API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 13th, 2016
152
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.90 KB | None | 0 0
raw download clone embed print report
  1. # Added by hwdsl2 VPN script
  2. *filter
  3. :INPUT ACCEPT [0:0]
  4. :FORWARD ACCEPT [0:0]
  5. :OUTPUT ACCEPT [0:0]
  6. -A INPUT -m conntrack --ctstate INVALID -j DROP
  7. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  8. -A INPUT -i lo -j ACCEPT
  9. -A INPUT -d 127.0.0.0/8 -j REJECT
  10. -A INPUT -p icmp -j ACCEPT
  11. -A INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT
  12. -A INPUT -p tcp --dport 22 -j ACCEPT
  13. -A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT#
  14. -A INPUT -p udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
  15. -A INPUT -p udp --dport 1701 -j DROP
  16. -A INPUT -j DROP
  17. -A FORWARD -m conntrack --ctstate INVALID -j DROP
  18. -A FORWARD -i enp0s31f6 -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  19. -A FORWARD -i ppp+ -o enp0s31f6 -j ACCEPT
  20. # If you wish to allow traffic between VPN clients themselves, uncomment this line:
  21. -A FORWARD -i ppp+ -o ppp+ -s 192.168.42.0/24 -d 192.168.42.0/24 -j ACCEPT
  22. #-A FORWARD -j DROP
  23. COMMIT
  24. *nat
  25. :PREROUTING ACCEPT [0:0]
  26. :INPUT ACCEPT [0:0]
  27. :OUTPUT ACCEPT [0:0]
  28. :POSTROUTING ACCEPT [0:0]
  29. -A POSTROUTING -s 192.168.42.0/24 -o enp0s31f6 -j SNAT --to-source "192.168.1.93"
  30. COMMIT
  31.  
  32. [global]
  33. server role = standalone server
  34. server string = %h server (Samba, Ubuntu)
  35. passwd program = /usr/bin/passwd %u
  36. path = /home/kmdgserver/share
  37. log file = /var/log/samba/log.%m
  38. pam password change = yes
  39. dns proxy = no
  40. hosts allow = 10.0.0.0/255.255.254.0 10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 192.168.42.0/24 192.168.1. 192.168.
  41. map to guest = bad user
  42. comment = KMDG Server Share
  43. max log size = 1000
  44. syslog = 0
  45. unix password sync = yes
  46. usershare allow guests = yes
  47. passdb backend = tdbsam
  48. obey pam restrictions = yes
  49. workgroup = WORKGROUP
  50. panic action = /usr/share/samba/panic-action %d
  51. passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
  52.  
  53. interfaces = enp0s31f6 enp3s0 10.8.0.0/24 127.0.0.0/8
  54.  
  55. [KMDG Server]
  56. writeable = yes
  57. valid users = kmdgserver,@kmdgserver
  58. force user = kmdgserver
  59. force group = kmdgserver
  60. write list = kmdgserver,@kmdgserver
  61. user = kmdgserver,@kmdgserver
  62.  
  63. version 2.0
  64.  
  65. config setup
  66. virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
  67. #virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10
  68. protostack=netkey
  69. nhelpers=0
  70. interfaces=%defaultroute
  71.  
  72. conn vpnpsk
  73. auto=add
  74. #left=[public facing IP]
  75. left=192.168.1.93
  76. #leftid=192.168.1.93
  77. leftid=[public facing IP]
  78. leftsubnet=192.168.1.93/32
  79. #leftsubnet=192.168.1.0/24
  80. leftnexthop=%defaultroute
  81. leftprotoport=17/1701
  82. rightprotoport=17/%any
  83. right=%any
  84. rightsubnet=192.168.1.0/24
  85. #rightsubnetwithin=0.0.0.0/0
  86. forceencaps=yes
  87. authby=secret
  88. pfs=no
  89. type=transport
  90. auth=esp
  91. ike=3des-sha1,aes-sha1
  92. phase2alg=3des-sha1,aes-sha1
  93. rekey=no
  94. keyingtries=5
  95. dpddelay=30
  96. dpdtimeout=120
  97. dpdaction=clear
  98.  
  99. [global]
  100. port = 1701
  101.  
  102. [lns default]
  103. ip range = 192.168.42.10-192.168.42.250
  104. local ip = 192.168.1.93
  105. require chap = yes
  106. refuse pap = yes
  107. require authentication = yes
  108. name = l2tpd
  109. pppoptfile = /etc/ppp/options.xl2tpd
  110. length bit = yes
  111.  
  112. # Log Martian Packets
  113. #net.ipv4.conf.all.log_martians = 1
  114. #
  115.  
  116. # Added by hwdsl2 VPN script
  117. kernel.msgmnb = 65536
  118. kernel.msgmax = 65536
  119. kernel.shmmax = 68719476736
  120. kernel.shmall = 4294967296
  121.  
  122. net.ipv4.ip_forward = 1
  123. net.ipv4.tcp_syncookies = 1
  124. net.ipv4.conf.all.accept_source_route = 0
  125. net.ipv4.conf.default.accept_source_route = 0
  126. net.ipv4.conf.all.accept_redirects = 0
  127. net.ipv4.conf.default.accept_redirects = 0
  128. net.ipv4.conf.all.send_redirects = 0
  129. net.ipv4.conf.default.send_redirects = 0
  130. net.ipv4.conf.lo.send_redirects = 0
  131. net.ipv4.conf.enp0s31f6.send_redirects = 0
  132. net.ipv4.conf.all.rp_filter = 0
  133. net.ipv4.conf.default.rp_filter = 0
  134. net.ipv4.conf.lo.rp_filter = 0
  135. net.ipv4.conf.enp0s31f6.rp_filter = 0
  136. net.ipv4.icmp_echo_ignore_broadcasts = 1
  137. net.ipv4.icmp_ignore_bogus_error_responses = 1
  138.  
  139. net.core.wmem_max = 12582912
  140. net.core.rmem_max = 12582912
  141. net.ipv4.tcp_rmem = 10240 87380 12582912
  142. net.ipv4.tcp_wmem = 10240 87380 12582912
  143.  
  144. kmdgserver@jupiter:~$ ifconfig
  145. enp0s31f6 Link encap:Ethernet HWaddr 40:8d:5c:b9:1d:da
  146. inet addr:192.168.1.93 Bcast:192.168.1.255 Mask:255.255.255.0
  147. inet6 addr: fe80::428d:5cff:feb9:1dda/64 Scope:Link
  148. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  149. RX packets:683992926 errors:0 dropped:1 overruns:0 frame:0
  150. TX packets:180842795 errors:0 dropped:0 overruns:0 carrier:0
  151. collisions:0 txqueuelen:1000
  152. RX bytes:941095568867 (941.0 GB) TX bytes:19465551430 (19.4 GB)
  153. Interrupt:16 Memory:df200000-df220000
  154.  
  155. enp3s0 Link encap:Ethernet HWaddr 40:8d:5c:b9:1d:d8
  156. UP BROADCAST MULTICAST MTU:1500 Metric:1
  157. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  158. TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  159. collisions:0 txqueuelen:1000
  160. RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
  161. Memory:df100000-df11ffff
  162.  
  163. lo Link encap:Local Loopback
  164. inet addr:127.0.0.1 Mask:255.0.0.0
  165. inet6 addr: ::1/128 Scope:Host
  166. UP LOOPBACK RUNNING MTU:65536 Metric:1
  167. RX packets:1551082 errors:0 dropped:0 overruns:0 frame:0
  168. TX packets:1551082 errors:0 dropped:0 overruns:0 carrier:0
  169. collisions:0 txqueuelen:0
  170. RX bytes:699248341 (699.2 MB) TX bytes:699248341 (699.2 MB)
  171.  
  172. ppp0 Link encap:Point-to-Point Protocol
  173. inet addr:192.168.1.93 P-t-P:192.168.42.10 Mask:255.255.255.255
  174. UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
  175. RX packets:124 errors:0 dropped:0 overruns:0 frame:0
  176. TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
  177. collisions:0 txqueuelen:3
  178. RX bytes:18788 (18.7 KB) TX bytes:86 (86.0 B)
  179.  
  180. May 13 14:27:31 jupiter xl2tpd[21396]: Connection established to [MY HOME IP], 1701. Local: 18878, Remote: 1 (ref=0/0). LNS session is 'default'
  181. May 13 14:27:31 jupiter xl2tpd[21396]: start_pppd: I'm running:
  182. May 13 14:27:31 jupiter xl2tpd[21396]: "/usr/sbin/pppd"
  183. May 13 14:27:31 jupiter xl2tpd[21396]: "passive"
  184. May 13 14:27:31 jupiter xl2tpd[21396]: "nodetach"
  185. May 13 14:27:31 jupiter xl2tpd[21396]: "192.168.1.93:192.168.42.10"
  186. May 13 14:27:31 jupiter xl2tpd[21396]: "refuse-pap"
  187. May 13 14:27:31 jupiter xl2tpd[21396]: "auth"
  188. May 13 14:27:31 jupiter xl2tpd[21396]: "require-chap"
  189. May 13 14:27:31 jupiter xl2tpd[21396]: "name"
  190. May 13 14:27:31 jupiter xl2tpd[21396]: "l2tpd"
  191. May 13 14:27:31 jupiter xl2tpd[21396]: "file"
  192. May 13 14:27:31 jupiter xl2tpd[21396]: "/etc/ppp/options.xl2tpd"
  193. May 13 14:27:31 jupiter xl2tpd[21396]: "/dev/pts/15"
  194. May 13 14:27:31 jupiter xl2tpd[21396]: Call established with [MY HOME IP], Local: 11552, Remote: 1, Serial: 0
  195. May 13 14:27:32 jupiter pppd[31490]: pppd 2.4.6 started by root, uid 0
  196. May 13 14:27:32 jupiter pppd[31490]: Using interface ppp0
  197. May 13 14:27:32 jupiter pppd[31490]: Connect: ppp0 <--> /dev/pts/15
  198. May 13 14:27:32 jupiter NetworkManager[749]: nm_device_get_device_type: assertion 'NM_IS_DEVICE (self)' failed
  199. May 13 14:27:32 jupiter NetworkManager[749]: <info> (ppp0): new Generic device (carrier: UNKNOWN, driver: 'unknown', ifindex: 12)
  200. May 13 14:27:32 jupiter NetworkManager[749]: <info> devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
  201. May 13 14:27:32 jupiter NetworkManager[749]: <info> device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
  202. May 13 14:27:35 jupiter pppd[31490]: user kmdgserver logged in on tty pts/15 intf ppp0
  203. May 13 14:27:35 jupiter systemd[1]: Started Session c20 of user kmdgserver.
  204. May 13 14:27:36 jupiter pppd[31490]: local IP address 192.168.1.93
  205. May 13 14:27:36 jupiter pppd[31490]: remote IP address 192.168.42.10
  206. May 13 14:27:36 jupiter NetworkManager[749]: <info> keyfile: add connection in-memory ([SERVER KEY],"ppp0")
  207. May 13 14:27:37 jupiter NetworkManager[749]: <info> (ppp0): device state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
  208. May 13 14:27:37 jupiter NetworkManager[749]: <info> (ppp0): device state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
  209. May 13 14:27:37 jupiter NetworkManager[749]: <info> Device 'ppp0' has no connection; scheduling activate_check in 0 seconds.
  210. May 13 14:27:37 jupiter NetworkManager[749]: <info> (ppp0): Activation: starting connection 'ppp0' ([SERVER KEY])
  211. May 13 14:27:37 jupiter NetworkManager[749]: <info> (ppp0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
  212. May 13 14:27:37 jupiter NetworkManager[749]: <info> (ppp0): device state change: prepare -> config (reason 'none') [40 50 0]
  213. May 13 14:27:37 jupiter NetworkManager[749]: <info> (ppp0): device state change: config -> ip-config (reason 'none') [50 70 0]
  214. May 13 14:27:37 jupiter NetworkManager[749]: <info> (ppp0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
  215. May 13 14:27:37 jupiter NetworkManager[749]: <info> (ppp0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
  216. May 13 14:27:37 jupiter NetworkManager[749]: <info> (ppp0): device state change: secondaries -> activated (reason 'none') [90 100 0]
  217. May 13 14:27:39 jupiter NetworkManager[749]: <info> (ppp0): Activation: successful, device activated.
  218. May 13 14:27:39 jupiter dbus[759]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
  219. May 13 14:27:39 jupiter systemd[1]: Starting Network Manager Script Dispatcher Service...
  220. May 13 14:27:39 jupiter dbus[759]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
  221. May 13 14:27:39 jupiter systemd[1]: Started Network Manager Script Dispatcher Service.
  222. May 13 14:27:39 jupiter nm-dispatcher: Dispatching action 'up' for ppp0
  223. May 13 14:31:34 jupiter org.gnome.zeitgeist.SimpleIndexer[2238]: ** (zeitgeist-fts:3028): WARNING **: Unable to get info on application://nautilus-autostart.desktop
  224. May 13 14:35:40 jupiter org.gnome.zeitgeist.SimpleIndexer[2238]: ** (zeitgeist-fts:3028): WARNING **: Unable to get info on application://nautilus-autostart.desktop
  225.  
  226. May 13 14:27:30 jupiter pluto[22203]: "vpnpsk"[3] [MY HOME IP] #3: responding to Main Mode from unknown peer [MY HOME IP]
  227. May 13 14:27:30 jupiter pluto[22203]: "vpnpsk"[3] [MY HOME IP] #3: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
  228. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[3] [MY HOME IP] #3: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
  229. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[3] [MY HOME IP] #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  230. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[3] [MY HOME IP] #3: STATE_MAIN_R1: sent MR1, expecting MI2
  231. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[3] [MY HOME IP] #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  232. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[3] [MY HOME IP] #3: STATE_MAIN_R2: sent MR2, expecting MI3
  233. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[3] [MY HOME IP] #3: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.2'
  234. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[3] [MY HOME IP] #3: switched from "vpnpsk"[3] [MY HOME IP] to "vpnpsk"
  235. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #3: deleting connection "vpnpsk" instance with peer [MY HOME IP] {isakmp=#0/ipsec=#0}
  236. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  237. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #3: new NAT mapping for #3, was [MY HOME IP]:500, now [MY HOME IP]:4500
  238. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha group=MODP2048}
  239. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #3: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
  240. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #3: the peer proposed: [SERVER IP]/32:17/1701 -> 192.168.0.2/32:17/0
  241. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #3: NAT-Traversal: received 2 NAT-OA. Using first, ignoring others
  242. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #4: responding to Quick Mode proposal {msgid:01000000}
  243. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #4: us: 192.168.1.93/32===192.168.1.93<192.168.1.93>[[SERVER IP]]:17/1701
  244. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #4: them: [MY HOME IP][192.168.0.2]:17/1701===192.168.1.0/24
  245. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
  246. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x3b5b2c52 <0xde6e289d xfrm=AES_128-HMAC_SHA1 NATOA=192.168.0.2 NATD=[MY HOME IP]:4500 DPD=active}
  247. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #4: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
  248. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
  249. May 13 14:27:31 jupiter pluto[22203]: "vpnpsk"[4] [MY HOME IP] #4: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x3b5b2c52 <0xde6e289d xfrm=AES_128-HMAC_SHA1 NATOA=192.168.0.2 NATD=[MY HOME IP]:4500 DPD=active}
  250. May 13 14:27:33 jupiter pppd[31490]: pam_unix(ppp:session): session opened for user kmdgserver by (uid=0)
  251. May 13 14:27:35 jupiter systemd-logind[753]: New session c20 of user kmdgserver.
  252. May 13 14:29:15 jupiter smbd: pam_unix(samba:session): session opened for user kmdgserver by (uid=0)
  253. May 13 14:30:15 jupiter smbd: pam_unix(samba:session): session closed for user kmdgserver
  254. May 13 14:30:41 jupiter smbd: pam_unix(samba:session): session opened for user kmdgserver by (uid=0)
  255. May 13 14:31:41 jupiter smbd: pam_unix(samba:session): session closed for user kmdgserver
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!