Posted on

Howto install OpenVPN 2 on CentOS 6

These are my notes on howto install OpenVPN 2 on CentOS 6, more specifically OpenVPN 2.3.2 on CentOS 6.5.  My notes build on the DigitalOcean community guide and are accurate as of 25 April 2014.  The guide was a helpful starting point but I’ve managed to shorten a couple of the steps and updated some to take into account directories having moved, etc.

To start off you need to be on the console of the server you wish to run OpenVPN on.  I ran all of these commands as the root user, you may need to su or sudo as necessary.

  1. rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
  2. yum install openvpn -y
  3. cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
  4. nano-w /etc/openvpn/server.conf
    1. Replace
      1. ;push “redirect-gateway def1 bypass-dhcp”
      2. push “redirect-gateway def1 bypass-dhcp”
    2. Add
      1. push “dhcp-option DNS 8.8.8.8”
      2. push “dhcp-option DNS 8.8.4.4”
    3. Replace
      1. ;user nobody
        ;group nobody
      2. user nobody
        group nobody
    4. Replace
      1. dh dh1024.pem
      2. dh dh2048.pem
    5. Save and exit nano
  5. yum install easy-rsa -y
  6. mkdir -p /etc/openvpn/easy-rsa/keys
  7. cp -R /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa
  8. nano-w /etc/openvpn/easy-rsa/vars
    1. Replace values as necessary
      1. export KEY_COUNTRY=”US
        export KEY_PROVINCE=”CA
        export KEY_CITY=”SanFrancisco
        export KEY_ORG=”Fort-Funston
        export KEY_EMAIL=”me@myhost.mydomain
        export KEY_OU=”MyOrganizationalUnit
    2. Save and exit nano
  9. cd /etc/openvpn/easy-rsa
  10. source ./vars
  11. ./clean-all
  12. ./build-ca
  13. ./build-key-server server
  14. ./build-dh
  15. cd /etc/openvpn/easy-rsa/keys
  16. cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
  17. cd /etc/openvpn/easy-rsa
  18. ./build-key client
  19. iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0-j MASQUERADE
    1. if unsure of eth0 (network interface) use ifconfig to look it up first
  20. service iptables save
  21. nano-w /etc/sysctl.conf
    1. Replace
      1. net.ipv4.ip_forward = 0
      2. net.ipv4.ip_forward = 1
    2. Save and exit nano
  22. service openvpn start
  23. chkconfig openvpn on
  24. Download the following files to your client
    1. /etc/openvpn/easy-rsa/keys/ca.crt
    2. /etc/openvpn/easy-rsa/keys/client.crt
    3. /etc/openvpn/easy-rsa/keys/client.key
  25. In same directory on client create client.ovpn
    1. Insert replacing items in bold as necessary
      1. client
        dev tun
        proto udp
        remote X.X.X.X 1194
        resolv-retry infinite
        nobind
        persist-key
        persist-tun
        comp-lzo
        verb 3
        <ca>
        Contents of ca.crt
        </ca>
        <cert>
        Contents of client.crt
        </cert>
        <key>
        Contents of client.key
        </key>

Hope some of you find this useful, any issues please leave a comment.

Posted on

Freed from storage failure by FreeNAS

Today I’ve been freed from storage failure by FreeNAS.

From time to time technology is a real pain in the backside.  We’re all more reliant on it than we’ve ever been before and when it goes wrong these days, generally it means you’ll end up suffering.  Storage failure is always the worst kind of technology issue because it generally means losing something that’s important to you, e.g. family photographs.

Today though in a first for me, storage failure reared its ugly head but was slapped down by FreeNAS.  Keeping a long story short, one dying drive + one next day delivery replacement drive + one set of FreeNAS wiki instructions = No need to restore from backups and NO LOSS OF DATA!

Now whilst some people might attribute all this to the components that make up FreeNAS (e.g. FreeBSD, ZFS) without the work done by the FreeNAS team to wrap these all up in a friendly, usable package, surviving a storage failure like this would have remained a pipe dream for me.

Thank you FreeNAS team!

Posted on

Getting started with DDP Yoga

It’s funny sometimes the way the world works.  I’d been trying to push myself into getting started with DDP Yoga since I ordered it just before Christmas 2013 but had struggled to get myself up off the ground.

January has always been a bit of an awful month in terms of past events and I’d not realised until today just how much looking back on things can take the wind out of your sails.

So, with my Mum’s 61st birthday meal having come and gone yesterday, today was the day I finally got myself up off the ground.

All I can say is, I was pretty sure that I was unfit before, now I know!  Oh well, onwards and upwards!

It’s an awful cliché but the video is right, you have to start somewhere!

Posted on

Sonic 2

Sonic 2 is back, with all new levels,OH MY GOD, OH MY GOD, OH MY GOD, OH MY GOD, OH MY GOD, OH MY GOD, OH MY GOD, OH MY GOD!

Don’t even thing about it, just go here to read about how awesome SEGA are then just buy the damn game already!

image

Posted on

FreeNAS Jail with Bittorrent Sync

Here are my instructions for creating a FreeNAS Jail with Bittorrent Sync (BTsync) running inside it. This uses no FreeNAS plugins whatsoever and takes full advantage of all the power that comes with having a FreeBSD core running at the heart of FreeNAS 9.1.  This has been done on FreeNAS-9.1.1-RELEASE-x64.

  1. Login to your FreeNAS systems web interface.
  2. Click: Jails
  3. Click: Add Jail
    0001
  4. For Jail Name use btsync and click ok.  Let FreeNAS do its thing.
    0002
  5. The jail will automatically start.  You now need to SSH into your FreeNAS box as root.  In the alternative SSH in as a regular user and then change to root with su.
  6. Run: jls
  7. Make a note of the number to the left of the btsync name used earlier.
  8. Run: jexec # csh
    [where # is the number from item 7. above]
  9. Run: mkdir /usr/local/btsync
  10. Run: cd /usr/local/btsync
  11. Run: fetch http://download-lb.utorrent.com/endpoint/btsync/os/FreeBSD-x64/track/stable
  12. Run: tar zxvf stable
  13. Run: rm stable
  14. Run: ./btsync –dump-sample-config > btsync.conf
  15. Run: pkg_add -rv nano
  16. Run: nano /usr/local/btsync/btsync.conf
  17. Change the following:
    1. Replace: “device_name”: “My Sync Device”, with a friendly name for your BTsync service, e.g. “device_name”: “Fred”,
    2. Replace: “storage_path” : “/home/user/.sync”, with “storage_path” : “/usr/local/btsync/.sync”,
    3. Replace: “password” : “password” with “password” : “XXXXXXXXXX” where XXXXXXXXXX is a password of your choosing.
  18. Close Nano and save the changes: Ctrl +X -> Y -> Enter
  19. Run: nano /etc/rc.d/btsync
  20. Insert the following: 
    #!/bin/sh
#
# PROVIDE: btsync
# REQUIRE: LOGIN DAEMON NETWORKING
# KEYWORD: shutdown
#
# To enable BTSync, add this line to your /etc/rc.conf:
#
# btsync_enable="YES"
#
# And optionally these line:
#
# btsync_user="username" # Default is "root"
# btsync_bin="/path/to/btsync" # Default is "/usr/local/sbin/btsync"

. /etc/rc.subr

name="btsync"
rcvar="btsync_enable"

load_rc_config $name

required_files=$btsync_bin

: ${btsync_enable="NO"}
: ${btsync_user="root"}
: ${btsync_bin="/usr/local/sbin/btsync"}
: ${btsync_config="/usr/local/btsync/btsync.conf"}

command=$btsync_bin
command_args="--config ${btsync_config}"
run_rc_command "$1"
  21. Close Nano and save the changes: Ctrl +X -> Y -> Enter
  22. Run:  chmod 555 /etc/rc.d/btsync
  23. Run: nano /etc/rc.conf
  24. Insert the following: 
    # BitTorrent Sync
btsync_enable="YES"
btsync_user="nobody"
  25. Close Nano and save the changes: Ctrl +X -> Y -> Enter
  26. Run: chown -R nobody:nogroup /usr/local/btsync
  27. Run:  mv /usr/local/btsync/btsync /usr/local/sbin/
  28. Run: chown root:wheel /usr/local/sbin/btsync
  29. Login to your FreeNAS systems web interface.
  30. Click: Jails
  31. Stop the btsync jail and start it again.  Bittorrent Sync should now be running.
  32. Click: Edit Jail
  33. Make a note of IP.
  34. Login to your Bittorrent Sync web interface via: XXX.XXX.XXX.XXX:8888
    [Where XXX.XXX.XXX.XXX is the IP from Item 34]

That should about do it.

Some things to remember:

  • You can use the FreeNAS admin interface to mount storage into folders that exist outside of the jail into the jail.
  • Files and folders should all be set to nobody:nogroup as a user/group combination.  This killed off 99.9% of problems I was having.
  • Bittorrent Sync does not seem to update itself at the moment, at least it hasn’t thus far in this configuration.  This could be because it just doesn’t do it on FreeBSD or because I’ve done something stupidly wrong.  Either way you’ll have to watch the version numbers.
Posted on

FreeNAS 9.1.0 Beta

Brilliant news, FreeNAS 9.1.0 Beta has been released

Will be a while before I get to play with this what with the wedding preparations, house move, new job, etc, etc. but that said I’m really looking forward to:

Improved Plugin Jail subsystem which supports multiple jails and an enhanced UI including enhancements from PC-BSD Warden.

Hopefully this will lead to some serious fun experimenting which will let me separate my current jail (which contains Serviio and other applications) into separate compartments that I can then turn on and off as necessary.

Posted on

Clean lines edition

So, it’s finally here, after so many years that nobody was counting anyway, I present MYstIC G v5.0 / Clean lines edition.

I won’t bother to even trying to take any credit here.  The site is still running WordPress and now finds itself themed with the very fancy Montezuma theme.

I’ll probably try to bring the Orange back at some point, but no promises!