mardi 16 décembre 2014

ssh tunnelling : how to mount vpn via ssh...

# on remote server edit /etc/ssh/sshd_config and add
 PermitTunnel yes

# restart ssh
sudo service ssh restart


 #From local computer connect to the remote server (ex : VM Virtualbox in my case)
 ssh -D 10998 -vv -N -C -w 0:0 my-remote-server

#on remote serveur (@home)
ifconfig tun0 172.16.0.1 netmask 255.255.255.252
ifconfig tun0 up

# verify
ifconfig

# active ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# activate routing
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# on local computer route subnet 192.168.1.0 @home
route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.0.1 tun0

# on local windows use local proxy socks on 10998
# exemple with chrome & Falcon Proxy plugin

lundi 15 décembre 2014

install guacamole ubuntu server 14.x

# install packages & dependencies
aptitude install make libssh2-1-dev libtelnet-dev libpango1.0-dev libossp-uuid-dev libcairo2-dev libpng12-dev freerdp-x11 libssh2-1 libvncserver-dev libfreerdp-dev libvorbis-dev libssl0.9.8 gcc libssh-dev libpulse-dev tomcat7 tomcat7-admin tomcat7-docs

# download lasted version
cd /usr/local/src
wget http://downloads.sourceforge.net/project/guacamole/current/source/guacamole-server-0.9.3.tar.gz
wget http://downloads.sourceforge.net/project/guacamole/current/binary/guacamole-0.9.3.war

# decompress sources
tar xvzf guacamole-server-0.9.3.tar.gz
cd guacamole-server-0.9.3

#compil version
./configure --with-init-dir=/etc/init.d

# see results
#------------------------------------------------------------------------------------------------------------------------

------------------------------------------------
guacamole-server version 0.9.3
------------------------------------------------

   Library status:

     freerdp ............. yes
     pango ............... yes
     libssh2 ............. yes
     libssl .............. yes
     libtelnet ........... yes
     libVNCServer ........ yes
     libvorbis ........... yes
     libpulse ............ yes

   Protocol support:

      RDP ....... yes
      SSH ....... yes
      Telnet .... yes
      VNC ....... yes

   Init scripts: /etc/init.d

Type "make" to compile guacamole-server.

#------------------------------------------------------------------------------------------------------------------------
make
make install
cd ..

# ldconfig & test service
ldconfig ; service guacd restart

#create the settings files for Guacamole
mkdir /etc/guacamole
nano /etc/guacamole/guacamole.properties

#---------------------------------------------------------------------------------------
# http://guac-dev.org/doc/gug/configuring-guacamole.html
# initial-setup
# --------------------------------------------------------------------

# Hostname + port
guacd-hostname: localhost
guacd-port: 4822

# lib-directory
lib-directory: /var/lib/tomcat7/webapps/guacamole/WEB-INF/classes

# auth-provider
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider

# basic-user-mapping
basic-user-mapping: /etc/guacamole/user-mapping.xml

#---------------------------------------------------------------------------------------

# Now create the file /etc/guacamole/user-mapping.xml

nano /etc/guacamole/user-mapping.xml

#---------------------------------------------------------------------------------------

 <user-mapping>  
   
   <authorize username="my-user" password="my-passwd">  
   
     <connection name="host1">  
       <protocol>vnc</protocol>  
       <param name="hostname">host1</param>  
       <param name="port">5900</param>  
       <!--  <param name="password">VNCPASS</param> -->  
     </connection>  
   
     <connection name="host2">  
       <protocol>vnc</protocol>  
       <param name="hostname">host2</param>  
       <param name="port">5900</param>  
       <!--  <param name="password">VNCPASS</param> -->  
     </connection>  
   
   </authorize>  
     
 </user-mapping>  

#---------------------------------------------------------------------------------------

# Create a symbolic link of the properties file for Tomcat7
mkdir /usr/share/tomcat7/.guacamole
ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat7/.guacamole
 
# Copy the guacamole war file to the Tomcat 7 webapps directory
cp -fv guacamole-0.9.3.war /var/lib/tomcat7/webapps/guacamole.war

# restart the Guacamole (guacd) service
service guacd restart

# restart Tomcat 7
service tomcat7 restart

# check tomcat log
tail -f -n 40 /var/log/tomcat7/catalina.out | ccze

# check netstat
netstat -putlanv | grep -i list

# try to connect
http://your-server:8080/guacamole

#---------------------------------------------------------------------------------------
# Apache2 Proxy Installation and Configuration
 
# Install apache proxy module
sudo apt-get install -y libapache2-mod-proxy-html libxml2-dev
 
# Enable apache proxy modules
sudo a2enmod proxy proxy_http proxy_ajp rewrite
 
# change apache site
 <Location /guacamole/>  
      Order allow,deny  
      Allow from all  
      ProxyPass ajp://hostname:8009/guacamole/ max=20 flushpackets=on  
      ProxyPassReverse ajp://hostname:8009/guacamole/  
 </Location>        
# change /etc/tomcat7/server.xml 
   <Connector port="8009" protocol="AJP/1.3"  
         redirectPort="8443" proxyPort="443"  
         tomcatAuthentication="false" secure="true" />  
   
   <Connector port="8080" protocol="HTTP/1.1"  
         connectionTimeout="20000"  
         URIEncoding="UTF-8"  
         redirectPort="8443" />