How to connect using OpenVPN (Windows 10) to pfSense firewall.

This is a detailed guide on how to connect to your pfSense Firewall using OpenVPN for remote access. Piggybank Cloud lets you launch an pfSense firewall with a click of a button. You can connect your virtual machines to your firewall with ease from your Piggybank customer portal.

There is a known issue with the latest OpenVPN version and Windows 10 with the TAP adapter not working. This guide incorporates the fix for this issue.

1. Create OpenVPN server on pfSense firewall

1.1 Click Add under VPN / OpenVPN / Servers

1.2. Click on “Use a wizard to setup a new server.

1.3 Select Authentication Type

Type of Server – Select local User Access

1.4 Create a Certificate Authority (CA)

1.5 Add new Certificate

1.6 General OpenVPN Server Information

1.6.1 Set your interface to where VPN Clients will be connecting (usually WAN)

1.6.2 Set Protocol to UDP

1.6.3 Set the local port or leave blank

Local port upon which OpenVPN will listen for connections. The default port is 1194. Leave this blank to auto-select an unused port.

1.6.4 Description

Add your own description

1.7 Cryptographic Settings

Leave as default for the purpose of setting up this basic VPN server.

1.8 Tunnel Settings

1.8.1 Configure IPv4 Tunnel Network

This will be network assigned to OpnVPN Clients.

1.8.2 Configure IPv4 Local Network

This will be the network that will be accessed by the OpnVPN Clients, for example: the local network or LAN.

1.9 Client Settings

1.9.1 Add DNS servers

1.10 Firewall Rule Configuration

The wizard will create the firewall rules automatically for you if you check the tick boxes. This will allow traffic to the OpnVPN server and allow traffic to the Local network behind the pfSense Firewall.

1.11 Click Finish

2. Create local users

2.1 Navigate to System / User Manager

2.2 Set username and password

This is the credentials the client will use to authenticate when connecting to the VPN.

2.3 Generate user certificate

3. Install OpenVPN on Windows 10

3.1 Download and Install an older version of OpenVPN

https://build.openvpn.net/downloads/releases/openvpn-2.1.3-install-win2k.exe

When you install this you will be prompted to install a TAP driver which is version 9.Once installed we can update to the latest version of OpenVPN

3.2 Install later Version

https://build.openvpn.net/downloads/releases/openvpn-install-2.4.7-I603.exe

Once the old version of OpenVPN is installed, install the version above.

3.3 Update the TAP drivers manually

3.3.1 Open device manager and right click TAP Windows Adapter and select update.

3.3.2 Select browse my computer for driver software

3.3.3 Point to the folder where you have saved the drivers. AMD64 for 64 bit and i386 for 32 bit.

4. Run OpenVPN GUI as administrator.



This will give you the OpenVPN icon in your windows tray. Right click the icon and click import. Before you do this you will need to download the client config from the pfSense Firewall.

5. Download Client VPN Configuration

5.1 Install openvpn-client-export on pfSense Firewall

Navigate to System / package manager and click on available packages. Search for openvpn-client-export and install.

5.2 Navigate to VPN / OpenVPN / Client Export

5.3 Click on Most Clients under Inline Configuration and download the client Configuration.

Scroll down to the section heading OpenVPN Clients. If all the other steps have been carried out correctly you will see the client configurations available to download.

6. Import file for client configuration.

6.1 Right click on the OpenVPN in your system tray as per screen shot above in point 4.

6.2 Click import file and select file from download location.

7. Connect to your VPN.

7.1 Right click the OpenVPN tray icon and click connect.

7.2 Enter user credentials.

Please feel free to leave any feedback. If you would like to explore Piggybank Cloud navigate to
https://piggybank.cloud/register.php

Thank you for reading.

Getting started with UFW (Uncomplicated Firewall) Ubuntu CLI

This is a quick reference guide about getting started with UFW (Uncomplicated Firewall) Ubuntu CLI

1.Check the status of the firewall

ufw status

root@FTP:~# ufw status
Status: inactive

IMPORTANT! Please see step 2 before enabling the firewall

root@FTP:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)

ufw status verbose – gives more information about the firewall status.

root@FTP:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)


2. Enabling ufw

2.1 CAUTION! Before enabling your firewall make sure that you have added a policy to allow SSH.

root@FTP:/etc/ufw# ufw  allow ssh
Rules updated
Rules updated (v6)

You can check this has been added in the following file: /etc/ufw/user.rules

nano /etc/ufw/user.rules

]

### RULES ###

### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 22 -j ACCEPT

2.2 ufw enable

ufw enable

3. Adding ufw rules

3.1 Basic ufw rule examples

The below rules will be from any source to a specific port on the local server.

root@FTP:~# ufw allow http
Rule added
Rule added (v6)
root@FTP:~# ufw allow https
Rule added
Rule added (v6)
root@FTP:~# ufw allow ftp
Rule added
Rule added (v6)
root@FTP:~# ufw allow tftp
Rule added
Rule added (v6)
root@FTP:~# ufw allow snmp
Rule added
Rule added (v6)
root@FTP:~# ufw allow sftp
Rule added
Rule added (v6)
root@FTP:~# ufw allow smtp
Rule added
Rule added (v6)
root@FTP:~# ufw allow 3389
Rule added
Rule added (v6)

3.2 Check ufw rules

root@FTP:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
21/tcp                     ALLOW       Anywhere
69/udp                     ALLOW       Anywhere
161                        ALLOW       Anywhere
115/tcp                    ALLOW       Anywhere
25/tcp                     ALLOW       Anywhere
3389                       ALLOW       Anywhere

3.3 Source and destination specific ufw rules

root@FTP:~# ufw allow from 10.0.125.0/24 to any
Rule added
root@FTP:~# ufw allow from 10.0.130.0/24 to any  port sftp
Rule added
root@FTP:~# ufw status
Anywhere                   ALLOW       10.0.125.0/24
115/tcp                    ALLOW       10.0.130.0/24

4. Delete ufw rules

root@FTP:~# ufw delete allow https
Rule deleted
Rule deleted (v6)
root@FTP:~#

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to shape traffic using Wondershaper on Ubuntu 18.04 CLI

This is a quick reference guide on how to shape traffic using Wondershaper on Linux Based Operating Systems.

1. Install Wondershaper

apt install wondershaper

IMPORTANT: The following installation will create the directory for where the traffic shaping configuration will go.

cd bin
git clone https://github.com/magnific0/wondershaper.git
cd wondershaper
make install

2. Edit /etc/conf.d/wondershaper.conf

nano /etc/conf.d/wondershaper.conf

Example configuration:

You will need to specify which interface and what the bandwidth is restricted to in kbps.

[wondershaper]
# Adapter
#
IFACE="eth0"

# Download rate in Kbps
#
DSPEED="10240"

# Upload rate in Kbps
#
USPEED="10240"

3. Restart Wondershaper

service wondershaper restart

4. iPerf Before and after Wondershaper.

root@FTP:~# iperf3 -c 10.0.125.14
Connecting to host 10.0.125.14, port 5201
[  4] local 10.0.125.11 port 38860 connected to 10.0.125.14 port 5201
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec   115 MBytes   968 Mbits/sec    0   3.03 MBytes
[  4]   1.00-2.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   2.00-3.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   3.00-4.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   4.00-5.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   5.00-6.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   6.00-7.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   7.00-8.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   8.00-9.00   sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
[  4]   9.00-10.00  sec   112 MBytes   939 Mbits/sec    0   3.03 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec  1.10 GBytes   942 Mbits/sec    0             sender
[  4]   0.00-10.00  sec  1.09 GBytes   939 Mbits/sec                  receiver

iperf Done.
root@FTP:~# service wondershaper start
root@FTP:~# iperf3 -c 10.0.125.14
Connecting to host 10.0.125.14, port 5201
[  4] local 10.0.125.11 port 38864 connected to 10.0.125.14 port 5201
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec  1.71 MBytes  14.3 Mbits/sec    0    102 KBytes
[  4]   1.00-2.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   2.00-3.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   3.00-4.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   4.00-5.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   5.00-6.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   6.00-7.00   sec  1.06 MBytes  8.86 Mbits/sec    0    102 KBytes
[  4]   7.00-8.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   8.00-9.00   sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
[  4]   9.00-10.00  sec  1.12 MBytes  9.38 Mbits/sec    0    102 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-10.00  sec  11.7 MBytes  9.83 Mbits/sec    0             sender
[  4]   0.00-10.00  sec  11.1 MBytes  9.31 Mbits/sec                  receiver

iperf Done.

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to configure a static IP address on Ubuntu 18.04 CLI

This is a quick reference guide on how to configure a static IP address on Ubuntu 18.04

1. Check interfaces by typing ifconfig -a

root@VPS:~# ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
inet 10.10.0.102  netmask 255.255.255.0  broadcast 10.10.0.255
inet6 fe80::7ff:fe59:9a16  prefixlen 64  scopeid 0x20 	<link>
        ether 02:00:07:59:9a:16  txqueuelen 1000  (Ethernet)
RX packets 226  bytes 23624 (23.6 KB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 95  bytes 14736 (14.7 KB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
inet6 ::1  prefixlen 128  scopeid 0x10<host>
loop  txqueuelen 1000  (Local Loopback)
RX packets 2  bytes 78 (78.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 2  bytes 78 (78.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

You will need to specify the interface that you would like to statically assign an IP address to. In this scenario the interface is eth0.

2. Create a yaml file in /etc/netplan

Use nano to create and edit files – simply run the following command if you do not have it installed.

apt-get install nano

Create a yaml file under /etc/netplan – I have used network_config.yaml as my file name.

root@VPS:~# cd /etc/netplan/
root@VPS:/etc/netplan# nano network_config.yaml

Enter the following into network_config.yaml file using nano – make sure you change the interface to your ifconfig -a output (the interface you would like to configure your static IP on). My interface in this scenario is eth0.

You will also need to specify your default gateway and your dns servers. These are configured under the following headings: gateway4 and nameservers respectively.

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses:
        - 10.0.125.10/24
      gateway4: 10.0.125.254
      nameservers:
          search: [mydomain, otherdomain]
          addresses: [10.10.0.1, 1.1.1.1]

3. Apply Netplan

root@VPS:/etc/netplan# sudo netplan apply

4. Check that you have received an IP address on the interface you have specified by running ifconfig.

root@VPS:/etc/netplan# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.0.102  netmask 255.255.255.0  broadcast 10.10.0.255
        inet6 fe80::7ff:fe59:9a16  prefixlen 64  scopeid 0x20<link>
        ether 02:00:07:59:9a:16  txqueuelen 1000  (Ethernet)
        RX packets 770  bytes 77688 (77.6 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 271  bytes 38562 (38.5 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 2  bytes 78 (78.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2  bytes 78 (78.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to make a shell script executable Linux CLI

This is a quick reference guide on how to make a shell script executable on Linux Based Operating Systems.

1. chmod +x

root@FTP:~# ./shell.sh
-bash: ./shell.sh: Permission denied
root@FTP:~# chmod +x shell.sh
root@FTP:~# ./shell.sh

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to add a user to a group Linux CLI

This is a quick reference guide on how to check your network interfaces on Linux Based Operating Systems.

1. ifconfig -a

root@FTP1:~# addgroup ftpgroup user1
addgroup: The user `ftpgroup' does not exist.
root@FTP1:~# adduser user1 ftpgroup
Adding user `user1' to group `ftpgroup' ...
Adding user user1 to group ftpgroup
Done.
root@FTP1:~# adduser user2 ftpgroup
Adding user `user2' to group `ftpgroup' ...
Adding user user2 to group ftpgroup
Done.

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to change group ownership of a file Linux CLI

This is a quick reference guide on how to change group ownership of a file on Linux Based Operating Systems.

1. Change group ownership of a file using chgrp command

[root@vps1 ~]# chgrp root file1
[root@vps1 ~]# ls -l file1
-rw-r--r-- 1 root root 0 Jun  4 11:06 file1
[root@vps1 ~]# chgrp vpsuser file1
[root@vps1 ~]# ls -l file1
-rw-r--r-- 1 root vpsuser 0 Jun  4 11:06 file1

2. Check the file permission using ls -l

root@vps:~# ls -l file1
-rwxr-x--x 1 root root 0 Jun  3 08:17 file1

A dash (-) indicates that the file is a regular file.

The letter (d) indicates that the file is a directory as per below:

A letter (l) preceding indicates a special file type called a symlink. A symlink is a pointer to another location in the file system.

drwxr-xr-x 3 root root       4096 Oct 18  2018 ufw

The first three letters above refer to the permission of the user so in this case rwx, so read, write, and execute.

The next three letters is for group r-x, so read and execute, but not write as indicated by the dash.

The next three letters is for other r-x, so read and execute, but not write as indicated by the dash. (so the same as group in this example)

The number 3 in this example after the permissions indicates the number of files or sub-directories contained within this particular directory.

The first name after the number (directory and file number) in the example below is the user or file owner. “vpsuser”

The second name refers to the files group. “group1”

-rwxr-x--x 1 vpsuser group1 0 Jun  3 08:17 file1
root@vps:~#

The remainder of the file details are the size of the file, the date and time that the file was created or last modified, and the file name.

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.