Thursday, July 16, 2015

How To compile/create OpenVPN with installer for Windows on Linux (Debian Jessie)

# apt-get install build-essential mingw-w64 tofrodos dh-autoreconf nsis
# cd /usr/bin
# ln -s fromdos dos2unix
# ln -s todos unix2dos

 To customize the build options, refer to build.vars in openvpn-build/generic, it contains the defaults for building, most settings can be customized by setting environment variable before executing the build script.

 The following will produce the OpenVPN Setup for 32 and 64 bit Windows.
$ git clone https://github.com/OpenVPN/openvpn-build.git
$ cd openvpn-build/windows-nsis
$ ./build-snapshot
at No comments:
Labels:

Monday, July 13, 2015

HowTo compile OpenVPN + obfuscation with xorpatch on Debian

  1. # apt-get install build-essential libssl-dev liblzo2-dev libpam0g-dev easy-rsa 
  2. # wget http://swupdate.openvpn.org/community/releases/openvpn-2.3.7.tar.xz
  3. # wget https://raw.githubusercontent.com/clayface/openvpn_xorpatch/master/openvpn_xor.patch
  4. # tar xvf openvpn-2.3.7.tar.xz
  5. # cd openvpn-2.3.7.tar.xz
  6. # patch -p1 < ../openvpn_xor.patch
  7. # ./configure
  8. # ./make
  9. # ./make install

You need to put one of the following options in server.conf and client config! 
"scramble reverse" - This simply reverses all the data in the packet. This is enough to get past the regular expression detection in both China and Iran.
"scramble xorptrpos" - This performs a xor operation, utilizing the current position in the packet payload.
"scramble obfuscate password" - This method is more secure. It utilizes the 3 types of scrambling mentioned above. "password" is the string which you want to use.
at 1 comment:
Labels: , , , ,

How To setup OpenVPN from scratch with PAM authentication on Debian Jessie

Quick How To:
  1. # apt-get install build-essential libssl-dev liblzo2-dev libpam0g-dev easy-rsa
  2. wget http://swupdate.openvpn.org/community/releases/openvpn-2.3.7.tar.xz
  3. # tar xvf openvpn-2.3.7.tar.xz
  4. # ./configure
  5. # ./make
  6. # ./make install

For basic setup and key generation see: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04


For PAM:

1. in server config put: 
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn

2. create new pam file: nano /etc/pam.d/openvpn

auth    required        pam_unix.so    shadow    nodelay
account required        pam_unix.so

3. add "auth-user-pass" in client config
at No comments:
Labels:

Saturday, July 4, 2015

Configuring Ejabberd with PAM Authentication for specific group

Quick Tutorial because I had to figure this out on my own and it took a while to get everything working in the correct way.

OS Debian Jessie, Ejabberd 14.07

1. service ejabberd stop
2. edit /etc/ejabberd/ejabberd.yml
##
## Authentication using PAM
##
auth_method: pam
pam_service: "ejabberd"
!!!DO NOT FORGET TO DISABLE auth_method: internal further up the config!!!
 3. nano /etc/login.group.allowed (you can name that file w/e you want)
     users (in my case the group is called users)
 4. nano /etc/pam.d/ejabberd

#%PAM-1.0
auth       include  common-password
account    required pam_listfile.so item=group sense=allow file=/etc/login.group.allowed onerr=fail
account    include  common-password

 5. service ejabberd start

 6. Don't forget that the user ejabberd needs to have access to the shadow file, so you might have to create a shadow group and chroot /etc/shadow to allow access

at No comments:
Labels:
Subscribe to: Posts (Atom)