Skip to content

Monthly Archives: May 2015 - 3. page

Step By Step Guide On How To Create A Site To Site VPN With PFsense Using OpenVPN With A Pre Shared Key

PFsense is one of the the greatest Open Source packages out there. It is an extremely reliable enterprise grade routing platform. For me, it has been incredibly useful in virtualized scenarios. A common usage scenario for me goes like this. Someone wants to deploy a single ESXi host to a datacenter for backup, as a web server, mail server, spam filter, and/or various other tasks. One network interface on the server connects directly to the datacenter network. This NIC is assigned to a network on the ESXi host named “WAN.” Another network (vswitch) is created on the ESXi host called “Internal Network.” A pfsense virtual machine is created with two NICs. One assigned to WAN, and one assigned to Internal Network. This pfsense virtual machine takes care of all routing and firewall functions for each virtual machine set up on the ESXi host. PFsense can handle multiple WAN IP addresses, firewall functionality and NAT capability. It provides all needed mechanisms to give access and lock down all virtual machines on the ESXi host. This is just an example.

This step by step how to will help you create a site to site VPN on any virtual machine or physical machine running pfsense. The steps are the same for both. This assumes you have pfsense running on each end of the VPN. My particular scenario has pfsense running on a virtual machine at a datacenter, and another running on my home network. My goal is to allow access to the private network at the datacenter from my home network. So lets get started.

How To Setup A Site To Site VPN On PFsense

First thing’s first. Here is the addressing scheme of both of my pfsense routers and their subnets. I have substituted my public WAN ip addresses for security.

Router A, (setup as OpenVPN server, located at datacenter)

  • WAN IP Address: 74.51.1.1
  • LAN IP Address: 10.0.0.1
  • LAN Subnet: 10.0.0.0/8

Router B (setup as OpenVPN client, located at home)

  • WAN IP Address: 108.50.10.5
  • LAN IP Address: 192.168.1.1
  • LAN Subnet: 192.168.1.0/24

One side will be configured as a client, and the other as a server. It doesn’t really matter which is which, but if you are connecting more than two sites, it would probably be a good idea to put the “server” on the fastest, most reliable connection. In my scenario, that would be the system at the datacenter. The pfsense documentation recommends shared key mode for site to site VPNs, unless there are more than 6 sites.

Click Here To Read The Entire Tutorial!

How To Install VMware VMtools (VMware Tools) on Ubuntu Linux

So, you need to install vmtools on Ubuntu. You’ve come to the right place. I’ve done it hundreds of times, but recently a friend of mine was having some difficulty doing this. I thought I would put a quick how-to together so I could maybe help some more people out. Here goes.

How To Install VMtools on Ubuntu

First thing’s first. Before going any further, I suggest you update apt, and then upgrade. This will make sure everything is up to date on your virtual machine.

#  sudo apt-get -y update

#  sudo apt-get -y upgrade

Now, you need to attach the VMware tools installation disc to your virtual machine. In ESXi / vSphere, just right click on the virtual machine, in the left pane, go to Guest, then select “Install/Upgrade VMware Tools.” Like this.

Screen Shot 2015-05-17 at 3.43.46 PM

If you are using VMware Workstation, or VMware Fusion, select the virtual machine in the library, then under the Virtual Machine pull down menu at the top, select “Install VMware Tools.” In VMware Fusion, it looks like this.

Click Here To Read The Entire Tutorial!

Linux Basics Series – #1 – Creating User Accounts and Managing Groups In Linux

This is the first part in a series on LInux Basics. Today, I’m going to give you a brief run-down on creating user accounts and creating groups from the linux command line. These aren’t difficult tasks, but often times it’s good to refresh the basics and have a reference to go back to. So, here we go.

How to add a user account

Creating a user account is a very straight forward process and nearly identical for all Linux distributions.

#  useradd username

Some distributions, such as Ubuntu, might have the root account disabled. If so, you will need to use sudo to gain root privileges to run a specific command. If you get a permission denied error, simply run this command instead.

#  sudo useradd username

How to set or change a password

Once you’ve created a user account, you will need to set a password. To do so, use the passwd command.

#  passwd username
Enter new UNIX password:
Retype new UNIX password:

or

#  sudo passwd username
Enter new UNIX password:
Retype new UNIX password:

How to create a new group

Click Here To Read The Entire Tutorial!

How To Build An INSANELY FAST WordPress Server On Ubuntu 14.04, Using NGINX, HHVM & MySQL

So, you want to build a WordPress server? One that won’t barf all over itself every time a link is posted to Digg or Reddit? Well, you’ve come to the right place. Building an insanely fast web server isn’t rocket science. It’s actually pretty darn straight forward. I’ve built more web servers than I care to remember, which means I’ve also made more mistakes I care to remember. All in the name of trying to make things faster. If speed is your goal, there’s only a few important key things to remember. If speed is absolutely the most critical variable in a situation, my philosophy is something like this:

  • KISS – Keep It Simple Stupid. Seriously… No control panels, plugins, or other bloated garbage.
  • Cache, Cache, and Cache some more. Caching is a godsend. Reduces requests, reduces transfer time, therefore reducing load times!
  • FAST Server – This should be a given, but no shared servers. Only VPS, VM or bare metal awesomeness.
  • Optimization – Optimize, minimize, downsize, and compress everything as much as you can get away with.
  • Optionally, using a CDN (Content Delivery Network) can really speed things up; as well as a high quality distributed DNS service. But, not absolutely necessary.

Like I said, we’re talking about building an INSANELY FAST WordPress server here. Obviously if you’re Joe Shmoe from Motown, you can probably get by just fine on a quality managed hosting provider, like Serenity-Networks. But, if you want to build the fastest web server on earth, continue reading.

There are plenty of Linux Distributions out there that will work just fine. I prefer CentOS and Ubuntu. For this guide, I’ll be using Ubuntu 14.04 LTS (Long Term Support). This OS will be supported for many years, with security updates. That’s good, especially for a server. If you don’t have it, go to http://www.ubuntu.org and go to downloads, then server. Be sure to select the 14.04 LTS version.

Now, assuming you have done a minimal install of Ubuntu 14.04, with only OpenSSH selected for packages (for remote SSH connection, obviously), we will be using some commonly known building blocks to turn this into a very fast web server.

  • NGINX Web Server – Many THOUSANDS of the fastest sites in the world use it. It’s the best.
  • HHVM – This is a very high performance virtual machine that takes care of processing PHP (as well as HACK). Because it turns PHP into machine language, very quickly, it can really speed things up.
  • MySQL – Kind of boring, but every site needs a database, so we’ll use this one.

Getting Started

Click Here To View The Entire Tutorial!

How To Install & Configure Fail2Ban On Ubuntu 14.04 LTS To Block Brute Force Attacks Against SSH and Apache Web Server

As you’ve probably heard me say before, if you have a public facing Linux server, meaning one or more open or forwarded ports, Fail2Ban absolutely must be installed. Fail2Ban monitors log files for excessive login attempts, also called Brute Force attacks. They are extremely common place on the internet. I have never had a public facing server that has gone more than a few days without some hacker trying to brute force it. These attacks go like this. Someone writes a script, or uses a program, that reads a bunch of possible usernames from a text file that has nothing but millions of usernames. There is also a text file with millions of passwords. The script will attempt to go through all username and password combinations until it finds one that can login successfully. Obviously, if you get a hundred or more login attempts from one IP address, nothing good will ever come from that IP so it pretty safe to assume it should be blocked, at least for some period of time.

Fail2Ban does precisely this. It constantly watches any log file you tell it to watch, and when a certain number of login attempts are logged from an IP address, Fail2Ban will automatically create an iptables rule to block all traffic from that IP address for a given period of time. Because brute force attacks take a long, long time, blocking one early on pretty much eliminates the possibility of a successful attack. SSH is the most common service / port for brute force attacks, from my experience. With FTP and POP3 (email) coming in second and third. It’s a no-brainer to set up Fail2Ban to automatically block attacks. It gives you much needed protection and security for your servers. So, here we go.

How to Install Fail2Ban on Ubuntu 14.04 LTS (Trusty)

First and foremost, let’s make sure apt is updated.

#  sudo apt-get update

Now we can install Fail2Ban. Since there is an aptitude package already, we will use that to install.

#  sudo apt-get install fail2ban

Surprisingly, that’s all you need to do to install it. You do, however, need to edit the main configuration file for Fail2Ban, which is jail.conf. Lets go ahead and open it up with nano and take a look.

#  sudo nano /etc/fail2ban/jail.conf

Click Here To Read The Entire Tutorial

How To Figure Out What Distribution & Version Of Linux Is Installed and Running

I’ve often found myself picking up on a server build, taking over administration, or troubleshooting problems on Linux based OS’s, with absolutely no clue as to what distribution of Linux is running on said machine. The distribution dictates what package manager is used, such as yum for CentOS / RHEL, and apt (aptitude) for Debian and Ubuntu based distributions. So, if you’re working on a Linux machine and you want to figure out exactly what you’re working with, there are some basic commands you can run that will tell you precisely that.

To find out what distribution is installed

There is always a file in /etc called something-release. This file will give you the basic info you need. So, using cat, we can figure out exactly what distribution is installed by running this.

#  cat /etc/*-release

Here is an example of what you can expect to see on an Ubuntu 14.04 server.

Screen Shot 2015-05-16 at 12.48.13 PM

As you can see, this gives you quite a bit of information to work with. All the way down to the release version and codename designation, as well as the root os base, which is Debian in the case of Ubuntu. Now, lets see what this looks like on another distribution, such as CentOS.

Click Here To Read The Entire Tutorial!

How To Enable Data Deduplication In Windows Server 2012 On An Existing Volume

I have a very large RAID 6 array that is used to store movies, tv shows, personal files, and various other things. It’s formatted capacity is about 36TB. Believe it or not, it’s pretty much full. It currently consists of 20x2TB hard drives and I really don’t want to add any more drives to it in its current form. Later this year I’m planning on building a new array to replace it, using fewer 6TB or 8TB drives. The server that manages the array had Server 2008R2 installed. After getting down to the last few gigs of free space it dawned on me, why not install Server 2012 R2 and set up data deduplication. I’ve read some pretty impressive articles online, where people were able to reclaim up to 60% of their storage using the dedup mechanism in Server 2012. So, I went ahead and upgraded. I started poking around and it wasn’t very obvious enabling dedup, so I put this guide together to help you get started.

Enabling Deduplication in Server 2012 R2

First, we need to install the Data Deduplication service. It’s part of File and Storage Services. Open Server Manager, select Local Server in the left side pane, then go to the Add Roles and Features wizard, under Manage.

Screen Shot 2015-05-14 at 1.55.06 PM

Go through the first few windows, and when you get to Server Roles, you need to make sure Data Deduplication is selected, at minimum, under File and Storage Services. This is also a good opportunity to install any other roles or services you might be interested in.

Screen Shot 2015-05-14 at 1.53.02 PM

Click Here To Read The Entire Tutorial!