Created
November 17, 2010 23:47
-
-
Save badp/704376 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Secrets for authentication using CHAP | |
# client server secret IP addresses | |
delta pptpd notyourluckydaytoday * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# iptables -t filter -L | |
Chain INPUT (policy ACCEPT) | |
target prot opt source destination | |
Chain FORWARD (policy ACCEPT) | |
target prot opt source destination | |
Chain OUTPUT (policy ACCEPT) | |
target prot opt source destination | |
# sudo iptables -t nat -L | |
Chain PREROUTING (policy ACCEPT) | |
target prot opt source destination | |
Chain OUTPUT (policy ACCEPT) | |
target prot opt source destination | |
Chain POSTROUTING (policy ACCEPT) | |
target prot opt source destination | |
MASQUERADE all -- anywhere anywhere |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############################################################################### | |
# $Id: pptpd-options 4643 2006-11-06 18:42:43Z rene $ | |
# | |
# Sample Poptop PPP options file /etc/ppp/pptpd-options | |
# Options used by PPP when a connection arrives from a client. | |
# This file is pointed to by /etc/pptpd.conf option keyword. | |
# Changes are effective on the next connection. See "man pppd". | |
# | |
# You are expected to change this file to suit your system. As | |
# packaged, it requires PPP 2.4.2 and the kernel MPPE module. | |
############################################################################### | |
# Authentication | |
# Name of the local system for authentication purposes | |
# (must match the second field in /etc/ppp/chap-secrets entries) | |
name pptpd | |
# Optional: domain name to use for authentication | |
# domain mydomain.net | |
# Strip the domain prefix from the username before authentication. | |
# (applies if you use pppd with chapms-strip-domain patch) | |
#chapms-strip-domain | |
# Encryption | |
# Debian: on systems with a kernel built with the package | |
# kernel-patch-mppe >= 2.4.2 and using ppp >= 2.4.2, ... | |
# {{{ | |
refuse-pap | |
refuse-chap | |
refuse-mschap | |
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft | |
# Challenge Handshake Authentication Protocol, Version 2] authentication. | |
require-mschap-v2 | |
# Require MPPE 128-bit encryption | |
# (note that MPPE requires the use of MSCHAP-V2 during authentication) | |
require-mppe-128 | |
# }}} | |
# Network and Routing | |
# If pppd is acting as a server for Microsoft Windows clients, this | |
# option allows pppd to supply one or two DNS (Domain Name Server) | |
# addresses to the clients. The first instance of this option | |
# specifies the primary DNS address; the second instance (if given) | |
# specifies the secondary DNS address. | |
# Attention! This information may not be taken into account by a Windows | |
# client. See KB311218 in Microsoft's knowledge base for more information. | |
#ms-dns 10.0.0.1 | |
#ms-dns 10.0.0.2 | |
# If pppd is acting as a server for Microsoft Windows or "Samba" | |
# clients, this option allows pppd to supply one or two WINS (Windows | |
# Internet Name Services) server addresses to the clients. The first | |
# instance of this option specifies the primary WINS address; the | |
# second instance (if given) specifies the secondary WINS address. | |
#ms-wins 10.0.0.3 | |
#ms-wins 10.0.0.4 | |
# Add an entry to this system's ARP [Address Resolution Protocol] | |
# table with the IP address of the peer and the Ethernet address of this | |
# system. This will have the effect of making the peer appear to other | |
# systems to be on the local ethernet. | |
# (you do not need this if your PPTP server is responsible for routing | |
# packets to the clients -- James Cameron) | |
proxyarp | |
# Debian: do not replace the default route | |
nodefaultroute | |
# Logging | |
# Enable connection debugging facilities. | |
# (see your syslog configuration for where pppd sends to) | |
debug | |
#I can't see the above giving any effect however --bp | |
# Print out all the option values which have been set. | |
# (often requested by mailing list to verify options) | |
#dump | |
# Miscellaneous | |
# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive | |
# access. | |
lock | |
# Disable BSD-Compress compression | |
nobsdcomp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############################################################################### | |
# $Id: pptpd.conf 4255 2004-10-03 18:44:00Z rene $ | |
# | |
# Sample Poptop configuration file /etc/pptpd.conf | |
# | |
# Changes are effective when pptpd is restarted. | |
############################################################################### | |
# TAG: ppp | |
# Path to the pppd program, default '/usr/sbin/pppd' on Linux | |
# | |
#ppp /usr/sbin/pppd | |
# TAG: option | |
# Specifies the location of the PPP options file. | |
# By default PPP looks in '/etc/ppp/options' | |
# | |
option /etc/ppp/pptpd-options | |
# TAG: debug | |
# Turns on (more) debugging to syslog | |
# | |
#debug | |
# TAG: stimeout | |
# Specifies timeout (in seconds) on starting ctrl connection | |
# | |
# stimeout 10 | |
# TAG: noipparam | |
# Suppress the passing of the client's IP address to PPP, which is | |
# done by default otherwise. | |
# | |
#noipparam | |
# TAG: logwtmp | |
# Use wtmp(5) to record client connections and disconnections. | |
# | |
logwtmp | |
# TAG: bcrelay <if> | |
# Turns on broadcast relay to clients from interface <if> | |
# | |
#bcrelay eth1 | |
# TAG: localip | |
# TAG: remoteip | |
# Specifies the local and remote IP address ranges. | |
# | |
# Any addresses work as long as the local machine takes care of the | |
# routing. But if you want to use MS-Windows networking, you should | |
# use IP addresses out of the LAN address space and use the proxyarp | |
# option in the pppd options file, or run bcrelay. | |
# | |
# You can specify single IP addresses seperated by commas or you can | |
# specify ranges, or both. For example: | |
# | |
# 192.168.0.234,192.168.0.245-249,192.168.0.254 | |
# | |
# IMPORTANT RESTRICTIONS: | |
# | |
# 1. No spaces are permitted between commas or within addresses. | |
# | |
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will | |
# start at the beginning of the list and go until it gets | |
# MAX_CONNECTIONS IPs. Others will be ignored. | |
# | |
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, | |
# you must type 234-238 if you mean this. | |
# | |
# 4. If you give a single localIP, that's ok - all local IPs will | |
# be set to the given one. You MUST still give at least one remote | |
# IP for each simultaneous client. | |
# | |
# (Recommended) | |
localip 192.168.0.202 | |
remoteip 192.168.0.100-199 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh -e | |
# | |
# rc.local | |
# | |
# This script is executed at the end of each multiuser runlevel. | |
# Make sure that the script will "exit 0" on success or any other | |
# value on error. | |
# | |
# In order to enable or disable this script just change the execution | |
# bits. | |
# | |
# By default this script does nothing. | |
#PPTP IP FORWARDING | |
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE | |
#SSH BRUTE FORCE PROTECTION | |
#iptables -A INPUT -i eth1 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH | |
#iptables -A INPUT -i eth1 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP | |
exit 0 | |
/etc/rc.local |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[7320] 11-17 23:49:14:123: RasGetConnectStatus: read phonenumber </endpoint-address> from port user data | |
[9988] 11-17 23:49:14:127: NotifyCaller done (dwNotifyResult=1) | |
[9988] 11-17 23:49:14:128: GetLogonUser=Santi | |
[9988] 11-17 23:49:14:128: GetLogonDomain=DELTA | |
[9988] 11-17 23:49:14:129: RASCS_ConnectDevice | |
[9988] 11-17 23:49:14:129: RasDeviceSetInfo done(0) | |
[9988] 11-17 23:49:14:129: SetDeviceParamBinary for RDT_Tunnel_Sstp | |
[9988] 11-17 23:49:14:130: GUID is 625d2c97-313d-48b2 | |
[9988] 11-17 23:49:14:159: GetSstpDestinationInfo completes with 0: Proxy Query Status: 0 DestInfoSize: 120 | |
[9988] 11-17 23:49:14:159: GetSstpDestinationInfo completes with CorrelationID length 16.GUID is 625d2c97-313d-48b2 | |
[9988] 11-17 23:49:14:160: RasDeviceSetInfo(Binary) done(0) | |
[9988] 11-17 23:49:14:160: SetDeviceParamBinary returned 0 | |
[9988] 11-17 23:49:14:160: RasDeviceSetInfo(Compartment=1)... | |
[9988] 11-17 23:49:14:161: RasDeviceSetInfo done(0) | |
[9988] 11-17 23:49:14:161: SetDeviceParams(rastapi, WAN Miniport (SSTP), 0) | |
[9988] 11-17 23:49:14:161: RasDeviceConnect(rastapi,WAN Miniport (SSTP))... | |
[9988] 11-17 23:49:14:166: RasDeviceConnect done(600) | |
[9988] 11-17 23:49:14:166: RasDialMachine errors=600,0 | |
[9988] 11-17 23:49:14:166: WaitForDialMachineEvent | |
[9988] 11-17 23:49:14:166: WaitForDialMachineEvent: event from rasman | |
[9988] 11-17 23:49:14:166: WaitForDialMachineEvent: a context received | |
[9988] 11-17 23:49:14:166: ValidateDmContext: | |
[9988] 11-17 23:49:14:166: ValidateDmContext: hrasconn block contains a different context pointer or type | |
[9988] 11-17 23:49:14:166: ValidateDmContext: hrasconn block verification passed | |
[9988] 11-17 23:49:14:166: WaitForDialMachineEvent: pOverlapped=0x4f8d1a4, type=1 | |
[9988] 11-17 23:49:14:166: AppendNewContextToQueue: | |
[9988] 11-17 23:49:14:166: AppendNewContextToQueue:Set Event: | |
[9988] 11-17 23:49:14:166: WaitForDialMachineEvent: event from dial machine | |
[9988] 11-17 23:49:14:166: GetOneContextFromQueue | |
[9988] 11-17 23:49:14:166: GetOneContextFromQueue: The context is:0x04F8D1A4,type=1 | |
[9988] 11-17 23:49:14:167: GetOneContextFromQueue: Number of Messages left in the queue is:0 | |
[9988] 11-17 23:49:14:167: ValidateDmContext: | |
[9988] 11-17 23:49:14:167: ValidateDmContext: hrasconn block contains a different context pointer or type | |
[9988] 11-17 23:49:14:167: ValidateDmContext: hrasconn block verification passed | |
[9988] 11-17 23:49:14:167: WaitForDialMachineEvent: pOverlapped=0x4f8d1a4, type=1 | |
[9988] 11-17 23:49:14:167: WaitForDialMachineEvent: Unblock i=0, h=0x4f8d16c | |
[9988] 11-17 23:49:14:167: Link dropped! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# /etc/sysctl.conf - Configuration file for setting system variables | |
# See /etc/sysctl.d/ for additional system variables. | |
# See sysctl.conf (5) for information. | |
# | |
#kernel.domainname = example.com | |
# Uncomment the following to stop low-level messages on console | |
#kernel.printk = 3 4 1 3 | |
##############################################################3 | |
# Functions previously found in netbase | |
# | |
# Uncomment the next two lines to enable Spoof protection (reverse-path filter) | |
# Turn on Source Address Verification in all interfaces to | |
# prevent some spoofing attacks | |
#net.ipv4.conf.default.rp_filter=1 | |
#net.ipv4.conf.all.rp_filter=1 | |
# Uncomment the next line to enable TCP/IP SYN cookies | |
# See http://lwn.net/Articles/277146/ | |
# Note: This may impact IPv6 TCP sessions too | |
#net.ipv4.tcp_syncookies=1 | |
# Uncomment the next line to enable packet forwarding for IPv4 | |
net.ipv4.ip_forward=1 | |
# Uncomment the next line to enable packet forwarding for IPv6 | |
# Enabling this option disables Stateless Address Autoconfiguration | |
# based on Router Advertisements for this host | |
#net.ipv6.conf.all.forwarding=1 | |
################################################################### | |
# Additional settings - these settings can improve the network | |
# security of the host and prevent against some network attacks | |
# including spoofing attacks and man in the middle attacks through | |
# redirection. Some network environments, however, require that these | |
# settings are disabled so review and enable them as needed. | |
# | |
# Do not accept ICMP redirects (prevent MITM attacks) | |
#net.ipv4.conf.all.accept_redirects = 0 | |
#net.ipv6.conf.all.accept_redirects = 0 | |
# _or_ | |
# Accept ICMP redirects only for gateways listed in our default | |
# gateway list (enabled by default) | |
# net.ipv4.conf.all.secure_redirects = 1 | |
# | |
# Do not send ICMP redirects (we are not a router) | |
#net.ipv4.conf.all.send_redirects = 0 | |
# | |
# Do not accept IP source route packets (we are not a router) | |
#net.ipv4.conf.all.accept_source_route = 0 | |
#net.ipv6.conf.all.accept_source_route = 0 | |
# | |
# Log Martian Packets | |
#net.ipv4.conf.all.log_martians = 1 | |
# |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment