Wednesday 14 August 2013

Linux Survival Commands


/ is root.
/home/mc7 --> go up to root and go down
home/mc7

# ls -l   --> displays file permission


# chmod --> change mode/permission

#groups --> To get a listing of your group memberships

# cd ~ --> go to home directory. cd ~mc7 --> go to mc7 home directory



Posted by at No comments:
Labels:

Monday 12 August 2013

Pfsense OpenVPN Roadwarriors

Referred to
http://www.youtube.com/watch?v=odjviG-KDq8
http://blog.stefcho.eu/?p=492
http://www.apollon-domain.co.uk/?p=433


Posted by at No comments:

Sunday 11 August 2013

Pfsense site-to-site OpenVPN

 PPTP vs OpenVPN vs IPsec VPN
http://www.ivpn.net/knowledgebase/62/PPTP-vs-L2TP-vs-OpenVPN.html

Referred to
http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0)
http://blog.stefcho.eu/?p=576

Topology


Configure one site as a Server and another as client
Server will listen/wait for client to connect at the specified port. (we can use default port 1194 or different port such as tcp/443)

So, server side firewall must allow traffic from OpenVPN client source IP to access that port.

Routing of additional networks (we can only define one local subnet in openVPN default configuration), add "route 172.16.1.0 255.255.255.0" in advanced configuration box. Of course, the router(pfsense) protecting that network must know how to reach it(add static route)

Access Firewall rules
Fw Access rules via OpenVPN must be configured under OpenVPN tab in firewall section. Firewall in pfsense behaves like cisco ASA - scanning the traffic via incoming interface. So, remember to allow traffic at source firewall (LAN interface) and destination firewall (openVPN) interface.


Dropped Firewall logs


Check OpenVPN logs under Status --> OpenVPN. Check firewall logs under Status --> System Logs.
Posted by at No comments:
Labels:
Pfsense installation using Oracle Virtual Box

 Referred to
http://forum.pfsense.org/index.php?topic=47306.0
http://pc-addicts.com/building-the-ultimate-virtualbox-lab-intro/

Download pfsnse .gz file, uncompressed to .img file and convert it to virtual hard disk using "VBoxManage convertfromraw D:\temp\pfSensexx.img D:\temp\pfSensexx..vdi"

 Created a VM. Use "Bridge Adapter" to connect pfsense box to local network. Adapter 1 for WAN and adapter 2 for LAN.

(a)pfsense cannot be accessed by WAN interface due to default firewall rule. Use another VM like win XP to access the box via LAN interface. (default userid/password - admin/pfsense)

(b)If (a) is not feasible, we can use VirtualBox option in GNS3 to configure pfsense.

       
Add a cloud and configure it as host machine network adapter



Simulate the lab. First interface of pfsense is em0 and second is em1.

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)