Before we begin I want to clearly identify the scope of this tutorial. There are different types of VPN, we will be creating a Client VPN which implies a many to one relationship. We will have multiple clients connecting via VPN to a single OpenVPN server. This OpenVPN server will assign IP addresses to each successfully authenticated client. Using this IP Address, client’s may, depending on your network security, access devices on a private network. Effectively appearing as if the Client was directly tied into the Private Network. If you are looking for a site-to-site VPN tunnel via IPSEC this is out of the scope of this tutorial.
Linux
Linux — iSCSI Target using open-iscsi
I recently set up an iSCSI SAN for use with VMWare Server. The set up was basically a Linux Ubuntu Server target with 2 network links to a single VNWare Server as the integrator. I also included iSCSI multi-pathing by enabling it on the initiator (VMWare Server).
This is how I set up an Linux SAN Target with iSCSI, interfacing with VMWare 5.1. as the iSCSI Initiator.
Continue reading…
Squid Proxy — EasyList to SquidGuard Expression List Conversion
Hi all! It’s seems to be difficult to keep up with the EasyList expression lists, and to make matters more confusing, the conversion from one EasyList expression list to SquidGuard can be cumbersome. There are a few article out on Google that people have posted their own SED files to convert from EasyList to squidGuard, that will manipulate the EasyList expression list and convert it to be compatible with SquidGuard. However, most are outout of date and will cause squidGuard to fail to initialize the expression list when issuing a
>squidGuard -C all
Linux — Apache Logs -Stop Logging Certain URIs
I recently posted an article talking about HAProxy as a load balancer. In the article I spoke about using a HTML health check file to maintain status of each servers Apache instance. The problem is this will flood your Apache server access logs every time this health check occurs, which I believe is every 2 seconds.
So you end up with a log file like this:
To correct this issue we need to modify the apache2.conf file on each server, and explicitly tell Apache NOT to log this URI to the access logs. So, from the previous article the culprit URI is /healthcheck.html. Open your Apache configuration file.
sudo vi /etc/apache2/apache2.conf
Now add this above the CustomLog section:
#logs SetEnvIf Request_URI "^/healthcheck.html$" dontlog CustomLog /www/logs/mysite_access_logs combined env=!dontlog ErrorLog /www/logs/mysite_error_logs
NOTICE: Make sure you have the ” escape character for any special characters.
That’s it! No more spamming of all the health checks to our Apache logs!!
Sources:
HAProxy — HTTP Load Balancing HAProxy1.4
I’ve posted a few articles on load balancing with the use of BIGIP F5 hardware appliances. However, there are also a few alternatives available, some even free! HAProxy is a popular load balancing application that has a robust collection of features.
HAProxy isĀ “The Reliable, High Performance TCP/HTTP Load Balancer”, taken right from the title of their web page. It has many different uses available, for this article I am going to focus on the HTTP load balancing functionality of it. Our scenario is as follows:
Linux — nTop and darkstat Traffic Monitoring
Hey All, so I posted an article on setting up your own Linux based firewall using iptables, and thought it would be nice to be able to monitor the connections coming in and out of each interface on the Linux Firewall. So I installed and played with two passive Network Traffic Monitoring applications; nTop and darkstat.
Continue reading…
Linux — Recovering from Drive Failure with mdadm
So it happened. I had a drive fail on me. Degrading my RAID 6 media server. Luckily I was notified by mdadm and was able to order a new one from newegg.com and rebuild it.
I want to walk through the steps I took getting my RAID file system backup and running, starting with the notification I received to my gmail account (which i received on my phone).
Linux — IPTABLES NAT, Dynamic NAT, NAT Overloading/Masquerade
If you have had experience with NATs via Cisco Routers or read about them in your CCNA studies, there are 3 Network Address Translation(NAT) types. Technically, two, see here, plus a third special case.
- Static NAT, one-to-one mapping
- Dynamic NAT, pool-to-pool mapping
- Dynamic NAT with PAT Overload, many-to-one mapping
So as you can see the two types are static NAT and Dynamic NAT, with the special case of Dynamic NAT with PAT overload.