TimoDJatomika

<project>
    <build>
        <plugins>
        
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.3</version>
                <configuration>
                    <source>1.8</source>

TimoDJatomika

docker run -u 1000 --rm -v $(pwd):/app composer/composer install

TimoDJatomika

# please save as .ovpn file
 
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
 
# keyname
ca ca.crt
cert user.crt

TimoDJatomika

#!/bin/bash
# create date: 2016-11-24
# last change: 2016-11-24
# author: Timo Stankowitz <timo.stankowitz@gmail.com>
# purpose: Firewall

ipt=/sbin/iptables
ipt6=/sbin/ip6tables
ext=eth0

TimoDJatomika

[Unit]
Description=Firewall

[Service]
Type=oneshot
ExecStart=/root/firewall.sh start
ExecStop=/root/firewall.sh stop
RemainAfterExit=yes

[Install]

TimoDJatomika

#!/bin/bash

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j SNAT --to-source 207.154.207.69 -o eth0

exit 0

TimoDJatomika

root@strongswan:~# ls -lah /etc/ipsec.d/
total 44K
drwxr-xr-x 11 root root 4.0K Dec 26 19:48 .
drwxr-xr-x 93 root root 4.0K Dec 26 19:48 ..
drwxr-xr-x  2 root root 4.0K Apr  5  2016 aacerts
drwxr-xr-x  2 root root 4.0K Apr  5  2016 acerts
drwxr-xr-x  2 root root 4.0K Apr  5  2016 cacerts
drwxr-xr-x  2 root root 4.0K Apr  5  2016 certs
drwxr-xr-x  2 root root 4.0K Apr  5  2016 crls
drwxr-xr-x  2 root root 4.0K Apr  5  2016 ocspcerts

TimoDJatomika

root@strongswan:~# ls -lah /etc/letsencrypt/live/vpn.brainoftimo.com/
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 26 20:13 .
drwx------ 3 root root 4.0K Dec 26 20:13 ..
lrwxrwxrwx 1 root root   43 Dec 26 20:13 cert.pem -> ../../archive/vpn.brainoftimo.com/cert1.pem
lrwxrwxrwx 1 root root   44 Dec 26 20:13 chain.pem -> ../../archive/vpn.brainoftimo.com/chain1.pem
lrwxrwxrwx 1 root root   48 Dec 26 20:13 fullchain.pem -> ../../archive/vpn.brainoftimo.com/fullchain1.pem
lrwxrwxrwx 1 root root   46 Dec 26 20:13 privkey.pem -> ../../archive/vpn.brainoftimo.com/privkey1.pem

TimoDJatomika

# This file holds shared secrets or RSA private keys for authentication.

# das der private key von dem Server
# gespeichert in /etc/ipsec.d/private/serverKey.der
: RSA serverKey.der


# die clients koennen sich mit Benutzername + Passwort anmelden
lisa : EAP "j8j3hk-olkwH23z"
bob : EAP "a9kjhg2pM21-feqK"

TimoDJatomika

root@strongswan:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-57-generic, x86_64):
  uptime: 3 minutes, since Dec 26 20:47:26 2016
  malloc: sbrk 1642496, mmap 0, used 561136, free 1081360
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp lookip error-notify certexpire led addrblock unity
Virtual IP pools (size/online/offline):
  10.30.30.0/24: 254/0/0
Listening IP addresses:
  207.154.207.69