Add Swap Space on Ubuntu 16.04

Before begin, please check if the system already has swap space available. Even though it’s possible to have multiple swap files or swap partitions, one should be enough.

free -h

Output
total used free shared buff/cache available
Mem: 488M 36M 104M 652K 348M 426M
Swap: 0B 0B 0B

As we can see no swap is active on the system. We will create a 1 Gigabyte file in this guide. Adjust this to meet the needs of your own server:

fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile

We can check the output of the “free” command again to verify the swap:

free -h

Output
total used free shared buff/cache available
Mem: 488M 37M 96M 652K 354M 425M
Swap: 1.0G 0B 1.0G

The swap space has been set up successfully and our operating system will begin to use it.

Now let’s make the swap space used permanently:

cp /etc/fstab /etc/fstab.bak
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

Done!

Setup 3proxy Anonymous Proxy on Ubuntu or Debian

The instruction suitable for all Unix distributions, because we are gonna compile it from source code. Compiling from source code is preferred, that way we will get the latest version. In this case I’m using Ubuntu/Debian.

To compile 3proxy from source code you need to install git, make, and gcc. Just type into your terminal:

apt-get install gcc make git -y

Next, browse to home directory

cd ~
git clone https://github.com/z3APA3A/3proxy.git

This will download latest version of 3proxy to your machine. Next step to compile and setup:

cd 3proxy
make -f Makefile.Linux

Now we put files into correct path and setup auto start of the service

mkdir -p /usr/local/etc/3proxy/bin
cp src/3proxy /usr/local/etc/3proxy/bin
cp ./scripts/rc.d/proxy.sh /etc/init.d/3proxy

Before we add 3proxy service to autostart, we need to do some adjustment to the default init script because it’s missing some LSB tags or else you’ll get some insserv warning.

vi /etc/init.d/3proxy

Change all the lines started with “#” with these lines:

#!/bin/sh
### BEGIN INIT INFO
# Provides: 3proxy
# Required-Start: $network $remote_fs $local_fs
# Required-Stop: $network $remote_fs $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Stop/start 3proxy
### END INIT INFO

Make the service auto start on boot

update-rc.d 3proxy defaults

Now let’s create the config file.

vi /usr/local/etc/3proxy/3proxy.cfg

You can RTFM for all the parameters or options, but to make it short, these are my config for anonymous proxy:
Continue reading “Setup 3proxy Anonymous Proxy on Ubuntu or Debian”

Completely Disable IPv6

Kemarin saya udah buat tutorial dengan tujuan yang sama, untuk disable IPv6 di CentOS. Tapi kali ini saya akan kasih tau dengan cara yang lain, yaitu via GRUB2. Jadi seharusnya bisa untuk CentOS, Ubuntu, atau Debian.

Buka /etc/default/grub dengan editor, lalu tambahkan “ipv6.disable=1” pada direktif GRUB_CMDLINE_LINUX. Ini contoh di server Ubuntu 16.04 saya:

GRUB_DEFAULT=0
GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=1
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="ipv6.disable=1 elevator=noop"

Setelah itu jangan lupa untuk update GRUB, kalau Ubuntu/Debian;

update-grub

sedangkan CentOS;

grub2-mkconfig -o /boot/grub2/grub.cfg

atau

grubby --update-kernel=ALL --args=ipv6.disable=1

Enjoy!

Instalasi OpenVPN Pada Debian & Ubuntu

Instalasi OpenVPN ini dikerjakan pada mesin Debian. Harusnya juga bisa untuk turunan Debian lainnya seperti Ubuntu, Mint, dll. Tujuan saya menggunakan OpenVPN biasanya untuk tunneling aja, menggunakan IP address luar, mem-bypass restriksi oleh ISP, dll. Fitur enkripsi dan login menggunakan certificate akan saya disable supaya koneksi semakin ringan dan stabil, lalu sebagai gantinya proses login nanti akan menggunakan username & password. Enkripsi cuma akan menambah overhead di trafik. Cek dulu TUN / TAP sudah enabled apa belum;

[email protected]:~# cat /dev/net/tun 
cat: /dev/net/tun: File descriptor in bad state

Kalau outputnya seperti di atas, berarti TUN / TAP sudah enabled. Jadi kita bisa lanjut ke proses instalasi.

apt-get install openvpn pam-devel

Pada beberapa instalasi Debian terbaru, mungkin akan muncul error seperti ini:

E: Unable to locate package pam-devel

Kalau kasusnya seperti itu, paket pam-devel ngga perlu diinstall. Copy contoh file konfigurasi yang udah ada ke /etc/openvpn untuk selanjutnya kita edit;

cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn/
chmod -R 755 /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/

Lalu kita edit file vars (optional). Biasanya saya edit jadi seperti ini;

vi vars
# Increase this to 2048 if you 
# are paranoid. This will slow 
# down TLS negotiation performance 
# as well as the one-time DH parms 
# generation process. 
export KEYSIZE=384 
# In how many days should the root CA key expire? 
export CAEXPIRE=3650 
# In how many days should certificates expire? 
export KEYEXPIRE=3650 
# These are the default values for fields 
# which will be placed in the certificate. 
# Don't leave any of these fields blank. 
export KEYCOUNTRY="ID" 
export KEYPROVINCE="JKT" 
export KEYCITY="Jakarta" 
export KEYORG="www.andi.life" 
export KEYEMAIL="[email protected]" 
export KEYCN=vpn.www.andi.life 
export KEYNAME=www.andi.life 
export KEYOU=www.andi.life 
export PKCS11MODULEPATH=changeme 
export PKCS11PIN=666666

setelah di-edit dan save, lalu;

source ./vars
./vars
./clean-all
./build-ca
Generating a 384 bit RSA private key.
++++++++++++++++++ ................++++++++++++++++++ 
writing new private key to 'ca.key' 
----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- 
Country Name (2 letter code) [ID]: 
State or Province Name (full name) [JKT]: 
Locality Name (eg, city) [Jakarta]: 
Organization Name (eg, company) [www.andi.life]: 
Organizational Unit Name (eg, section) [www.andi.life]: 
Common Name (eg, your name or your server's hostname) [vpn.www.andi.life]: 
Name [www.andi.life]: 
Email Address [[email protected]]:
./build-key-server vpn.www.andi.life

Perhatikan ketika execute perintah build-key-server di atas, value nya harus sama dengan Common Name, atau KEY_CN yaitu vpn.www.andi.life

Generating a 384 bit RSA private key ............++++++++++++++++++ ..++++++++++++++++++ 
writing new private key to 'vpn.www.andi.life.key' ----- 
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- 
Country Name (2 letter code) [ID]: 
State or Province Name (full name) [JKT]: 
Locality Name (eg, city) [Jakarta]: 
Organization Name (eg, company) [www.andi.life]: 
Organizational Unit Name (eg, section) [www.andi.life]: 
Common Name (eg, your name or your server's hostname) [vpn.www.andi.life]: 
Name [www.andi.life]: 
Email Address [[email protected]]: 
Please enter the following 'extra' attributes to be sent with your certificate request 
A challenge password []: 
An optional company name []: 
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf 
Check that the request matches the signature Signature ok 
The Subject's Distinguished Name is as follows 
countryName :PRINTABLE:'ID' 
stateOrProvinceName :PRINTABLE:'JKT' 
localityName :PRINTABLE:'Jakarta' 
organizationName :PRINTABLE:'www.andi.life' 
organizationalUnitName:PRINTABLE:'www.andi.life' 
commonName :PRINTABLE:'vpn.www.andi.life' 
name :PRINTABLE:'www.andi.life' 
emailAddress :IA5STRING:'[email protected]' 
Certificate is to be certified until Jan 4 06:27:10 2022 GMT (3650 days) 
Sign the certificate? [y/n]:y 
1 out of 1 certificate requests certified, commit? [y/n]:y 
Write out database with 1 new entries Data Base Updated
./build-dh

Selanjutnya kita buat file konfigurasi server;

cd /etc/openvpn
vi udp53.conf

Pada konfigurasi server saya isinya kurang lebih seperti ini;

port 53 
proto udp 
dev tun 
ca easy-rsa/2.0/keys/ca.crt 
cert easy-rsa/2.0/keys/vpn.www.andi.life.crt 
key easy-rsa/2.0/keys/vpn.www.andi.life.key 
dh easy-rsa/2.0/keys/dh384.pem 
plugin /usr/lib/openvpn/openvpn-auth-pam.so /etc/pam.d/login 
client-cert-not-required 
username-as-common-name 
server 10.53.0.0 255.255.255.0 
ifconfig-pool-persist ipp.txt 
push "redirect-gateway def1" 
push "dhcp-option DNS 8.8.4.4" 
push "dhcp-option DNS 208.67.220.220" 
keepalive 2 30 
comp-lzo 
cipher none 
persist-key 
persist-tun 
status udp53.log 
verb 3

Setelah di-edit dan save, restart service openvpn;

/etc/init.d/openvpn restart

Sampai sini service OpenVPN udah start dan client bisa login, tapi belum bisa melakukan koneksi ke internet karena belum diforward. Untuk itu edit file /etc/rc.local;

vi /etc/rc.local

dan tambahkan script ini;

echo 1 > /proc/sys/net/ipv4/ip_forward 
iptables -F 
iptables -X 
iptables -t nat -F iptables -t nat -A POSTROUTING -s 10.53.0.0/24 -j SNAT --to 209.141.55.165

10.53.0.0/24 adalah alamat jaringan local VPN yang saya masukkan di konfigurasi udp53.conf tadi, sedangkan 209.141.55.165 adalah IP public server saya. Setelah di-edit dan save, lalu;

sh /etc/rc.local

Langkah selanjutnya kita buat user untuk login ke VPN;

useradd -m -s /bin/false scylla

Konfigurasi di sisi server udah selesai, sekarang lakukan konfigurasi client. Karena aplikasi client untuk konek ke OpenVPN server ada beberapa macam (OpenVPN, Viscosity, dll) dan beda platform (Linux, Windows, Mac OSX) maka saya cuma akan menampilkan konfigurasinya secara general aja. Gimana cara install, konfigurasinya di mana, dll, cari dan coba2 sendiri ya. Atau bisa juga ditanyakan di kolom komentar di bawah.

## Contoh konfigurasi OpenVPN client (*.ovpn) ## 
client 
dev tun 
proto udp #protocol 
remote 209.141.55.165 53 #IP address server dan port 
resolv-retry infinite 
route-method exe 
nobind 
persist-key 
persist-tun 
ca ca.crt #file ini yang kita download dari server, dan diletakkan di folder yang sama. 
auth-user-pass 
comp-lzo 
cipher none #disable enkripsi 
verb 3

Di sisi client, yang kita butuhkan cuma file ca.crt yang ada di server tadi, jadi jangan lupa untuk dicopy / download dulu ke client.

Konfigurasi Jaringan & Hostname di Ubuntu

Sebenernya post ini cuma sebagai pengingat untuk diri sendiri, yang sering pake Ubuntu, tapi sering lupa ketika harus merubah setting jaringan (static) dan hostname di ubuntu 😀

OK let’s straight to the point; (Tutorial ini juga bisa digunakan pada seluruh distro turunan Debian: Debian, Ubuntu, Mint, dll).

Setting Hostname

  1. edit file /etc/hostname isikan di dalamnya cukup sebaris hostname yang diinginkan, misal “server”. Lalu;
  2. edit file /etc/hosts isinya mungkin akan seperti ini
127.0.0.1   server localhost.localdomain   localhost
127.0.1.1   server

Setting Jaringan

Konfigurasi jaringan di Ubuntu/Debian cukup ngedit satu file inih: /etc/network/interfaces untuk setting network menggunakan DHCP, isi file tersebut kurang lebih akan seperti di bawah

auto eth0 iface eth0 inet dhcp

sedangkan untuk setting secara static, isi file nya akan terlihat seperti di bawah

auto eth0
iface eth0
inet static
address 1.1.1.254
netmask 255.255.255.0
gateway 1.1.1.1
broadcast 1.1.1.255
network 1.1.1.0

yak, semoga di lain waktu kita gak lupa lagi ketika harus ngerubah konfigurasi jaringan dan hostname via Command Line Interface 😉