Archive for February, 2015

Using SSH keys for Password-less Logins and Transparent Multi-hop SSH

February 8, 2015 Leave a comment
Categories: Uncategorized

SSH SOCKS Tunnel Web Browsing

February 7, 2015 1 comment

A new VPS host to look at

Important way to confirure Firefox to tunnel all DNS queries

ssh -D 8080 -C -N
-N	     Do not execute a remote command.  This is useful for just for-
	     warding ports (protocol version 2 only).
 -C	     Requests compression of all data (including stdin, stdout,
	     stderr, and data for forwarded X11 and TCP connections).  The
	     compression algorithm is the same used by gzip(1), and the
	     "level" can be controlled by the CompressionLevel option for pro-
	     tocol version 1.  Compression is desirable on modem lines and
	     other slow connections, but will only slow down things on fast
	     networks.	The default value can be set on a host-by-host basis
	     in the configuration files; see the Compression option.
Categories: Uncategorized

Create Debian 7 OpenVPN Client NAT Gateway Router to Local Network

February 7, 2015 Leave a comment

SSH to OpenVPN Access Server

Create PAM user

Log in to OpenVPN Access Server web Admin interface.

Add user


Log out of Access Sever Admin interface.

Log in directly to main Access Server web interface (not Admin) as new user – select Login (not Connect)

Download and install Windows Client.

Download Autologin profile. * Make note as this file will be used below.

Verify connectivity from Windows Client.

PuTTY SSH to Debian Client. – Note using PuTTY as clipboard paste will be used below.

Enable IPv4 forwarding

sudo nano /etc/sysctl.conf

Uncomment the line

# net.ipv4.ip_forward=1

Run the following command to make the change effective without a reboot.

sudo sysctl -w net.ipv4.ip_forward=1

Add iptables rules for NAT to work

sudo nano /etc/rc.local

Make sure the following two lines appear before the exit 0 line in the file.

/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE

To make these iptables rules active without rebooting, run the following commands:

sudo iptables -P FORWARD ACCEPT
sudo iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE

Install OpenVPN

sudo apt-get install openvpn

Edit Autologin user profile in Wordpad.  Note is is important to use Wordpad as it correctly handles the Unix/Windows character translations.  Select all text and copy to clipboard.

sudo nano /etc/openvpn/client.conf

Paste from clipboard via PuTTY.  Save.

Configure OpenVPN to start on boot

sudo nano /etc/default/openvpn

Add line


Note you do not add .conf extension, but the file itself must have .conf

Start OpenVPN client

cd /etc/openvpn/
sudo openvpn client.conf

Log into Access Server and verify connection


Verify auto start

Ping the VPN server

To access VPN server from local subnet, configure a static route on local lan to client vpn gateway


To access other VPN client gateways, configure a static route on the local LAN to the client VPN gateway.  Note, the VPN server will automatically push the required routes to the client for routing to other client gateways.


Categories: Uncategorized

Create Ubuntu 14.04 LTS (PV) OpenVPN Access Server on AWS

February 7, 2015 Leave a comment

Create AWS Instance

Inbound Security Group Rules

Custom UDP Rule
Custom UDP Rule
Custom UDP Rule
Custom TCP Rule

Use PuTTYGen to convert pem to ppk.  Add passphrase to the key.

Assign IP

Update DNS

SSH to host DNS name to verify proper name resolution.  Login as ubuntu.

sudo apt-get update && sudo apt-get upgrade

The download page for OpenVPN Access Server.

Right click the link and select ‘Copy link address’

From PuTTY download the deb

wget [right click]

Install the deb

sudo dpkg -i openvpn[tab]

Give user openvpn a password

sudo passed openvpn

It appears Ubuntu will open the ports, but I should figure out what is going on.

Open browser to admin page and log in as openvpn


Configure server.  Be sure to properly add the server DNS name in Server Network Settings

Open browser to login page


Select “Login”

log in as openvpn

Download and install OpenVPN Connect for Window

Connect to VPN and verify server IP via ‘whats my ip’

Categories: Uncategorized

Install VMware Tools on Debian 7

February 7, 2015 Leave a comment

Before the tools are installed, you must install make and gcc

sudo apt-get install gcc make

VMware tools requires the Linux Kernel headers

sudo apt-get update

sudo apt-get install linux-headers-$(uname -r)

Insert the CD.  Player -> Manage -> Install VMware tools…

Mount the CD

mount /media/cdrom

Extract tool to home

cd ~

tar -zxvf /media/cdrom/VMware[tab]

Execute the installer

cd vmware-tools-distrib

sudo ./


Categories: Uncategorized