Master Controller/VPN
From ESCTL
< Master Controller(Difference between revisions)
(→Configure the keepalive script) |
|||
| Line 77: | Line 77: | ||
* chmod a+x /etc/init.d/vpncwatch | * chmod a+x /etc/init.d/vpncwatch | ||
* update-rc.d vpncwatch defaults | * update-rc.d vpncwatch defaults | ||
| + | |||
| + | === Other hosted configuration === | ||
| + | rsync is already installed, but requires configuring with /etc/xinetd.d/rsync: | ||
| + | <pre> | ||
| + | # default: on | ||
| + | service rsync | ||
| + | { | ||
| + | disable = no | ||
| + | socket_type = stream | ||
| + | protocol = tcp | ||
| + | user = root | ||
| + | wait = no | ||
| + | server = /usr/bin/rsync | ||
| + | server_args = --daemon | ||
| + | } | ||
| + | </pre> | ||
| + | |||
| + | and /etc/rsyncd.conf: | ||
| + | <pre> | ||
| + | read only = true | ||
| + | list = false | ||
| + | |||
| + | [backup] | ||
| + | path = / | ||
| + | uid = root | ||
| + | gid = root | ||
| + | hosts allow = 10.249.1.11 | ||
| + | </pre> | ||
Revision as of 17:42, 23 November 2014
Contents |
VPN
Install the VPN client
- apt-get install vpnc
- vi /etc/vpnc/default.conf
IPSec gateway vpn-hosted.esctl.co.uk IPSec ID esctl-customername IPSec secret ******* IKE Authmode psk Xauth username customername-vpn Xauth password *********
- vi /etc/vpnc/vpnc-script
- Change the first line from "#!/bin/sh" to "#!/bin/bash"
- Change line (approx.) 55 to add /usr/bin to the PATH= line (Needed for 'basename' and 'expr')
Configure the keepalive script
- mkdir download
- cd download
- wget https://github.com/dcantrell/vpncwatch/archive/master.zip -O vpncwatch.zip
- unzip ../vpncwatch.zip
- cd vpncwatch-master
- make
- cp -p vpncwatch /usr/local/bin/
Create /etc/init.d/vpncwatch as follows:
#! /bin/sh
### BEGIN INIT INFO
# Provides: vpncwatch
# Required-Start:
# Required-Stop:
# Should-Start:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Checks vpnclient is still running
# Description: Checks vpnclient is still running, and restarts it
# if not.
### END INIT INFO
PATH=/sbin:/bin:/usr/local/bin
. /lib/init/vars.sh
. /lib/lsb/init-functions
do_start () {
[ "$VERBOSE" != no ] && log_action_begin_msg "Starting vpncwatch"
/usr/local/bin/vpncwatch -c 10.249.1.1 /usr/sbin/vpnc
ES=$?
[ "$VERBOSE" != no ] && log_action_end_msg $ES
exit $ES
}
case "$1" in
start|"")
do_start
;;
restart|reload|force-reload|status)
echo "Error: argument '$1' not supported" >&2
exit 3
;;
stop)
/usr/bin/killall vpncwatch
;;
*)
echo "Usage: vpncwatch [start|stop]" >&2
exit 3
;;
esac
:
- chmod a+x /etc/init.d/vpncwatch
- update-rc.d vpncwatch defaults
Other hosted configuration
rsync is already installed, but requires configuring with /etc/xinetd.d/rsync:
# default: on
service rsync
{
disable = no
socket_type = stream
protocol = tcp
user = root
wait = no
server = /usr/bin/rsync
server_args = --daemon
}
and /etc/rsyncd.conf:
read only = true
list = false
[backup]
path = /
uid = root
gid = root
hosts allow = 10.249.1.11
