This document provides instructions for setting up a total site-to-site Linux-based OpenVPN solution with dynamic DNS (DDNS) in 3 pages. It includes steps to install and configure a DDNS client, FreeRADIUS server, MySQL database, OpenVPN server, firewall rules, and a web interface for managing the FreeRADIUS server. The full document contains technical details for installing packages, editing configuration files, testing the setup, and securing the system.
The document provides instructions for installing and configuring a full-featured Linux server for hosting websites, email, and other services. It includes steps to install and configure an ISPConfig control panel along with associated software like Apache, PHP, MySQL, Postfix, Dovecot, PureFTPd, BIND, Roundcube webmail, and more. The overall process allows you to set up an full-fledged web hosting server on a Linux machine.
The document discusses configuring FTP on RHEL7. It describes installing the vsftpd package to provide FTP services. It then covers enabling and starting the vsftpd service, and opening the FTP port in the firewall to make the FTP server accessible both locally and over the network.
3PAR: HOW TO CHANGE THE IP ADDRESS OF HP 3PAR SANSaroj Sahu
The document provides steps to change the IP address of a HP 3PAR SAN. It outlines logging into the SAN through Putty using default credentials. It then details using the 'setnet' command to change the IP address, netmask, and gateway. The 'shownet' command confirms the new network settings. Login to the SP console allows changing additional settings like the hostname through interactive menus.
1. Connect the MMDVM host board to a PC using an RJ45 cable and USB power cable.
2. Access the MMDVM host web interface at 192.168.85.1 and configure the WiFi and radio settings.
3. Edit the MMDVM.ini file to configure the callsign, DMR ID, duplex settings, and radio frequencies as needed. Set the DMR and P25 enable settings and configure the DMR network.
This document provides instructions for installing a LAMP server with Drupal on it. It describes installing CentOS as the base Linux server, then using yum to add Apache, MySQL, PHP, and additional packages to create a full LAMP stack. It details configuring DHCP and FTP services. It also explains downloading and extracting Drupal, creating a MySQL database for it, and navigating through the Drupal installation process via a web browser. The key steps are: 1) installing a base Linux server; 2) using yum to add Apache, MySQL, PHP to create a LAMP server; 3) downloading and extracting Drupal; 4) creating a MySQL database; and 5) navigating through the Drupal installation
This document discusses configuring custom firewall zones and services using FirewallD on CentOS 8. It shows how to create a new "privatekaan" zone, add the DNS service to it, and assign network interfaces to that zone. It also demonstrates saving the runtime configuration permanently, reloading the firewall, and testing connectivity using tcpdump. The document provides examples for viewing active zones and services, setting a default zone, and allowing or blocking the SSH service as needed.
Document Management: Opendocman and LAMP installation on Cent OSSiddharth Ram Dinesh
This document provides instructions for installing LAMP (Linux, Apache, MySQL/MariaDB, PHP), phpMyAdmin, and OpenDocMan on CentOS 7. It describes how to install each component, configure the required settings, and set permissions and firewall rules. It also provides steps for restoring an OpenDocMan installation to another server by dumping and importing the MySQL database, transferring files via tar/scp, and adjusting configuration files.
The document discusses setting up a Squid proxy server on a Linux system to improve network security and performance for a home network. It recommends using an old Pentium II computer with at least 80-100MB of RAM as the proxy server. The document provides instructions for installing Squid and configuring the Squid.conf file to optimize disk usage, caching, and logging. It also explains how to set up the Squid proxy server to work with an iptables firewall for access control and protection from intruders.
How to shut down Netapp san 9.2 cluster mode version1Saroj Sahu
The document provides step-by-step instructions for shutting down and powering up a NetApp cluster mode system. It describes the process of:
1. Shutting down connected host machines, switches, and SAN components like controllers and disk shelves.
2. Powering up disk shelves first, then controllers, switches, and host machines after 5-10 minutes.
3. Entering commands like disabling the cluster, halting nodes, and enabling the cluster during shutdown and startup.
How to shutdown and power up of the netapp cluster mode storage systemSaroj Sahu
This slide will guide you how to shutdown and power up of the Netapp cluster mode storage system in command mode. (It will depict you environmental shutdown process (SAN environment in a DataCenter)
CentOS Server Gui Initial ConfigurationKaan Aslandağ
1) The document outlines the initial configuration steps for a CentOS 8 server installed on VMware Workstation Pro 16, including configuring the network adapter and subnet, installing CentOS Linux 8, setting the keyboard, timezone, installation destination, network settings, root password, software selection, and completing the installation process.
2) Key configuration steps include selecting the virtual network adapter, choosing "Install CentOS Linux 8", configuring the keyboard, timezone, storage disk, network adapter IP and hostname, root password, closest software mirror, and optional user creation.
3) After rebooting, the server is ready for use upon completing the licensing information and finishing the configuration.
Raw Iron to Enterprise Server: Installing Domino on LinuxDevin Olson
This document appears to be notes from a presentation or session on installing and configuring IBM Domino on CentOS Linux. It includes steps for:
1) Installing VirtualBox and CentOS in a virtual machine, configuring networking and basic CentOS configuration.
2) Installing additional packages, disabling SELinux, configuring firewall rules, and creating a Linux user and group for Domino.
3) Configuring SSH, removing conflicting services, increasing file handles, setting Domino-specific variables, and creating directories for Domino data and installation files.
4) Copying the Domino installation files, verifying, extracting, and running the installer to complete the Domino installation on
Unable to access the net app cluster mode 9.2 san through gui after power mai...Saroj Sahu
Unable to access the NetApp storage system 9.2 cluster mode due to cluster management LIF down and http service was disable. Here we have mentioned the real time issue which we have faced and solution has been given step by stem by using the command mode. Hope it can be useful for NetApp Administrators
This kickstart file configures an ESXi 5.0 installation on a server. It clears partitions on the first disk, installs ESXi using the first disk and overwrites any existing VMFS partitions. It sets the root password, reboots after installation, configures the management network interface, and configures a vSwitch with port groups.
This document provides a step-by-step guide to installing and configuring a secure Linux-based web, DNS, and mail server. The key aspects summarized are:
1) An Openna Linux 1.0 installation is performed and secured, adding firewall, intrusion detection, and chroot jailing of services.
2) Popular internet services like Apache, BIND, Qmail, MySQL, and Snort are installed and hardened through configuration of access controls, passwords, and file permissions.
3) Additional security tools like AIDE and log monitoring are implemented to detect intrusions and limit damage from any potential cracks.
The document provides instructions for configuring a Mikrotik router, including setting up interfaces and network cards, assigning IP addresses, creating NAT and DHCP rules, configuring DNS and gateway settings, and setting up a basic hotspot with user authentication. It also describes how to change the ISP connection and switch between Radius and local authentication for the hotspot.
This document discusses setting up an Internet access server using MikroTik RouterOS and the ISP billing system NetUP UTM5. It provides instructions for configuring MikroTik RouterOS on the access server, including setting IP addresses, default gateway, DNS, and SNAT. It also describes configuring the utm5_rfw daemon to allow the billing system to control Internet access by adding and removing firewall rules via scripts. The billing system is then configured to define firewall rules and tariffs to automate enabling and limiting bandwidth for user accounts.
This document provides instructions for setting up a CentOS 7 VM using VirtualBox for DPDK training. It describes installing CentOS 7 Minimal, configuring the VM with 4 network interfaces, installing DPDK and related tools, compiling sample applications like l3fwd and pktgen, and manually starting the applications on the VM to test basic packet forwarding functionality.
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...JohnWilson47710
The first Virtual Machine should be installed and have the BIND (DNS) server installed on it. While you do not own any address space/ name space your name server should manage the following domains:
The name server should answer queries for this domain. In addition to the saffioti.org.au zone, a zone should be set up for the reverse zone – the reverse zone would be whatever the address range is of your virtual machine. You should do some research on how Bind handles reverse zones. Visit: https://myassignmenthelp.com/free-samples/infs5907-managing-security-and-ethics-in-cyberspace/when-implementing-the-virtual-machines.html
This document provides instructions on installing and configuring the LAMP stack on Linux. It discusses downloading and installing Linux, Apache, MySQL, and PHP. It explains how to partition disks for installation, set up virtual hosts, and configure Apache's configuration files and ports. The key steps are downloading Linux distributions, burning ISO images, partitioning disks, selecting packages during installation, configuring Apache's files, ports, and virtual hosts.
The document provides instructions for running an Intel DPDK hands-on session to demonstrate packet forwarding using the l3fwd example. It describes downloading and compiling DPDK, getting and applying patches to l3fwd, configuring three VMs with pktgen to generate and receive packets and l3fwd to forward between them, and running l3fwd and pktgen manually or automatically on system startup.
This document provides step-by-step instructions for installing a SunRay Server 4.1 and setting up a SunRay G1 Thin Client with Debian Linux. It details installing and configuring the necessary software on the server machine, including the SunRay server software, Java runtime environment, DHCP server, and more. Instructions are also provided for configuring the thin client and networking to allow it to connect to the SunRay server.
This document describes how to set up a thin client deployment using PXE boot in a Microsoft-dominated network environment. Key steps include:
1. Configuring the DHCP server to provide PXE boot options and boot file information.
2. Preparing the RIS server by creating a PXE directory structure and boot images using the PXES tool.
3. Addressing bugs in PXES related to USB support, Samba password changes, and keyboard mappings to allow booting into a Linux environment and connecting to Windows terminal servers.
The document provides instructions for setting up an OpenVPN 2.1 server in bridged mode on FreeBSD 8. It describes installing OpenVPN, generating certificates, configuring the server, creating up and down scripts, configuring the firewall, and testing the server. The bridged mode allows VPN clients to access local network resources as if they were on site by assigning them an IP on the server's subnet.
This document provides a quick guide to installing and configuring Nagios for basic network monitoring. It outlines steps to install Nagios and plugins, configure monitoring of hosts, services, contacts, and the web interface. The guide explains setting up monitoring of a sample network with one monitoring host and one NFS server to check connectivity and NFS service status.
This document provides instructions for quickly installing and configuring Nagios, an open source network monitoring tool. It outlines steps to install Nagios and common plugins, create user accounts, and compile the software. The bulk of the document then explains how to set up basic configurations for time periods, contacts to receive alerts, hosts to monitor, host groups, and example services to check such as network connectivity. It also includes instructions for configuring the web server to access Nagios's interface. The goal is to demonstrate a working Nagios setup that can monitor a simple network with one monitoring host and one NFS server.
This document provides instructions for quickly installing and configuring Nagios, an open source network monitoring tool. It outlines steps to install Nagios and common plugins, create user accounts, and compile the software. The document then explains how to configure basic monitoring of hosts and services in Nagios, including time periods, contacts, host and service definitions, and enabling the web interface. The configuration would monitor connectivity for two systems and serves as a starting point for basic network monitoring with Nagios.
This document provides instructions for installing Snort 2.8.5 and Snort Report 1.3.1 on an Ubuntu 8.04 LTS system to monitor network traffic and view intrusion detection alerts. It outlines downloading and installing the Ubuntu operating system, Snort Report dependencies like MySQL and PHP, compiling and configuring Snort from source, and basic network topology. Installing all components results in an intrusion detection system that sniffs traffic on one network interface and allows administration and alert viewing on another.
This document provides instructions for installing and configuring Snort 2.9.6 and DAQ 2.0 on CentOS 6.3/6.4 running in a VirtualBox virtual machine. It describes compiling and installing necessary libraries like libpcap and libdnet. It then provides commands for extracting, configuring, compiling and installing DAQ and Snort. Finally it discusses configuring Snort configuration files, adding the Snort user, and providing a script to start and stop Snort.
This document summarizes the installation and configuration of SNORT, APACHE, PHP, MYSQL and SnortReport on a Windows server. Key steps included installing and configuring the software, assigning directories, setting up MySQL to store SNORT alerts, configuring APACHE to work with PHP and host the SnortReport web interface, and configuring SNORT to log to the MySQL database. The document also covers running SNORT as a Windows service and accessing the SnortReport web interface to view consolidated IDS alerts.
Install MariaDB on IBM i - Tips, troubleshooting, and moreRod Flohr
MariaDB is the new open source drop-in replacement for MySQL that has been adopted by IBM for use on Power Linux and IBM i. ZendDBi is the installer provided by Zend for installation of MariaDB on the IBM i. In this session we'll show how to use ZendDBi to install MariaDB and provide some important tips for post-installation. We'll also demonstrate troubleshooting some common installation issues. While most installations of MariaDB are trouble free, the troubleshooting procedures will give us a chance to understand a bit more about the operation of MariaDB on the IBM i. It'll also give us the opportunity to explore some concepts on IBM i that may not be familiar to some RPG programmers.
Varnish is configured to improve site response time. The document provides instructions on setting up Varnish cache in front of a web server. It discusses requirements like routing all traffic through a firewall and caching content for 6 hours if the origin server is down. It also covers estimating cache size, installing Varnish and plugins to monitor performance, and ensuring Varnish automatically restarts.
This document describes how to install Oracle 10g RAC on Linux using NFS for shared storage. Key steps include:
1. Installing Oracle Enterprise Linux on two nodes and configuring networking and prerequisites.
2. Setting up NFS shares on one node for shared file systems and disks.
3. Installing the Oracle Clusterware software and configuring the two-node cluster.
The document provides instructions for a lab on Snort and firewall rules. It describes:
1) Setting up the virtual environment and configuring networking on the CyberOps Workstation VM.
2) Explaining the differences between firewall and IDS rules while noting their similarities, such as both having matching and action components.
3) Having students run commands to start a malware server, use Snort to monitor traffic, and download a file from the server to trigger an alert, observing the alert in the Snort log.
The document provides instructions for installing WebSphere Message Broker 8 on Linux 64-bit systems. It describes unpacking installation files, preparing the machine by ensuring it has 32-bit libraries installed if needed, and configuring the operating system with the correct kernel parameters and user limits for running WebSphere Message Broker. It also explains how to install additional components like MQ Explorer and configure access for users.
The document provides instructions for setting up an OpenVPN server to allow both Linux and Mac OS X clients to securely connect. It describes generating certificates and keys, configuring the OpenVPN server, and then configuring Linux and Mac OS X clients to connect to the server. The key steps are:
1) Generate certificates and keys on the server using the OpenVPN easy-rsa scripts.
2) Configure the OpenVPN server configuration file and required files.
3) Distribute client certificates to Linux and Mac clients and configure the clients.
4) Start the OpenVPN server and test connectivity between clients and the server network.
Similar to Free radius billing server with practical vpn exmaple (20)
Storing, Managing, and Deploying Docker Container Images with Amazon ECRChanaka Lasantha
The document discusses Amazon Elastic Container Registry (ECR), which is a fully managed Docker container registry by AWS. It provides details on ECR components like registry, repositories, images, authorization tokens and policies. It then covers how to set up ECR including creating an IAM user, AWS CLI commands to log in to ECR and push/pull images. The document aims to help users store, manage and deploy Docker container images with ECR.
The document provides an overview of the AWS CloudFormation Designer Interface. It describes how to use the Designer to create a VPC with public and private subnets for an EKS cluster. The Designer has four panes - a canvas pane to view resources and relationships, a resources types pane to drag resources onto the canvas, an editor pane to specify template details, and a messages pane to view validation results. Templates can be saved locally or to S3.
ERP System Implementation Kubernetes Cluster with Sticky Sessions Chanaka Lasantha
ERP System Implementation on Kubernetes Cluster with Sticky Sessions:
01. Security Features Enabled in Kubernetes Cluster.
02. SNMP, Syslog and audit logs enabled.
03. Enabled ERP no login service user.
04. Auto-scaling enabled both ESB and Jboss Pods.
05. Reduced power consumption using the scale in future during off-peak days.
06. NFS enables s usual with ERP service user.
07. External Ingress( Load Balance enabled).
08. Cluster load balancer enabled by default.
09. SSH enabled via both putty.exe and Kubernetes management console.
10. Network Monitoring enabled on Kubernetes dashboard.
11. Isolated Private and external network ranges to protect backend servers (pods).
12. OS of the pos is updated with the latest kernel version.
13. Core Linux OS will reduce security threats.
14. Lightweight OS over small HDD space
15. Less amount of RAM usage has been enabled.
16. AWS ready.
17. Possible for exporting into Public cloud ENV.
18. L7 and L4 Heavy Load Balancing Enabled.
19. Snapshot Versioning Control Enabled.
20. Many More ………etc.
Free radius for wpa2 enterprise with active directory integrationChanaka Lasantha
This document provides instructions for configuring FreeRADIUS for WPA2 Enterprise authentication with Active Directory integration on an Ubuntu server. It describes installing FreeRADIUS and EasyRSA for certificate generation. The instructions explain how to configure the RADIUS server certificates and test basic authentication. It then details how to integrate Active Directory for MSCHAP authentication by configuring Samba and Kerberos, joining the Active Directory domain, and modifying FreeRADIUS configuration files. Finally, it explains how to configure wireless clients and start the FreeRADIUS service.
This document provides instructions for configuring Distributed Replicated Block Device (DRBD) to create a high availability cluster between two servers. It discusses mirroring a block device via the network to provide network-based RAID 1 functionality. The document outlines the steps to install and configure DRBD, including installing packages, configuring resources, initializing metadata storage, starting the DRBD service, and creating a filesystem on the mirrored block device. It also provides requirements for DRBD and a sample installation script.
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Chanaka Lasantha
This document provides instructions for configuring various server applications and services on a Linux server including Apache, PHP, MySQL, FTP, SSL, IPTables, PHPMyAdmin, and server monitoring. It discusses installing and configuring each of these applications and services individually with specific configuration details. The document is intended to provide a complete solution for setting up these common LAMP stack components and services on a Linux server.
Complete squid & firewall configuration. plus easy mac bindingChanaka Lasantha
1. The document details the configuration of a transparent SQUID Linux firewall to cache and filter internet traffic for internal clients. Key steps include installing and configuring Squid, setting up IP forwarding, configuring iptables firewall rules, and binding MAC addresses to IP addresses in Squid for access control.
The document provides instructions for configuring an authenticated Samba server with OpenVPN for secure remote access. Key steps include:
1. Installing Samba, CUPS and other required packages. Configuring firewall rules to allow SMB ports and sharing a directory.
2. Editing the Samba configuration file to define the shared directory and users. Starting the Samba and name resolution services.
3. Testing access from Linux and Windows clients.
4. Hardening the server with iptables firewall rules and installing ClamAV for antivirus scanning of the shared directory. Scheduling freshclam and clamscan to run periodically.
To temporarily delete a HDD in Linux, echo 1 to the device/delete file for that drive's block device. To permanently delete before suspend, create a script in /etc/pm/sleep.d/ that echoes 1 to device/delete when suspending. To add the drive back, echo a scan command to each scsi host and restart the system.
The document describes the configuration of an OpenVPN site-to-site VPN tunnel between two networks (Side A and Side B). Key steps include generating and sharing a security key between the sites, configuring firewall rules and routing on each side, and starting the OpenVPN service to establish the encrypted tunnel between the 10.0.0.1 and 10.0.0.2 addresses. Once configured, connectivity between the 192.168.1.0/24 and 192.168.2.0/24 networks can be tested using ping and traceroute.
Usrt to ethernet connectivity over the wolrd cubieboard bordsChanaka Lasantha
1. The document discusses connecting multiple microcontroller boards located worldwide over a secure VPN network.
2. It provides details on configuring the boards to connect via either RS232 or Ethernet ports and using software tools for setup and testing.
3. The goal is to enable interconnecting the boards in a one-to-many or client-server architecture over TCP/IP for monitoring and controlling remotely.
Site to-multi site open vpn solution with mysql dbChanaka Lasantha
OpenVPN is an open-source virtual private network (VPN) solution that can securely connect multiple network sites. It offers flexibility through both layer 2 and layer 3 modes. In layer 3 routing mode, each network site is separated into its own broadcast domain for improved scalability. The document provides a sample network diagram of a site-to-multi-site OpenVPN configuration connecting three network sites using layer 3 routing with separate IP subnets and firewalls at each location.
Site to-multi site open vpn solution. with active directory authChanaka Lasantha
OpenVPN is an open-source VPN solution that offers advantages over proprietary VPNs like IPsec. It uses SSL/TLS encryption and supports both layer 2 and 3 VPNs. OpenVPN allows protecting remote workers behind a central firewall and can tunnel through most firewalls and proxies. It supports both server and client modes over UDP or TCP and requires only one open port. OpenVPN works well with dynamic IPs, NAT, and flexible networking rules. It has an active community and supports many platforms.
This document discusses setting up a site-to-multi-site OpenVPN solution with dynamic DNS (DDNS) on CentOS/RedHat Linux servers. It describes advantages of OpenVPN like layer 2/3 VPNs, client protection with internal firewalls, and flexibility through scripting. A sample network diagram is provided showing a typical 3-site layer 3 routing setup with an access server and two client servers connected to different subnets. Instructions are given for installing DDNS and configuring port forwarding to allow connections to an internal LAN IP through a dynamic public IP/domain name.
This document provides instructions for installing Elasticsearch, Logstash, and Kibana (ELK stack) for log aggregation and visualization. It describes:
1. The key components - Logstash processes logs, Elasticsearch stores logs, Kibana provides a web interface for searching and visualizing logs. Logstash Forwarder sends logs from servers to Logstash.
2. Steps for installing and configuring each component on Linux - this includes installing Java, Elasticsearch, Logstash, generating SSL certificates, and configuring Logstash input/output.
3. Instructions for installing Logstash Forwarder on "client servers" to ship logs to the Logstash server.
This document outlines the steps to install Oracle Grid Infrastructure and configure high availability for an Oracle database cluster using Grid, NFS, and IP failover. It describes prerequisites like installing Oracle Grid and database packages, configuring shared storage, creating Oracle user accounts, and bonding network interfaces. The steps also include configuring the Oracle environment, installing the Grid software, and basic post-installation configuration to enable high availability functionality.
This document outlines the steps to install Oracle Grid Infrastructure and configure an Oracle Real Application Clusters (RAC) database with iSCSI high availability on two nodes. It describes pre-requisite tasks like setting up repositories, installing Oracle Grid and database packages, configuring users, directories and environment variables. Specific steps covered include bonding network interfaces, configuring the hosts file, setting swap space and installing Oracle Grid software.
The two-day workshop agenda covers Docker concepts like containers, images, and Dockerfiles. It includes hands-on labs for building Docker images, running containers with resource limits, mounting volumes, publishing ports, and using Docker Compose. Additional topics are Docker Swarm for clustering, Docker registries for storing images, and monitoring Docker systems. The goal is to teach attendees how to use Docker for building, deploying and managing applications across infrastructure.
Quality Patents: Patents That Stand the Test of TimeAurora Consulting
Is your patent a vanity piece of paper for your office wall? Or is it a reliable, defendable, assertable, property right? The difference is often quality.
Is your patent simply a transactional cost and a large pile of legal bills for your startup? Or is it a leverageable asset worthy of attracting precious investment dollars, worth its cost in multiples of valuation? The difference is often quality.
Is your patent application only good enough to get through the examination process? Or has it been crafted to stand the tests of time and varied audiences if you later need to assert that document against an infringer, find yourself litigating with it in an Article 3 Court at the hands of a judge and jury, God forbid, end up having to defend its validity at the PTAB, or even needing to use it to block pirated imports at the International Trade Commission? The difference is often quality.
Quality will be our focus for a good chunk of the remainder of this season. What goes into a quality patent, and where possible, how do you get it without breaking the bank?
** Episode Overview **
In this first episode of our quality series, Kristen Hansen and the panel discuss:
⦿ What do we mean when we say patent quality?
⦿ Why is patent quality important?
⦿ How to balance quality and budget
⦿ The importance of searching, continuations, and draftsperson domain expertise
⦿ Very practical tips, tricks, examples, and Kristen’s Musts for drafting quality applications
https://www.aurorapatents.com/patently-strategic-podcast.html
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Details of description part II: Describing images in practice - Tech Forum 2024BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and transcript: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
7 Most Powerful Solar Storms in the History of Earth.pdfEnterprise Wired
Solar Storms (Geo Magnetic Storms) are the motion of accelerated charged particles in the solar environment with high velocities due to the coronal mass ejection (CME).
Blockchain technology is transforming industries and reshaping the way we conduct business, manage data, and secure transactions. Whether you're new to blockchain or looking to deepen your knowledge, our guidebook, "Blockchain for Dummies", is your ultimate resource.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/07/intels-approach-to-operationalizing-ai-in-the-manufacturing-sector-a-presentation-from-intel/
Tara Thimmanaik, AI Systems and Solutions Architect at Intel, presents the “Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” tutorial at the May 2024 Embedded Vision Summit.
AI at the edge is powering a revolution in industrial IoT, from real-time processing and analytics that drive greater efficiency and learning to predictive maintenance. Intel is focused on developing tools and assets to help domain experts operationalize AI-based solutions in their fields of expertise.
In this talk, Thimmanaik explains how Intel’s software platforms simplify labor-intensive data upload, labeling, training, model optimization and retraining tasks. She shows how domain experts can quickly build vision models for a wide range of processes—detecting defective parts on a production line, reducing downtime on the factory floor, automating inventory management and other digitization and automation projects. And she introduces Intel-provided edge computing assets that empower faster localized insights and decisions, improving labor productivity through easy-to-use AI tools that democratize AI.
Video traffic on the Internet is constantly growing; networked multimedia applications consume a predominant share of the available Internet bandwidth. A major technical breakthrough and enabler in multimedia systems research and of industrial networked multimedia services certainly was the HTTP Adaptive Streaming (HAS) technique. This resulted in the standardization of MPEG Dynamic Adaptive Streaming over HTTP (MPEG-DASH) which, together with HTTP Live Streaming (HLS), is widely used for multimedia delivery in today’s networks. Existing challenges in multimedia systems research deal with the trade-off between (i) the ever-increasing content complexity, (ii) various requirements with respect to time (most importantly, latency), and (iii) quality of experience (QoE). Optimizing towards one aspect usually negatively impacts at least one of the other two aspects if not both. This situation sets the stage for our research work in the ATHENA Christian Doppler (CD) Laboratory (Adaptive Streaming over HTTP and Emerging Networked Multimedia Services; https://athena.itec.aau.at/), jointly funded by public sources and industry. In this talk, we will present selected novel approaches and research results of the first year of the ATHENA CD Lab’s operation. We will highlight HAS-related research on (i) multimedia content provisioning (machine learning for video encoding); (ii) multimedia content delivery (support of edge processing and virtualized network functions for video networking); (iii) multimedia content consumption and end-to-end aspects (player-triggered segment retransmissions to improve video playout quality); and (iv) novel QoE investigations (adaptive point cloud streaming). We will also put the work into the context of international multimedia systems research.
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
How to Avoid Learning the Linux-Kernel Memory ModelScyllaDB
The Linux-kernel memory model (LKMM) is a powerful tool for developing highly concurrent Linux-kernel code, but it also has a steep learning curve. Wouldn't it be great to get most of LKMM's benefits without the learning curve?
This talk will describe how to do exactly that by using the standard Linux-kernel APIs (locking, reference counting, RCU) along with a simple rules of thumb, thus gaining most of LKMM's power with less learning. And the full LKMM is always there when you need it!
Free radius billing server with practical vpn exmaple
1. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 1
Advanced Internet Service Provider Billing System
for Wifi/WiMax/VPN/Hotspot/LTE with DDNS
chanaka.lasantha@gmail.com
ව්යාපාරාක් ලෙස ්ම්කිසි අන්තකජාෙ ලසේව්ාව් ෙබලදනල ොට ඔ්ාෙට ව්ැදගත්ම ලේ තම යි Billing කිරීම , එ එ ල නාට
Gigabyte පාරකමන් ල ොටා එ ෙබාදීම , ආක ෂාව් සහ ව්ාර්තාව් ලෙස සි්ල්ෙ සමී ෂණ් !..
Dynamic DNS (DDNS) instalation & Config on CentOS/RedHat Enterprise Linux Server
ලමලම ස්ථාපාරන් සිදු කගත් පාරසුව් ඔබට Router එල හි DDNS Settings ල ොන්ෆිග් ලනො ක හුලද ම එහි ලපාරොර්ට් එ පාරමණ
ඔබලග් LAN එ තුෙ IP Address එ ට ල ෝව්ර්ඩ් කිරීම පාරමණ ප්රමාණව්ත් ්.
දැන් No-ip DDNS Windows ලහෝ LINUX Client එ ස්ථාපිත ෙ විට එ් මගින් එ තකා ාෙ පාරකතක් ඇතුෙත
අපාරලග් Router එල හි Dynamic Public IP Address එ ලව්නස් ව්න විටම එ් no-ip ලසේව්ාව් ලව්ත අන්තකජාේ
හකහා ්ාව්ත් ාලින කනු ෙැලේ. එවිට ඔව්න් ෙබාදුන් ෆ්රී ල ොලම්න් එ ෑනෑම කට ලව්ේ රව්සක් මත ඇතුෙත් ක
උදාහකන් ලෙස සමන් ලව්ේ අ වි් බෙන ආ ාකල්න් අපාරලග් LAN Network Side එල තිලබන පාරරිගණ ්
තුෙ තිලබන ලව්ේ අ වි් / යිල් සර්ව්ර් එ / VPN සර්ව්ර් එ බාහික කට සිට Access ෙ හැකි් .
Install “Make” compiler program in preparation to compile the no-ip program. You might also have to install
the “GCC” compiler if “Make” compiler don’t work; I have both GCC and Make installed. The following is
the commands to download &install them:
yum install gcc
yum install make
DESIGEND , DOCUMEMTED AND TESTED BY CHANAKA LASANTHA NANAYAKKARA
2. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 2
Now onto the easy step-by-step installation of no-ip client. Run the following 6 commands from the
terminal:
mkdir noip && cd noip
wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
tar zvxf noip-duc-linux.tar.gz
cd noip-2.1.9-1
make
make install
Please enter the login/email string for no-ip.com (email account that you used to set-up no-ip account)
Please enter the password for user(password that you used to login to no-ip)
Please enter an update interval: [30] 30
(Increments in minutes that you want no-ip client to check if your router’s external dynamic IP address has changed
and updates it accordingly.)
Do you wish to run something at successful update? [N] (y/N) N(Just enter “N” here.)
/usr/local/bin/noip2(To start/run noip client)
echo ‘/usr/local/bin/noip2′ >> /etc/rc.local(To start/run noip client after each system reboot
More useful no-ip commands
/usr/local/bin/noip2 -C to configure noip client
/usr/local/bin/noip2 -S to display info about running noip client
/usr/local/bin/noip2 -U to set update intervals (in minutes)
Most Important Settings on Free Radius Server (192.168.2.205) and Open VPN Server
(192.168.2.204)
Please set the correct Time & date in your VPN Access server and Free Radius Server:
Date:
date -s "9 AUG 2013 11:32:08"
Time:
date +%T -s "11:32:08"
After that you must be correctly Setup that yours VPN server's CA.cert Time Zone and Server Key Time
Settings as well.
Please make sure to use same version of VPN Clent Software aslo with the server verions as well.
3. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 3
Install Packages
Add repository EPEL that is provided from Fedora project.
rpm –Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
uname -a
If you see “x86_64 GNU/Linux” at the end of the output line means your server is 64-bit. Otherwise if you see “i686
i386 GNU/Linux” or “x86 GNU/Linux” means your machine is 32-bit.Issue this command.
For The CentOS 5/RHEL 5 32-bit (x86):
rpm -ivh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm or
For The CentOS 5 / RHEL 5 64-bit (x86_64):
rpm -ivh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
For The CentOS 6/RHEL 6 32-bit (x86):
rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-1.el6.rf.i686.rpm or
For The CentOS 6 / RHEL 6 64-bit (x86_64):
rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
Install MySQL Server and Free Radius
yum install freeradius freeradius-mysql freeradius-utils mysql mysql-server –y
/etc/rc.d/init.d/mysqld start
chkconfig mysqld on
/usr/bin/mysql_secure_installation
Log in MySQL as root
mysql -uroot –p
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius IDENTIFIED BY "radpass";
flush privileges;
use radius;
SOURCE /etc/raddb/sql/mysql/schema.sql;
CREATE TABLE IF NOT EXISTS `radcheck` (
`username` varchar(32) COLLATE utf8_unicode_ci NOT NULL,
`attribute` varchar(16) COLLATE utf8_unicode_ci DEFAULT NULL,
`op` varchar(16) COLLATE utf8_unicode_ci DEFAULT NULL,
`value` varchar(32) COLLATE utf8_unicode_ci NOT NULL ,
PRIMARY KEY (`username`),
KEY `value` (`value`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
INSERT INTO `radcheck` ( `username`, `attribute`, `op`, `value` )
VALUES ('testuser', 'User-Password', ':=', 'testpassword' );
exit
4. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 4
Edit the radiusd.conf file
vim /etc/raddb/radiusd.conf (line number 700)
Uncomment,
$INCLUDE sql.conf
Edit the sql.conf
vim /etc/raddb/sql.conf
# Connection info:
server = "localhost"
#port = 3306
login = "radius"
password = "radpass"
# Database table configuration for everything except Oracle
radius_db = "radius"
Edit the default File
vim /etc/raddb/sites-available/default
Uncommented line that begin with sql'under the authorize {}, accounting {}, and session {} sections.
5. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 5
Edit inner-tunnel File
vim /etc/raddb/sites-available/inner-tunnel
Edit /etc/raddb/sites-available/inner-tunnel and uncomment all line that contain 'sql' as well.
Edit clients.conf File
vim /etc/raddb/clients.conf
you have to edit 'testing' to something more secret like 'jamesbondcode8982323'.
still on clients.conf, search for line that looks exactly like:
# coa_server = coa
}
enter the following block below those lines :
client VPN Server IP HERE {
secret = jamesbondcode8982323
shortname = yourVPN
nastype = other
}
Debug the Free Radius Server (192.168.2.205)
You have to Open two ssh Terminals using Putty.exe
In terminal one,
radiusd –X
(Pls Stop Radius Service and
try this debug command)
6. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 6
In terminal two,
radtest testuser testpassword localhost 1812 jamesbondcode8982323
(testing with mysql user with rad server connectivity)
In terminal one , you will see the followng output,
7. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 7
NAS Client Testing Tool Output
Finally Just Issue those are the commnads,
service radiusd restart
chkconfig radiusd on
Install Web Server
yum -y install httpd
rm -f /etc/httpd/conf.d/welcome.conf
rm -f /var/www/error/noindex.html
ln -s /usr/bin/perl /usr/local/bin/perl
Configure httpd
vi /etc/httpd/conf/httpd.conf
# line 44: change
ServerTokens Prod
# line 74: change to ON
KeepAlive On
# line 251: Admin's address
ServerAdmin root@192.168.2.205
# line 265: change to your server's name
ServerName 192.168.2.205:80
# line 320: change (enable CGI and disable Indexes)
Options FollowSymLinks ExecCGI
# line 327: change
AllowOverride All
# line 391: add file name that it can access only with directory's name
DirectoryIndex index.html index.cgi index.php
8. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 8
# line 524: change
ServerSignature Off
# line 747: make it comment
#AddDefaultCharset UTF-8
# line 778: uncomment and add file-type that apache looks them CGI
AddHandler cgi-script .cgi .pl
/etc/rc.d/init.d/httpd start
chkconfig httpd on
Installing PHP 5.3, MCrypt & Pear
service httpd stop
yum remove php php-*
yum install -y php53-devel libmcrypt-devel
yum install -y php53 php53-cli php53-common php53-gd php53-mbstring gcc php53-mysql php53-pdo php53-pgsql php53-xml
php53-xmlrpc php53-devel php53-imap php53-odbc php53-snmp
Mcrypt installation for php 5.3, for this we need to download the php package and build
from it.
wget http://museum.php.net/php5/php-5.3.3.tar.gz
tar xf php-5.3.3.tar.gz
cd php-5.3.3/ext/mcrypt/
phpize
aclocal
./configure
make test
make install
// now to complete mcrypt installation, we will need to add the extension to php 5.3
// you need to create the mcrypt.ini file and add the extension to it
vim /etc/php.d/mcrypt.ini
// add the following line to the above file and save it
extension=mcrypt.so
// now we need to download and install the pear package
cd
wget http://pear.php.net/go-pear.phar
php go-pear.phar
yum install php-pear
pear install DB
service httpd start
9. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 9
Web Interface for RAD Server
wget http://kaz.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
tar zxvf daloradius-0.9-9.tar.gz
mysql -pz80cpu radius < /root/daloradius-0.9-9/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
mv daloradius-0.9-9 /var/www/html/daloradius
cd /var/www/html/daloradius/library
vim daloradius.conf.php
Now you can login into http://192.168.2.205/daloradius/login.php
10. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 10
Configure IPTables and SELinux on Central Free Radius Billing Server (192.168.2.205)
service iptables start
iptables –-flush
iptables --table nat -–flush
iptables --delete-chain
service iptables save
service iptables restart
service network restart
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 2 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -N SYN_FLOOD
iptables -A INPUT -p tcp --syn -j SYN_FLOOD
iptables -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
iptables -A SYN_FLOOD -j DROP
iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP
iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP
iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT
iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT
iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP
iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP
iptables -A INPUT -m recent --name portscan --remove
iptables -A FORWARD -m recent --name portscan –remove
iptables -A INPUT -s 0.0.0.0/7 -j DROP
iptables -A INPUT -s 2.0.0.0/8 -j DROP
iptables -A INPUT -s 5.0.0.0/8 -j DROP
iptables -A INPUT -s 7.0.0.0/8 -j DROP
iptables -A INPUT -s 10.0.0.0/8 -j DROP
iptables -A INPUT -s 23.0.0.0/8 -j DROP
iptables -A INPUT -s 27.0.0.0/8 -j DROP
11. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 11
iptables -A INPUT -s 31.0.0.0/8 -j DROP
iptables -A INPUT -s 36.0.0.0/7 -j DROP
iptables -A INPUT -s 39.0.0.0/8 -j DROP
iptables -A INPUT -s 42.0.0.0/8 -j DROP
iptables -A INPUT -s 49.0.0.0/8 -j DROP
iptables -A INPUT -s 50.0.0.0/8 -j DROP
iptables -A INPUT -s 77.0.0.0/8 -j DROP
iptables -A INPUT -s 78.0.0.0/7 -j DROP
iptables -A INPUT -s 92.0.0.0/6 -j DROP
iptables -A INPUT -s 96.0.0.0/4 -j DROP
iptables -A INPUT -s 112.0.0.0/5 -j DROP
iptables -A INPUT -s 120.0.0.0/8 -j DROP
iptables -A INPUT -s 169.254.0.0/16 -j DROP
iptables -A INPUT -s 172.16.0.0/12 -j DROP
iptables -A INPUT -s 173.0.0.0/8 -j DROP
iptables -A INPUT -s 174.0.0.0/7 -j DROP
iptables -A INPUT -s 176.0.0.0/5 -j DROP
iptables -A INPUT -s 184.0.0.0/6 -j DROP
iptables -A INPUT -s 192.0.2.0/24 -j DROP
iptables -A INPUT -s 197.0.0.0/8 -j DROP
iptables -A INPUT -s 198.18.0.0/15 -j DROP
iptables -A INPUT -s 223.0.0.0/8 -j DROP
iptables -A INPUT -s 224.0.0.0/3 -j DROP
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 1813 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 1812 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 1813 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 1812 -j ACCEPT
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%27%27%3d%27” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%27%27%3d%27” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP
service iptables save
service iptables restart
service network restart
/sbin/iptables -L
iptables -L -t nat –n
12. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 12
iptables -vnL
use radius;
CREATE TABLE IF NOT EXISTS `radcheck` (
`username` varchar(32) COLLATE utf8_unicode_ci NOT NULL,
`attribute` varchar(16) COLLATE utf8_unicode_ci DEFAULT NULL,
`op` varchar(16) COLLATE utf8_unicode_ci DEFAULT NULL,
`value` varchar(32) COLLATE utf8_unicode_ci NOT NULL ,
PRIMARY KEY (`username`),
KEY `value` (`value`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
INSERT INTO `radcheck` ( `username`, `attribute`, `op`, `value` )
VALUES ('testuser', 'User-Password', ':=', 'testpassword' );
Radius Plugin On the VPN Server Side ( I Assumed you have already configured Open VPN
Server – 192.168.2.204)
yum install libgcrypt libgcrypt-devel gcc-c++
wget http://www.nongnu.org/radiusplugin/radiusplugin_v2.1a_beta1.tar.gz
tar zxvf radiusplugin_v2.1a_beta1.tar.gz
cd radiusplugin_v2.1a_beta1/
make
cp radiusplugin.so /etc/openvpn/
cp radiusplugin.cnf /etc/openvpn/
First off, edit the radiusplugin.cnf file. Focus on the “server” section and ensure that the details are correct:
vim /etc/openvpn/radiusplugin.cnf
server
{
# The UDP port for radius accounting.
acctport=1813
# The UDP port for radius authentication.
authport=1812
# The name or ip address of the radius server.
name=192.168.2.205
# How many times should the plugin send the if there is no response?
retry=1
# How long should the plugin wait for a response?
wait=1
# The shared secret.
sharedsecret= jamesbondcode8982323
}
13. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 13
Test Radius Server Authentication & Connectivity by the Open VPN server
radtest testuser testpassword 192.168.2.205 1812 jamesbondcode8982323
Make sure these entries are correct – now lets edit the OpenVPN server config file
(server.conf) and add the following line:
vim /etc/openvpn/server.conf
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
client-cert-not-required
service openvpn restart
NOTE: YOU HAVE TO REFER MY FULL DOCUMNETRYIF YOU ARE GOING FOR A SITES TO MULTI SITES COMPLETE OPEN VPN
SOLUSION BY THIS URL HERE
Example Server.conf file,
Editing Open VPN Access Server’s Main Config File(server.conf) at 192.168.2.204
Finally, we need to edit the OpenVPN config file. OpenVPN ships with a collection of good example config files (found in
~/openvpn-2.0.9/sample-config-files) that are very well documented starting points. The man page is also very well
written and contains loads of useful information.
The OpenVPN server's config file (server.conf) – For The Server to Clients.
cd /etc/openvpn
vim server.conf
local 192.168.2.204
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.2.0 255.255.255.0"
push "persist-key"
push "persist-tun
push "explicit-exit-notify 1"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
14. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 14
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
reneg-sec 432000
tls-auth /etc/openvpn/keys/ta.key 0
cipher AES-256-CBC
comp-lzo
user nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 5
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
client-cert-not-required
Test VPN Tunnel Establishment Trace on 192.168.2.204 Access Server
tail -f /var/log/openvpn-status.log
tail -f /var/log/openvpn.log
tcpdump
tracert {your destination ip}
Open VPN Visiting Client config and installing Open VPN Clinet Software
(UK Client with MySQL Database User Athentication)
Download and install the OpenVPN client installer file from the below Link OpenVPN client Download link (works with
WindowsXP,Vista and Windows7)
Note: Installing client and initializing the VPN connection requires Administrator privileges.
After installatling OpenVPN client, Copy C:Program FilesOpenVPNsample-configclient.ovpn to C:Program
FilesOpenVPNconfigclient.ovpn And open the client.ovpn file and edit like below
OpenVPN client Download link
Copy the ta.key and ca.crt files form 192.168.2.204 to the your’s Laptop Open VPN Client’s -config /Configuration folder
“C:Program FilesOpenVPNconfig”
Copy C:Program FilesOpenVPNsample-configclient.ovpn to C:Program FilesOpenVPNconfigclient.ovpn
15. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 15
client
dev tun
proto udp
remote openvpngil.no-ip.biz 1194
reneg-sec 432000
nobind
auth-user-pass
resolv-retry infinite
route 192.168.2.0 255.255.255.0
user nobody
group nobody
persist-tun
persist-key
ca ca.crt
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3
Click "OpenVPN GUI" icon and Start OpenVPN client. Next Click OpenVPN icon on task-bar with right button and select
"Connect".
16. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 16
Test VPN Tunnel Establishment Trace on Client Laptop
ping 10.0.0.1 -t
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=21.1 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=14.8 ms
tracert 192.168.0.200 or what ever Head Office LAN PC
What will be in the Client Config file settings for a iPhone/iTub/Windows Mobile
Phone/Android Phone? (Single File)
client
dev tun
proto udp
remote openvpngil.no-ip.biz 1194
auth-user-pass
resolv-retry infinite
route 192.168.2.0 255.255.255.0
nobind
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
MIIDrjCCAxegAwIBAgIJAIzyTAwZXVooMA0GCSqGSIb3DQEBBQUAMIGXMQswCQYD
VQQGEwJVSzELMAkGA1UECBMCTlIxFTATBgNVBAcTDEF0dGxlYm9yb3VnaDEZMBcG
A1UEChQQSGlkZSBNeSBBc3MhIFBybzEMMAoGA1UECxMDVlBOMRowGAYDVQQDExF2
cG4uaGlkZW15YXNzLmNvbTEfMB0GCSqGSIb3DQEJARYQY2FAaGlkZW15YXNzLmNv
bTAeFw0wOTA2MDYwOTM5MTJaFw0xOTA2MDQwOTM5MTJaMIGXMQswCQYDVQQGEwJV
SzELMAkGA1UECBMCTlIxFTATBgNVBAcTDEF0dGxlYm9yb3VnaDEZMBcGA1UEChQQ
SGlkZSBNeSBBc3MhIFBybzEMMAoGA1UECxMDVlBOMRowGAYDVQQDExF2cG4uaGlk
ZW15YXNzLmNvbTEfMB0GCSqGSIb3DQEJARYQY2FAaGlkZW15YXNzLmNvbTCBnzAN
17. Total Site to Sites Linux Based Open VPN Solution with DDNS Page 17
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuMcVrtq8Y/en+R6scsKl4EHMSU1e9xzQ
nHsbG8U93YHGQL8iJThdCaw/FS85ekTQmyQLS5qdFPOWEYPGbiR/ROH9yjD/VWzC
2OHSdmE+6w909tKjLWQSNpiBQaq5InSd/UrJ98Usw2hHz6yk/gkeTwkNip75UHGG
XREC6FUa6zUCAwEAAaOB/zCB/DAdBgNVHQ4EFgQUzli9ONAdxV7S73RTOpfaXP99
HDIwgcwGA1UdIwSBxDCBwYAUzli9ONAdxV7S73RTOpfaXP99HDKhgZ2kgZowgZcx
CzAJBgNVBAYTAlVLMQswCQYDVQQIEwJOUjEVMBMGA1UEBxMMQXR0bGVib3JvdWdo
MRkwFwYDVQQKFBBIaWRlIE15IEFzcyEgUHJvMQwwCgYDVQQLEwNWUE4xGjAYBgNV
BAMTEXZwbi5oaWRlbXlhc3MuY29tMR8wHQYJKoZIhvcNAQkBFhBjYUBoaWRlbXlh
c3MuY29tggkAjPJMDBldWigwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOB
gQCqNwcaCyebKsSQt6IqnCMB+WaSjrxnRgD1hqgReho/fD2D5+mHYAfs22Y5R0GQ
uLwmH+88OfIgsK9Wy0cKknGVML2E5fV+AUVWpPkAx8nZVNUuhj9N6nN+891pTIQc
jRdJbgqyUwlmc+/eyiLB8/s7GmqOoDK5UrSEyBoi8XhRBQ==
-----END CERTIFICATE-----
</ca>
cipher AES-256-CBC
comp-lzo
verb 3
Troubleshooting
Testing:
tail -f /var/log/openvpn.log
tail -f /var/log/openvpn-status.log
iptables -L -t nat –n
ip route
route –n
radiusd –X
radtest lasantha 1234 192.168.2.205 1812 jamesbondcode8982323 (Username = lasantha,
Password 1234, Radius Svr = 192.168.2.205, Secret of Radius Server = jamesbondcode8982323)
tcpdump
tracert 192.168.2.204
Backup Free Radius Server’s MySQL Database
{mysqldump -u root -p[root_password] [database_name] > dumpfilename.sql}
Ex:-
mysqldump -u root -pz80cpu radius > radius.sql
Restore a database:-
{mysql -u root -p[root_password] [database_name] < dumpfilename.sql}
Ex:-
mysql -u root -pz80cpu radius < /tmp/radius.sql
Just use WinSCP Free Software Tool for Transfering MySQL Backup Database file into you Laptop