Site Archives firewall
OpenVPN between a FreeBSD server and a Microsoft client
Here’s a quick how-to install a secure VPN between a FreeBSD server and a Microsoft client (tested on 2K/XP/Vista) using OpenVPN.
As superuser on the FreeBSD machine:
# cd /usr/ports/security/openvpn-devel
# make install distclean
# rehash
# cd /usr/local/etc
# mkdir -m 700 openvpn
# openvpn --genkey --secret static.key
- Create a file called /usr/local/etc/openvpn/server.conf and enter the contents of the server.conf file that is printed at the end of this post.
- Then to secure everything from other users, make sure you only allow root access to the files inside the openvpn directoy:
chmod 600 * - Edit the file /usr/local/etc/smb.conf and find the line that starts with “hosts allow =” and add 10.9.0.2 to the list of networks allowed to have access to the shares.
- Edit the file /etc/rc.conf and add the following:
openvpn_enable="yes"
openvpn_if="tun"
openvpn_configfile="/usr/local/etc/openvpn/server.conf"
Finally on the FreeBSD machine:
# /usr/local/etc/rc.d/samba restart
# /usr/local/etc/rc.d/openvpn start
As an administrator on the Microsoft machine:
- Download and install the latest OpenVPN release with all options.
- Securely copy the /usr/local/etc/openvpn/static.key file from the FreeBSD machine to C:\Program Files\OpenVPN\config.
- Add in that same folder a file called client.ovpn with the contents at the end of this post. Run OpenVPN Gui and right-click -> Connect.
- Connection should be successful and you should have access to your shares by entering \\10.9.0.1 in any Explorer window.
Things to check if it is not working:
- All firewalls should pass UDP traffic on the port that OpenVPN binds to (default is 1194).
- Make sure SAMBA allows access from the tunneled IP.
server.conf
; port 1194
dev tun
ifconfig 10.9.0.1 10.9.0.2
secret static.key
# enable LZO compression
comp-lzo
user nobody
group nobody
client.ovpn
remote SERVER’S INTERNET IP ADDRESS OR HOSTNAME (ex: clkroot.net)
; port 1194
dev tun
ifconfig 10.9.0.2 10.9.0.1
secret static.key
# enable LZO compression
comp-lzo
Accès serveur FTPS
Pour votre information, il y a présentement une règle dans mon firewall (PF) qui va vous bloquez si vous tentez d’accéder le serveur FTPS plus que 5 fois en 15 secondes. Normalement j’estime que si vous voyez que ça fonctionne pas, vous allez réessayer plustard mais y’en a qui sont capable de me prouver autrement…
Anyway, la règle dans le firewall est la pour me protéger pas contre vous, mais contre les 100 à 200 attaques par minutes que je reçois sur le serveur.
Find It Quickly
Find what you're looking for quickly by using our keyword search. Can't find it? Try our links below.
