unbound
/etc/unbound/unbound.conf.d/forward.conf
# unbound forward-zone output
for IP in $(consul catalog nodes | grep ctl | cut -d " " -f6); do
echo " forward-addr: ${IP}@53"
done
systemctl restart unbound
/etc/unbound/unbound.conf.d/forward.conf
# unbound forward-zone output
for IP in $(consul catalog nodes | grep ctl | cut -d " " -f6); do
echo " forward-addr: ${IP}@53"
done
systemctl restart unbound
echo '["abcdef123458"]' /var/consul/serf/local.keyring
service consul restart
# config
cat /etc/consul/config.json
# log
/var/log/syslog
CLI
consul catalog datacenters
consul catalog nodes
consul catalog services
consul monitor
consul validate /etc/consul/config.json
consul operator raft list-peers
Redirect UI to localhost
ssh -L 8500:localhost:8500 root@node1.example.com -N
UI listen on external
https://stackoverflow.com/questions/35132687/how-to-access-externally-to-consul-ui
# cat /etc/consul/config.json
Boot GRML iso
https://grml.org/download/
Enable SSH daemon
service ssh start
passwd
ip a
# ssh root@GRML_IP
Install Mellanox CLI tools (MFT)
http://www.mellanox.com/page/management_tools
apt update
apt install -y gcc make dkms linux-headers-$(uname -r)
URL=http://www.mellanox.com/downloads/MFT/mft-4.12.0-105-x86_64-deb.tgz
wget -O- ${URL} | tar xvz -C /tmp
/tmp/mft-*-deb/install.sh
mst start
Show device state
mst status
flint -d /dev/mst/mt4119_pciconf0 q
sudo apt-add-repository universe
sudo apt install -y lldpd
# optional: enable Cisco CDP protocol
cat < /etc/default/lldpd
DAEMON_ARGS="-c"
EOF
service lldpd restart
# get info
lldpctl
# Show LLDP neighbors
networkctl lldp
lldpctl
http://www.panticz.de/lldpd
for NIC in $(find /sys/class/net -type l -not -lname "*virtual*" -printf "%f\n" | sort); do
echo "NIC: ${NIC}"
echo "NIC MAC: $(ethtool -P ${NIC})"
timeout 300 tcpdump -nn -v -i ${NIC} -s 1500 -c 1 "ether[20:2] == 0x2000"
done
# list all connections
nmcli con
# show connection details
nmcli con show 'MY_CONNECTION_1'
# start vpn from command line (ubuntu)
nmcli con up id VPN_NAME
nmcli dev wifi list
# modify configuration
SSID="FRITZ!Box 5960"
PASS=00011090700208423311
nmcli con add con-name "${SSID}" ifname wlan0 type wifi ssid "${SSID}"
nmcli con modify "${SSID}" wifi-sec.key-mgmt wpa-psk
nmcli con modify "${SSID}" wifi-sec.psk "${PASS}"
nmcli con up "${SSID}"
Autostart delayed VPN connection
# /home/foo/.config/autostart/vpn.desktop
[Desktop Entry]
# SPF
http://wiki.hetzner.de/index.php/DNS_SPF
# dig
dig txt example.com @8.8.8.8
dig example.com | grep -v ";" | grep A
dig -x 8.9.10.11 | grep IN
Flush DNS cache
sudo systemd-resolve --flush-caches
<?php
$URL="https://raw.githubusercontent.com/panticz/preseed/master/ipxe/scripts/build_ipxe.sh";
echo "wget $URL -qO - | bash -";
echo "
"; $c = curl_init(); curl_setopt($c, CURLOPT_URL, $URL); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); echo htmlspecialchars(curl_exec($c)); curl_close($c); echo "
";
?>
# ToDo: https boot
http://ipxe.org/cfg/crosscert
http://ipxe.org/cfg/trust
Links
http://ipxe.org
http://ipxe.org/download
http://www.coreboot.org/IPXE
Install
http://www.panticz.de/install_OpenVPN
Restore prevoius NetworkManager OpenVPN configurations
<?php
$URL="https://raw.githubusercontent.com/panticz/scripts/master/restoreOpenvpnConfig.sh";
echo "wget $URL -O - | bash -";
echo "
"; $c = curl_init(); curl_setopt($c, CURLOPT_URL, $URL); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); echo htmlspecialchars(curl_exec($c)); curl_close($c); echo "
";
?>
# set file permission and owner
echo sudo chown root:root /etc/NetworkManager/system-connections/*.openvpn
echo sudo chmod 600 /etc/NetworkManager/system-connections/*.openvpn
config file
tls-client client dev tun proto udp tun-mtu 1400 remote YOUR_HOST.dyndns.org 1194 ca ca.pem cert user.pem key keys.pem cipher BF-CBC comp-lzo verb 3 ns-cert-type server tls-remote YOUR_HOST.dyndns.org float
Connect to Client in same IP range
route add 192.168.1.31 dev tap0
extract p12 file
Zertifikat des Benutzers:
openssl pkcs12 -in *.p12 -clcerts -nokeys -nodes -out user.pem
Zertifikat der Zertifizierungsstelle:
openssl pkcs12 -in *.p12 -cacerts -nodes -out ca.pem
Privater Schlüssel:
openssl pkcs12 -in *.p12 -nocerts -nodes -out keys.pem
# remove passphrase from a pkcs12 certificate
openssl pkcs12 -in protected.p12 -nodes -out /tmp/temp.pem
openssl pkcs12 -export -in /tmp/temp.pem -out unprotected.p12
OpenVPN Gui (Client for Windows)
http://man.chinaunix.net/linux/efw-admin-guide-html-chunk/efw.vpn.openvpn.html
C:\Programme\OpenVPN\config\YOUR_VPN.ovpn (old)
client
proto udp
remote YOUR_SERVER.dyndns.org
resolv-retry infinite
nobind
persist-key
persist-tun
ca YOUR_CERT.cer
auth-user-pass
comp-lzo
dev tap
Configure Gnome Network Applet for Endian
VPN-Connections > VPN-Configure
Add
Create
Connection Name: YOUR_VPN_NAME
Gateway: YOUR_VPN_SERVER_IP
Type: Password
Username: YOUR_VPN_USER_NAME
Password: YOUR_VPN_PASS
CA Certificate: YOUR_ENDIAN .pem file
Advanced:
Use LZO Data Compression: checked
Use a TAP Device: check
OK
IPv4 settings > Routing:
Add
Address: YOUR_VPN_NETWORK (192.168.1.0)
Netmask: 255.255.255.0
backup your OpenVPN connections
tar cjf ~/backup/system-connections.$(date -I).tar.bz2 /etc/NetworkManager/system-connections/
Android
https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=de
http://www.rz.uni-kiel.de/pc/openvpn/AndroidVPN
Links
http://askubuntu.com/questions/29086/where-are-vpn-configuration-files-imported-by-network-manager-saved
http://www.ipcop-forum.de/forum/viewtopic.php?p=167998
http://www.ngs.ac.uk/useful-openssl-commands
http://www.sven-kuegler.de/tag/openvpn
http://www.ngs.ac.uk/useful-openssl-commands
http://man.chinaunix.net/linux/efw-admin-guide-html-chunk/efw.vpn.openvpn.html
# Example /etc/network/interfaces
auto lo
iface lo inet loopback
# device: eth0
auto eth0
iface eth0 inet static
address 178.63.46.216
broadcast 178.63.46.255
netmask 255.255.255.192
gateway 178.63.46.213
# default route to access subnet
up route add -net 178.63.46.192 netmask 255.255.255.192 gw 178.63.46.213 eth0
post-up /sbin/route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.1.1
#new
http://panticz.de/nmap-ip-and-portscan
VLAN
# show VLANs
cat /proc/net/vlan/config
# old
# scan ip from mac
NET=192.168.0