Please help my buddy configure his server

Discussion in 'Linux' started by uhonhon, Dec 24, 2014.

  1. uhonhon

    uhonhon Junior Member

    I have a buddy who knows neither English or German, therefore he pleaded with me to post here on his behalf. I recommended him to get Perfect Privacy to anonymize the connections of his server and he listened. He's having trouble configuring though.

    Green means "done", orange means "working on it". Basically, that's what he wants his Debian 7 server to do:
    • to make connections through Perfect Privacy;
    • to have IP leak protection;
    • to have DNS leak protection;
    • to offer services (like FTP and SSH) directly, without him having to connect through a forwarded port of the VPN in order to access them;
    • to autoconnect to a VPN after booting the operating system.
    Now... what he did is this:
    1. He followed this tutorial: https://www.perfect-privacy.com/howto/openvpn-with-linux/
    2. He has a few .ovpn files here: /etc/NetworkManager/system-connections/. Example:
      Code:
      [B]root@Debian7:/etc/NetworkManager/system-connections# cat Rotterdam2[/B]
      	[connection]
      	id=Rotterdam2
      	uuid=###########
      	type=vpn
      	
      	[vpn]
      	service-type=org.freedesktop.NetworkManager.openvpn
      	ta-dir=1
      	fragment-size=1300
      	connection-type=password-tls
      	password-flags=1
      	auth=SHA512
      	tunnel-mtu=1500
      	cipher=AES-256-CBC
      	comp-lzo=yes
      	remote=rotterdam2.perfect-privacy.org
      	cert-pass-flags=0
      	reneg-seconds=3600
      	port=1150
      	mssfix=yes
      	username=###########
      	cert=/root/info/openvpn-config/Rotterdam_cl.crt
      	ca=/root/info/openvpn-config/ca.crt
      	key=/root/info/openvpn-config/Rotterdam_cl.key
      	ta=/root/info/openvpn-config/Rotterdam_ta.key
      	
      	[vpn-secrets]
      	cert-pass=###########
      	password=###########
      	
      	[ipv4]
      	method=auto
    3. He has this script in /etc/NetworkManager/dispatcher.d which he can run after starting the server in order to activate the VPN. It works. Because of this script, the server also reconnects to the VPN if the connection is dropped.
    Code:
    #! /bin/bash
    
    CONNECTION_NAME="Ifupdown"
    VPN_NAME="Rotterdam2"
    
    activ_con=$(nmcli con status | grep "${CONNECTION_NAME}")
    activ_vpn=$(nmcli con status | grep "${VPN_NAME}")
    if [ "${activ_con}" -a ! "${activ_vpn}" ];
    then
        nmcli con up id "${VPN_NAME}"
    fi
    How does he do the rest? He wants IP and DNS leak protection and he also wants to be able to connect directly to SSH or FTP, bypassing the VPN. All the replies will be greatly appreciated.





    P.S. A few other configuration files from his server:
    /etc/NetworkManager/NetworkManager.conf
    Code:
    [main]
    plugins=ifupdown,keyfile
    
    no-auto-default=42:11:0B:0A:33:0B,
    
    [ifupdown]
    managed=true


    /etc/network/interfaces
    Code:
    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).
    
    # The loopback network interface
    auto lo
    iface lo inet loopback
    
    # The primary network interface
    allow-hotplug eth0
    iface eth0 inet static
     address ###.###.###.###
     netmask ###.###.###.###
     network ###.###.###.###
     broadcast ###.###.###.###
     gateway ###.###.###.###
     # dns-* options are implemented by the resolvconf package, if installed
     dns-nameservers 8.8.4.4
     dns-search domain.com


    /etc/resolv.conf
    Code:
    # Generated by NetworkManager
    search domain.com
    nameserver ###.###.###.###
    nameserver ###.###.###.###
    nameserver 8.8.4.4
    In this file, the first two servers seem to be put there automatically by Perfect Privacy.



    /etc/NetworkManager/dispatcher.d/01ifupdown
    Code:
    #!/bin/sh -e
    # Script to dispatch NetworkManager events
    #
    # Runs ifupdown scripts when NetworkManager fiddles with interfaces.
    # See NetworkManager(8) for further documentation of the dispatcher events.
    
    if [ -z "$1" ]; then
        echo "$0: called with no interface" 1>&2
        exit 1;
    fi
    
    if [ -n "$IP4_NUM_ADDRESSES" ] && [ "$IP4_NUM_ADDRESSES" -gt 0 ]; then
       ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet"
    fi
    if [ -n "$IP6_NUM_ADDRESSES" ] && [ "$IP6_NUM_ADDRESSES" -gt 0 ]; then
       ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet6"
    fi
    
    # If we have a VPN connection ignore the underlying IP address(es)
    if [ "$2" = "vpn-up" ] || [ "$2" = "vpn-down" ]; then
       ADDRESS_FAMILIES=""
    fi
    
    if [ -n "$VPN_IP4_NUM_ADDRESSES" ] && [ "$VPN_IP4_NUM_ADDRESSES" -gt 0 ]; then
       ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet"
    fi
    if [ -n "$VPN_IP6_NUM_ADDRESSES" ] && [ "$VPN_IP6_NUM_ADDRESSES" -gt 0 ]; then
       ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet6"
    fi
    
    # We're probably bringing the interface down.
    [ -n "$ADDRESS_FAMILIES" ] || ADDRESS_FAMILIES="inet"
    
    # Fake ifupdown environment
    export IFACE="$1"
    export LOGICAL="$1"
    export METHOD="NetworkManager"
    export VERBOSITY="0"
    
    for i in $ADDRESS_FAMILIES; do
    
        export ADDRFAM="$i"
    
        # Run the right scripts
        case "$2" in
            up|vpn-up)
                export MODE="start"
                export PHASE="post-up"
                run-parts /etc/network/if-up.d
                ;;
            down|vpn-down)
                export MODE="stop"
                export PHASE="post-down"
                run-parts /etc/network/if-post-down.d
                ;;
    # pre-up/pre-down not implemented. See
    # https://bugzilla.gnome.org/show_bug.cgi?id=387832
    #        pre-up)
    #            export MODE="start"
    #            export PHASE="pre-up"
    #            run-parts /etc/network/if-pre-up.d
    #            ;;
    #        pre-down)
    #            export MODE="stop"
    #            export PHASE="pre-down"
    #            run-parts /etc/network/if-down.d
    #            ;;
            hostname|dhcp4-change|dhcp6-change)
                # Do nothing
                ;;
            *)
                echo "$0: called with unknown action \`$2'" 1>&2
                exit 1
                ;;
        esac
    done
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice