Archive for the ‘IP Network’ Category

0234 | named allow recursion query for only specific zone

Thursday, October 18th, 2018 Posted in IP Network, Linux, Misc | No Comments »

first> define dummy ip address (e.g. 192.0.2.1) set it to loopback interface

ip addr add 192.0.2.1/32 dev lo

second> named configuration:

  • define acl for blackhole query to the dummy ip address defined
acl acl_blackhole { 192.0.2.1; };
  • declare view for blackhole dns request
view blackhole {
    match-destinations { acl_blackhole; };
    recursion no;
}
  • declare default view for accepting the query. recursion should be yes for allowing the query
view default {
    recursion yes;
    forward only;
    forwarders { 192.0.2.1; }; # by default forward to blackhole

    zone "example.com." IN {
        type forward;
        forward only;
        #  specify your real recursion dns server here
        forwarders { 1.0.0.1; 1.1.1.1; }; 
    }
}

0232 | ติดตั้ง openvpn-otp plugin

Thursday, May 17th, 2018 Posted in IP Network, Linux | No Comments »

copy paste =>

yum -y install epel-
yum -y install openvpn openvpn-devel git autoconf automake libtool openssl-devel libtool-ltdl-devel gcc-c++ make  
cd /usr/local/src  
git clone https://github.com/evgeny-gridasov/openvpn-otp
cd openvpn-otp
./autogen.sh
./configure --with-openvpn-plugin-dir=/usr/lib64/openvpn/plugins
make
make install

แล้วไป config openvpn ต่อได้เลยจ้า https://github.com/evgeny-gridasov/openvpn-otp

คร่าวๆ ฝั่ง server เพิ่มบรรทัดนี้

plugin "/usr/lib64/openvpn/plugins/openvpn-otp.so" "otp_secrets=/etc/openvpn/customroute-otp-secrets password_is_cr=1"

ส่วนฝั่ง client เพิ่มบรรทัดนี้

auth-user-pass
auth-nocache
static-challenge "Enter Google Authenticator Token" 1

(จริงๆ ควรจะมี auth-user-pass อยู่แล้ว)

Tags: , ,