Monthly Archives: April 2016

Openvpn a great open source vpn solution

Virtual private network refers to establishing a more robust & secure
connection which is virtual & private with the main advantage of being
more secured and reliable. VPN came into existence due to major breach
of security in various protocols & services on internet & network
infrastructure.In various services on the internet the data can be sniffed
through sniffers in the local area network & confidential data like
secure access codes & credentials might be sniffed & captured so vpn
was a necessary implementation to prevent sniffing,packet capturing hence
leading to more secured environment and tunnel establishment in vpn
connections.

we can define vpn implementation in very layman term like a person sitting
in US can connect to a branch office in UK and transfer his or her data
in encrypted tunnel using vpn network. In vpn there are 2 types of connection
one is site to site connection & other is client to site connection.
In site to site connection the 2 firewalls or routers located at different
geographical areas can connect and establish a vpn tunnel between them making
the entire exchange of data secure and encrypted whereas in client to site
vpn connection only there is one vpn server and client connects to vpn
server from anywhere to exchange the data in encrypted tunnel.

1. PPTP VPN

This is the most common and widely used VPN protocol. They enable authorized remote users to connect to the VPN network using their existing Internet connection and then log on to the VPN using password authentication. They don’t need extra hardware and the features are often available as inexpensive add-on software. PPTP stands for Point-to-Point Tunneling Protocol. The disadvantage of PPTP is that it does not provide encryption and it relies on the PPP (Point-to-Point Protocol) to implement security measures.

2. Site-to-Site VPN

Site-to-site is much the same thing as PPTP except there is no “dedicated” line in use. It allows different sites of the same organization, each with its own real network, to connect together to form a VPN. Unlike PPTP, the routing, encryption and decryption is done by the routers on both ends, which could be hardware-based or software-based.

3. L2TP VPN

L2TP or Layer to Tunneling Protocol is similar to PPTP, since it also doesn’t provide encryption and it relies on PPP protocol to do this. The difference between PPTP and L2TP is that the latter provides not only data confidentiality but also data integrity. L2TP was developed by Microsoft and Cisco.

4. IPsec

Tried and trusted protocol which sets up a tunnel from the remote site into your central site. As the name suggests, it’s designed for IP traffic. IPSec requires expensive, time consuming client installations and this can be considered an important disadvantage.

5. SSL

SSL or Secure Socket Layer is a VPN accessible via https over web browser. SSL creates a secure session from your PC browser to the application server you’re accessing. The major advantage of SSL is that it doesn’t need any software installed because it uses the web browser as the client application.

6. MPLS VPN

MPLS (Multi-Protocol Label Switching) are no good for remote access for individual users, but for site-to-site connectivity, they’re the most flexible and scalable option. These systems are essentially ISP-tuned VPNs, where two or more sites are connected to form a VPN using the same ISP. An MPLS network isn’t as easy to set up or add to as the others, and hence bound to be more expensive.

7. Hybrid VPN

A few companies have managed to combine features of SSL and IPSec & also other types of VPN types. Hybrid VPN servers are able to accept connections from multiple types of VPN clients. They offer higher flexibility at both clienbt and server levels and bound to be expensive.

Which open source vpn solution you should go for ? I choose openvpn  (https://openvpn.net/)

For installing openvpn for either windows/linux please follow the link below

https://openvpn.net/index.php/open-source/documentation/install.html

For configuring openvpn connections please refer their howto which is quite easy to understand and implement in your infrastructure.

https://openvpn.net/index.php/open-source/documentation/howto.html

They have also now binaries for your android and also iphones.

Feel free for any comments or queries.

-Alok Thaker

Great session on Magical Powers of Linux in Indus University

It was a privilege to be called in Indus university on 16th,April-2016 being saturday  (http://www.indusuni.ac.in/)and meeting tons of students interested in learning and knowing the power of open source and Linux. The seminar was on Magical Powers of Linux as per my standard theme and students loved it.

It was great interacting with teachers & students on their queries & interests about doing various innovative projects on Linux with IOT,Artificial Intelligence with basics of linux networking & system administration. They were also interested in learning about embedded & RTOS.

I hope more students and faculties start working on Linux and try to implement in their real lives and projects.

Few snaps from the seminar. PicsArt_04-19-10.55.16

-Alok Thaker

What is node.js & buzz about it ?

Javascript today has brought a change in today’s world of development of apps and websites. The things that we can do on the web nowadays with JavaScript running on the server, as well as in the browser, were hard to imagine just several years ago, or were encapsulated within sandboxed environments like Flash or Java Applets.

node.js has various advantages in real time applications because of being much much faster and lightweight as compared to other counter-parts on programming front.

The main idea of Node.js: use non-blocking, event-driven I/O to remain lightweight and efficient in the face of data-intensive real-time applications that run across distributed devices.Node really shines is in building fast, scalable network applications, as it’s capable of handling a huge number of simultaneous connections with high throughput, which equates to high scalability.

NPM stands for node package manager  is quite similar to that of Ruby Gems: a set of publicly available, reusable components, available through easy installation via an online repository, with version and dependency management.

Well installing of npm & node.js on ubuntu & linux boxes are quite easy.  For installation of node.js on various platforms including windows I followed the below link which is quite useful.

https://nodejs.org/en/download/package-manager/

Please feel free for any comments or queries.

-Alok Thaker

 

 

 

How to P2V (Physical to virtual) & V2V (Virtual to Virtual)

P2V(Physical to Virtual) and V2V(Virtual to Virtual) has been of great use now a days where you can convert any physical machine to virtual machine and virtual-virtual machine easily. This really saves a lot of time and efforts of systems-network administrators.

P2V & V2V also helps in easy  backups,archives and restoration process. You can easily keep the snapshots and also the images with you.  The main question arises is how to achieve P2V and V2V transition, the answer is VMware Converter utility.

VMware Converter is available for both Windows and Linux even for MAC but I am not really considering MAC as it is a proprietary product fully designed to work on Apple Machines. VMware Converter is available as enterprise plugin for VMware ESX Server and also as standalone package.

For enterprise plugin configuration you can use this URL to use it for your environment http://www.virtualizationadmin.com/articles-tutorials/vmware-esx-and-vsphere-articles/p2v-v2v/performing-p2v-conversion-vmware-esx-server-converter-enterprise.html

For Standalone package download it from https://my.vmware.com/en/web/vmware/evalcenter?p=converter.

1- Vmware vCenter Converter Standalone. (there is a windows exe installer and a linux Tgz – Done with Version 4.0.1 | 161434 )
2- Allow SSH on the Linux Box you want to convert

2a. Edit your /etc/ssh/sshd_config, ensure that you have this line

PermitRootLogin yes 

If you had to move it from no to yes, restart SSH Daemon : service ssh restart

2b. if you are running ubuntu, you may need to define the root password.

sudo passwd

  2c. Test the SSH connexion to your Linux Box as root
3- Then run your Standalone converter. Convert a machine:
4- Specify the linux box you want to convert
5- Enter the destination informations

 

6- You may be prompted to give more information regarding the destination, and to fill some settings about the Virtual Machine you want. Then Finish.

Additional informations :
Once your convertion is finish you may notice that the network is not working. If so take a look to
Debian : /etc/udev/rules.d/z25_persistent-net.rules
Ubuntu : /etc/udev/rules.d/70_persistent-net.rules

You can remove the line related to the old Physical Ethernet Card
Remember the interface’s name linked to the mac address of you virtual machine.

Edit your /etc/network/inferfaces to make the network inferface name match (in my case : eth0 → eth1)
Restart your network by the command below on Linux shell :-
#service networking restart (or stop and start)
Feel free for any comment or queries.
-Alok Thaker