Bolay's Wiki

User Tools

Site Tools

Trace:
operating_systems:raspbian:easygateway_configuration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
operating_systems:raspbian:easygateway_configuration [2019/07/08 15:04] – [Sign OpenVPN server certificate] maferreiraoperating_systems:raspbian:easygateway_configuration [2019/07/22 09:15] – [acdsn] maferreira
Line 16: Line 16:
  
 ===== Installation ===== ===== Installation =====
- 
-<note warning>If you are downloading guacamole-server-0.9.9 in Stretch version, you will get the following compilation error: guac_common_ssh_openssl_id_callback [-Werror=unused-function]</note> 
  
 ==== Compilation ==== ==== Compilation ====
Line 24: Line 22:
   $ make   $ make
   # make install   # make install
 +
 +<note warning>If you are downloading guacamole-server-0.9.9 in Stretch version, you will get the following compilation error: guac_common_ssh_openssl_id_callback [-Werror=unused-function]</note>
  
 Load configuration modifications Load configuration modifications
Line 95: Line 95:
 Reference: [[https://guacamole.apache.org/doc/gug/installing-guacamole.html]] Reference: [[https://guacamole.apache.org/doc/gug/installing-guacamole.html]]
  
-====== Clone necessary git repositories ======+====== Clone required git repositories ======
 Now, clone each git repository into the respective directory. Now, clone each git repository into the respective directory.
   $ cd ~/git/   $ cd ~/git/
Line 111: Line 111:
   @daily acdsn /usr/bin/curl http://easygateway.testing.com.co/ca_crl.pem -o /etc/openvpn/server/ca_crl.pem   @daily acdsn /usr/bin/curl http://easygateway.testing.com.co/ca_crl.pem -o /etc/openvpn/server/ca_crl.pem
   30 0 * * * acdsn /usr/bin/perl /home/acdsn/git/acdsn-scripts/nagios_passive_check/npc.pl --central port=<port number> service=easygateway remote=master --readonly-check --git-check   30 0 * * * acdsn /usr/bin/perl /home/acdsn/git/acdsn-scripts/nagios_passive_check/npc.pl --central port=<port number> service=easygateway remote=master --readonly-check --git-check
- 
   @hourly acdsn /usr/bin/perl /home/acdsn/git/acdsn-scripts/nagios_passive_check/npc.pl --central port=<port number> service=easygateway remote=master --load-check --disk-check --timek   @hourly acdsn /usr/bin/perl /home/acdsn/git/acdsn-scripts/nagios_passive_check/npc.pl --central port=<port number> service=easygateway remote=master --load-check --disk-check --timek
   */15 * * * * acdsn /usr/bin/perl /home/acdsn/git/acdsn-scripts/nagios_passive_check/npc.pl --central port=<port number> service=easygateway remote=master --users-check   */15 * * * * acdsn /usr/bin/perl /home/acdsn/git/acdsn-scripts/nagios_passive_check/npc.pl --central port=<port number> service=easygateway remote=master --users-check
Line 180: Line 179:
 The CA public certificate /etc/easy-rsa/pki/ca.crt generated by **server1** needs to be copied over to the machine that will be running OpenVPN. The CA public certificate /etc/easy-rsa/pki/ca.crt generated by **server1** needs to be copied over to the machine that will be running OpenVPN.
  
-  # cp /etc/openvpn/easy-rsa/pki/ca.crt /tmp/ +  # cp /etc/openvpn/easy-rsa/pki/root_ca.crt /tmp/ 
-  # chown acdsn:acdsn /tmp/ca.crt+  # chown acdsn:acdsn /tmp/root_ca.crt
   # su acdsn   # su acdsn
-  $ scp -P <port number> /tmp/ca.crt acdsn@localhost:/tmp+  $ scp -P <port number> /tmp/root_ca.crt acdsn@localhost:/tmp
  
 Move server1 certificate to /etc/openvpn/server and change its rights. Move server1 certificate to /etc/openvpn/server and change its rights.
-  # mv /tmp/ca.crt /etc/openvpn/server/ +  # mv /tmp/root_ca.crt /etc/openvpn/server/
-  # mv /etc/openvpn/server/ca.crt /etc/openvpn/server/root_ca.crt+
   # chown root:root /etc/openvpn/server/root_ca.crt   # chown root:root /etc/openvpn/server/root_ca.crt
  
Line 198: Line 196:
   # tar -xvzf EasyRSA-3.0.4.tgz   # tar -xvzf EasyRSA-3.0.4.tgz
   # rm EasyRSA-3.0.4.tgz   # rm EasyRSA-3.0.4.tgz
-  # mv EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/+  # mv EasyRSA-3.0.4/ /etc/openvpn/ 
 +  # ln -s /etc/openvpn/EasyRSA-3.0.4 /etc/openvpn/easy-rsa
  
 <note warning>Make sure you have this option set: set_var EASYRSA_PKI “/etc/openvpn/easy-rsa/pki” in /etc/openvpn/easy-rsa/vars </note> <note warning>Make sure you have this option set: set_var EASYRSA_PKI “/etc/openvpn/easy-rsa/pki” in /etc/openvpn/easy-rsa/vars </note>
Line 210: Line 209:
 Make sure that **ONLY** **root** can **WRITE** and **READ** the **raspberry pi** and **server1** certificates. Make sure that **ONLY** **root** can **WRITE** and **READ** the **raspberry pi** and **server1** certificates.
   # cd /etc/openvpn/server   # cd /etc/openvpn/server
-  # chmod 660 <port number>.key ca.crt +  # chmod 660 <port number>.key root_ca.crt 
-  # chown root:root <port number>.key ca.crt+  # chown root:root <port number>.key root_ca.crt
  
 Create the initial dh.pem file. Create the initial dh.pem file.
Line 236: Line 235:
   # scp -P <port number> /tmp/<port number>.crt acdsn@localhost:/tmp   # scp -P <port number> /tmp/<port number>.crt acdsn@localhost:/tmp
      
-  # mv /tmp/servername.crt /etc/openvpn/server/ +  # mv /tmp/<port number>.crt /etc/openvpn/server/ 
-  # chown root:root /etc/openvpn/server/servername.crt+  # chown root:root /etc/openvpn/server/<port number>.crt
  
 References:\\ References:\\
Line 252: Line 251:
  
 <note warning> <note warning>
-OpenVPN will look at /etc/openvpn/server/ca.crt to find the CA certificate. And since we renamed it root_ca.crt, openvpn service won't create tun0 interface. To solve this, set it path in server.conf.+OpenVPN will look for /etc/openvpn/server/ca.crt to identify the CA certificate. Andsince we renamed it root_ca.crt, openvpn service won't create tun0 interface. To solve this, set it path in server.conf.
 </note> </note>
   # vi /etc/openvpn/server.conf   # vi /etc/openvpn/server.conf
-  ca /etc/openvpn/server/ca.crt to ca /etc/openvpn/server/root_ca.crt+  ca /etc/openvpn/server/ca.crt 
 + 
 +to 
 + 
 +  ca /etc/openvpn/server/root_ca.crt
  
 <note important> <note important>
-To have openvpn logs add the following file to /etc/openvpn/server.conf:\\+To have openvpn logs add the following to /etc/openvpn/server.conf:\\
 log-append /var/log/openvpn.log log-append /var/log/openvpn.log
 </note> </note>