L2TP VPN

Thanks to https://www.dmosk.ru

yum install -y epel-release
yum install -y net-tools.x86_64 ipsec-tools mc xl2tpd iptables-services

systemctl enable xl2tpd
systemctl start xl2tpd
systemctl enable racoon
systemctl start racoon

mcedit /etc/racoon/racoon.conf
—ADD—
remote anonymous
{
exchange_mode main,aggressive,base;
doi ipsec_doi;
passive on;
proposal_check obey;
support_proxy on;
nat_traversal on;
ike_frag on;
dpd_delay 20;
proposal
{
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
proposal
{
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
}

mcedit /etc/racoon/psk.txt
—ADD—
Для клиентов Windows добавляем:

ip-addres1 key-password1
ip-addres2 key-password2

* где ip-addres — ip-адрес клиента, с которого будет идти подключение; key-password — пароль для подключения.

Для клиентов Android добавляем:

identifier1 key-password1
identifier2 key-password2

* где identifier — идентификатор клиента, который будет использоваться при подключении; key-password — пароль для подключения.

mcedit /etc/rc.d/init.d/racoon.init
—CREATE—
#!/sbin/setkey -f

flush;
spdflush;

spdadd 0.0.0.0/0[l2tp] 0.0.0.0/0 any -P out ipsec esp/transport//require;
spdadd 0.0.0.0/0 0.0.0.0/0[l2tp] any -P in ipsec esp/transport//require;

chmod 755 /etc/rc.d/init.d/racoon.init

mcedit /etc/rc.local
—ADD—
/etc/rc.d/init.d/racoon.init

/etc/rc.d/init.d/racoon.init

mcedit /etc/xl2tpd/xl2tpd.conf
—EDIT—
[global]
ipsec saref = yes
force userspace = yes
[lns default]
ip range = 176.16.10.10-176.16.10.200
local ip = 176.16.10.1

mcedit /etc/ppp/options.xl2tpd
—UNCOMMENT—
ms-dns 77.88.8.8
ms-dns 8.8.8.8

require-mschap-v2

mcedit /etc/ppp/chap-secrets
—ADD—
rpro * password *

systemctl restart xl2tpd
systemctl restart racoon

mcedit /etc/sysctl.conf
—ADD—
net.ipv4.ip_forward=1

iptables -L -v -n

mcedit /etc/iptables_rules.sh
PASTE

chmod 0740 /etc/iptables_rules.sh
/etc/iptables_rules.sh

OpenVPN

yum -y install wget
wget -O /tmp/ovpn.rpm http://swupdate.openvpn.org/as/openvpn-as-2.5-CentOS7.x86_64.rpm
cd /tmp
rpm -i ovpn.rpm
passwd openvpn

http://server:943

Swap

Check swap status

swapon -s

If answer apsents – swap doesn’t exist

After that we create a new swap 1GByte

dd if=/dev/zero of=/swapfile bs=1M count=1000
mkswap /swapfile
swapon /swapfile

Zabbix

Zabbix Repo
# rpm -Uvh http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/zabbix-release-3.4-1.el7.centos.noarch.rpm

Zabbix Server
# yum install -y zabbix-server-mysql zabbix-web-mysql
# mcedit /etc/zabbix/zabbix_server.conf


# systemctl start zabbix-server
# systemctl enable zabbix-server
# mcedit /etc/httpd/conf.d/zabbix.conf

php_value date.timezone Europe/Moscow

# systemctl start httpd
# systemctl enable httpd

Zabbix Agent
# yum install -y zabbix-agent
# mcedit /etc/zabbix/zabbix_agentd.conf

PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
LogFileSize=0
Server=127.0.0.1
ServerActive=127.0.0.1
Hostname=Zabbix server
Include=/etc/zabbix/zabbix_agentd.d/*.conf

# systemctl start zabbix-agent
# systemctl enable zabbix-agent

February 23

Ulyana has a flu and we are at home together. She is playing with her toys and fighting with the cats. It looks good, but I can’t work or do something productively since any time she can come up to me to ask something or to play.

I planned to start sales on March 1, but I’m afraid I didn’t foresee many things. I’m trying to figure it all out on my own and it takes a lot more time than I thought. For example, installation and setup of the Zabbix took me around 10 hours instead of 1 hour. Now I have to work or study English until late night.

Minsk Day 2

When I was waiting for the tram a stranger came up to me and started asking idiotic questions. Bad smelling people frequently come to me to beg for money. May be it happens because I’m fat? May be they think that fat people are kind:) All of them start with the same phrase so I spot them immediately. This guy was well dressed, he had a bag in his hand. Despite all these attributes of “luxury” I understood his aim in the long run. And I started to talk with him about God 🙂 It always works! Smart people think that I’m stupid, stupid people just get afraid. That man was no exception.

He was travelling in my tram, and all the time talked with different passengers.