From: Zoltán Felleg Date: Wed, 31 Jul 2019 10:51:22 +0000 (+0200) Subject: Updated ens.pm.f30, pns.usr.f30 (invitel ns -> qqcs ns), vpn.usr.f30. X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=fdc5e8d816efafb1e07341fedf0ed7f03ffad47f;p=user-lxc.git Updated ens.pm.f30, pns.usr.f30 (invitel ns -> qqcs ns), vpn.usr.f30. --- diff --git a/sources/ens.pm.f30/postinstall/install/etc/named.conf b/sources/ens.pm.f30/postinstall/install/etc/named.conf index dca54c8..c6d4e3b 100644 --- a/sources/ens.pm.f30/postinstall/install/etc/named.conf +++ b/sources/ens.pm.f30/postinstall/install/etc/named.conf @@ -118,11 +118,9 @@ key "peep_bo_ns-user_ns" { acl primary_ns_key_acl { key "primary_ns-external_ns"; }; acl peep_bo_ns_key_acl { key "peep_bo_ns-user_ns"; }; -acl invitel_nsm_ns_ip_acl { 213.163.0.156; }; masters primary_ns_master { 10.228.109.174 key "primary_ns-external_ns"; }; masters peep_bo_ns_master { 46.107.213.35 key "peep_bo_ns-user_ns"; }; -masters invitel_nsm_ns_master { 213.163.0.156; }; server 10.228.109.174 { keys { "primary_ns-external_ns"; }; }; server 195.228.46.236 { keys { "peep_bo_ns-user_ns"; }; }; @@ -146,20 +144,20 @@ view "external" { masters { primary_ns_master; }; file "slaves/useribm.hu.zone"; - allow-transfer { invitel_nsm_ns_ip_acl; }; + allow-transfer { peep_bo_ns_key_acl; }; allow-notify { primary_ns_key_acl; }; notify explicit; - also-notify { invitel_nsm_ns_master; }; + also-notify { peep_bo_ns_master; }; }; zone "userrendszerhaz.hu" IN { type slave; masters { primary_ns_master; }; file "slaves/userrendszerhaz.hu.zone"; - allow-transfer { invitel_nsm_ns_ip_acl; }; + allow-transfer { peep_bo_ns_key_acl; }; allow-notify { primary_ns_key_acl; }; notify explicit; - also-notify { invitel_nsm_ns_master; }; + also-notify { peep_bo_ns_master; }; }; # peep-bo zones diff --git a/sources/pns.usr.f30/postinstall/install/var/named/useribm.hu.zone b/sources/pns.usr.f30/postinstall/install/var/named/useribm.hu.zone index cef8a78..fc7cf7c 100644 --- a/sources/pns.usr.f30/postinstall/install/var/named/useribm.hu.zone +++ b/sources/pns.usr.f30/postinstall/install/var/named/useribm.hu.zone @@ -1,12 +1,12 @@ $TTL 86400 @ IN SOA ns.useribm.hu. hostmaster.mx.useribm.hu. ( - 2019073001 ; Serial + 2019073101 ; Serial 86400 ; Refresh (1 day) 7200 ; Retry (2 hours) 2419200 ; Expire (4 weeks) 3600) ; Minimum (1 hour) - IN NS ns.useribm.hu. - IN NS nsa2.invitel.net. + IN NS ns1.useribm.hu. + IN NS ns2.useribm.hu. ; MX 1 aspmx.l.google.com. ; MX 5 alt1.aspmx.l.google.com. ; MX 5 alt2.aspmx.l.google.com. @@ -20,8 +20,9 @@ $TTL 86400 ; new ip range addresses efg IN A 194.149.40.146 ; efg mx IN A 194.149.40.147 ; mail exchanger -ns IN A 194.149.40.148 ; name server -ns1 IN A 194.149.40.148 ; name server +ns IN A 194.149.40.148 ; primary name server +ns1 IN A 194.149.40.148 ; primary name server +ns2 IN A 46.107.213.35 ; secondary name server vpn IN A 194.149.40.149 ; OpenVPN server ws IN A 194.149.40.150 ; web server www IN A 194.149.40.150 ; web server diff --git a/sources/pns.usr.f30/postinstall/install/var/named/userrendszerhaz.hu.zone b/sources/pns.usr.f30/postinstall/install/var/named/userrendszerhaz.hu.zone index eb735fd..14957da 100644 --- a/sources/pns.usr.f30/postinstall/install/var/named/userrendszerhaz.hu.zone +++ b/sources/pns.usr.f30/postinstall/install/var/named/userrendszerhaz.hu.zone @@ -1,12 +1,12 @@ $TTL 86400 @ IN SOA ns.userrendszerhaz.hu. hostmaster.mx.userrendszerhaz.hu. ( - 2019073001 ; Serial + 2019073101 ; Serial 86400 ; Refresh (1 day) 7200 ; Retry (2 hours) 2419200 ; Expire (4 weeks) 3600) ; Minimum (1 hour) - IN NS ns.userrendszerhaz.hu. - IN NS nsa2.invitel.net. + IN NS ns1.userrendszerhaz.hu. + IN NS ns2.userrendszerhaz.hu. MX 1 aspmx.l.google.com. MX 5 alt1.aspmx.l.google.com. MX 5 alt2.aspmx.l.google.com. @@ -20,8 +20,9 @@ $TTL 86400 ; new ip range addresses efg IN A 194.149.40.146 ; efg mx IN A 194.149.40.147 ; mail exchanger -ns IN A 194.149.40.148 ; name server -ns1 IN A 194.149.40.148 ; name server +ns IN A 194.149.40.148 ; primary name server +ns1 IN A 194.149.40.148 ; primary name server +ns2 IN A 46.107.213.35 ; secondary name server vpn IN A 194.149.40.149 ; OpenVPN server ws IN A 194.149.40.150 ; web server www IN A 194.149.40.150 ; web server @@ -39,7 +40,7 @@ zfdl380e IN A 194.149.40.158 ; zfelleg DL380e ; old ip range addresses o-gw IN A 84.2.25.193 ; gateway -o-router IN A 84.2.25.193 ; gateway +o-router IN A 84.2.25.193 ; gateway ;mx2 IN A 84.2.25.194 ; secondary mail exchanger o-whmcs IN A 84.2.25.194 ; whmcs (fschnell) u195 IN A 84.2.25.195 ; unknown/unused diff --git a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/client-config/client.conf.template b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/client-config/client.conf.template new file mode 100644 index 0000000..0498910 --- /dev/null +++ b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/client-config/client.conf.template @@ -0,0 +1,127 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +;proto tcp +proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote vpn.userrendszerhaz.hu 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +;ca ca.crt +;cert client.crt +;key client.key + +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 +key-direction 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +# Note that v2.4 client/server will automatically +# negotiate AES-256-GCM in TLS mode. +# See also the ncp-cipher option in the manpage +cipher AES-256-CBC + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +#comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 diff --git a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/10_setupserver.sh b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/10_setupserver.sh index 7a5ca1f..a931ef1 100755 --- a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/10_setupserver.sh +++ b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/10_setupserver.sh @@ -16,12 +16,12 @@ then mkdir $ERSA_PATH cp -a /usr/share/doc/easy-rsa/vars.example $ERSA_PATH/vars cp -a /usr/share/easy-rsa/$ERSA_VERSION/easyrsa $ERSA_PATH - cp -a /usr/share/easy-rsa/$ERSA_VERSION/openssl-1.0.cnf $ERSA_PATH + cp -a /usr/share/easy-rsa/$ERSA_VERSION/openssl-easyrsa.cnf $ERSA_PATH cp -a /usr/share/easy-rsa/$ERSA_VERSION/x509-types $ERSA_PATH cd $ERSA_PATH - echo "Edit (review only) $ERSA_PATH/openssl-1.0.cnf" + echo "Edit (review only) $ERSA_PATH/openssl-easyrsa.cnf" read - vi $ERSA_PATH/openssl-1.0.cnf + vi $ERSA_PATH/openssl-easyrsa.cnf echo "Edit (set EASYRSA_ALGO to ec) $ERSA_PATH/vars" echo "Optionally set EASYRSA_CURVE to one of \$(openssl ecparam -list_curves)" read @@ -50,8 +50,6 @@ then openvpn --genkey --secret pki/ta.key echo "Check server.conf" read - #echo "Run ./easyrsa gen-req nopass" - #echo "Run ./easyrsa sign-req client " echo "Run ./20_getuids.sh" - echo "Run ./30_create_client.sh" + echo "Run ./30_create_client.sh for each client" fi diff --git a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/20_getuids.sh b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/20_getuids.sh index c5e7e01..0ac7fa4 100755 --- a/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/20_getuids.sh +++ b/sources/vpn.usr.f30/postinstall/install/etc/openvpn/setupscripts/20_getuids.sh @@ -17,8 +17,8 @@ do grep $LOGIN_UID $REAL_PATH/SEED.txt >/dev/null 2>&1 if [ $? -eq 1 ] then - INT_UID=$(python3 -c "print(10000 + int('$LOGIN_UID', 16))") - HEX_UID=$(python3 -c "print(hex($INT_UID))") + INT_UID=$(python -c "print(10000 + int('$LOGIN_UID', 16))") + HEX_UID=$(python -c "print(hex($INT_UID))") echo $LOGIN_NAME $LOGIN_MD5SUM $LOGIN_UID $INT_UID $HEX_UID echo $LOGIN_UID >>$REAL_PATH/SEED.txt echo $LOGIN_NAME $INT_UID $HEX_UID >>$REAL_PATH/UIDS.txt