Setup a Site to Site IPsec VPN With Strongswan and PreShared Key Authentication

Today we will setup a Site to Site ipsec VPN with Strongswan, which will be configured with PreShared Key Authentication.

After our tunnels are established, we will be able to reach the private ips over the vpn tunnels.

Get the Dependencies:
Update your repository indexes and install strongswan:

$ apt update && sudo apt upgrade -y
$ apt install strongswan -y

Set the following kernel parameters:

$ cat >> /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 1 
net.ipv4.conf.all.accept_redirects = 0 
net.ipv4.conf.all.send_redirects = 0
EOF

$ sysctl -p /etc/sysctl.conf

Generate Preshared Key:
We will need a preshared key that both servers will use: Continue reading “Setup a Site to Site IPsec VPN With Strongswan and PreShared Key Authentication” »

Share

SCP Command Syntax

Before going into how to use the scp command, let’s start by reviewing the basic syntax. The scp utility expressions take the following form:

scp [OPTION] [user@]SRC_HOST:]file1 [user@]DEST_HOST:]file2

OPTION – scp options such as cipher, ssh configuration, ssh port, limit, recursive copy ..etc
[user@]SRC_HOST:]file1 – Source file.
[user@]DEST_HOST:]file2 – Destination file
Local file should be specified using an absolute or relative path while remote file names should include a user and host specification.

scp provides a number of options that control every aspect of its behavior. The most widely used options are:

-P Specifies the remote host ssh port.
-p Preserves files modification and access times.
-q Use this option if you want to suppress the progress meter and non-error messages.
-C. This option will force scp to compresses the data as it is sent to the destination machine.
-r This option will tell scp to recursively copy directories. Continue reading “SCP Command Syntax” »

Share

Configure Apache With Self-Signed TLS/SSL Certificate on Ubuntu 16.04

Step 1: Generating the certificate

First, let’s create a place to store the file.

mkdir ~/certificates
cd ~/certificates

Generate CSR and private key.

openssl req -x509 -newkey rsa:4096 -keyout apache.key -out apache.crt -days 365 -nodes

It will ask for information for the certificate request. Complete with the appropriate information.

Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: FL
Locality Name (eg, city) []: Miami
Organization Name (eg, company) [My Company]: My Company
Organizational Unit Name (eg, section) []:

Common name should be your domain name or the server’s IP address. Also, fill in your email. Continue reading “Configure Apache With Self-Signed TLS/SSL Certificate on Ubuntu 16.04” »

Share

Upgrade PHP version to 7.2 from 7.0 on Ubuntu 16.04

Check your PHP version installed

Before we start, we can simply type the following command to check the existing PHP version installed on the server.

$ php -v

If you installed Ubuntu 16.04 LTS, you will get PHP 7.0.30 installed on your server by running installation script from VestaCP. In this tutorial, we will upgrade our PHP version to 7.2 to enjoy more features and bug fixes.

Check your PHP modules installed

To check installed PHP modules in Ubuntu, type the following command (as Ubuntu makes PHP modules available via packages):

$ dpkg — get-selections | grep -v deinstall | grep php7.0

Remember mark installed modules list, as you need to install them again after upgraded to PHP 7.2. We don’t need to install mcrypt as it has been dropped from PHP 7.2.

In this tutorial, we need to install those modules again: Continue reading “Upgrade PHP version to 7.2 from 7.0 on Ubuntu 16.04” »

Share

Install MariaDB on CentOS 7

MariaDB is an open source relational database management system, backward compatible, binary drop-in replacement of MySQL. It is developed by some of the original developers of the MySQL and by many people in the community. With the release of CentOS 7, MySQL was replaced with MariaDB as the default database system.

If you, for any reason need to install MySQL, check the How to Install MySQL on CentOS 7 tutorial. If your application does not have any specific requirements, you should stick with MariaDB, the default database system in CentOS 7.

In this tutorial we will show you how to install the latest version of MariaDB on CentOS 7 using the official MariaDB repositories.

Prerequisites
Make sure you are logged in as a user with sudo privileges before proceeding with the tutorial. Continue reading “Install MariaDB on CentOS 7” »

Share

SSH Tunnel on PuTTY

Most of you have probably used a tunnel with an SSH connection. What you probably weren’t aware of is that you can use a dynamic tunnel to access all remote infrastructure. Furthermore, you can specify a port and a destination IP to have direct access. This process is achieved through your PuTTY configuration.

In this procedure, we will use Internet Explorer, Firefox and an RDP connection to demonstrate the use of a tunnel with an SSH connection, as well as configuring the tunnel with several other protocol types.

Local Port Forwarding

Step 1 – Load the Session
In your PuTTY configuration, configure the Host Name and Port of your remote SSH computer­. Enter your Saved Sessions name, and click Save. If your session already exists, Load it as shown below:

Continue reading “SSH Tunnel on PuTTY” »

Share

Clean up boot partition – Ubuntu 14.04LTS-x64, Ubuntu 16.04LTS-x64

Case I: if /boot is not 100% full and apt is working
 
1. Check the current kernel version

$ uname -r

It will shows the list like below:

3.19.0-64-generic

2. Remove the OLD kernels

2.a. List the old kernel

$ sudo dpkg --list 'linux-image*'|awk '{ if ($1=="ii") print $2}'|grep -v `uname -r`

You will get the list of images something like below:

linux-image-3.19.0-25-generic
linux-image-3.19.0-56-generic
linux-image-3.19.0-58-generic
linux-image-3.19.0-59-generic
linux-image-3.19.0-61-generic
linux-image-3.19.0-65-generic
linux-image-extra-3.19.0-25-generic
linux-image-extra-3.19.0-56-generic
linux-image-extra-3.19.0-58-generic
linux-image-extra-3.19.0-59-generic
linux-image-extra-3.19.0-61-generic

2.b. Now its time to remove old kernel one by one as Continue reading “Clean up boot partition – Ubuntu 14.04LTS-x64, Ubuntu 16.04LTS-x64” »

Share

DNS Forwarder and Transfer using Bind and Webmin

To point your BIND based DNS server to use OpenDNS resolvers for external resolution you need to modify the named.conf.options and add the OpenDNS resolvers as forwarders. This can be done in two ways:

via the command line, Shell\SSH
via a GUI if you have Webmin installed on your BIND server

Shell\SSH Instructions

Attach directly to your server or ssh to it. From there, go into /etc/bind/.  This is the default location so you may need to change this based on your configuration.

From there you will need to edit named.conf.options with your favorite text editor. Continue reading “DNS Forwarder and Transfer using Bind and Webmin” »

Share

Bind DNS Auto Slave Using Webmin

The latest webmin has bug! In this tutorials I’m using webmin verison 1.801- that actually works. Don’t know if webmin team really knows are aware of the bug 🙁

So, let’s start. But before that, it’s assumed that you have webmin installed in both the servers.

Configuring Webmin Server Continue reading “Bind DNS Auto Slave Using Webmin” »

Share

PHP Session test Script

I’ve just found a quality script to test php session- unless you’re in dark after some php.ini session tweaking done.

To check if sessions really work you can use this code:

<?php
// Start Session
session_start();
// Show banner
echo '<b>Session Support Checker</b><hr />';
// Check if the page has been reloaded
if(!isset($_GET['reload']) OR $_GET['reload'] != 'true') {
   // Set the message
   $_SESSION['MESSAGE'] = 'Session support enabled!<br />';
   // Give user link to check
   echo '<a href="?reload=true">Click HERE</a> to check for PHP Session Support.<br />';
} else {
   // Check if the message has been carried on in the reload
   if(isset($_SESSION['MESSAGE'])) {
      echo $_SESSION['MESSAGE'];
   } else {
      echo 'Sorry, it appears session support is not enabled, or you PHP version is to old. <a href="?reload=false">Click HERE</a> to go back.<br />';
   }
}
?>
Share