Archiv der Kategorie: 9x

[EN] Tunnel traffic from VPN through Server to enable Internet Access and use Squid as Transparent Proxy

You want to create OpenVPN or PPTD-VPN enabled server with your VPN or Dedicated Server?
It’s not so hard to do it, heres the manual way (may be improved later to do it in an automatic way)

  1. Install pptpd-vpn as shown HERE
    • # apt-get install squidguard squid3 pptpd-vpn  openvpn
      • or OpenVPN as shown HEREI prefere pptpd-vpn as it’s really easy to setup!
  • Try to connect, but at the moment you wont be able to use the Internet until
    • script on the next Step has been executed (and then reconnect)
    • or you use the Proxy
    • do the next steps:
      # nano /root/vpn_enable_access.sh

#BOF (START)
#TUN+ devices are used by OpenVPN
#TAP+ devices are used by PPP-VPN
# <- are Comments, leave it as is

# IP-Range i.e.: 192.168.1.0 or 10.0.0.0 or whatever
NAT-NETWORK=192.168.1.0

# CIDR Without / (Slash)
# Usally: 192.168.0.0 is /24 with 255.255.255.0
# Usally: 192.168.0.0 is /16 with 255.255.0.0
# Usally: 10.0.0.0 is /16 with 255.255.0.0
NAT-NETMASK=24

#TRANSPARENT-PROXY ROUTING PORT
PROXY-PORT1=7778
PROXY-PORT2=7779
OPVPN-PORT0=1194

#Primary Ethernet Card (Usally, Eth0)
eth-nic=eth0
### NO CHANGE BELOW EXCEPT YOU KNOW WHAT YOU DO ###

# OpenVPN (Firewall Port Opening)
iptables -A INPUT -i $eth-nic -m state –state NEW -p udp –dport $OPVPN-PORT0 -j ACCEPT

# Allow TUN interface connections to OpenVPN server
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
# Allow TUN interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o $eth-nic -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $eth-nic -o tun+ -m state –state RELATED,ESTABLISHED -j ACCEPT

# Allow TAP interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -o $eth-nic -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $eth-nic -o tap+ -m state –state RELATED,ESTABLISHED -j ACCEPT
# NAT the VPN client traffic to the internet
# OpenVPN & PPP-VPN
iptables -t nat -A POSTROUTING -s $NAT-NETWORK/$NAT-NETMASK -o $eth-nic -j MASQUERADE
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A OUTPUT -o tap+ -j ACCEPT

# Pre-Route trough Proxy
# Support for OpenVPN and PPP-VPN
iptables -t nat -A PREROUTING -i ppp+ -p tcp –dport 80 -j REDIRECT –to-ports $PROXY-PORT1
iptables -t nat -A PREROUTING -i tap+ -p tcp –dport 80 -j REDIRECT –to-ports $PROXY-PORT2

echo done.
#EOF (END)

  • # chmod 700 /root/vpn_enable_access.sh
  • # ./root/vpn_enable_access.sh #needs only to be runned on time per reboot.

The Reason why we use ppp+ and tap+ is, that we support more then one connection with this. I Also use 2 different Ports on Squid for having a easier handling, but you can also use the same ports.

 

 

2. Squid-Config:

  • # nano /etc/squid3/squid.conf

#BOF (BEGIN)
#requires SquidGuard
#url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
#url_rewrite_children 5

# TAG: auth_param
# you may beed to use locate pam_auth to find the correct path
# i use physically existing user to aquire logon rights
auth_param basic program /usr/lib/squid3/pam_auth
auth_param basic children 5
auth_param basic realm Protected server Area
auth_param basic credentialsttl 12 hours
auth_param basic casesensitive off
#auth_param digest program /usr/lib/squid3/digest_pw_auth -c /etc/squid3/passwords
#auth_param digest realm proxy

acl checkpw proxy_auth REQUIRED
http_access allow checkpw all

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl Safe_ports port 1-65535 # unregistered ports
acl CONNECT method CONNECT
follow_x_forwarded_for deny all
http_access allow manager localhost localnet
http_access deny manager
http_access deny to_localhost

#change here the ports you need
http_port 6777
http_port 6778 transparent
http_port 6779 transparent
http_port 3128
http_port 3129 transparent

#CACHE SECTION

#RAM
cache_mem 2048 MB
maximum_object_size_in_memory 4096 KB
memory_replacement_policy heap GSDF
#HDD
cache_dir aufs /var/spool/squid3 1000 512 256
store_dir_select_algorithm round-robin
max_open_disk_fds 10000
minimum_object_size 1 KB
maximum_object_size 64000 KB
cache_swap_low 90
cache_swap_high 95
minimum_expiry_time 300 seconds
store_avg_object_size 512 KB
store_objects_per_bucket 80
quick_abort_min 16 KB
quick_abort_max 32 KB
quick_abort_pct 95
read_ahead_gap 32 KB
access_log /var/log/squid3/access.log squid
cache_store_log /var/log/squid3/store.log
logfile_rotate 9
log_ip_on_direct on
pid_filename /var/run/squid3.pid
cache_log /var/log/squid3/cache.log
diskd_program /usr/lib/squid3/diskd
unlinkd_program /usr/lib/squid3/unlinkd
refresh_pattern ^http: 1440 20% 10000
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 600 10% 60000
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600
refresh_pattern . 600 30% 64320
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 90% 43200 refresh-ims
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080 refresh-ims
refresh_pattern -i \.(html|htm|css|js|json)$ 1440 80% 40320 ignore-no-store
positive_dns_ttl 12 hours
negative_dns_ttl 19 seconds

client_lifetime 1 day
cache_mgr root
httpd_suppress_version_string on
visible_hostname server.name.tld

dns_timeout 1 minutes
hosts_file /etc/hosts
dns_v4_first on
ipcache_size 4096
fqdncache_size 4096
memory_pools on

memory_pools_limit 2048 MB
forwarded_for off

cachemgr_passwd 8527045 all
client_db on
# refresh_all_ims off
maximum_single_addr_tries 3
retry_on_error on
as_whois_server whois.ra.net
pipeline_prefetch on

max_filedescriptors 100000

http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all

via off
vary_ignore_expire on

#things that might interest you but dont need for work

#netdb_filename /var/log/squid3/netdb.state
# offline_mode off
# ipcache_low 90
# ipcache_high 95
#

 

 

## Enable only if you want a totaly anonmise your Proxy-Server

## Remind, that it could decraise your Internet-Expirence
# request_header_access Allow allow all
# request_header_access Authorization allow all
# request_header_access WWW-Authenticate allow all
# request_header_access Proxy-Authorization allow all
# request_header_access Proxy-Authenticate allow all
# request_header_access Cache-Control allow all
# request_header_access Content-Encoding allow all
# request_header_access Content-Length allow all
# request_header_access Content-Type allow all
# request_header_access Date allow all
# request_header_access Expires allow all
# request_header_access Host allow all
# request_header_access If-Modified-Since allow all
# request_header_access Last-Modified allow all
# request_header_access Location allow all
# request_header_access Pragma allow all
# request_header_access Accept allow all
# request_header_access Accept-Charset allow all
# request_header_access Accept-Encoding allow all
# request_header_access Accept-Language allow all
# request_header_access Content-Language allow all
# request_header_access Mime-Version allow all
# request_header_access Retry-After allow all
# request_header_access Title allow all
# request_header_access Connection allow all
# request_header_access All deny all

# reply_header_access From deny all
# reply_header_access Referer deny all
# reply_header_access Server deny all
# reply_header_access User-Agent deny all
# reply_header_access WWW-Authenticate deny all
# reply_header_access Link deny all
# reply_header_access Allow allow all
# reply_header_access Authorization allow all
# reply_header_access WWW-Authenticate allow all
# reply_header_access Proxy-Authorization allow all
# reply_header_access Proxy-Authenticate allow all
# reply_header_access Cache-Control allow all
# reply_header_access Content-Encoding allow all
# reply_header_access Content-Length allow all
# reply_header_access Content-Type allow all
# reply_header_access Date allow all
# reply_header_access Expires allow all
# reply_header_access Host allow all
# reply_header_access If-Modified-Since allow all
# reply_header_access Last-Modified allow all
# reply_header_access Location allow all
# reply_header_access Pragma allow all
# reply_header_access Accept allow all
# reply_header_access Accept-Charset allow all
# reply_header_access Accept-Encoding allow all
# reply_header_access Accept-Language allow all
# reply_header_access Content-Language allow all
# reply_header_access Mime-Version allow all
# reply_header_access Retry-After allow all
# reply_header_access Title allow all
# reply_header_access Connection allow all
# reply_header_access All deny all
#
#EOF (END)

 

3. Using the Proxy

On this Setup, i used PAM for Auth, this means that i prefer existing users on the System to auth against the Proxy.

  1. run the following commands after doing the change above
    • # /etc/init.d/squid3 restart
    • # /etc/init.d/pptpd restart
    • # /etc/init.d/openvpn restart
  2. adduser mynewproxyuser
    • in Case you want to create a new one
  3. adduser mynewproxyuser proxy
    • Allow „mynewproxyuser“ to use the proxy
  4. Try to connect to your proxy via your.hostna.me Port: 3128
    • If you can auth Successfully, then you are a lucky guy
      • Check, if you can open any other site, like google.de, heise.de, golem.de
        • OK? GOOD
        • NOK? BAD > Check Logs. And add your question to the Comments
  5. IF you can connect to your Proxie and can use the Internet, fine
  6. IF NOT
    1. Check if the Service is running
      1. ps auxwww | grep squid
      2. check logs
      3. run squid in non deamon mode for testing
        1. # squid3 -N
      4. remember to let squid on the first time of run create the Local Cache
        1. # squid3 -z

If everything got fine, you are now able to use your Server as a Proxy and a VPN-tunnel.

[EN] Reduce the size of the Offline Folder file (.ost)

Reducing the size of the Offline Folder file (.ost) file may improve performance if you have deleted a large quantity of items. This procedure does not delete any items that are saved on the server.

  1. Delete any items that you do not want to keep, and then empty the Deleted Items folder.
  2. On the Tools menu, click Account Settings.

    The Account Settings command is missing.

    The Account Settings command is on the Tools menu in Microsoft Office Outlook 2007. If you are using an earlier version of Outlook, the following instructions do not apply. Use the Help that is included with that product. If the title bar of the program that you are using displays Microsoft Outlook Express, you are using a program that is not the same as Outlook. See Help in Outlook Express for assistance.

  3. In the list, select Microsoft Exchange Server, and then click Change.
  4. Click More Settings.
  5. Click the Advanced tab, and then click Offline Folder File Settings.
  6. Click Compact Now.

Note

  • To delete an item from both the online and offline folders, select the item, and then press DELETE.
  • If you are using an Exchange account in Cached Exchange Mode, only the selected folder will be cleared from the local .ost file. The items on the server will be downloaded again to the .ost file on the next synchronization, if the folder is selected under Folder Options in Send/Receive Settings for the Exchange Server e-mail account.
  • When you use Cached Exchange Mode, public folders favorites are not synchronized by default. If you choose to synchronize public folders, the size of your Offline Folder file (.ost) may increase significantly.

 

Original by: Microsoft

[EN] Reduce the size of a Personal Folders file (.pst)

If you delete items from a Personal Folders file (.pst), the file is automatically compacted in the background when you’re not using your computer and Outlook is running. If you want to immediately reduce the size of the file, you can force a compaction. The procedure to compact the data file might take several minutes.

  1. On the File menu, click Data File Management.
  2. Click the data file that you want to compact, and then click Settings.
  3. Click Compact Now.

Note:    You do not have to exit Outlook after you compact a .pst file.

 

Original by: Microsoft

[EN] Manage the size of your mailbox

You can use the Mailbox Cleanup tool, which allows you to view the size of your mailbox and individual folders. You can also archive older items to an archive Personal Folders file (.pst) and empty your Deleted Items folder.

  1. On the Tools menu, click Mailbox Cleanup.
  2. Do any of the following:
    • To view the total size of your mailbox and of individual folders within it, click View Mailbox Size.
    • To locate older items, select Find items older than n days, enter a number between 1 and 999, and then click Find.
    • To locate large items, select Find items larger than n kilobytes, enter a number between 1 and 9999, and then click Find.
    • To move older items in your mailbox to an archive Personal Folders file (.pst), click AutoArchive. The default folder for archive .pst files is c:\Documents and Settings\user name\Local Settings\ Application Data\Microsoft\Outlook.
    • To view the size of your Deleted Items folder, click View Deleted Items Size.
    • To empty your Deleted Items folder, click Empty.
    • To view the size of your Conflicts folder, click View Conflicts Size.
    • To delete the contents of your Conflicts folder, click Delete.

 

Original by: Microsoft

[EN] Howto Syncronize Group Policies with gpupdate

You installed a new PC on your Domain Network and now, you have one Problem… you want to force the client to use the Group-Policies you’ve set on your Domain-Controller?!

 

No Problem!

Go a Head and use:

  • On Win xp:
    • Start
      • Run
        • cmd
  • on Win 7
    • Start
      • Search Programs/File
        • cmd
  • OR – The „Short-Cut Way“
    • Windows+R
      • cmd

 

After that you may open up your Dos-Box which you enter then

  •  gpupdate /force

This should look like this:

gpupdate_force

 

Any Questions into the comments…

[EN]Howto add on Microsoft Outlook 2007 Local Archive (*.pst (Personal Storage))

Microsoft’s Outlook email management program stores all user data, including messages, contacts, and calendar entries within a single .pst file called a Personal Folders file. As this file grows, it can start to cause errors within Outlook, including program crashes or data corruption. While backups are an important safeguard against potential data loss, they alone do not adequately circumvent these kinds of errors.

Archiving old or infrequently used data serves to reduce the overall size of the .pst file, and should be done periodically depending upon the volume of email your Outlook program handles.  Users who send and receive relatively large amounts of email or frequently deal with files containing large attachments will need to archive more regularly. Typically, Outlook’s performance will begin to be impaired as .pst file sizes exceed 500 MB.

Note: Before beginning the archive process, it is important to backup your current .pst file.  A quick backup procedure may be found in our Backing Up Personal Data Files article.

To manually archive data within Microsoft Outlook 2007, take the following steps:

1. Open the File menu, click New and select Outlook Data File.
bild6

2. Select Office Outlook Personal Folders File (.pst)  and click OK.
bild2

3. For the purposes of this demonstration, we have named the file „archive“ below. The name of the archive file may be chosen arbitrarily; however, it is important that Personal Folders File is the option that is chosen from the „Save as type:“ drop-down menu. Once the file has been named, click OK to continue.
bild3

4. You will be prompted at this point to name the newly created file. This is the simply the title that will appear in the navigation pane of Outlook once the .pst file has been successfully created.  If you would like to secure your archived data with a password you may do that within this window also.  Here, we have given our file the name „Personal Folders Archive.“ The new folder should now show up in the navigation pane as shown below.
bild4bild5

5. You are now able to move email messages out of your main .pst file and into the newly created Archive folder.  You may use the drag-and-drop feature to move data from folder to folder or utilize the Move to Folder… option that appears when appropriate files are right clicked. Entire folders may be moved in a similar manner.

Note:  Once you have finished moving files to the archive file, it will be necessary to compact your primary .pst file. For more information, see the article „Compacting Your Personal Data File.“  This is very important, because Outlook will not automatically reduce the size of the file after you archive data; you must shrink the file manually using the Compact feature.

Referenced from: Microsoft.com

 

 

CCB-Network sucht neue Projekte

Sehr geehrte Damen und Herren,

 

Sie sind Unternehmer oder Dienstleister und suchen einen IT-Onsite Support oder IT-Techniker ggf. auch mit Elektrofachkraft Qualifikationen?

 

Wir sind derzeit auf der Suche nach einen Projekt im Umkreis Augsburg  von etwa 80-100km mit mindestens 120 bzw 160 Stunden Auslastung. Über die Konditionen können gerne im einzelnen Verhandelt werden.

Sollten wir ihr Interesse geweckt haben würden wir uns Freuen, wenn Sie mit uns in Kontakt treten würden. Der Schnellste weg geht über unser Impressum