acl primary_ns_key_acl { key "primary_ns-external_ns"; };
acl peep_bo_ns_key_acl { key "peep_bo_ns-user_ns"; };
-acl invitel_nsm_ns_ip_acl { 213.163.0.156; };
masters primary_ns_master { 10.228.109.174 key "primary_ns-external_ns"; };
masters peep_bo_ns_master { 46.107.213.35 key "peep_bo_ns-user_ns"; };
-masters invitel_nsm_ns_master { 213.163.0.156; };
server 10.228.109.174 { keys { "primary_ns-external_ns"; }; };
server 195.228.46.236 { keys { "peep_bo_ns-user_ns"; }; };
masters { primary_ns_master; };
file "slaves/useribm.hu.zone";
- allow-transfer { invitel_nsm_ns_ip_acl; };
+ allow-transfer { peep_bo_ns_key_acl; };
allow-notify { primary_ns_key_acl; };
notify explicit;
- also-notify { invitel_nsm_ns_master; };
+ also-notify { peep_bo_ns_master; };
};
zone "userrendszerhaz.hu" IN {
type slave;
masters { primary_ns_master; };
file "slaves/userrendszerhaz.hu.zone";
- allow-transfer { invitel_nsm_ns_ip_acl; };
+ allow-transfer { peep_bo_ns_key_acl; };
allow-notify { primary_ns_key_acl; };
notify explicit;
- also-notify { invitel_nsm_ns_master; };
+ also-notify { peep_bo_ns_master; };
};
# peep-bo zones
$TTL 86400
@ IN SOA ns.useribm.hu. hostmaster.mx.useribm.hu. (
- 2019073001 ; Serial
+ 2019073101 ; Serial
86400 ; Refresh (1 day)
7200 ; Retry (2 hours)
2419200 ; Expire (4 weeks)
3600) ; Minimum (1 hour)
- IN NS ns.useribm.hu.
- IN NS nsa2.invitel.net.
+ IN NS ns1.useribm.hu.
+ IN NS ns2.useribm.hu.
; MX 1 aspmx.l.google.com.
; MX 5 alt1.aspmx.l.google.com.
; MX 5 alt2.aspmx.l.google.com.
; new ip range addresses
efg IN A 194.149.40.146 ; efg
mx IN A 194.149.40.147 ; mail exchanger
-ns IN A 194.149.40.148 ; name server
-ns1 IN A 194.149.40.148 ; name server
+ns IN A 194.149.40.148 ; primary name server
+ns1 IN A 194.149.40.148 ; primary name server
+ns2 IN A 46.107.213.35 ; secondary name server
vpn IN A 194.149.40.149 ; OpenVPN server
ws IN A 194.149.40.150 ; web server
www IN A 194.149.40.150 ; web server
$TTL 86400
@ IN SOA ns.userrendszerhaz.hu. hostmaster.mx.userrendszerhaz.hu. (
- 2019073001 ; Serial
+ 2019073101 ; Serial
86400 ; Refresh (1 day)
7200 ; Retry (2 hours)
2419200 ; Expire (4 weeks)
3600) ; Minimum (1 hour)
- IN NS ns.userrendszerhaz.hu.
- IN NS nsa2.invitel.net.
+ IN NS ns1.userrendszerhaz.hu.
+ IN NS ns2.userrendszerhaz.hu.
MX 1 aspmx.l.google.com.
MX 5 alt1.aspmx.l.google.com.
MX 5 alt2.aspmx.l.google.com.
; new ip range addresses
efg IN A 194.149.40.146 ; efg
mx IN A 194.149.40.147 ; mail exchanger
-ns IN A 194.149.40.148 ; name server
-ns1 IN A 194.149.40.148 ; name server
+ns IN A 194.149.40.148 ; primary name server
+ns1 IN A 194.149.40.148 ; primary name server
+ns2 IN A 46.107.213.35 ; secondary name server
vpn IN A 194.149.40.149 ; OpenVPN server
ws IN A 194.149.40.150 ; web server
www IN A 194.149.40.150 ; web server
; old ip range addresses
o-gw IN A 84.2.25.193 ; gateway
-o-router IN A 84.2.25.193 ; gateway
+o-router IN A 84.2.25.193 ; gateway
;mx2 IN A 84.2.25.194 ; secondary mail exchanger
o-whmcs IN A 84.2.25.194 ; whmcs (fschnell)
u195 IN A 84.2.25.195 ; unknown/unused
--- /dev/null
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server. #
+# #
+# This configuration can be used by multiple #
+# clients, however each client should have #
+# its own cert and key files. #
+# #
+# On Windows, you might want to rename this #
+# file so it has a .ovpn extension #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one. On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server? Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.userrendszerhaz.hu 1194
+
+# Choose a random host from the remote
+# list for load-balancing. Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server. Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+user nobody
+group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here. See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets. Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description. It's best to use
+# a separate .crt/.key file pair
+# for each client. A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certicate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+# http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+# digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+# serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+key-direction 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the ncp-cipher option in the manpage
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
mkdir $ERSA_PATH
cp -a /usr/share/doc/easy-rsa/vars.example $ERSA_PATH/vars
cp -a /usr/share/easy-rsa/$ERSA_VERSION/easyrsa $ERSA_PATH
- cp -a /usr/share/easy-rsa/$ERSA_VERSION/openssl-1.0.cnf $ERSA_PATH
+ cp -a /usr/share/easy-rsa/$ERSA_VERSION/openssl-easyrsa.cnf $ERSA_PATH
cp -a /usr/share/easy-rsa/$ERSA_VERSION/x509-types $ERSA_PATH
cd $ERSA_PATH
- echo "Edit (review only) $ERSA_PATH/openssl-1.0.cnf"
+ echo "Edit (review only) $ERSA_PATH/openssl-easyrsa.cnf"
read
- vi $ERSA_PATH/openssl-1.0.cnf
+ vi $ERSA_PATH/openssl-easyrsa.cnf
echo "Edit (set EASYRSA_ALGO to ec) $ERSA_PATH/vars"
echo "Optionally set EASYRSA_CURVE to one of \$(openssl ecparam -list_curves)"
read
openvpn --genkey --secret pki/ta.key
echo "Check server.conf"
read
- #echo "Run ./easyrsa gen-req <name> nopass"
- #echo "Run ./easyrsa sign-req client <name>"
echo "Run ./20_getuids.sh"
- echo "Run ./30_create_client.sh"
+ echo "Run ./30_create_client.sh for each client"
fi
grep $LOGIN_UID $REAL_PATH/SEED.txt >/dev/null 2>&1
if [ $? -eq 1 ]
then
- INT_UID=$(python3 -c "print(10000 + int('$LOGIN_UID', 16))")
- HEX_UID=$(python3 -c "print(hex($INT_UID))")
+ INT_UID=$(python -c "print(10000 + int('$LOGIN_UID', 16))")
+ HEX_UID=$(python -c "print(hex($INT_UID))")
echo $LOGIN_NAME $LOGIN_MD5SUM $LOGIN_UID $INT_UID $HEX_UID
echo $LOGIN_UID >>$REAL_PATH/SEED.txt
echo $LOGIN_NAME $INT_UID $HEX_UID >>$REAL_PATH/UIDS.txt
https://git.useribm.hu / user-lxc.git / commitdiff