To see which services are started up on boot, run the following:
chkconfig --list systemctl list-unit-files
Category: Linux Tutorial
The default port and protocol for OpenVPN is UDP/1194.
Some server admins may block port 1194 so to get around this we can set OpenVPN to listen on port 443 instead. Port 443 is the default for HTTPS traffic so there is little chance it will be blocked.
To install OpenVPN on CentOS I recommend using this guide: https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7
If you are running a web server, the chances are nginx/apache is already listening on port 443 and we can’t have more than one application binding to the same port. Once solution is to get nginx/apache to listen for HTTPS traffic on another port (e.g 22443) and get OpenVPN to listen on port 443 (forwarding all traffic to the port 22443).
First change the listen port for your web server (apache):
sudo vi /etc/httpd/conf/httpd.conf
Modify mod_ssl (you can choose any un-used port number):
</IfModule mod_ssl.c> Listen 22443 </IfModule>
Check if port 443 is used in other config files and replace accordingly:
sudo grep '443' -r /etc/httpd/*
Modify OpenVPN server.conf:
sudo vi /etc/openvpn/server.conf
Change protocol to tcp, port 1194 to 443 and add a port-share for 22443 (your new web server port for HTTPS)
proto tcp port 443 port-share 127.0.0.1 10443
You will also have to change your ovpn config file to use the new settings:
client dev tun proto tcp remote your_server_ip 443 resolv-retry infinite nobind persist-key persist-tun comp-lzo verb 3 ca /path/to/ca.crt cert /path/to/client.crt key /path/to/client.key
Finally restart your web server and OpenVPN services:
sudo systemctl restart openvpn@server.service sudo systemctl restart httpd
When an IP is banned by Fail2Ban and you want to un-ban that IP, the command you need to run is:
sudo fail2ban-client set <jailname> unbanip ipaddress
You can get the jailname by running:
sudo fail2ban-client status
If you want to find what IPs are banned by Fail2Ban, you can check the IPTABLES by running:
sudo iptables -L -n
An example output would be:
Chain f2b-sshd (1 references) target prot opt source destination REJECT all -- 188.29.164.197 0.0.0.0/0 reject-with icmp-p ort-unreachable(1 references
To unban IP 188.29.164.197 from the sshd jail, the command would be:
sudo fail2ban-client set sshd unbanip 188.29.164.197
cd <where-you-want-tarball-saved> wget <download-latest-version-here-http://roundcube.net/download/> tar xf roundcubemail-*.tar.gz cd <the-unpacked-roundcube-directory> bin/installto.sh /usr/local/cpanel/base/3rdparty/roundcube/config
shell> sudo /Library/StartupItems/MySQLCOM/MySQLCOM start (Enter your password, if necessary) (Press Control-D or enter "exit" to exit the shell)
You might want to add aliases to your shell’s resource file to make it easier to access commonly used programs such as mysql and mysqladmin from the command line. The syntax for bash is:
alias mysql=/usr/local/mysql/bin/mysql alias mysqladmin=/usr/local/mysql/bin/mysqladmin
** UNTESTED **
#!/bin/sh # Remove previous backups to conserve on disk space rm -f /backups/* # Apt package list backup dpkg --get-selections > /backups/dpkg_list_`date +%Y-%m-%d`.txt # SQL dump mysqldump -u root -pMYPASSWORD --all-databases > /tmp/mysqlbak gzip /tmp/mysqlbak mv /tmp/mysqlbak.gz /backups/dbbackup_`date +%Y-%m-%d`.sql.gz # Filesystem backup tar cfj /backups/fsbackup_`date +%Y-%m-%d`.tar.bz2 /etc /var /home
Yum installation
yum install vnstat
Edit configuration
vim /etc/sysconfig/vnstat
I only have one interface (eth0), you may have more (eth1 etc…)
# see also: vnstat(1) # # starting with vnstat-1.6 vnstat can also be # configured via /etc/vnstat.conf # # the following sets vnstat up to monitor eth0 VNSTAT_OPTIONS="-u -i eth0"
Edit configuration
vim /etc/vnstat.conf
Set your default interface
# default interface Interface "eth0"
Setup your database
vnstat -u -i eth0
Start vnStat service
chkconfig vnstat on
Other commands for vnStat
service vnstat start service vnstat stop service vnstat restart service vnstat status
Check if installation has been successful
vnstat vnstat -i eth0
Run –help for more commands
vnstat --help
Now install php front end.
Install these if not already installed
yum install httpd php php-gd
Go to the directory you want to install the frontend. i.e. www.domain.com/vnstat/
# make directory mkdir /home/domain/public_html/vnstat # change to directory cd /home/domain/public_html/vnstat # download frontend files wget http://www.sqweek.com/sqweek/files/vnstat_php_frontend-1.5.1.tar.gz # untar file tar xvf vnstat_php_frontend-1.5.1.tar.gz # delete tar file rm -f vnstat_php_frontend-1.5.1.tar.gz
Configure vnStat php frontend
vim /home/domain/public_html/vnstat/config.php
Look for the following Strings and edit them
$language = 'en';
$iface_list = array('eth0');
$iface_title['eth0'] = 'Internal';
Check if frontend has been installed correctly
www.domain.com/vnstat/
If you get the following error:
This page contains the following errors: error on line 10 at column 10: error parsing attribute name Below is a rendering of the page up to the first error.
Edit your config.php file
vim /home/domain/public_html/vnstat/config.php
Look for
// graphics format to use: svg or png $graph_format='svg';
Replace svg with png
// graphics format to use: svg or png $graph_format='png';
My CSF firewall seemed to be blocking internet access using my VPN. I could connect to it but could not use the internet connection. Here is a solution to the problem:
Create File
vim /etc/csf/csfpre.sh
Insert This
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -i eth0 -p gre -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
Save File and Give Executable Permissions
chmod +x /etc/csf/csfpre.sh
Create File
vi /etc/csf/csfpost.sh
Input Text down
service pptpd stop service pptpd start
Save File and Give Executable Permissions
chmod +x /etc/csf/csfpost.sh
Restart CSF
csf -r