As an IT consultancy we have to design, configure and implement the network systems. Our task is to connect the server and client using VMware EXsi server and we have to create a VPN between server and client. The client has to access the server through this VPN. In addition to that we have to configure some other service such as:
We have to assign a static IP for both client and server
Configuring DNS server that resolving address for both forward and reverse lookup
ftp server with Pureftpd to transfer files, here we have to create virtual user with
we have to configure an open SSH server that can support only public key authentication
we have to convert private key into putty format so that client can acknowledge that key
we have create an open VPN using Adito VPN installing and configuring the service so that we can use services like FTP and SSH can be carried through this VPN
Static ip is nothing but assigning an ip address to machine permanently for required period once the ip address is assigned it will remain same until otherwise the administrator changes the address for that particular server or machine.
Domain name system:
Domain name system is used to convert ip address to domain names and vice versa. It is hard to remember the ip address so to make it easy dns is used. The dns server contains all the records of the domain names and corresponding ip address to it. Mostly the internal dns servers are located nearest geographical locations of our service providers they maps domain ip and forward to the external dns servers
FTP (file transfer protocol)
File transfer protocol is used to download and upload files between server and client. There are two types of accounts used to access the ftp directory those are anonymous and non-anonymous. Anonymous accounts are default accounts where private and public users can login without any passwords where as in non-anonymous they require username and password so these username password is different from accounts used to login to the system. In ftp there are two types of mode in ftp one is active mode where in active ftp server starts the data transfer where as in passive ftp client establish a connection for data transfer.
SSH (Secure Shell)
Communicating between two networks in a secure channel is SSH. It is an alternative for telnet. SSH generally use public key for authentication. VPN can be connected through SSH. SSH can protect against ip and dns spoofing etc. In simple words SSH is a communicating securely in an unsecure channel .sftp is a file transfer protocol using SSH
VPN (Virtual Private network)
VPN is type of network system which is used for connecting twp private network in a public network mostly these VPN users uses a leased line to connect among their private network among themselves. These lease lines are provided with private circuit.
OpenVPN is the type of application layer which formerly called as Adito and it is web based SSL VPN server which written in java format. It has a browser based AJAX UI which make the browser to easy access the internet service for transfer the date and also to find the keys generated by ssh. Once it was installed and configured correctly will be easily access all server files and the HAD which include the application. Adito VPN is to access from any computer using our browser, create a port forward.
STEPS FOR CONFIGURATIONS
IP CONFIGURATION STEPS
Step 1: root@server ~]#ifconfig
This step is used to check where the server system is connected dynamically or static. If it is dynamic it shows only local host Ip address and if its static then it will the ip address which created for server.
Step 2: root@server~]# cd /etc/sysconfig/network-scripts
This command is used to set the server IP statically because whenever we login into the server the ip address will be static it will never change for dynamic .
Step3:root@server network-scripts~]#nano ifcfg-eth0
This step is used to set our IP to static stage from dynamic change using editors like NANO or VI or VIM. In default there will dhcpin bootproto must be changed to static and we must give Static Ip address and netmask and save the file.
Step 4: root @ server network-scripts~]#service network restart
This command used to start the network service automatically when we check our static IP address. It shows bringing up loopback interface and bringing up interface eth0 is ok then the IP address is set to static mode.
Step 5: root @ server~]#ifconfig
This is the final step to check where we set our IP address to static mode. It shows the static IP address , Net mask and Broad Cast as eth0:
DOMAIN NAME SYSTEM SERVER CONFIGURATION STEPS
Step 1: root @ server ~]# locate named.conf
This command is used to find where the sampled named.conf is located.
Step 2: root @ server~]# cd /usr/share/doc/bind-9.3.6/sample/etc
By this command we know that named.conf is located in usr/shar/doc/bind-9.3.6/sample/etc because all the sample files are basically located in usr folder and bind file is installed in this path.
Step 3: root @ serveretc~]#cpnamed.conf /var/named/chroot/etc/named.conf
In this step we use cp command to copy the sample named.conf to chroot because it secured path where we can place our configuration files which will not known to others or no chance to change our conf files.
Step 4: root @ server~]# cd /var/named/chroot/etc
Stpe 5: root @ server etc ~]#ls
here we use ls command to check where the sampled named.conf is located in etc folder or not correctly and also used to list all the files in etc folder.
Step 6: root @ server etc ~]#nanonamed.conf
Using nano editor we configurated the zone files present in the named.conf file. Here we configured only the internal zone because the assignment contain that we must connect the client virtually we use only external zones when we connect the virtual machine external machine. Then in named.conf we added the listen-on port 53 which is used to connect the client using our ip address. Save the changed named.conf file.
Step 7 : root @ server etc~]# cd /var/named/chroot/var/named
In this step used /var/named path where we must configure our internal zone for forward zone and reverse zone file with the same name mentioned named.conf.
Step 8 : root @ server named~]# nano server.namgroup21.com.zone
Here we much create zone file for forward zone using nano editor then we must type time-to live , NS , SOA and we must specify the values for expire, serial, refresh, minimumand retry which helps to keep our forward zone file for give period of time given the save the file.
Step 9: root @ server named~]#nano 121.168.192.rev
Here we configured the reverse zone file using nano editor in named path .In this is we follow the same steps which we used in forward zone that is located in named path only is different in reverse zone we must use PTR which mean that address must point the hostname fro reverse format.
Step 10: root @ server ~]# cd /etc
Step 11: root @ server etc~]#nanoresolv.conf
This step is used to assign our hostname and nameserver ipaddress which we created statically in step 1.
Step 12: root @ server~]# service named restart
This check the named configuration file is configured properly or any mistake in file. It shows that service for the named is ok. Then we must check DNS server for forward and reverse format.
Step 13: root @ server ~]#nslookup server.namgroup21.com
Using nslookup we can check whether forward zone is working or not. The output of this command will that we can find the ipaddress and name of the server we given in host folder.
Step 14: root @ server~]#nslookup 192.168.121.1
This is the reverse zone where we can find the name of the server by giving the ip address only.
FTP (FILE TRANSFER PROTOCOL) CONFIGURATION STEPS
Step 1: root @ server ~]# locate pureftpd
This steps tells that where pureftpd is located by which can extract the pureftpd file.
Step 2: root @ server~]# cd /usr/local/bin
This path tells the tar format of pureftp is located from where we extract the pureftpd to normal format to the same path.
Step 3: root @ server bin~]#ls
Lsis used to check where all the file is located in the bin folder and also we can find the tar format of purftpd version.
Step 4: root @ server bin~]# tar xvzf pureftpd-1.0.29.tar.gz
Here we use tar command to extract the pureftpd-1.0.29.tar.gzand locate the extracted pureftpd to bin folder.
Step 5: root@ server bin~]# ./configure --with-everything.
This step is used in running the configuration script where it use to prepare the server to be complied as well as to install all the packages by giving everything at end with command and all the configuration files are stored in bin folder.
Step 6: root @ server bin~]# make install-strip
This step is used make command where we can install the configuration files and make install-srip is used compile the packages present in purftpd-1.0.29.
Step 7: root @ server bin~]# cd pureftpd-1.0.29/configuration-files
Step 8: root @ server configuration-files~]# /usr/local/sbin/pure-ftpd-j -E -lpurebd:/etc/pureftpd.pdb &
This step tells that we must start the service for running the pureftp this must be given every time when we begin to run pureftpd where /usr/local/sbin is the location where the pureftpd service is present and puredb is the data base where we can see the many virtual users which we created .
Step 9: root @ server configuration-files~]#groupaddftpgroup
Step 10: root @ server configuration-files~]#useraddftpuser -g ftpgroup
The above two steps tells that to create the group and user for ftp in configuration files itself and the user must be created within the group which we created already by using command -g which denotes group we created.
Step 11: root @ server configuration-files~]#passwdftpuser
This step is used to create a password for the user ftpuser which we created for the group.
Step 12: root @ server configuration-files~]#pure-pwuseraddsuri -u ftpuser -d /home/suri
This step gives the idea to create the virtual user using pure-pw and suri is the virtual user name which we created and -u is the user id which already created in pervious step and -d which denotes the local directory were the default ftp user is created and the virtual user "suri" is located in this directory after we must create the password for the virtual user "suri".
Step 13: root @ server configuration-files~]#cp pure-ftpd.conf /etc
This steps tells that to copy the pureftpdconf file to etc folder where all the configuration files must be located before that we must make some changes in the pure-ftpd.conf like making change no anonymous no to yes for security that only the authorized user only use to transfer the files.
Step 14: root @ server configuration-files~]# cd /etc
Step 15: root @ server etc~]#nanopureftpd.passwd
In this step we create pureftpd.passwd using nano editor which shows the created password in encryption format for the virtual user "suri".
Step 16: root @ server etc~]# pure-pwmkdb
Step 17: root @ server etc~]#pure -pw show suri
This steps will shows all the information located in virtual user suri like userid(Uid) , guroupid(Gid), password etc.,
Step 18: root @ server etc~]# ./pure-conf.pl /etc/pureftpd.conf
This step is used the run the pureftp .
Step 19: root @ server etc~]#ftp 192.168.121.1
Step 20: root @ server etc~]# nano rc.d/rc.localThis step is used to locate he startup service automatically whenever we start ftp by giving ip address.
OPEN SSH CONFIGURATION STEPS
Step 1: root @ server ~]# cd /etc/ssh
Step 2: root @ serverssh~]#ls
In this step we use ls where to find sshd_conf is located in /etc/ssh folder.
Step 3: root @ server ssh~]#nanosshd_conf
In this step we must configsshd with some changes like changing of protocols, giving port number, changing directory to access through virtual users, makes changes in key authentication public as well as private keys , making some changes for securing the open ssh when we connect server with client finally we must save nano editor and comes out of the editor.
Step 4: root @ server ~]# /etc/init.d/sshd restart
After changes made in sshd_config we must start the service of sshd by using the above command.
Step 5: root @ server~]#ssh-keygen -t rsa
After starting sshdservice we must generate private and public keys in the directory /root/.ssh/id_rsaby using ssh-keygen command and we must give the passphrase for the private key which we generated. Then this two keys are saved in the same path where we generate the keys.
Step 6: root @ server~]#cd /root/.ssh
Step 7: root @ server .ssh~]#ls
The above step used to check whether the private and public keys are located in .ssh folder or not.
Step 8: root @ server .ssh~]#cp id_rsa.pub authorized_keys
The above step gives that to copy the public keys to an authorized key.
Step 9: After the above steps get over then move to client virtual machine where we must download puttygen.exe and putty.exe by using putty website and this exe file must be saved in same path.
Step 10: we must transfer the private key which is generated in server to client virtual machine through ftp.
Step 11: open the puttygen.exe then click file and gotoload private key and click generate for display the key in text box present in the puttygen.exe while doing we must we give passphrase which we created during generation of keys.
Step 12: then click save private key to convert the private key into .ppk key format where it help to connect the server by authorized key.
Step 13: open the putty.exe there we must enter our ip address in the space where ip address is mentioned.
Step 14: then click ssh in putty.exe where we must select 2 only option present on either side of the putty.exe.
Step 15: then click connection option located under ssh where we must upload our ppk format privatekey by clicking auth option located in ssh.
Step 16: then click session option from putty.exe where we must create a session for generating authorized key through which client connected to server through that key only.
Step 17: then click save the session with the name and double click the saved session where it as login to connect with server then type root for login.
Step 18: after typing root enter and we find that authenticating with public key "imported -openssh-key" will be displayed in the window.
Step 19: then we must check whether the client is connect with the server and the server get accessed with client machine and we must check the command through openssh.
ADITO SSL VPN CONFIGURATION
Step 1:root @ server~]#cd /usr/local/bin/
Here we get into the folder where the aditorar file.
Step 2: root@ server~]# tar xvzf adito-0.9.1.gz
This will extract the adito files to adito folder.
Step 3: root@ server~]# cd adito-0.9.1
In order to install we have get into the folder.
Step 4: root@ server adito-0.9.1~]#sudo ant install
This will install the adito.
Step4: The setup will ask to point your browser http://server.namgroup21.com:28080 then we have to type the address in the browser then the setup wizard starts
Step 5: In next step we have to select create a new certificate in configure certificate screen
Step 6: In next screen it will ask to enter the keystroke passphrase, this is done to generate the encrypted keystroke passphrase
Step 7: In next screen we have to create new certificate by entering the required details like hostname,company,organization,company,town,state,country - click next.
Step 8: The next step in creating certificate we have to give the folder as built-in.
Step9: In next screen we have to create a super user and password for the user to access the ftp and SSH services through this SSL based application
Step10: The next step is to configure the web server where we can accept the defaults and proceed to next screen.
Step11: The next screen is for creating proxy web server we do need that so give next
Step 12: The setup is complete and now it validate the settings once everything is done we have to give exit installer.
Step13: After the then we can go to command line and give ctrl + c
Step14: root@ server~]: sudo install-service
Step 15: root @ server~]: sudo ant start
This step tell about to start the service of the Adito Vpn.