khayama-zz

#dhcp config
set service dhcp-server shared-network-name VLANaaa subnet 10.x.x.x/26 start 10.x.x.x stop 10.x.x.x
set service dhcp-server shared-network-name VLANaaa subnet 10.x.x.x/26 default-router 10.x.x.x
set service dhcp-server shared-network-name VLANaaa subnet 10.x.x.x/26 dns-server 10.x.x.x
set service dhcp-server shared-network-name VLANaaa subnet 10.x.x.x/26 dns-server 10.x.x.x
set service dhcp-server shared-network-name VLANaaa subnet 10.x.x.x/26 lease 86400
set service dhcp-server shared-network-name VLANaaa subnet 10.x.x.x/26 ntp-server 10.0.77.54
set service dhcp-server shared-network-name VLANaaa subnet 10.x.x.x/26 domain-name softlayer.com
compare
commit

khayama-zz

#firewall basic
set firewall all-ping enable
set firewall broadcast-ping disable
set firewall config-trap disable
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall receive-redirects disable
set firewall send-redirects enable

khayama-zz

#nat config
set nat source rule 100 outbound-interface eth0 
set nat source rule 100 source address 10.0.0.0/8
set nat source rule 100 translation address masquerade

#firewall config
set firewall name RULENAME rule 100 action accept
set firewall name RULENAME rule 100 destination address 10.0.0.0/8
set firewall name RULENAME rule 100 protocol tcp
set firewall name RULENAME rule 100 source port 80,443

khayama-zz

mkdir ~/vdrift_ubuntu
cd ~/vdrift_ubuntu
touch Dockerfile
echo "FROM            ubuntu:15.10" >> Dockerfile
echo "MAINTAINER      khayama" >> Dockerfile
echo "ENV             container docker" >> Dockerfile
echo "RUN             apt-get update" >> Dockerfile
echo "RUN             apt-get install -y wget sudo apt-utils lsb-release" >> Dockerfile
echo "RUN             wget -c archive.getdeb.net/install_deb/playdeb_0.3-1~getdeb1_all.deb" >> Dockerfile
echo "RUN             dpkg -i playdeb_0.3-1~getdeb1_all.deb" >> Dockerfile

khayama-zz

#intial configuration
mkdir ~/openvpn
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* ~/openvpn/ -r
cd ~/openvpn
. ./vars
./clean-all
./build-ca
./build-key-server key-server-name
./build-key key-client-name
./build-dh

khayama-zz

rem RDPを4389に変更（コマンドから REG.EXE を使った変更）
rem 確認
REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber
rem 変更
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 4389 /f

rem icmp(ping)を通す設定（”profile=public|private|domain|any”で個別指定可能）
netsh advfirewall firewall add rule name="ICMPv4-ping-allow" protocol=icmpv4:8,any dir=in action=allow

rem TCP4389を通す設定

khayama-zz

#鍵の失効化(revoke)
. ./vars
./revoke-full key-common-name
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/crl.pem /config/auth/crl.pem
###cp  ~/openvpn/keys/crl.pem

初回はエラーが出ても問題なし（error 23 at 0 depth lookup:certificate revoked）
crl.pemがkeys/に生成される

＊dhパラメータの再設定（しなくても問題なし）

khayama-zz

#設定をsetコマンド形式で出力
/opt/vyatta/sbin/vyatta-config-gen-sets.pl /config/config.boot

#loadコマンド
save config.boot.bk
load /config/config.boot.bk
commit
save

khayama-zz

echo MTU=1300 >> /etc/sysconfig/network-scripts/ifcfg-eth0
service network restart

khayama-zz

rem windows2012R2スクリプト

rem icmp(ping)を通す設定（”profile=public|private|domain|any”で個別指定可能）
netsh advfirewall firewall add rule name="ICMPv4 ping許可" protocol=icmpv4:8,any dir=in action=allow

rem メモ帳のショートカットをデスクトップに作成【done】
powershell -Command "&{$WsShell = New-Object -ComObject WScript.Shell; $Shortcut = $WsShell.CreateShortcut('C:\Users\Administrator\Desktop\memo.lnk'); $Shortcut.TargetPath = 'C:\Windows\System32\notepad.exe'; $Shortcut.IconLocation = 'C:\Windows\System32\notepad.exe'; $Shortcut.Save()}

rem コマンドプロンプトのショートカットをデスクトップに作成【done】
powershell -Command "&{$WsShell = New-Object -ComObject WScript.Shell; $Shortcut = $WsShell.CreateShortcut('C:\Users\Administrator\Desktop\cmd.lnk'); $Shortcut.TargetPath = 'C:\Windows\System32\cmd.exe'; $Shortcut.IconLocation = 'C:\Windows\System32\cmd.exe'; $Shortcut.Save()}