Total: 21
1 2 3 4 5
Пт, 12 октября 2018, 14:23

How to setup L2TP over IPSec VPN server (Ubuntu 16.04)

How to setup L2TP over IPSec VPN server (Ubuntu 16.04)

apt-get install strongswan xl2tpd
# (optional, need to check ) apt-get install ppp libgmp3-dev bison flex

 

Edit /etc/ipsec.conf

# /etc/ipsec.conf — Openswan IPsec configuration file modified for Strongswan
# (c) Kayama 2018
# Add connections here

conn L2TP-IPSEC
    authby=secret
    rekey=no
    keyingtries=3
    type=transport
    esp=aes128-sha1
    ike=aes128-sha-modp1024
    ikelifetime=8h
    keylife=1h
    left=XXX.XXX.XXX.XXX # your router's external IP 
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
    rightsubnet=0.0.0.0/0
    auto=add
    dpddelay=30
    dpdtimeout=120
    dpdaction=clear
    #force all to be nat'ed. because of iOS
    forceencaps=yes

 

Edit /etc/ipsec.secrets

# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.

: PSK "TypeYourPassPhraseHere"

 

Edit /etc/ppp/options.xl2tpd 

require-mschap-v2
refuse-mschap
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
idle 1800
mtu 1410
mru 1410
connect-delay 5000
lock
hide-password
local
#debug
modem
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

  

Edit /etc/xl2tpd/xl2tpd.conf

[global]
ipsec saref = no
debug tunnel = no
debug avp = no
debug network = no
debug state = no
access control = no
rand source = dev
port = 1701
auth file = /etc/ppp/chap-secrets

[lns default]
ip range = 192.168.1.10-192.168.122.20
local ip = 192.168.1.1
require authentication = yes
name = l2tp
pass peer = yes
ppp debug = no
length bit = yes
refuse pap = yes
refuse chap = yes
pppoptfile = /etc/ppp/options.xl2tpd

 

And finally add password to the /etc/ppp/chap-secrets file

test    l2tpd     TestTest      "*"

 

Everything should work fine!

 

Пн, 26 февраля 2018, 12:50

lxd and adjusting size of root device

That's normal. With LXD 2.9 and the storage pool changes, LXD stopped generating automatic «root» devices for the containers, instead relying on inheritance from the default profile.

So in LXD < 2.9, every container had a local «root» device which you could then set properties directly on. With those LXD versions, adding a «root» device to your default profile would be entirely ignored as all containers would override it.

In LXD > 2.9, containers don't have any devices by default, they instead rely on inheritance. Meaning that if you want to override it, you have to add a new device to the container with the same name so that it overrides the one coming from the profiles.

«lxc config show NAME» vs "lxc config show --expanded NAME" is pretty useful to see how this all works.

© https://discuss.linuxcontainers.org/u/stgraber

 

Ср, 21 февраля 2018, 15:49

nginx and letsencrypt locations

server {
    listen 80;
    server_name example.com;

    location / {
       return 301 https://$server_name$request_uri;
    }
   
    location /.well-known/acme-challenge/ {
      root /var/www/html;
    }
 }

 

 

Ср, 21 февраля 2018, 14:54

macOs / Linux ssh autocomplete hint

_complete_ssh_hosts ()
{
        COMPREPLY=()
        cur="${COMP_WORDS[COMP_CWORD]}"
        comp_ssh_hosts=`cat ~/.ssh/known_hosts | \
                        cut -f 1 -d ' ' | \
                        sed -e s/,.*//g | \
                        grep -v ^# | \
                        uniq | \
                        grep -v "\[" ;
                cat ~/.ssh/config | \
                        grep "^Host " | \
                        awk '{print $2}'
                `
        COMPREPLY=( $(compgen -W "${comp_ssh_hosts}" -- $cur))
        return 0
}


complete -F _complete_ssh_hosts ssh

 

Total: 21
1 2 3 4 5