Please help my buddy configure his server

uhonhon

Junior Member
I have a buddy who knows neither English or German, therefore he pleaded with me to post here on his behalf. I recommended him to get Perfect Privacy to anonymize the connections of his server and he listened. He's having trouble configuring though.

Green means "done", orange means "working on it". Basically, that's what he wants his Debian 7 server to do:
  • to make connections through Perfect Privacy;
  • to have IP leak protection;
  • to have DNS leak protection;
  • to offer services (like FTP and SSH) directly, without him having to connect through a forwarded port of the VPN in order to access them;
  • to autoconnect to a VPN after booting the operating system.
Now... what he did is this:
  1. He followed this tutorial: https://www.perfect-privacy.com/howto/openvpn-with-linux/
  2. He has a few .ovpn files here: /etc/NetworkManager/system-connections/. Example:
    Code:
    [B]root@Debian7:/etc/NetworkManager/system-connections# cat Rotterdam2[/B]
    	[connection]
    	id=Rotterdam2
    	uuid=###########
    	type=vpn
    	
    	[vpn]
    	service-type=org.freedesktop.NetworkManager.openvpn
    	ta-dir=1
    	fragment-size=1300
    	connection-type=password-tls
    	password-flags=1
    	auth=SHA512
    	tunnel-mtu=1500
    	cipher=AES-256-CBC
    	comp-lzo=yes
    	remote=rotterdam2.perfect-privacy.org
    	cert-pass-flags=0
    	reneg-seconds=3600
    	port=1150
    	mssfix=yes
    	username=###########
    	cert=/root/info/openvpn-config/Rotterdam_cl.crt
    	ca=/root/info/openvpn-config/ca.crt
    	key=/root/info/openvpn-config/Rotterdam_cl.key
    	ta=/root/info/openvpn-config/Rotterdam_ta.key
    	
    	[vpn-secrets]
    	cert-pass=###########
    	password=###########
    	
    	[ipv4]
    	method=auto
  3. He has this script in /etc/NetworkManager/dispatcher.d which he can run after starting the server in order to activate the VPN. It works. Because of this script, the server also reconnects to the VPN if the connection is dropped.
Code:
#! /bin/bash

CONNECTION_NAME="Ifupdown"
VPN_NAME="Rotterdam2"

activ_con=$(nmcli con status | grep "${CONNECTION_NAME}")
activ_vpn=$(nmcli con status | grep "${VPN_NAME}")
if [ "${activ_con}" -a ! "${activ_vpn}" ];
then
    nmcli con up id "${VPN_NAME}"
fi
How does he do the rest? He wants IP and DNS leak protection and he also wants to be able to connect directly to SSH or FTP, bypassing the VPN. All the replies will be greatly appreciated.





P.S. A few other configuration files from his server:
/etc/NetworkManager/NetworkManager.conf
Code:
[main]
plugins=ifupdown,keyfile

no-auto-default=42:11:0B:0A:33:0B,

[ifupdown]
managed=true


/etc/network/interfaces
Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
 address ###.###.###.###
 netmask ###.###.###.###
 network ###.###.###.###
 broadcast ###.###.###.###
 gateway ###.###.###.###
 # dns-* options are implemented by the resolvconf package, if installed
 dns-nameservers 8.8.4.4
 dns-search domain.com


/etc/resolv.conf
Code:
# Generated by NetworkManager
search domain.com
nameserver ###.###.###.###
nameserver ###.###.###.###
nameserver 8.8.4.4
In this file, the first two servers seem to be put there automatically by Perfect Privacy.



/etc/NetworkManager/dispatcher.d/01ifupdown
Code:
#!/bin/sh -e
# Script to dispatch NetworkManager events
#
# Runs ifupdown scripts when NetworkManager fiddles with interfaces.
# See NetworkManager(8) for further documentation of the dispatcher events.

if [ -z "$1" ]; then
    echo "$0: called with no interface" 1>&2
    exit 1;
fi

if [ -n "$IP4_NUM_ADDRESSES" ] && [ "$IP4_NUM_ADDRESSES" -gt 0 ]; then
   ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet"
fi
if [ -n "$IP6_NUM_ADDRESSES" ] && [ "$IP6_NUM_ADDRESSES" -gt 0 ]; then
   ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet6"
fi

# If we have a VPN connection ignore the underlying IP address(es)
if [ "$2" = "vpn-up" ] || [ "$2" = "vpn-down" ]; then
   ADDRESS_FAMILIES=""
fi

if [ -n "$VPN_IP4_NUM_ADDRESSES" ] && [ "$VPN_IP4_NUM_ADDRESSES" -gt 0 ]; then
   ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet"
fi
if [ -n "$VPN_IP6_NUM_ADDRESSES" ] && [ "$VPN_IP6_NUM_ADDRESSES" -gt 0 ]; then
   ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet6"
fi

# We're probably bringing the interface down.
[ -n "$ADDRESS_FAMILIES" ] || ADDRESS_FAMILIES="inet"

# Fake ifupdown environment
export IFACE="$1"
export LOGICAL="$1"
export METHOD="NetworkManager"
export VERBOSITY="0"

for i in $ADDRESS_FAMILIES; do

    export ADDRFAM="$i"

    # Run the right scripts
    case "$2" in
        up|vpn-up)
            export MODE="start"
            export PHASE="post-up"
            run-parts /etc/network/if-up.d
            ;;
        down|vpn-down)
            export MODE="stop"
            export PHASE="post-down"
            run-parts /etc/network/if-post-down.d
            ;;
# pre-up/pre-down not implemented. See
# https://bugzilla.gnome.org/show_bug.cgi?id=387832
#        pre-up)
#            export MODE="start"
#            export PHASE="pre-up"
#            run-parts /etc/network/if-pre-up.d
#            ;;
#        pre-down)
#            export MODE="stop"
#            export PHASE="pre-down"
#            run-parts /etc/network/if-down.d
#            ;;
        hostname|dhcp4-change|dhcp6-change)
            # Do nothing
            ;;
        *)
            echo "$0: called with unknown action \`$2'" 1>&2
            exit 1
            ;;
    esac
done
 
Top