- Детальная настройка всего хозяйства
- Embedded:
- Записываем модули ядра в папку /boot/kernel/
- Perormance tests
- Encrypted swap
- Другие разновидности
- HTTPS и HSTS
- FreeNAS FC Target
- Делаем доступ к FC-дискам для FreeNAS
- FreeNAS изменение карты разделов корневого диска
- FreeNAS replication tasks
- PFSense and Ubiquiti
- Редактируем менюхи Web-GUI
- Старые версии приложений
- BHYVE and Pass-thru NIC
- Postgresql in freenas Jail
- Jails in PFSense
- FreeNAS rc.conf modification
- Embedded
- У свитчей Ubiquiti дефолтный админ называется ubnt
- PFSense Traffic Shaper
- PFSense. L2TP over IPSec
- Plex Home Theater embedded
- FreeNAS не грузится с флешки
- adv
- FreeBSD
- FreeBSD FUSE+ExFAT
- FreeBSD and NFS
- IPFW
- Install VirtalBox to FreeBSD and FreeNAS
- Выявляем состояние дисков
- FreeBSD: IPv6 setup
- Мониторинг RAID из командной строки
- FreeBSD Hardware Info
- FreeBSD pkg2ng and ports
- Unicode и Русский язык в FreeBSD 7.0 и выше
- FreeBSD 8.X - 9.X - 10.X Unicode Support
- Mellanox Infiniband Driver FreeBSD
- FreeBSD Network tuning
- VirtualBox 5 на Freebsd 10
- Установка времени и зоны
- Пароль на Single User
- OpenVPN
- UPS and nut
- FreeBSD iSCSI
- jails
- Diskless FreeBSD, iSCSI NetBoot
- Разрешение монитора
- Root on ZFS
- IPFW + NATD
- No buffer space available
- Работа с ZFS
- FreeBSD GEOM Recovery
- Postfix LDAP Sasl
- Links
- FreeBSD get sources
- Link Aggregation
- 10 Gb Ethernet Drivers
- Highpoint RocketRAID 2680 FreeBSD
- Webmin not starts, miniserv got an error (opt)
- Mount iso and other tips
- Работа с дисками
- LSI Pre-boot USB and CD installation instructions, EULA, and sources
- Выявляем состояние дисков
- MegaCli and tw_cli commands. Add drive to LSI RAID Volume
- Создание большого диска на FreeBSD
- Windows. OS not found Fix
- HPT Commands
- Resize EXT4
- Fsck
- Quantum StorNext
- RAID Basics
- Disk Recovery tools
- Выбор SSD
- RAID Basics
- Mac OS X: Manage GPT structure
- FreeBSD GEOM Recovery
- WD: Red, Green
- FreeNAS не грузится с флешки
- Create bsd slice
- Восстановление прошивки RAID-контроллеров LSI
- ZFS Administration
- EFI / UEFI
- Телефония
- Security Lab
- SSL Cert Auth
- Advanced IPFW rules
- Crypto Locker
- Astra Linux install Redis with SSL/TLS support
- Boot Password
- Default Passwords
- SSL A+
- Crypto Locker. Short English version
- Уязвимость OpenSSL
- SSL Auth Process
- Crypto Locker. Часть 2
- IPFW
- Скрипт диагностики сети
- Шьерт побьери
- SMS-оповещение
- Port Knock
- Козлизм
- NTP amplification attack
- Openssl create self-signed cert
- Социальная инженерия
- Постановление № 1119 от 02.11.2012
- Subject Alternate Name Certificate
- Switch Flood
- Видеонаблюдение
- DCP Checksum
- UDP Punch Attack
- Настройки общих для POSIX-систем служб
- Windows
- Linux
- RHEL / CentOS Install and inital configuration
- Linux Links
- Boot Linux into text mode
- GFS2
- Срубаем пароли
- Linux Hardware info
- Linux chroot
- DNSMASQ
- Ограничиваем память
- Bash history search like tsch
- NFS on RedHAT 5
- Делаем репозиторий для локалки
- ifcfg в RHEL/CentOS
- RHEL / CentOS UPGRADE: (6.3 -> 6.4, 6.4 -> 6.5)
- Linux Security: systemd
- Mac OS X
- Скрыть юзера
- TLS server engine: cannot load CA data
- Mac Keeper
- IPv6 в Safari
- Mac OS create user
- Sudo repair
- XSAN
- Сбросить пароль
- DNS
- Rebuild System Cache
- CrossOver и русский кызя
- Хакинтош
- iTunes ip port
- Неофициальная поддержка LSI RAID
- Отобрать админские полномочия у пользователя
- Mac OS X: Manage GPT structure
- PF in Mac OS 10.7-10.9
- Расшарить папку по NFS
- ML (10.8) change hostname
- OpenDirectory passwd
- Open Directory SSL
- Cсылки afp://ip.addr/Share/Folder
- Legacy AFP
- sha1 checksum
- WiFi 5GHz
- Time Machine
- Network
- Виртуалки
Yet another one sysadsmin wiki.
OpenVPN
Настройка обычного VPN с NAT-ом - тут: https://ramsdenj.com/2016/07/25/openvpn-on-freebsd-10_3.html
Все месте - искать тут: https://openvpn.net/index.php/open-source/documentation/howto.html
Bridged OpenVPN
Server part:
- openvpn.conf
float daemon dev tap proto udp mode server port 61194 local 172.25.111.126 server-bridge nogw comp-lzo persist-key persist-tun reneg-sec 0 duplicate-cn tls-timeout 90 hand-window 120 keepalive 30 300 client-to-client script-security 2 username-as-common-name client-cert-not-required plugin /opt/openvpn/lib/openvpn-auth-pam.so login ;plugin /opt/openvpn/lib/openvpn/plugins/openvpn-plugin-auth-pam.so login tls-server ca /etc/opt/openvpn/bridge/server/ca-crt.pem key /etc/opt/openvpn/bridge/server/server-key.pem cert /etc/opt/openvpn/bridge/server/server-crt.pem dh /etc/opt/openvpn/bridge/server/dh-key.pem tls-auth /etc/opt/openvpn/bridge/server/ta-key.pem 0 up /etc/opt/openvpn/bridge/server/openvpn.sh down /etc/opt/openvpn/bridge/server/openvpn.sh client-connect /etc/opt/openvpn/bridge/server/openvpn.sh client-disconnect /etc/opt/openvpn/bridge/server/openvpn.sh verb 1 mute 10 status-version 2 log /var/opt/openvpn/bridge-server.log writepid /var/opt/openvpn/bridge-server.pid status /var/opt/openvpn/bridge-server.stat 60 log-append /var/opt/openvpn/bridge-server.log tmp-dir /var/opt/openvpn
В /etc/opt/openvpn/bridge/server/openvpn.sh кладем файл
- openvpn.sh
!/bin/sh PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" exec 1>/dev/null 2>&1 TAP=$dev NIC=vlan21 BIF=bridge0 case "$script_type" in up) ifconfig $BIF || ifconfig $BIF create ifconfig $BIF | awk '/member: / { print $2 }' | grep -w "$NIC" || ifconfig $BIF addm $NIC up ;; down) ifconfig $BIF | awk '/member: / { print $2 }' | grep -w "$NIC" && ifconfig $BIF deletem $NIC ifconfig $BIF && ifconfig $BIF destroy ;; esac
Client side part:
- openvpn.conf
float client daemon dev tap proto udp nobind comp-lzo persist-key persist-tun reneg-sec 0 tls-timeout 90 hand-window 120 keepalive 30 300 script-security 2 mute-replay-warnings remote-random resolv-retry infinite remote 111.222.333.444 61194 up /etc/opt/openvpn/bridge/client/openvpn.sh down /etc/opt/openvpn/bridge/client/openvpn.sh ca /etc/opt/openvpn/bridge/client/ca-crt.pem tls-auth /etc/opt/openvpn/bridge/client/ta-key.pem 1 auth-user-pass /etc/opt/openvpn/bridge/client/openvpn.pwd verb 3 mute 10 status-version 2 log /var/opt/openvpn/bridge-client.log writepid /var/opt/openvpn/bridge-client.pid status /var/opt/openvpn/bridge-client.stat 60 log-append /var/opt/openvpn/bridge-client.log
- openvpn.sh
#!/bin/sh PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" exec 1>/dev/null 2>&1 TAP=$dev NIC=ext1 BIF=bridge0 case "$script_type" in up) ifconfig $TAP up ifconfig $BIF || ifconfig $BIF create ifconfig $BIF | awk '/member: / { print $2 }' | grep -w "$NIC" || ifconfig $BIF addm $NIC up ifconfig $BIF | awk '/member: / { print $2 }' | grep -w "$TAP" || ifconfig $BIF addm $TAP up ;; down) ifconfig $BIF | awk '/member: / { print $2 }' | grep -w "$TAP" && ifconfig $BIF deletem $TAP ifconfig $BIF | awk '/member: / { print $2 }' | grep -w "$NIC" && ifconfig $BIF deletem $NIC ifconfig $BIF && ifconfig $BIF destroy ifconfig $TAP destroy ;; esac
- openvpn.pwd
ClientName ClientPassword
