0234 | named allow recursion query for only specific zone
Thursday, October 18th, 2018 Posted in IP Network, Linux, Misc | 1 Comment »first> define dummy ip address (e.g. 192.0.2.1) set it to loopback interface
ip addr add 192.0.2.1/32 dev lo
second> named configuration:
- define acl for blackhole query to the dummy ip address defined
acl acl_blackhole { 192.0.2.1; };
- declare view for blackhole dns request
view blackhole {
match-destinations { acl_blackhole; };
recursion no;
}
- declare default view for accepting the query. recursion should be yes for allowing the query
view default {
recursion yes;
forward only;
forwarders { 192.0.2.1; }; # by default forward to blackhole
zone "example.com." IN {
type forward;
forward only;
# specify your real recursion dns server here
forwarders { 1.0.0.1; 1.1.1.1; };
}
}
0232 | ติดตั้ง openvpn-otp plugin
Thursday, May 17th, 2018 Posted in IP Network, Linux | No Comments »copy paste =>
yum -y install epel-
yum -y install openvpn openvpn-devel git autoconf automake libtool openssl-devel libtool-ltdl-devel gcc-c++ make
cd /usr/local/src
git clone https://github.com/evgeny-gridasov/openvpn-otp
cd openvpn-otp
./autogen.sh
./configure --with-openvpn-plugin-dir=/usr/lib64/openvpn/plugins
make
make install
แล้วไป config openvpn ต่อได้เลยจ้า https://github.com/evgeny-gridasov/openvpn-otp
คร่าวๆ ฝั่ง server เพิ่มบรรทัดนี้
plugin "/usr/lib64/openvpn/plugins/openvpn-otp.so" "otp_secrets=/etc/openvpn/customroute-otp-secrets password_is_cr=1"
ส่วนฝั่ง client เพิ่มบรรทัดนี้
auth-user-pass
auth-nocache
static-challenge "Enter Google Authenticator Token" 1
(จริงๆ ควรจะมี auth-user-pass อยู่แล้ว)
Tags: compile, installation, openvpn
