Tag: Ubuntu

Install remote desktop connection on Ubuntu (XRDP)

Install Gui

sudo apt-get install lubuntu-desktop

sudo apt-get remove unity unity-2d

sudo apt-get remove unity unity-2d-places unity-2d unity-2d-panel unity-2d-spread unity-asset-pool unity-services unity-lens-files unity-lens-music unity-lens-applications gir1.2-unity-4.0 unity-common indicator-sound indicator-power indicator-appmenu libindicator6 indicator-application evolution-indicator indicator-datetime indicator-messages libnux-1.0-0 nuxtools

Install XRDP

sudo apt-get install xrdp

lxsession -e LXDE -s Lubuntu

echo "lxsession -s Lubuntu -e LXDE" > ~/.xsession

sudo service xrdp restart

Finally you can connect with remote desktop connection.

Setup OpenConnect VPN Server for Cisco AnyConnect on Ubuntu 14.04 x64

OpenConnect server, also known as ocserv, is a VPN server that communicates over SSL. By design, its goal is to become a secure, lightweight, and fast VPN server. OpenConnect server uses the OpenConnect SSL VPN protocol. At the time of writing, it also has experimental compatibility with clients that use the AnyConnect SSL VPN protocol.

This article will show you how to install and setup ocserv on Ubuntu 14.04 x64.

Installing ocserv

Since Ubuntu 14.04 does not ship with ocserv, we will have to download the source code and compile it. The latest stable version of ocserv is 0.9.2.

Download ocserv from the official site.

wget ftp://ftp.infradead.org/pub/ocserv/ocserv-0.9.2.tar.xz
tar -xf ocserv-0.9.2.tar.xz
cd ocserv-0.9.2

Next, install the compile dependencies.

apt-get install build-essential pkg-config libgnutls28-dev libwrap0-dev libpam0g-dev libseccomp-dev libreadline-dev libnl-route-3-dev

Compile and install ocserv.

./configure
make
make install

Configuring ocserv

A sample config file is placed under the directory ocser-0.9.2/doc. We will use this file as a template. At first, we have to make our own CA cert and server cert.

cd ~
apt-get install gnutls-bin
mkdir certificates
cd certificates

We create a CA template file (ca.tmpl) with the content similar to the following. You can set your own “cn” and “organization”.

cn = "VPN CA" 
organization = "Big Corp" 
serial = 1 
expiration_days = 3650
ca 
signing_key 
cert_signing_key 
crl_signing_key

Then, generate a CA key and CA cert.

certtool --generate-privkey --outfile ca-key.pem
certtool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl --outfile ca-cert.pem

Next, create a local server certificate template file (server.tmpl) with the the content below. Please pay attention to the “cn” field, it must match the DNS name or IP address of your server.

cn = "you domain name or ip"
organization = "MyCompany" 
expiration_days = 3650 
signing_key 
encryption_key
tls_www_server

Then, generate the server key and certificate.

certtool --generate-privkey --outfile server-key.pem
certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --outfile server-cert.pem

Copy the key, certificate, and config file to the ocserv config directory.

mkdir /etc/ocserv
cp server-cert.pem server-key.pem /etc/ocserv
cd ~/ocserv-0.9.2/doc
cp sample.config /etc/ocserv/config
cd /etc/ocserv

Edit the config file under /etc/ocserv. Uncomment or modify the fields described below.

auth = "plain[/etc/ocserv/ocpasswd]"

try-mtu-discovery = true

server-cert = /etc/ocserv/server-cert.pem
server-key = /etc/ocserv/server-key.pem

dns = 8.8.8.8

# comment out all route fields
#route = 10.10.10.0/255.255.255.0
#route = 192.168.0.0/255.255.0.0
#route = fef4:db8:1000:1001::/64
#no-route = 192.168.5.0/255.255.255.0

cisco-client-compat = true

Generate a user that will be used to login to ocserv.

ocpasswd -c /etc/ocserv/ocpasswd username

Enable NAT.

iptables -t nat -A POSTROUTING -j MASQUERADE

Enable IPv4 forwarding. Edit the file /etc/sysctl.conf.

net.ipv4.ip_forward=1

Apply this modification.

sysctl -p /etc/sysctl.conf

Start ocserv and connect using Cisco AnyConnect

First, start ocserv.

ocserv -c /etc/ocserv/config

Then, install Cisco AnyConnect on any of your devices, such as iPhone, iPad, or an Android device. Since we used a self-signed server key and certificate, we have to uncheck the option which prevents insecure servers. This option is located in the settings of AnyConnect. At this point, we can setup a new connection with the domain name or IP address of our ocserv and the username/password that we created.

Connect and enjoy!

Add a Secondary IPv4 Address to Your VPS

This tutorial explains how to setup an additional IPv4 address on your Vultr VPS. We will assume the following:

  • The Main IP Address of your VPS is 1.2.3.4.
  • You have purchased an additional IP address through the Vultr control panel, and you were assigned 1.2.3.5.

After purchasing an additional IPv4 address you must restart the VPS using the “Server Restart” feature from within the Vultr control panel. This must be done regardless of the installed operating system.

Each example below will configure the secondary IP address to become automatically available, and remain configured even after your server is rebooted. You can test if the IP address is configured by pinging it with the ping utility on your client computer.

Windows Server 2012

The main IPv4 address must be configured manually before adding another IPv4 address.

To configure the main IPv4 manually:

  1. Open a Command Prompt (cmd.exe).
  2. Type: ipconfig /all
  3. There will be a page or two of output. Find the page that has information about your primary ethernet adapter, which is typically “Ethernet adapter Ethernet 2”. Write down the values for IPv4 AddressSubnet MaskDefault Gateway, and DNS Servers.Ethernet adapter Ethernet 2: Connection-specific DNS Suffix . : Physical Address. . . . . . . . . : 00-00-00-00-00-00 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 1.2.3.4(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.254.0 Default Gateway . . . . . . . . . : 1.2.3.1 DNS Servers . . . . . . . . . . . : 108.61.10.10 NetBIOS over Tcpip. . . . . . . . : Enabled
  4. Open the windows control panel. You can access it from the start menu.
  5. Click “Network and Internet”.
  6. Click “Network and Sharing Center”.
  7. Click “Change adapter settings”.
  8. Right click on the primary ethernet adapter, and click “Properties”. The “Ethernet Properties” window will open.
  9. Select “Internet Protocol Version 4 (TCP/IPv4)”, then click the “Properties” button. The “Internet Protocol Version 4 (TCP/IPv4) Properties” window will open.
  10. Check the box that reads “Use the following IP address:”. Populate the fields beneath it with the values you wrote down earlier.
  11. Check the box that reads “Use the following DNS server addresses:”. Populate the fields beneath it with the values you wrote down earlier. If you only have one DNS server, leave “Alternate DNS server” empty.
  12. Click “OK”. Then click “OK” on the “Ethernet Properties” window. The main IPv4 has been configured manually. Note that it is normal for the connection to hiccup after pressing “OK”.

Add secondary IPv4 using cmd.exe:

 netsh interface ipv4 add address "Ethernet" 1.2.3.5 255.255.255.0

Add secondary IPv4 using a remote login:

  1. Open the windows control panel. You can access it from the start menu.
  2. Click “Network and Internet”.
  3. Click “Network and Sharing Center”.
  4. Click “Change adapter settings”.
  5. Right click on the primary ethernet adapter, and click “Properties”. The “Ethernet Properties” window will open.
  6. Select “Internet Protocol Version 4 (TCP/IPv4)”, then click the “Properties” button. The “Internet Protocol Version 4 (TCP/IPv4) Properties” window will open.
  7. Click “Advanced…”. The “Advanced TCP/IP Settings” window will open.
  8. In the “IP addresses” group, click “Add…”. The “TCP/IP Address” window will open.
  9. Fill in the “IP address” and “Subnet mask” boxes. Use “1.2.3.5” for the IP address and “255.255.255.0” as the subnet mask.
  10. Click “Add”. The “TCP/IP Address” window will close.
  11. Click “OK” on the “Advanced TCP/IP Settings” window. This window will close.
  12. Click “OK” on the “Internet Protocol Version 4 (TCP/IPv4) Properties” window. This window will close.
  13. Click “OK” on the “Ethernet Properties” window. This window will close, and your secondary IP address will be configured.

CentOS 6

  1. Change the boot protocol from “dhcp” to “static” on eth0. If you are already using a static binding, you can skip this step. Otherwise, follow these directions:
    • Open /etc/sysconfig/network-scripts/ifcfg-eth0 in a text editor.
    • Change BOOTPROTO=dhcp to BOOTPROTO=static.
    • Add these lines at the end of the file. Substitute “[mainip]“, “[netmask]“, and “[gateway]” with the values from the “IPv4” tab on your Vultr control panel. IPADDR=[mainip] NETMASK=[netmask] GATEWAY=[gateway]
    • Run ifup eth0.
  2. Create the file /etc/sysconfig/network-scripts/ifcfg-eth0:1.
  3. Populate the file with the following contents:DEVICE=eth0:1 BOOTPROTO=static IPADDR=1.2.3.5 ONBOOT=yes
  4. Activate the alias with the following command:ifup eth0:1

Ubuntu

  1. Determine the name of your ethernet device. In this example, we’ll use eth0.ip link show
  2. Add the following lines in /etc/network/interfaces:auto eth0:0 iface eth0:0 inet static address 1.2.3.5 netmask 255.255.255.0
  3. Activate the alias with the following command:ifup eth0:0

Ubuntu 16.x

  1. Determine the name of your ethernet device. In this example, we’ll use ens3.ip link show
  2. Add the following lines in /etc/network/interfaces:auto ens3:0 iface ens3:0 inet static address 1.2.3.5 netmask 255.255.255.0
  3. Activate the alias with the following command:ifup ens3:0

Please note: You need to make sure your interface name matches that of the example: e.g. eth0ens3 etc… and make sure to modify the example configuration to use the correct interface name and IPs.

Ubuntu 18.04 LTS

  1. Determine the name of your ethernet device. In this example, we’ll use ens3.ip link show
  2. Create /etc/netplan/60-secondary-ip.yaml:network: version: 2 renderer: networkd ethernets: ens3: addresses: - 1.2.3.4/32 - 1.2.3.5/32
  3. Activate the alias with the following command:netplan try

Please note: You need to make sure your interface name matches that of the example: e.g. eth0ens3 etc… and make sure to modify the example configuration to use the correct interface name and IPs.

FreeBSD 10

  1. Add the following lines in /etc/rc.conf:ifconfig_vtnet0_alias0="1.2.3.5 netmask 255.255.255.0"
  2. Run the following command to restart networking:/etc/rc.d/netif restart && /etc/rc.d/routing restart

Setup OpenConnect VPN Server for Cisco AnyConnect on Ubuntu 14.04 x64

OpenConnect server, also known as ocserv, is a VPN server that communicates over SSL. By design, its goal is to become a secure, lightweight, and fast VPN server. OpenConnect server uses the OpenConnect SSL VPN protocol. At the time of writing, it also has experimental compatibility with clients that use the AnyConnect SSL VPN protocol.

This article will show you how to install and setup ocserv on Ubuntu 14.04 x64.

Installing ocserv

Since Ubuntu 14.04 does not ship with ocserv, we will have to download the source code and compile it. The latest stable version of ocserv is 0.9.2.

Download ocserv from the official site.

wget ftp://ftp.infradead.org/pub/ocserv/ocserv-0.9.2.tar.xz
tar -xf ocserv-0.9.2.tar.xz
cd ocserv-0.9.2

Next, install the compile dependencies.

apt-get install build-essential pkg-config libgnutls28-dev libwrap0-dev libpam0g-dev libseccomp-dev libreadline-dev libnl-route-3-dev

Compile and install ocserv.

./configure
make
make install

Configuring ocserv

A sample config file is placed under the directory ocser-0.9.2/doc. We will use this file as a template. At first, we have to make our own CA cert and server cert.

cd ~
apt-get install gnutls-bin
mkdir certificates
cd certificates

We create a CA template file (ca.tmpl) with the content similar to the following. You can set your own “cn” and “organization”.

cn = "VPN CA" 
organization = "Big Corp" 
serial = 1 
expiration_days = 3650
ca 
signing_key 
cert_signing_key 
crl_signing_key

Then, generate a CA key and CA cert.

certtool --generate-privkey --outfile ca-key.pem
certtool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl --outfile ca-cert.pem

Next, create a local server certificate template file (server.tmpl) with the the content below. Please pay attention to the “cn” field, it must match the DNS name or IP address of your server.

cn = "you domain name or ip"
organization = "MyCompany" 
expiration_days = 3650 
signing_key 
encryption_key
tls_www_server

Then, generate the server key and certificate.

certtool --generate-privkey --outfile server-key.pem
certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --outfile server-cert.pem

Copy the key, certificate, and config file to the ocserv config directory.

mkdir /etc/ocserv
cp server-cert.pem server-key.pem /etc/ocserv
cd ~/ocserv-0.9.2/doc
cp sample.config /etc/ocserv/config
cd /etc/ocserv

Edit the config file under /etc/ocserv. Uncomment or modify the fields described below.

auth = "plain[/etc/ocserv/ocpasswd]"

try-mtu-discovery = true

server-cert = /etc/ocserv/server-cert.pem
server-key = /etc/ocserv/server-key.pem

dns = 8.8.8.8

# comment out all route fields
#route = 10.10.10.0/255.255.255.0
#route = 192.168.0.0/255.255.0.0
#route = fef4:db8:1000:1001::/64
#no-route = 192.168.5.0/255.255.255.0

cisco-client-compat = true

Generate a user that will be used to login to ocserv.

ocpasswd -c /etc/ocserv/ocpasswd username

Enable NAT.

iptables -t nat -A POSTROUTING -j MASQUERADE

Enable IPv4 forwarding. Edit the file /etc/sysctl.conf.

net.ipv4.ip_forward=1

Apply this modification.

sysctl -p /etc/sysctl.conf

Start ocserv and connect using Cisco AnyConnect

First, start ocserv.

ocserv -c /etc/ocserv/config

Then, install Cisco AnyConnect on any of your devices, such as iPhone, iPad, or an Android device. Since we used a self-signed server key and certificate, we have to uncheck the option which prevents insecure servers. This option is located in the settings of AnyConnect. At this point, we can setup a new connection with the domain name or IP address of our ocserv and the username/password that we created.

Connect and enjoy!