Rolly Maulana Awangga :: Catatan Ngoprek IT

Pakar dan Awam sama saja, sama sama belajar

Category Archives: jarkom

OpenVPN Server and Create Client

apt-get install openvpn openssl
cd /etc/openvpn
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa
nano easy-rsa/vars

# easy-rsa parameter settings

# NOTE: If you installed from an RPM,
# don’t edit this file in place in
# /usr/share/openvpn/easy-rsa —
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.

# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA=”/etc/openvpn/easy-rsa”

#
# This variable should point to
# the requested executables
#
export OPENSSL=”openssl”
export PKCS11TOOL=”pkcs11-tool”
export GREP=”grep”
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR=”$EASY_RSA/keys”

# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR

# PKCS11 fixes
export PKCS11_MODULE_PATH=”dummy”
export PKCS11_PIN=”dummy”

# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=1024

# In how many days should the root CA key expire?
export CA_EXPIRE=3650

# In how many days should certificates expire?
export KEY_EXPIRE=3650

# These are the default values for fields
# which will be placed in the certificate.
# Don’t leave any of these fields blank.
export KEY_COUNTRY=”ID”
export KEY_PROVINCE=”JB”
export KEY_CITY=”Bandung”
export KEY_ORG=”Astrajingga”
export KEY_EMAIL=”awangga@passionit.co.id”
export KEY_EMAIL=awangga@passionit.co.id
export KEY_CN=kududiganti
export KEY_NAME=kududiganti
export KEY_OU=kududiganti
export PKCS11_MODULE_PATH=kududiganti
export PKCS11_PIN=1234

. ./easy-rsa/vars
./easy-rsa/clean-all
cd easy-rsa
ln -s openssl-1.0.0.cnf openssl.cnf

cd ..
./easy-rsa/build-ca OpenVPN
./easy-rsa/build-key-server server
./easy-rsa/build-key client1
./easy-rsa/build-dh

now create config and copy the files from ./easy-rsa/keys/ or ./easy-rsa/2.0/keys/ to /etc/openvpn

for server :

ca.crt | server.crt | server.key | dh1024.pem

# [server.conf]
port 1194
proto tcp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

for client : ca.crt | client1.crt | client1.key

# [client.conf]
client
dev tun
proto tcp
remote ipaddressofserver 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
mute-replay-warnings
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3

To create other client just :

. ./easy-rsa/vars

./easy-rsa/build-key client2

Iklan

Cara Menggunakan IP Public (Publik) Firstmedia / Fastnet

Screen Shot 2015-04-14 at 11.21.15 AM

Perlu diketahui Fastnet atau Firstmedia menyediakan ip publik untuk para pelanggannya, hal ini bisa kita manfaatkan untuk akses ke jaringan rumah kita seperti mengakses CCTV atau server internal. Agar bisa mengaksesnya cukup kita daftarkan diri ke penyedia Dynamic DNS agar IP kita bisa kita remote dan jangan lupa aktifkan port forwarding di modemnya. Satu lagi yang membedakan dengan layanan ISP Telkomspeedy, port forwarding yang bisa digunakan harus diatas port 1000, kalao tidak maka tidak akan pernah bisa kita akses.

Location to Edit File PHP.ini in Turnkey Linux

in Turnkey Liux you cant edit general php.ini in /etc/php5/apache2/php.ini, but you need to create a new file inside conf.d folder with priority setting.

Turnkey Linux Remote

Shell Script Pencari IP Bagi Pengguna Koneksi Internet Modem

Bagi pengguna internet dial-up modem dari operator seluler yang ingin mencari ip tertentu bisa menggukan script sebagai berikut :

#!/bin/bash
ipnya=`curl -s icanhazip.com`
echo $ipnya
if [ “$ipnya” == “114.160.71.150” ]; then
echo “ip tsukaba 150!”
else
echo “ACCESS BUKAN IP 22!”
if [ “$ipnya” == “118.97.95.23” ]; then
echo “ip ny 118.97.95.23!”
else
echo “ACCESS BUKAN IP 23!”
if [ “$ipnya” == “118.97.95.24” ]; then
echo “ip ny 118.97.95.24!”
else
echo “ACCESS BUKAN IP 24!”
if [ “$ipnya” == “118.97.95.25” ]; then
echo “ip ny 118.97.95.25!”
else
echo “ACCESS BUKAN IP 25!”
if [ “$ipnya” == “118.97.95.26” ]; then
echo “ip ny 118.97.95.26!”
else
echo “ACCESS BUKAN IP 26!”
echo “restart koneksi”
# poff
# pon
fi
fi
fi
fi
fi

Always Up Services Gammu Lebih dari Satu Modem pada Debian

Setelah kita membuat file configurasi setiap modem satu file config maka untuk Cara mudahnya menjalankan service gammu dengan berbeda modem adalah dengan memasukkan perintah di /etc/rc.local

service gammu-smsd start
gammu-smsd –daemon –user gammu -c /etc/gammu-smsdrc1 –pid /var/run/gammu-smsd1.pid
gammu-smsd –daemon –user gammu -c /etc/gammu-smsdrc2 –pid /var/run/gammu-smsd2.pid
gammu-smsd –daemon –user gammu -c /etc/gammu-smsdrc3 –pid /var/run/gammu-smsd3.pid

Agar layanan service daemon tetap terjaga kita bisa memaasukkan perintah di crontab :

* * * * * /etc/rc.local

Setup Openvpn Server on Debian Wheezy and Set Up Client

root@singaraja:~# mkdir /etc/openvpn/easy-rsa
root@singaraja:~# cp -ai /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/easy-rsa/
root@singaraja:~# cd /etc/openvpn/easy-rsa/2.0/
root@singaraja:/etc/openvpn/easy-rsa/2.0# nano vars
root@singaraja:/etc/openvpn/easy-rsa/2.0# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
root@singaraja:/etc/openvpn/easy-rsa/2.0# ./clean-all
root@singaraja:/etc/openvpn/easy-rsa/2.0# ./build-ca
Generating a 1024 bit RSA private key
…………++++++
…………………..++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [ID]:
State or Province Name (full name) [JB]:
Locality Name (eg, city) [Bandung]:
Organization Name (eg, company) [passionit]:
Organizational Unit Name (eg, section) [changeme]:singaraja
Common Name (eg, your name or your server’s hostname) [changeme]:semar
Name [changeme]:semar
Email Address [awangga@passionit.co.id]:
root@singaraja:/etc/openvpn/easy-rsa/2.0# ./build-key-server semar
Generating a 1024 bit RSA private key
…………++++++
……………++++++
writing new private key to ‘semar.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [ID]:
State or Province Name (full name) [JB]:
Locality Name (eg, city) [Bandung]:
Organization Name (eg, company) [passionit]:
Organizational Unit Name (eg, section) [changeme]:serversemar
Common Name (eg, your name or your server’s hostname) [semar]:serversemar
Name [changeme]:serversemar
Email Address [awangga@passionit.co.id]:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’ID’
stateOrProvinceName :PRINTABLE:’JB’
localityName :PRINTABLE:’Bandung’
organizationName :PRINTABLE:’passionit’
organizationalUnitName:PRINTABLE:’serversemar’
commonName :PRINTABLE:’serversemar’
name :PRINTABLE:’serversemar’
emailAddress :IA5STRING:’awangga@passionit.co.id’
Certificate is to be certified until Oct 28 12:02:09 2024 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@singaraja:/etc/openvpn/easy-rsa/2.0# ./build-key iqromedia
Generating a 1024 bit RSA private key
…………………++++++
……………………………………++++++
writing new private key to ‘iqromedia.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [ID]:
State or Province Name (full name) [JB]:
Locality Name (eg, city) [Bandung]:
Organization Name (eg, company) [passionit]:
Organizational Unit Name (eg, section) [changeme]:iqromedia
Common Name (eg, your name or your server’s hostname) [iqromedia]:
Name [changeme]:iqromedia
Email Address [awangga@passionit.co.id]:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’ID’
stateOrProvinceName :PRINTABLE:’JB’
localityName :PRINTABLE:’Bandung’
organizationName :PRINTABLE:’passionit’
organizationalUnitName:PRINTABLE:’iqromedia’
commonName :PRINTABLE:’iqromedia’
name :PRINTABLE:’iqromedia’
emailAddress :IA5STRING:’awangga@passionit.co.id’
Certificate is to be certified until Oct 28 12:03:25 2024 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@singaraja:/etc/openvpn/easy-rsa/2.0# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
………………………..+.+…………….+…………………………………………………………………………………………………………………+……………………+…………………+………………………………………………………………………………..+…………………………………………………………………………………………………………………………..+……………+……………..+………………………………….+…….+……………………………….+………+…………………………………..+…………………………………………………………………………………+….+…………………………………………………………………………………………………………………………………+……..+.+………….+……+………………………+…….+…………….+………….+……………………+……………………………………………………………………………….+………………………………………………….+………………………………………+…………..+……….+…………+………………………………………………………………….+…………………………………………………..+…………………….+……………………………………………….+…………………………………………………………………………………………………………………………………………………………………+..+…………………………………………………+…+………+……+……….+……………………………………………+…………………………………………………………………………..+……………………………….+…………………………+……………+………………………………………………+……………………………..+….+…………………………………………….+……………………………………………………………………………………+……………………………………………………………..+……………+…………………………………..+……………………….+…………………………………………………………………………..+…………………………………………..+…………………………………………………………………..+……………………..+…………………………………………+…………………………………………………………………………………………….+………..+…….+……………………………………………………………………..+………………………………………………………………………………..+…+…………………+………+…………………+……………………………………..+…………..+….+………………….+……….+…………………………………..+……………………………………………………………………..+…………………………+…………+………………………+…………+………………………………..+………………..+………………………………………………………………………………………………………………….+………………..++*++*++*
root@singaraja:/etc/openvpn/easy-rsa/2.0# cd ..
root@singaraja:/etc/openvpn/easy-rsa# cd ..
root@singaraja:/etc/openvpn# cp ./easy-rsa/2.0/keys/ca.crt .
root@singaraja:/etc/openvpn# cp ./easy-rsa/2.0/keys/semar.key .
root@singaraja:/etc/openvpn# cp ./easy-rsa/2.0/keys/semar.crt .
root@singaraja:/etc/openvpn# cp ./easy-rsa/2.0/keys/dh1024.pem .

root@singaraja:/etc/openvpn# cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz .
root@singaraja:/etc/openvpn# gunzip server.conf.gz
root@singaraja:/etc/openvpn# nano server.conf

# [server.conf]
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 202.107.105.13"
push "dhcp-option DNS 202.108.107.21"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

root@singaraja:/etc/openvpn# service openvpn start
[ ok ] Starting virtual private network daemon: server.
root@singaraja:/etc/openvpn# ifconfig
eth0 Link encap:Ethernet HWaddr 74:d4:35:e0:7d:10
inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::76d4:35ff:fee0:7d10/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:165854998 errors:17 dropped:0 overruns:0 frame:8
TX packets:184415361 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:109560987302 (102.0 GiB) TX bytes:158607736676 (147.7 GiB)
Interrupt:20 Memory:d3800000-d3820000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1234141 errors:0 dropped:0 overruns:0 frame:0
TX packets:1234141 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1405142544 (1.3 GiB) TX bytes:1405142544 (1.3 GiB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

root@singaraja:/etc/openvpn# cat /proc/sys/net/ipv4/ip_forward
1
root@singaraja:/etc/openvpn# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.1.254 0.0.0.0 UG 100 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

root@singaraja:/etc/openvpn# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ./easy-rsa/2.0/keys/
root@singaraja:/etc/openvpn# nano ./easy-rsa/2.0/keys/client.conf

# [client.conf]
client
dev tun
proto udp
remote 66.32.272.181 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
mute-replay-warnings
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client_kevin.crt
key /etc/openvpn/client_kevin.key
ns-cert-type server
comp-lzo
verb 3

Reverse SSH Untuk Kepentingan Remote ke Device Tanpa IP Publik

perangkat linux yang akan diremote pertama kali harus meremote ssh ke server yang memiliki ip publik dengan menggunakan perintah :

ssh -fN -R 192.168.1.4:2202:localhost:22 singaraja@singaraja.ddns.net

192.168.1.4 adalah ip lokal intranet server agar kita bisa meremote dari LAN. dan 2202 adalah port LAN tersebut. singaraja.ddns.net merupakan ip publik server. Untuk binding ke semua network interface bisa menggunakan perintah :

ssh -fN -R 0.0.0.0:2202:localhost:22 singaraja@singaraja.ddns.net

Kemudian, dari server tersebut kita konfigurasi file /etc/ssh/sshd_config tambahkan GatewayPorts clientspecified bisa meremote kepada perangkat linux tadi

Enabling php to send email in Centos 6.3

Screen Shot 2014-08-25 at 2.37.04 PM
By default instalation of apache and php in centos 6.3 or ther el6. to have php can use email function to send email by script. you must be set the selinux boolean setting. by typing this :

[root@postel ~]# sestatus -b | grep -i sendmail
httpd_can_sendmail on
logging_syslogd_can_sendmail off
[root@postel ~]# setsebool -P httpd_can_sendmail 1
[root@postel ~]# setsebool -P httpd_can_network_connect on

Creating Local Socks Proxy Using SSH with Terminal

In POSIX OS (LINUX or MAC OSX), you have a terminal which is used to type some command to remote your server using ssh command.
You can create a local Socks Proxy forwarding traffic directly to your server, so you can bypass internet filtering by your country ISP.
in your POSIX box terminal just add comman -D port (ex. -D 1080), like this :

$ssh -D 1080 user@host.com

Alternatifely you can add port forwarder to your server proxy(you can setup a Tinyproxy) on the Internet using command

$ssh -L 8035:localhost:8035 user@host.com
so with this command, local computer on port 8035 will forward to proxy server port 8035

Instalasi Tomcat7 Debian Wheezy dengan virtual host

Bisa langsung saja ikuti langkah berikut ini :

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-apache-tomcat-on-a-debian-server

untuk kepentingan update ke versi jdk terbaru anda bisa mengikuti langkah berikut :

http://d.stavrovski.net/blog/post/installing-oracle-java-8-on-debian-wheezy-or-ubuntu

apabila dibutuhkan, bisa menghapus versi java sebelumnya

http://www.wikihow.com/Install-Oracle-Java-JRE-on-Ubuntu-Linux

 

Untuk membuat Virtual host anda harus memasuki host manager anda kemudian, anda bisa memasukkan absolute path host virtual anda dengan skeleton direktori didalamnya ada ROOT, didalam root ada META-INF.

 

%d blogger menyukai ini: