Archive for the ‘IP Network’ Category

0234 | named allow recursion query for only specific zone

Thursday, October 18th, 2018 Posted in IP Network, Linux, Misc | 1 Comment »

first> define dummy ip address (e.g. set it to loopback interface

ip addr add dev lo

second> named configuration:

  • define acl for blackhole query to the dummy ip address defined
acl acl_blackhole {; };
  • declare view for blackhole dns request
view blackhole {
    match-destinations { acl_blackhole; };
    recursion no;
  • declare default view for accepting the query. recursion should be yes for allowing the query
view default {
    recursion yes;
    forward only;
    forwarders {; }; # by default forward to blackhole

    zone "" IN {
        type forward;
        forward only;
        #  specify your real recursion dns server here
        forwarders {;; }; 

0232 | ติดตั้ง openvpn-otp plugin

Thursday, May 17th, 2018 Posted in IP Network, Linux | No Comments »

copy paste =>

yum -y install epel-
yum -y install openvpn openvpn-devel git autoconf automake libtool openssl-devel libtool-ltdl-devel gcc-c++ make  
cd /usr/local/src  
git clone
cd openvpn-otp
./configure --with-openvpn-plugin-dir=/usr/lib64/openvpn/plugins
make install

แล้วไป config openvpn ต่อได้เลยจ้า

คร่าวๆ ฝั่ง server เพิ่มบรรทัดนี้

plugin "/usr/lib64/openvpn/plugins/" "otp_secrets=/etc/openvpn/customroute-otp-secrets password_is_cr=1"

ส่วนฝั่ง client เพิ่มบรรทัดนี้

static-challenge "Enter Google Authenticator Token" 1

(จริงๆ ควรจะมี auth-user-pass อยู่แล้ว)

Tags: , ,