1.) Make sure your conf register is 0x2102
Do show version and at the very end of the output you will see the Configuration register.
show version
Configuration register is 0x2102
If the config register is not 0x2102 then enter this command:
r1#configure terminal
r1(config)#config-register 0x2102
r1(config)#end
2.) Let's Erase the NVRAM/flash........
The Best Docker Tutorial for Beginners
We quickly explain the basic Docker concepts and show you how to do the most common tasks from starting your first container, to making custom images, a Docker Swarm Cluster Tutorial, docker compose and Docker buildfiles.........
Why choose OpenVPN instead of a firewall appliance?
OpenVPN can be a reliable and easy replacement for traditional hardware or just be an additional tool that your company uses so that the firewall can focus on its job rather than acting as a VPNappliance at the same time.
When comparing OpenVPN with traditional firewal........
A lot of older devices either support telnet or very old SSH keyx algorithms which are insecure and disabled by all newer/modern SSH clients for security reasons. However, sometimes you may be on a LAN via VPNor some other secured network or for whatever reason, absolutely, need to connect to this device and sometimes old/embedded devices may not be possible to update to a newer SSH server.
If you run into this you may be using a modern/newer SSH client and get thi........
If you visit a site that exploits the WebRTC vulnerability including whatismyipaddress.com it may show "Local IP Address" which would be the real IP of your machine.
The vulnerability works on Windows and Linux machines (contrary to false information on the web which claims it only affects Windows).
The above works and happens even if you are using a proxy or VPNaccount like ProVPNAccounts.com
It is easy........
So say you are behind a typical NAT/LAN setup whether at home, work or while travelling. What if you have a computer or server that you need to connect to from the outside?
Yes you could use a VPN but a quick and dirty, temporary and secure way is to use SSH's Reverse Tunneling Proxy feature.
Requirements
On the remote ssh server host you need the GatewayPorts option enabled in sshd_config (be........
Starting with newer versions of OpenVPN Ibelieve 2.2+ you need to have "script-security 3" set or you can't execute a third party script.
Prior to that you could also use the auth-user-pass-verify like this:
auth-user-pass-verify ./validate.pl "$username $password $ip" via-env
Options error: the --auth-user-pass-verify directive should have at most 2 parameters. To pass a list of arguments as one of the paramete........
This basically means that you are running as non-root and you need to be root to create the tun0 or tap0 device on OpenVPN. You could try sudo or adding the openvpn binary to the list of sudoers.........
Sometimes if you have a very basic configuration OpenVPN on the client side for some reason sends all traffic to the OpenVPN server IP through the tun0 which is of course impossible and creates a block or routing loop.
This is because you need to use your normal ISP/LANgateway to hit the OpenVPN server if it is remote/offsite as is usually the case. So if you are connected to the OpenVPN through say a tun0 device and your routing is set to connect to the OpenVPN&nbs........
I have never had this error on Linux and this is running FreeBSD as root:
Wed Aug 9 04:29:34 2017 us=329050 Cannot allocate TUN/TAP dev dynamically
Wed Aug 9 04:29:34 2017 us=329832 Exiting due to fatal error
The Solution you need a kernel module that is for some reason not automatically loaded like Linux:
kldload if_tap........
Sep 12 18:16:25 vps pluto[7299]: ERROR: asynchronous network error report on eth0 (sport=500) for message to 192.5.6.2 port 20640, complainant 192.5.6.2: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Some say changing the "leftprotoport=17/%any" will fix this but I have not found this to be the case.
Essentially it means at least one end is blocking the ipsec packets. Sometimes the %any allows an alt........
I have never had this error on Linux and this is running FreeBSD as root:
Wed Aug 9 04:29:34 2017 us=329050 Cannot allocate TUN/TAP dev dynamically
Wed Aug 9 04:29:34 2017 us=329832 Exiting due to fatal error
The Solution
You need a kernel module that is for some reason not automatically loaded like Linux:
kldload if_tap........
openvpn 2.3.10-1.el6 issues
in the .conf
auth-user-pass-verify "passwordcheck $username $password $untrusted_ip" via-env
auth-env does not work correctly in OpenVPN 2.3:
Sat Apr 23 02:30:22 2016 - $username - $untrusted_ip - login failure
But OpenVPN 2.2 does work as expected.
It could be that the specified script automatically receive........
apt-get install pptp-linux
echo "yourvpnusername * yourpasspass *" >> /etc/ppp/chap-secrets
vi /etc/ppp/peers/provpnaccounts.com
enter (ignore the lines):
============
pty "pptp server.provpnaccounts.com --nolaunchpppd"
name testuser
#remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
==========........
The following assumes the computer is local/physical to you and/or it always has a LANIP so it can be accessed on site without having a default gateway.
The key to this is not to set a default gateway for your computer or you can set a script on boot or other time to delete the gateway (where eth0 is the NIC you are using):
route del default eth0
50.80.20.2 is the VPN server you connect to
192.168.1.1 is your........
I never did get it working, it is too bad as obfsproxy should really be an option and integrated into the OpenVPN client and server or something similar:
yum -y install python-pip python-devel
No package python-pip available.
#install the EPEL repo
python-pip install obfsproxy
python-pip install obfsproxy
-bash: python-pip: command not found
pip install obfsproxy
&........
What matters most about VPNproviders in 2024?
We are highly suspicious of VERYLARGE VPN providers that have LOW PRICES and HUGE DISCOUNTS. The suspicion is that for those who know what costs are involved to purchase thousands of IPs and servers are not small. At the prices that many of the big mainstream providers offer, it is likely unprofitable or barely profitable. Then, how are those companies making money or is that even the goal?
There use........
This can happen when you install RPMForge or other repos with the wrong architecture and here's how you fix it (simply uninstalling won't usually fix it):
solution
yum clean all
yum -y install openvpn
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
* base: mirror.its.sfu.ca
* extras: centos.mirror.nexicom.net
* rpmforge: mirror.cpsc.ucalgary.ca
* up........
nf_conntrack: table full, dropping packet
The above in some cases I've seen is a sign of a DOS attack or can occur if users are using services like torrenting, proxy, VPNetc... Do not take it lightly as the above can knock a server offline if the table becomes full and I've also seen full crashes and kernel panics shortly after.
........
This is important if you need public access to internal IPs such as at your office and don't want to use a VPN just to SSHinto different servers:
Below forwards the port "10001" to the IP192.200.5.53 on port 22 (of course adjust it to your needs).
iptables -t nat -A PREROUTING -p tcp --dport 10001 -j DNAT --to-destination 192.200.5.53:22
Remember to enable MASQUERADE on your NAT IPs or they won't be able to talk to the outside world (........
Cannot load certificate file keys/server.crt: error:0906D06C:PEM
The .crt is blank empty because when generating it I kept hitting enter for the defaults and this caused the crt not to be signed.
Certificate is to be certified until Dec 18 00:35:49 2022 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
So if you get messages like these, a........
I used the suggested script to bridge from OpenVPN and it took my client's server off-line! Don't ever use their "sample" scripts if you don't have another way of accessing the server than SSH.
I actually found it easier to use iptables to tell it to route IPs based on a certain subnet to route through eth0:
iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o eth0 -j MASQUERADE
Replace "192.168.200.0/24" with your subnet of cour........
Make sure the module "tun" is loaded on the host.
vzctl set 2000 --devnodes net/tun:rw --save
*Note what's below is what OpenVZ says you need (but I've never had to do it)
vzctl exec 2000 mkdir -p /dev/net
vzctl exec 2000 mknod /dev/net/tun c 10 200
vzctl exec 2000 chmod 600 /dev/net/tun
On the container test the device:
when Something is wrong:........
Jan 16 04:02:03 centosbox syslogd 1.4.1: restart.
Jan 16 04:07:34 centosbox kernel: INFO: task updatedb:20771 blocked for more than 300 seconds.
Jan 16 04:07:34 centosbox kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Jan 16 04:07:34 centosbox kernel: updatedb D F78BE050 6476 20771 20766&n........