network

unbound

/etc/unbound/unbound.conf.d/forward.conf
# unbound forward-zone output
for IP in $(consul catalog nodes | grep ctl | cut -d " " -f6); do
echo " forward-addr: ${IP}@53"
done
systemctl restart unbound

consul

echo '["abcdef123458"]' /var/consul/serf/local.keyring
service consul restart

# config
cat /etc/consul/config.json

# log
/var/log/syslog

CLI
consul catalog datacenters
consul catalog nodes
consul catalog services

consul monitor
consul validate /etc/consul/config.json
consul operator raft list-peers

Redirect UI to localhost
ssh -L 8500:localhost:8500 root@node1.example.com -N

UI listen on external
https://stackoverflow.com/questions/35132687/how-to-access-externally-to-consul-ui

# cat /etc/consul/config.json

Enable UEFI / PXE boot on Mellanox ConnectX NIC

Boot GRML iso
https://grml.org/download/

Enable SSH daemon
service ssh start
passwd
ip a

# ssh root@GRML_IP

Install Mellanox CLI tools (MFT)
http://www.mellanox.com/page/management_tools
apt update
apt install -y gcc make dkms linux-headers-$(uname -r)

URL=http://www.mellanox.com/downloads/MFT/mft-4.12.0-105-x86_64-deb.tgz
wget -O- ${URL} | tar xvz -C /tmp
/tmp/mft-*-deb/install.sh
mst start

Show device state
mst status
flint -d /dev/mst/mt4119_pciconf0 q

nmcli - NetworkManager command line tool

# list all connections
nmcli con

# show connection details
nmcli con show 'MY_CONNECTION_1'

# start vpn from command line (ubuntu)
nmcli con up id VPN_NAME

nmcli dev wifi list

# modify configuration
SSID="FRITZ!Box 5960"
PASS=00011090700208423311

nmcli con add con-name "${SSID}" ifname wlan0 type wifi ssid "${SSID}"
nmcli con modify "${SSID}" wifi-sec.key-mgmt wpa-psk
nmcli con modify "${SSID}" wifi-sec.psk "${PASS}"

nmcli con up "${SSID}"

Autostart delayed VPN connection
# /home/foo/.config/autostart/vpn.desktop
[Desktop Entry]

OpenVPN

Install
http://www.panticz.de/install_OpenVPN

Restore prevoius NetworkManager OpenVPN configurations
<?php
$URL="https://raw.githubusercontent.com/panticz/scripts/master/restoreOpenvpnConfig.sh";
echo "wget $URL -O - | bash -";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

# set file permission and owner
echo sudo chown root:root /etc/NetworkManager/system-connections/*.openvpn
echo sudo chmod 600 /etc/NetworkManager/system-connections/*.openvpn

config file

tls-client
client
dev tun
proto udp
tun-mtu 1400
remote YOUR_HOST.dyndns.org 1194
ca ca.pem
cert user.pem
key keys.pem
cipher BF-CBC
comp-lzo
verb 3
ns-cert-type server
tls-remote YOUR_HOST.dyndns.org
float

Connect to Client in same IP range
route add 192.168.1.31 dev tap0

extract p12 file
Zertifikat des Benutzers:
openssl pkcs12 -in *.p12 -clcerts -nokeys -nodes -out user.pem

Zertifikat der Zertifizierungsstelle:
openssl pkcs12 -in *.p12 -cacerts -nodes -out ca.pem

Privater Schlüssel:
openssl pkcs12 -in *.p12 -nocerts -nodes -out keys.pem

# remove passphrase from a pkcs12 certificate
openssl pkcs12 -in protected.p12 -nodes -out /tmp/temp.pem
openssl pkcs12 -export -in /tmp/temp.pem -out unprotected.p12

OpenVPN Gui (Client for Windows)
http://man.chinaunix.net/linux/efw-admin-guide-html-chunk/efw.vpn.openvpn.html

C:\Programme\OpenVPN\config\YOUR_VPN.ovpn (old)
client
proto udp
remote YOUR_SERVER.dyndns.org
resolv-retry infinite
nobind
persist-key
persist-tun
ca YOUR_CERT.cer
auth-user-pass
comp-lzo
dev tap

Configure Gnome Network Applet for Endian
VPN-Connections > VPN-Configure
Add
Create
Connection Name: YOUR_VPN_NAME
Gateway: YOUR_VPN_SERVER_IP
Type: Password
Username: YOUR_VPN_USER_NAME
Password: YOUR_VPN_PASS
CA Certificate: YOUR_ENDIAN .pem file

Advanced:
Use LZO Data Compression: checked
Use a TAP Device: check
OK

IPv4 settings > Routing:
Add
Address: YOUR_VPN_NETWORK (192.168.1.0)
Netmask: 255.255.255.0

backup your OpenVPN connections
tar cjf ~/backup/system-connections.$(date -I).tar.bz2 /etc/NetworkManager/system-connections/

Android
https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=de
http://www.rz.uni-kiel.de/pc/openvpn/AndroidVPN

Links
http://askubuntu.com/questions/29086/where-are-vpn-configuration-files-imported-by-network-manager-saved
http://www.ipcop-forum.de/forum/viewtopic.php?p=167998
http://www.ngs.ac.uk/useful-openssl-commands
http://www.sven-kuegler.de/tag/openvpn
http://www.ngs.ac.uk/useful-openssl-commands
http://man.chinaunix.net/linux/efw-admin-guide-html-chunk/efw.vpn.openvpn.html

Networks

# Example /etc/network/interfaces
auto lo
iface lo inet loopback

# device: eth0
auto eth0
iface eth0 inet static
address 178.63.46.216
broadcast 178.63.46.255
netmask 255.255.255.192
gateway 178.63.46.213

# default route to access subnet
up route add -net 178.63.46.192 netmask 255.255.255.192 gw 178.63.46.213 eth0
post-up /sbin/route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.1.1

#new
http://panticz.de/nmap-ip-and-portscan

VLAN
# show VLANs
cat /proc/net/vlan/config

# old
# scan ip from mac
NET=192.168.0