Sunday, January 19, 2014

How to Resize the Root Partition in Linux on Amazon EC2

Check the Root Partition size before resize:
df -h

1The current root partition size is ~8 GB.

After that, stop your instance:
sudo poweroff

2

Go to Volumes on the left-hand EC2 navigation control panel.Right-click on the volume you want to resize and select Create Snapshot.

3Note: Make sure you also check the availability zone.

Fill out the details of the snapshot you are creating.

4

Go to Snapshots on the left-hand EC2 navigation control panel.Right-click on the snapshot you created and select Create Volume from Snapshot.

5

Enter the new size of the partition that you would like to be, select the same availability zone in which your instance is running and click Yes,Create.

6

Go back to the Volumes in the EC2 control panel. Select the old root volume, right click on it and select Detach Volume.

7

Now right click on the new volume that we have just created and select Attach Volume.

8

Please make sure that the volume should be attached as /dev/sda1:

9

Now turn on your instance. Make a note of your partition name, in my case it is /dev/xvda1. Type the resize2fs /dev/xvda1 command.
sudo resize2fs /dev/xvda1

10

After that view the new root partition size.
df -h

11

Yes, it’s work

Hope this will help you!

Please Remember me in your prayers!
Posted by at No comments:
Labels: , , , , , , , , , , , ,

InterVLAN Routing with Internet Access on Ubuntu

topology

Scenario:

  • Router: Ubuntu Server with 1 network card.

  • Clients:  WindowsXP in VLAN10,Windows7 in VLAN20.

  • Internet: Internet Router on VLAN30

  • Switch: Cisco 2960


Cisco 2960 Switch Configuration:

interface FastEthernet0/12
description CONNECTED TO UBUNTU ROUTER
switchport mode trunk
!
!
interface FastEthernet0/1
description WINXP
switchport access vlan 10
switchport mode access
!
!
interface FastEthernet0/2
description Win7
switchport access vlan 20
switchport mode access
!
!
interface FastEthernet0/24
description Internet Router
switchport access vlan 30
switchport mode access

Ubuntu Router Configuration:

To install the vlan support on ubuntu, use this command:
sudo apt-get install vlan

1

Now we shall configure the vlans on Ubuntu router by editing the /etc/network/interfaces:
sudo nano /etc/network/interfaces

1

2

To enable ip forwarding, edit /etc/sysctl.conf file:
sudo nano /etc/sysctl.conf

2

Change net.ipv4.ip_forward from 0 to 1:

3

Load “8021q” kernel module:
sudo modprobe 8021q

4

Restart the Networking service:
sudo /etc/init.d/networking restart

5

Verify the vlan configuration:
sudo cat /proc/net/vlan/config

6

In order to provide internet access to Vlan 10 and 20 client(s), we need to do NAT on Vlan 30 interface, on which we have configured the Gateway:
sudo iptables -t nat -A POSTROUTING -o vlan30 -j MASQUERADE

3

Verify the routing information on Ubuntu:
sudo route -n

4

Test from WinXP:

5

6

7

Test from Win7:

8

9

10

Hope this will help you!

Please Remember me in your prayers
Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

{Workaround}how to get access to the server, when Amazon EC2 private key lost

1. Login to your AWS Management Console.

2. Select  EC2 from the Services | set your Region in the drop-down list | Click the Instances link in left side bar.

3. Right click on the instance name. The Instance Management context menu will appear. Select Create Image.

1

4. Enter the name and description. This is for your use, not Amazon’s.Click the Create Image button. A confirmation message appears. Behind the scene, EBS volume is copied to a snapshot.

2

5. Find your new AMI. AMI link is in the left navigation bar. Right Click on it and select the Launch (Follow the wizard).

3

6. In the last step, select the “Create a new key pair” instead of using the existing key pair,provide the name to your key pair and then click Download Key Pair Button.

4

7. Convert the downloaded key (for Putty use)  by using the following Tutorial.

8. Connect to the instance with the converted key and verify your data/setting.

5

Hope this will help you!

Please Remember me in your prayers!
Posted by at 1 comment:
Labels: , , , , , , , ,

OpenVPN server on CentOS 6.4 behind NAT

This tutorial describes that how to configure the OpenVPN Server in CentOS 6.4 and clients in Windows XP/7.

I am taking the scenario of SOHO network, which is protected by Firewall, we’ll implement the OpenVPN on internal CentOS 6.4 server to access the internal SOHO network (Server and PCs) through the internet from anywhere securely.

openvpn

Before starting this tutorial, we need to install the RPMforge and EPEL repositories:

RPMforge Installation:
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.5.2-2.el6.rf.*.rpm
rpm -i rpmforge-release-0.5.2-2.el6.rf.*.rpm
yum repolist

EPEL Installation:
wget http://ftp.riken.jp/Linux/fedora/epel/RPM-GPG-KEY-EPEL-6
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm --import RPM-GPG-KEY-EPEL-6
rpm -ivh epel-release-6-8.noarch.rpm
yum repolist

OpenVPN Server Installation:

Install the openvpn package using the following command:
yum install openvpn easy-rsa

1

Make the openvpn service to start automatically on boot:
chkconfig openvpn on

1a

Make an easy-rsa/keys directory inside /etc/openvpn:
mkdir -p /etc/openvpn/easy-rsa/keys

2

Copy the default easy-rsa into /etc/openvpn for setting up Certificate Authority (CA), certificates and keys generation for OpenVPN server and clients:
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa

3

Edit /etc/openvpn/easy-rsa/vars:
cd /etc/openvpn/easy-rsa/
vi vars

4

Edit these parameters according to your need:
export KEY_COUNTRY="US"
export KEY_PROVINCE="NC"
export KEY_CITY="Winston-Salem"
export KEY_ORG="Example Company"
export KEY_EMAIL="me@example.com"

5

Move to the /etc/openvpn/easy-rsa/ and enter these commands:
cd /etc/openvpn/easy-rsa/
cp openssl-1.0.0.cnf openssl.cnf
source vars
./clean-all

6

Now, generate the CA certificate and key:
./build-ca

7

Next, generate a server certificate and private key:
./build-key-server tendo

8Note: tendo is my server name in above command, you can use your server name here.

For OpenVPN server,Diffie Hellman parameters are must:
./build-dh

9

Copy all the certificates and keys into /etc/openvpn/ from /etc/openvpn/easy-rsa/key/ subdirecotory:
cd keys/
cp ca.crt tendo.crt tendo.key dh1024.pem /etc/openvpn/

10

Create a /etc/openvpn/server.conf file and enter the certificates and keys information that we have created above:
vi /etc/openvpn/server.conf

11

Here is my server.conf file as an example, you can change it according to your requirement:
port 1194
proto udp
dev tun
ca ca.crt
cert tendo.crt
key tendo.key # This file should be kept secret
dh dh1024.pem
#VPN subnet for OpenVPN to draw client addresses from.
server 172.16.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#Push routes to the client to allow it to reach other 
#private subnets behind the server.
push "route 10.10.10.0 255.255.255.0"
#If you want that all of your Internet traffic pass 
#through the VPN server then enable this
;push "redirect-gateway def1 bypass-dhcp"
# For name resolution, enable this
;push "dhcp-option DNS 10.10.10.254"
client-to-client
keepalive 10 120
comp-lzo
max-clients 10
persist-key
persist-tun
status openvpn-status.log
verb 5
mute 20

12

Now, start the OpenVPN server:
service openvpn start

13Note: Forward udp port 1194 to your internal OpenVPN server on edge firewall.
Client Certificates:

VPN client also need a certificate to authenticate itself to the server. Using the root user, create the different certificate for each client:
cd /etc/openvpn/easy-rsa/
./build-key rblaptop

14Note: rblaptop is my vpn client name in above command, you can use your client name here.

Copy these files to the client machine using winscp or any other method:
1) /etc/openvpn/ca.crt
2) /etc/openvpn/easy-rsa/keys/rblaptop.crt
3) /etc/openvpn/easy-rsa/keys/rblaptop.key

Your files name will be differ, so adjust them as per your need.
OpenVPN Client Configuration on Windows Machine:

Download free OpenVPN client for windows from here, and install it. Below is the step by step procedure to configure this OpenVPN client in order to connect to the OpenVPN server that we have configured above:

1

2

3

4

5

6

7

8

9

10

11

Check the routing table on client machine:
netstat -r

12

Ping to the OpenVPN internal ip:

13

For internal host, the ping will be failed because internal host doesn’t know about this vpn pool. To overcome this problem, we need to configure NAT on OpenVPN server:

Edit the /etc/sysctl.conf file:
vi /etc/sysctl.conf

15

Enable IP forwarding by changing “net.ipv4.ip_forward” line to 1:
net.ipv4.ip_forward=1

16

Create an iptables rule to allow the proper routing of VPN subnet.
iptables -t nat -A POSTROUTING -s 172.16.10.0/24 -o eth0 -j MASQUERADE
service iptables save
service iptables restart

17

Reboot the server or issue this command to load the change:
sysctl -p

Ping to the internal host again:

14

Success 
Hope this will help you!

Please Remember me in your prayers
Posted by at No comments:
Labels: , , , , , , , , , , , ,
Subscribe to: Posts (Atom)