Tuesday, September 23, 2014

How to Setup and Configure an OpenVPN Server on CentOS 6

One of the commonly asked questions from our users is how to add another IP address to their server. You can assign your own private IP address to your droplet by creating a VPN tunnel. Whether you want to build your own Virtual Private Network (VPN), or assign an SSL certificate to that IP address, you have several options. From all of the possible options, the most optimal ones are between PPTP and OpenVPN. A Point-To-Point Tunneling Protocol (PPTP) allows you to implement your own VPN very quickly, and is compatible with most mobile devices. Even though PPTP is less secure than OpenVPN, it is also faster and uses less CPU resources.

Step 1 - PPTP Installation

You will have to select one server to be responsible for handling out IPs to others and authenticating all of your servers into your VPN. This will become your PPTP Server.
On CentOS 6 x64:
rpm -i http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
yum -y install pptpd
On Ubuntu 12.10 x64:
apt-get install pptpd
Now you should edit /etc/pptpd.conf and add the following lines:
localip 10.0.0.1
remoteip 10.0.0.100-200
Where localip is IP address of your server and remoteip are IPs that will be assigned to clients that connect to it.
Next, you should setup authentication for PPTP by adding users and passwords. Simply add them to /etc/ppp/chap-secrets : Where client is the username, server is type of service – pptpd for our example, secret is the password, and IP addresses specifies which IP address may authenticate. By setting ‘*’ in IP addresses field, you specify that you would accept username/password pair for any IP.

Step 2 - Add DNS servers to /etc/ppp/pptpd-options

ms-dns 8.8.8.8
ms-dns 8.8.4.4
Now you can start PPTP daemon:
service pptpd restart
Verify that it is running and accepting connections:

Step 3 - Setup Forwarding

It is important to enable IP forwarding on your PPTP server. This will allow you to forward packets between public IP and private IPs that you setup with PPTP. Simply edit /etc/sysctl.conf and add the following line if it doesn’t exist there already:
net.ipv4.ip_forward = 1
To make changes active, run sysctl -p

Step 4 - Create a NAT rule for iptables

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save
If you would also like your PPTP clients to talk to each other, add the following iptables rules:
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface eth0 -j ACCEPT
Now your PPTP server also acts as a router.
If you would like to restrict which servers can connect to your droplets, you can setup an iptables rule that restricts TCP connects to port 1723.
at No comments:

Monday, September 8, 2014

Zimbra reports “ Error: Queue report unavailable – mail system is down ”

During update from one version to another or sometimes when you reboot Zimbra you can get following error:  "Error: Queue report unavailable - mail system is down".
We can find that it does not starts correctly the service postfix MTA. But the system shows that everything is working properly:
zcs @ zimbra: ~ $ zmcontrol status
Host zcs.ilba.cat
        antispam                Running
        antivirus               Running
        convertd                Running
        ldap                    Running
        LOGGER Running
        mailbox                 Running
        mta                     Running
        opendkim                Running
        proxy                   Running
        snmp                    Running
        spell                   Running
        stats                   Running
        zmconfigd               Running
We reviewed logs and services and we see that the MTA is down:
zimbra@zcs:~$ tail -f /var/log/mail.log
Jan 22 11:08:00 zcs postfix/postqueue[19195]: fatal: Queue report unavailable - mail system is down

zimbra @ zcs: ~ $ netstat -nlpt | grep 25
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 0.0.0.0:7025            0.0.0.0:*               LISTEN      -
We proceed to restart the service postfix hand, indicates that it has raised correctly, but does not work:
Zimbra ZCS @: ~ $ / opt / Zimbra / bin / zmmtactl stop
/postfix-script: fatal: the Postfix mail system is not running
Stopping saslauthd...done.

Zimbra ZCS @: ~ $ / opt / Zimbra / bin / zmmtactl start
Rewriting configuration files...done.
Starting saslauthd...done.

zimbra @ zcs: ~ $ netstat -nlpt | grep 25
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 0.0.0.0:7025            0.0.0.0:*               LISTEN      -
The problem is that there is master.pid file, which tells the postfix that is raised, but it really is not raised. We looked:
root@zcs:~# locate master.pid
/opt/zimbra/data/postfix/spool/pid/master.pid
And delete it or rename it and then restart the MTA:
zcs root @: ~ # mv /opt/zimbra/data/postfix/spool/pid/master.pid /opt/zimbra/data/postfix/spool/pid/master.pid.ori

root@zcs:~# su - zimbra

Zimbra ZCS @: ~ $ / opt / Zimbra / bin / zmmtactl start
Rewriting configuration files...done.
Starting saslauthd...already running.
/postfix-script: starting the Postfix mail system
at 14 comments:
Subscribe to: Posts (Atom)

How to use DiskSpd to simulate Veeam Backup & Replication disk actions

This HOW-TO contains information on how to use Microsoft© DiskSpd to simulate Veeam Backup & Replication disk actions to measure disk pe...