openvpn client to client connection

ref: http://backreference.org/2010/06/18/openvpns-built-in-packet-filter/

General ideas

Filtering happens at the server, which is the hub for all client connections, and the packet filter rules are per-client. A file should be provided for each client, containing the rules to apply to that client. The rules, in turn, are divided into rules allowing/denying connectivity to other clients (identified by common name), and rules generically allowing/denying connectivity to IP subnets. Here's a sample rule file for a client:

[CLIENTS ACCEPT]
-john
-nick
[SUBNETS DROP]
+10.0.4.0/24
[END]

The file must end with the [END] line. Note that since clients are identified by their common name, this feature cannot be used when duplicate-cn is in use (that, however, shouldn't be used anyway).

In this example, the client to which these rule are applied will be allowed to connect to any client by default ([CLIENTS ACCEPT]), except john and nick, which are explicitly denied. Alternatively, one could set a default deny policy by using [CLIENTS DROP] and then explicitly allowing only certain clients using +client. The same syntax applies to subnet rules.

Rules apply to client traffic going in both directions so, for a client to be allowed to connect to another client, communication must be allowed by the rules of both clients.

If denying communication is not enough for you, it's also possible to use [KILL] to terminate the client instance in case it tries to do something it shouldn't do.

In our example, we will assume a simple deployment with four clients: their common names are john, nick, bob and max. Who can connect to who is shown in the following table:

	john	nick	bob	max
john	-	yes	yes	no
nick	yes	-	no	yes
bob	yes	no	-	no
max	no	yes	no	-

So here are the four rule templates:

$ cat /etc/openvpn/john.pf
[CLIENTS DROP]
+nick
+bob
[SUBNETS ACCEPT]
[END]
$ cat /etc/openvpn/nick.pf
[CLIENTS DROP]
+john
+max
[SUBNETS ACCEPT]
[END]
$ cat /etc/openvpn/bob.pf
[CLIENTS DROP]
+john
[SUBNETS ACCEPT]
[END]
$ cat /etc/openvpn/max.pf
[CLIENTS DROP]
+nick
[SUBNETS ACCEPT]
[END]

recovery mode. log in with read + write access

source: http://askubuntu.com/questions/240527/is-recovery-mode-supposed-to-hang-after-fsck

in the recovery menu just select Drop to root shell prompt and inside try

sudo fdisk -l

to get a list of drives and partitions

mount

should give something like

/dev/sdb5 on / type ext4 (rw,errors=remount-ro)

and then with the partition you just found

sudo fsck -f/dev/sdb5
sudo mount /dev/sdb5 / -o remount,rw

fsck -f forces a check, even if there is no indication of a problem on the partition.
Now your root partition is error free and mounted (rw). You would now be able to do anything there with root permissions - so be careful!

configure wireless on centos

ref: http://www.apolonio.com/node/40

You can check if the module was installed properly by running

/sbin/iwconfig

You should see the wlan0 interface

At this point you should be able to run the command

iwlist wlan0 scan 

and it should display all the SSID’s being broadcasted.

 

Setting up WPA2

From here on, it is assumed you will be logged in as root

Run the command where myssid is your ssid and mypassphrase is the passphrase for your wireless.

wpa_passphrase myssid mypassphrase

This should produce something like this

network={
        ssid="myssid"
        #psk="mypassphrase"
        psk=c22c1e6febc7875af85d033bbf15f5ca836633bac8eb16693fd58bff66fcb66c
}

 

Append that to  /etc/wpa_supplicant/wpa_supplicant.conf 

Here is a shortcut

wpa_passphrase myssid mypassphrase  >> /etc/wpa_supplicant/wpa_supplicant.conf

and make sure to add proto=WPA2

 

network={
        ssid="myssid"
        proto=WPA2
        #psk="mypassphrase"
        psk=c22c1e6febc7875af85d033bbf15f5ca836633bac8eb16693fd58bff66fcb66c
}

 

Now edit /etc/sysconfig/wpa_supplicant

The final line should is

DRIVERS="-Dndiswrapper"

Change that to

DRIVERS="-Dwext"

Start the wpa_supplicant service

service wpa_supplicant start

and you should be able to run dhclient to grab an IP address from your wireless network,

dhclient wlan0