=86400
dayDiff=`echo \($timeStampToday - $timeStampOfPast\) / $secondsInDay | bc`
echo $dayDiff
Convert Unix timestamp to local date time
echo $timeStamp | perl -n -e 'chop; print localtime( ($_)[0] ) . "\n";'
Convert Unix timestamp to GMT
echo 1234567890 | perl -n -e 'chop; print gmtime( ($_)[0] ) . "\n";'
Unix Timestamp 1234567890 ... Friday The 13th.
calcfn () { echo "$*" | bc -l; }
Bash timestamp of specific date
date +%s -d 20070103
Date difference in Bash
dateOfPast='20080103'
today=`date +%Y%m%d`
timeStampToday=`date +%s -d $today`
timeStampOfPast=`date +%s -d $dateOfPast`
secondsInDay=86400
dayDiff=`echo \($timeStampToday - $timeStampOfPast\) / $secondsInDay | bc`
echo $dayDiff
Convert Unix timestamp to local date time
echo $timeStamp | perl -n -e 'chop; print localtime( ($_)[0] ) . "\n";'
Convert Unix timestamp to GMT
echo 1234567890 | perl -n -e 'chop; print gmtime( ($_)[0] ) . "\n";'
Unix Timestamp 1234567890 ... Friday The 13th.
Monday, November 10, 2008
Vim - File Differences with vimdiff
Brief usage of vimdiff. For detailed description see man, info and online docs.
Start vim in diff mode
vimdiff file1.php file1.php~
Alternatives:
gvimdiff
vimdiff -O ==horizontal windows
vim -d
Switch between windows
Ctrl+w Ctrl+w
Put new lines to other window
dp
Obtain new lines (from another window)
do
Skip between diff groups
previous group
[c
next group
]c
(Un)folding
open folded difference
zo
close folded diff
zc
Source: vimdoc
Start vim in diff mode
vimdiff file1.php file1.php~
Alternatives:
gvimdiff
vimdiff -O ==horizontal windows
vim -d
Switch between windows
Ctrl+w Ctrl+w
Put new lines to other window
dp
Obtain new lines (from another window)
do
Skip between diff groups
previous group
[c
next group
]c
(Un)folding
open folded difference
zo
close folded diff
zc
Source: vimdoc
Thursday, November 06, 2008
Czech Weather Forecast - Pocasi.cz
Our team was hard working last weeks. And here is the result:
Pocasi.cz - Czech and European Weather Forecast (Czech language)
Pocasi.cz - Czech and European Weather Forecast (Czech language)
Subscribe to:
Posts (Atom)