Linux Tutorial

How to set up a VPN server (PPTP) with CentOS

Open the door on the firewall

Now that the service is operational, we must ensure that it is reachable!

First, we open the port on the firewall: Follow System -> Administration -> Security Level and Firewall to launch the configuration panel.

Click the Add button at the bottom right, enter 1723, press Ok and confirmed repeatedly until you close the tool.
Configure the router

If the server’s Internet connection to use a router, you must also configure the same port forwarding (port forwarding) to the VPN server (for local trace the IP address, refer to the article “Configure IP address and DNS on CentOS“.

The exact procedure varies from model to model. As for the ubiquitous Alice Gate provided on loan by Telecom Italy, For all other devices, you should refer to the instruction booklet.

This step alone, however, may not be enough. Some routers block because the protocol Generic Routing Encapsulation (GRE) used in this scenario: it is therefore necessary to browse through the available options and make sure that this barrier is not active.

To complicate matters further, other devices provide an option called VPN Passthrough (PPTP Passthrough, or) that must be explicitly activated in turn to achieve the goal: again, you are called to use a little ‘technical acumen and the slog’ management interface of the device to achieve the goal.
Getting a dynamic domain name

In order to reach the CentOS server from the outside, is particularly convenient to use a dynamic domain name (it will be something like servervpn.no-ip.org): NO-IP is definitely a great tool as well as DynDNS.

I strongly suggest you to associate one to your server before going any further.
Connect from client

At this point, everything should be ready. You just have to connect from a client! The procedure was shown in “How to connect to a VPN server with Windows 7 and Ubuntu”

Once the connection is established, the CentOS server takes care to join in an (almost) clear the two branches of the network: that of the VPN and local network segment which provides access.

Note that the remote Windows PC on the LAN may not be correctly displayed under My Network: if so, use the usual \ \ PC-name from Windows Explorer to reach them directly.

See also:
1. How to set up a VPN server (PPTP) Part.1
2. How to set up a VPN server (PPTP) Part.2

The best solution for the Network Monitoring System is a combination of these applications Nagios / Centreon / NagVis / Dokuwiki.
This article proposes the installation step by step and configuration of Nagios on CentOS 6.
I invite you to read the article to make a Red Hat Enterprise Linux CentOS.

Installing the operating system

Install CentOS

Update your system

# yum -y update rpm
# yum -y -y -v update

(Do you treat it configures the proxy)

2.Remove useless software (GUI, Squid, etc …):

# yum -y remove gdm
# yum -y -v remove squid

3. Configure the system to “level 3″ (single command):

# vim \etc\inittab

4.Disability unnecessary features:

# chkconfig –level 3 bluetooth off
# chkconfig –list |grep 3:on

5.Disability SELinux:

# vim /etc/selinux/config
SELINUX=disabled
# reboot

Install pre-requisites

# yum -y install libstdc++-devel gcc-c++
# yum -y install httpd
# yum -y install gd gd-devel

(Optional)

# yum groupinstall “Development Tools”
# yum install kernel-devel

Installing SSL and MySQL

# yum -y install openssl-devel perl-DBD-MySQL mysql-server mysql-devel

Install PHP

# yum -y -v install php php-mysql php-gd php-ldap php-xml

Install the DBI module

# yum -y install perl-DBI perl-DBD-MySQL

Install Perl modules

# yum -y install perl-Config-IniFiles

Install RRDTools

# yum -y install rrdtool perl-rrdtool

Install SNMP

# yum -y install perl-Crypt-DES perl-Digest-SHA1 perl-Digest-HMAC net-snmp-utils
# yum -y install perl-Socket6 perl-IO-Socket-INET6 net-snmp net-snmp-libs php-snmp dmidecode lm_sensors perl-Net-SNMP net-snmp-perl

Other APPS

# yum -y install fping graphviz cpp gcc gcc-c++ libstdc++ glib2-devel

Install and configure PEAR

# yum install php-pear

Configuration

(PROXY) # pear config-set http_proxy http://: my_proxy.com:port

Update it before installing PEAR

# pear channel-update pear.php.net
pear upgrade-all

Install NAGIOS

# groupadd nagios
# adduser nagios -g nagios
# passwd nagios

Check the created

# grep nagios /etc/passwd

Adding the right people

# usermod -G nagios nagios
# usermod -G apache,nagios apache

control whether users are correct

# grep nagios /etc/group
# mkdir /usr/local/nagios
# wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.0.tar.gz

# ./configure –-enable-embedded-perl –-prefix=/usr/local/nagios -–with-cgiurl=/nagios/cgi-bin –-with-htmurl=/nagios/ –-with-nagios-user=nagios –-with-nagios-group=nagios -–with-command-group=nagios
–enable-nanosleep –enable-event-broker

Test setup:

# make test

Troubleshooting: probable problems with embedded-perl

Use cpan by cmd:

# cpan
#> install Test:Simple Test::Long Test::WWW::Mechanize::CGI
Path to Perl (only if needed)
export PERL5LIB=/usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so libperl.so

Install Nagios

# make all
# make install
# make install-init
# make install-commandmode
# make install-config
# make install-webconf (this will copy nagios.conf)
# ls -l /usr/local/nagios

you should see 5 different subdirectories

# htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Edit the file so that the user nagiosadmin cgi.cfg authentication

# vim /usr/local/nagios/etc/cgi.cfg
authorized_for_system_information=nagiosadmin

httpd.conf

FIX: /etc/httpd/conf.d/nagios.conf
Alias /nagios/ “/usr/local/nagios/share/”

configure httpd.conf

ScriptAlias /nagios/cgi-bin “/usr/local/nagios/sbin”

# SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName “Nagios Access”
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user

Alias /nagios/ “/usr/local/nagios/share/”

# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName “Nagios Access”
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user

Finally restart Apache and Nagios

# service httpd restart
# service nagios restart
Add both to auto start
# chkconfig –add httpd
# chkconfig –level 35 httpd on
# chkconfig –add nagios
# chkconfig –level 35 nagios on

Try it on your browser:

http://nagios/

If not check the logs

/var/logs/httpd/error_log
/usr/local/nagios/etc/htpasswd.users
/usr/local/nagios/etc/cgi.cfg

Installing plugins NAGIOS

# wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.14.tar.gz
# ./configure –with-openssl=/usr/bin/openssl –enable-perl-modules –prefix=/usr/local/nagios –with-nagios-user=nagios
# make all
# make install

Check if:

# ls -l /usr/local/nagios/libexec
i permessi devono essere nagios:nagios

# chown nagios:nagios -R /usr/local/nagios/libexec
# chomod +x -R /usr/local/nagios/libexec

Install CENTREON

Install PHP5 & MySQL

# yum -y -v install mysql-server
# yum -y -v install php-date
# yum -y -v install php-gd php-mysql php-snmp php-ldap
# yum -y -v install php-mail php-mail-mime php-net-smtp php-net-socket
# yum -y -v install php5-xmlrpc

Start MySQL in safe mode and enter the password

#service mysqld_safe –skip-grant-tables

Add Password

# mysql -u root
mysql> use mysql;
mysql> update user set password=PASSWORD(“password”) where User=’root’;
mysql> flush privileges;
mysql> quit
# service mysqld restart
# chkconfig –add mysqld
# chkconfig –level 3 mysqld on

PhpMySQLAdmin (optional) for easy administration of MySQL:

# yum -y -v install phpmyadmin

Log on using:

http://infonagiosdsv/phpMyAdmin

Install NDOUtils

# wget http://prdownloads.sourceforge.net/sourceforge/nagios/ndoutils-1.4b9.tar.gz
# tar -zxvf ndoutils-1.4b9.tar.gz
#./configure
#make all
#make install

(Do not think we do run CENTREON)

Install Services EMAIL:
PostFix o SendMail,

# yum -y -v install postfix
# yum -y -v install sendmail

Make a test email

# echo “TEST EMAIL” | sendmail -s “testing my first email” [email protected]

Upgrade PEAR

# pear upgrade pear
# pear channel-update pear.php.net
# pear install -o -f –alldeps DB_DataObject DB_DataObject_FormBuilder MDB2 Numbers_Roman
# pear install -o -f –alldeps Numbers_Words HTML_Common HTML_QuickForm2 HTML_QuickForm_advmultiselect HTML_Table Auth_SASL
# pear install -o -f –alldeps HTTP Image_Canvas Image_Color Image_Graph Image_GraphViz Net_Traceroute Net_Ping Validate XML_RPC
# pear install -o -f –alldeps SOAP

required by PHP

# yum install php-mbstring php-posix

Improve SUDO

# vim /etc/sudoers
#Default requiretty
:wq!

Download CENTREON

# wget http://download.centreon.com/index.php?id=123
# bash install.sh

Change the configuration at this point:

Perl modules for RRD [RRDs.pm]?
/usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/RRDs.pm
Dove si trova PEAR [PEAR.php]
/usr/share/pear/PEAR.php
Dove si trova NDO?
/usr/local/nagios/bin/ndomod.o

You start the GUI:

http:///centreon

Perhaps dvi restart NDOUtils

# /usr/local/nagios/bin/ndo2db -c /usr/local/nagios/etc/ndo2db.cfg

Auto Start / Stop daemon NDO.

# vim /etc/init.d/nagios
trova la stringa e aggiungi:
“if [ $? -eq 0 ]; then…”
/usr/local/nagios/bin/ndo2db -c /usr/local/nagios/etc/ndo2db.cfg
“su – $NagiosUser -c “touch $NagiosVarDir/nagios.log $NagiosRetentionFile…”
“killproc_nagios nagios…”
histoy

Make sure snmpd works

# vim /etc/snmp/snmpd.conf
# service snmpd restart
# chkconfig –add snmpd
# chkconfig –level 3 snmpd on

In case of ERROR:
Can not locate Net / SNMP.pm in @ INC
SOLUTION:

1) By CPAN (best)
On the command line, as root:

[your_host]# perl -MCPAN -e shell
cpan shell — CPAN exploration and modules installation (v1.76)
ReadLine support enabled
cpan> install Net::SNMP

If it’s the first time you run CPAN, it will ask you Probably some (simple) questions.
Also CPAN will ask you to Satisfy some dependencies (Crypt:: DES, Digest:: MD5, etc. ..).

2) By hand
Download the following modules (tar.gz format) on www.cpan.org
- Crypt::DES
- Digest::MD5
- Digest::SHA1
- Digest::HMAC
- Net::SNMP

One For Each (you must install Net:: SNMP at the end):

tar zxf .tar.gz
cd
perl Makefile.pl
make test
make install

Installing DokuWiki

Add the Apache configuration

# vim /etc/httpd/conf.d/dokuwiki.conf
#DOKUWIKI
Alias /wiki “/usr/local/dokuwiki/www”

Options ExecCGI
AllowOverride None
Order allow, deny
Allow from all

# mkdir /usr/local/dokuwiki
# cd /usr/local/dokuwiki
# wget http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2009-02-14b.tgz
# tar -zxvf dokuwiki-2009-02-14b.tgz
# mv dokuwiki-2009-02-14b wwww
# chown apache:root -R /usr/local/dokuwiki/www
# service httpd restart

Go to:

http:///wiki/install.php

INSTALL NagVis

Add graphviz repo

# vim /etc/yum.repos.d/graphviz.repo
[graphviz-stable]
name=Graphviz – RHEL $releasever – $basearch
baseurl=http://www.graphviz.org/pub/graphviz/stable/redhat/el$releasever/$basearch/os/
enabled=1
gpgcheck=0
# yum -y install grpahviz
# yum –enablerepo=graphviz-snapshot update ‘graphviz*’
# wget https://sourceforge.net/projects/nagvis/files/NagVis%201.4%20%28stable%29/NagVis-1.4.4/nagvis-1.4.4.tar.gz/download
# tar -zxvf
# ./install.sh -i ndo2db -u apache -g apache

Configure user/name/db where NDO DB in the DB (uncomment):

# vim /usr/local/nagios/share/nagvis/etc/nagvis.ini.php
[backend_ndomy_1]
…
; instance name for tables in NDO-db
dbinstancename=”Central”

# service httpd restart

To use NagVis:

http:///nagios/nagvis/wui/index.php

If you want visitarein USER mode go to:

http:///nagios/nagvis/index.php