Configuring Openswan(ipsec) Or Poptop(pptp) Vpn Inside VPS
May 4, 2009
I'm trying to establish a VPN server inside a Fedora 10 VPS under OpenVZ. Openswan or Poptop is preferred over OpenVPN because Windows has built-in support for these protocols.
It looks like the host node (it's actually the vps from myprohost.com) doesn't have the required kernel modules enabled(installed?). Take Poptop for example, if I run pppd after rpm installation, the output is like this:
[root@v ~]# /usr/sbin/pppd
/usr/sbin/pppd: This system lacks kernel support for PPP. This could be because
the PPP kernel module could not be loaded, or because PPP was not
included in the kernel configuration. If PPP was included as a
module, try `/sbin/modprobe -v ppp'. If that fails, check that
ppp.o exists in /lib/modules/`uname -r`/net.
See README.linux file in the ppp distribution for more details.
[root@v ~]# modprobe -v ppp
FATAL: Could not load /lib/modules/2.6.18-92.1.18.el5.028stab060.2/modules.dep: No such file or directory
And when I check for the availability of the encryption module "MPPE", I got the same result:
[root@v ~]# modprobe mppe
FATAL: Could not load /lib/modules/2.6.18-92.1.18.el5.028stab060.2/modules.dep: No such file or directory
Openswan complains about some missing kernel modules too. So what do I do? Do I tell the provider to enable these modules? Do they normally do that? Will the host node require a reboot after having done that?
What modules are required for Poptop and Openswan? And, do I need to tell them to re-enable these modules every time I rebuild my OS?
Just wondering if anyone has come across this problem before.
My environment: Xen VPS 128MB RAM CentOS 4.5
I have install PPTP, and controlling via webmin. The server starts up fine, I have added a user account.
Here is the messages log after starting up PPTP:
Code:
Mar 5 15:00:56 uk2 pptpd[3562]: MGR: connections limit (100) reached, extra IP addresses ignored Mar 5 15:00:56 uk2 pptpd[3563]: MGR: Manager process started Mar 5 15:00:56 uk2 pptpd[3563]: MGR: Maximum of 100 connections available Here is the messages log when trying to connect from a MS WINDOWS XP client: ....
I have a customer who created a subdomain and wants to redirect it to an address with pptp protocol. It doesn't seem to be working. When pointing to the subdomain, it will actually point to the designated destination IP, but it shows http instead of pptp. Am I assuming correctly that this is because you can't point to a pptp protocol in a browser?
to configure a VPN connection between two Cisco Routers.
I have the configuration in one side but for another side I have nothing.Is any one can help me about it??Another question is :are two routers need to have a valid IP or not?
I have one server with a small number of clients <10. The clients have dynamic IPs.
The server hosts a number of public facing websites, email, FTP and remote desktop.
What I want to do is make port 80 respond to all web requests but lock all other services down so that they only respond to my 10 clients. I was thinking some certificate or VPN solution but I've ruled VPN out as I don't have a firewall or VPN so would I be able to do this with IPSEC?
Is there quick utility that would do this or can you point me to a good example article?
Is it possible to use IP Security policies in Windows Server 2003 to help prevent types of DoS attacks? Today my server was attacked by a single attacker who merely connected and disconnected on open ports at an incredibly fast rate. This was enough to eat the cycles of the server processes effectively creating a DoS attack. I was hoping IPSec could help prevent this, but I'm open to use any other software as well.
I have this nice vps, but its on linux, and I always wanted to run windows apps on the vps, because of the nice configuration. I already tried wine, but most of my windows apps don't work, cuz they require .net framework to run.
I tried to instal vmware server and virtualbox, but both of them complain about a kernel problem, they are unable to locate my kernel source, so they can't run.
I am linux newbie, and i am running on a centos 5 operating system.
Some people say its impossible to run virtualization 'inside' virtualization, but i already read some people that say its possible.
Feb 22 04:58:31 la1092 kernel: ata2: command 0xc8 timeout, stat 0x50 host_stat 0x24 Feb 22 04:58:32 la1092 kernel: ata2: status=0x50 { DriveReady SeekComplete } Feb 22 04:58:32 la1092 kernel: Info fld=0x2d7e, Current sdb: sense key No Sense Feb 22 04:58:32 la1092 kernel: ata1: command 0xc8 timeout, stat 0x50 host_stat 0x24 Feb 22 04:58:32 la1092 kernel: ata1: status=0x50 { DriveReady SeekComplete } Feb 22 04:58:32 la1092 kernel: Info fld=0x4632f99, Current sda: sense key No Sense Feb 22 04:58:32 la1092 kernel: ata2: command 0xc8 timeout, stat 0x50 host_stat 0x24
Current setup is nginx, lighttpd and apache as web servers.
I've been using Clearancerack for about 4 or 5 months now and feel I should write an honest review about them considering there really doesn't seem to be too many.
Ever since the start several months ago, I've had nothing but a pleasant experience working with Chris and clearancerack.
So, here we go they get a :
Setup: 10/10
The setup is stellar. The first server I ordered was up the night that I ordered it (only a few hours) all ready to go. The servers even come with a free apc remote reboot port!
Pricing: 10/10
You could not ask for more affordable pricing than that of ClearanceRack, considering the extraordinary support, network, and all around company. Their prices are cheaper than those of the highest quality competitors, yet provide even higher quality service!
Even collocation pricing is very affordable! I will probably be sending up a few nodes in the next several months.
Network: 10/10
There has not been one second of downtime in the month's that I've been there. There was an issue with the network routing once, using bandwidth suppliers that the DC has connections to, yet Clearancerack does not use. This was fixed within several hours as well.
The network consists of a BGP mix of Peer1, All Stream, Shaw Big Pipe, MCI and peering to TorIX.
Almost all of my users experience faster downloads around the globe on the ClearanceRack network, than several of the other networks we've used throughout the US.
Support: 11/10 - Yes 11...
The support is stellar. They provide 24/7 E-mail (it really is 24/7) and REAL HUMAN Phone support (you won't get the usual leave a message, unless they really are busy and cannot take your call). At any time of day you email them, you'll have a response within minutes, even sales!
We've had one issue with one of our nodes in which Chris had to go into the datacenter to take a quick look. The issue was resolved in 30 minutes at the most.
Any requests we've made, whether it be licensing, IP allocations have all been handled extremely quickly, no matter what time of day it is.
Company:
Many times you'll hear people say, "They're great for a small scale company." Meaning, they're decent, but do have their downs that the higher scale competitors don't. Its not like that at Clearancerack. Every single thing about them is stellar, and the service is MUCH better than service I've received at various considered "higher scale and known" datacenters around the globe.
Clearancerack, ran by Chris - is ran by REAL people, wanting to make a REAL difference in the hosting market, and he/they are doing an amazing job at that.
You don't experience any poor customer service that you'll experience elsewhere. They are 100% honest with any sort of question, issue, or comment you may have. You WON'T get any of the lies, or uninformative information you receive elsewhere when an issue arises.
Personal:
Chris, I will continue to be working with you for many years to come, as I hope many of the current subscribers, and the future do to. Someone like you deserves the very best, and should GREATLY succeed in their business career. - Thank you for everything Chris! - You really know what hosting is all about.
Thats It!
Thanks for taking the time to read this review.
Generally you won't find a honest review with the ratings that I've given these guys, but THEY do deserve it, at the very least. I do not have one complaint about them as I do many other providers, and I've tried many throughout the globe.
I hope you will go ahead and try ClearanceRack for your dedicated solutions needs. They have no contracts, so you can sign up for one month, test out the service and make a final decision (although I can pretty much guarantee you will stay!)
Hostingcon:
If your going to hostingcon, check em' out! They have their own booth there!
I need several Windows VMs to test out some softwares and I plan on using virtualization technology to cut some costs.
I have a Linux(Debian Etch) dedicated server sitting to accomplish this. Specs are Quad Core Xeon 2.13Ghz with 4GB Ram/500GB HDD.
Now if I were to choose between Xen 3.1 and VMWare Server for the virtualization technology which would provide better performance?
I tried Windows on Xen 3.1 with PV Drivers and it seemed some what slow, but I'm not sure what the case was there so I can't say which would provide better performance overall.
There is serious clock skew all across the 4 CTs I have put in an OpenVZ HN which runs Debian GNU/Linux, the kernel Linux is v2.6.26, waldi tree. The HN shows correct time, the CMOS RTC is bang correct.
I have a PIX501 firewall with a wireless network attached to the outside interface and our local network attached to the inside interface.
I've setup access lists to permit the wireless clients attached to the outside interface to be able to access services on our inside interfaces.
The wireless clients are on a totally seperate /24 subnet.
Now everything seems to work fine with nat statements for our local wired subnets for example wirelessClients accessing the email server etc however the wireless clients cannot access the internet.
For the wireless clients to get out onto our internet connection they have to take the following path
So my question is how should I go about giving the access for the WirelessClients to be able to open web pages on the internet? For that to happen the traffic has to pass through the outside interface on the 501 firewall out of the inside interface onto the local switch and then back out of our main PIX515E to reach the destionation.
I'm fairly sure I'd need to modify the WebAccessNetwork access-list to permit WirelessLan to any against the port listings so thats not a problem I can change that how I'm not entirely sure I to go about it with the NAT statements.
I've got a dedicated server running my portal. Now we plan to soon launch broadcasting, where we via a webcam + microphone will broadcast (streaming WMV media) to all our members. Our members will then be able to interact with the speakers via chatting.
Now we are currently undergoing loadtesting, with our current setup, which is:
2. home PC with static IP and 1 MBit upload=>Video+Audio Streaming
So the member requests a page from the dedicated server, which has a chat window and a windows media player. The player will retrieve the video/audio content from the home PC. This is done by the client.
Now is pretty logical to see that there will be limitations in how many connections the home pc will be able to handle.
The question is: How do i make the dedicated server get the content from the home pc (so it only serves one connection) and then get all the clients to get their video content from the dedicated server ?
I've looked into the proxy modules for the apache server, however they (forward/reverse proxy) both passes the connection on to the remote machine and thereby not doing what I want to do.
We are running the latest Plesk 12 under CentOS 7.
While I can see the App Owncloud as Admin in the Application Vault my users cannot see that particular app in their Application pool. They can see all other apps though. Just not Owncloud.
All resellers and customers are allowed to install everything from the pool and i selected Owncloud in the Vault already and "made it available" .. Though it is not shown.
I have following Warning when creating a new Domain inside a Subscriptions:
I found this Article: [URL] .....
But in my case this does not solve the Problem.
1> All permissions are right. 2> When I type command '/usr/local/psa/bin/repair --restore-vhosts-permissions' i get the answer 'Directory permissions were successfully updated.' 3> The Order of Webuser and FTPUser (as described in the article) could also not be the problem, because in my case there is only one user (There is only Webuser and no FTP-User.) 4> When typing '/usr/local/psa/bin/repair --update-vhosts-structure' I get the following error 6 times each:
Unable to update the structure of the home directory: an unexpected error has occurred. update-vhosts-structure failed: mkdir: cannot create directory `./webroot.kk-bits.com/logs': File exists ERROR: Cannot relink logs. Target directory '/var/www/vhosts/webroot.kk-bits.com/logs' is in invalid state.
To get the error 6 times seems to mean, that i have this problem with 6 Domain.
I have IIS with the default site and a site i created. it appeared to be configured correctly but even from the server if i try to "browse" any of the pages i still get "internet explorer cannot display the page" from my site and "under construction" from the IIS default site.
I have a machine which runs on Desktop board with 1 LAN port built in. I just bought a new USB-LAN and plug into the USB but I have question about how to configure it. I cannot see eth1 inside /etc/sysconfig/network-scripts, so where can I configure USB LAN?
I like to create some service plans using the cli-tools, /usr/local/psa/bin/service_plan.I am able to create a service plan, but I'm unable to create a service plan inside a reseller plan. For example I cannot "tell" the service_plan script to add the created serviceplan to a reseller plan. Is it possible to create a serviceplan inside a reseller plan, using the cli?
I'm over here trying to rebuild php with GD in WHM, I go through the entire motion of Apache Update (with GD selected as a PHP Module) and ummmm... after it's done, I check my phpinfo() and there is no GD section, let alone has the build date been changed.
