Category: Articles

VPN

IP Vanish for your home network

Shyam Unnithan Leave a comment

Before we hit to vanishing using IP Vanish. I have been trying out different tools and utilities over the past year but, unfortunately have not been spending time on sharing it. It’s almost a year, since I put up my last post. I was busy, but also had a lack of commitment from my side, and made countless excuses for not putting up the posts.

I have pulled myself up again and make myself responsible for ensuring that, there is a small writeup here every week. It’s not going to be easy but will give it a try and see how it goes.

Coming back to our topic. I have been trying to ensure security and privacy over internet for me and my loved ones. Have used and tried various VPN offerings, but have recently moved to IP Vanish. The service is good, it is economical, provides the necessary security. They also provide scripts, for connecting to the VPN tunnel for linux hosts.

The level of documentation provided on IP Vanish site is also good. The one thing found missing on the internet, was content mentioning, how IP Vanish can be configured for the home network, using a linux box. I had to do this because of an outdated router. It does not have a VPN configuration. Thought of sharing it here, just in case you are in the same boat. So, let’s Start

We will be performing the following steps

  1. Register for a new account with IP Vanish
  2. Install IP Vanish connection script
  3. Modify firewall rules to accept network packets and forward it to VPN tunnel
  4. Modify router configuration to use this linux machine as your gateway.

Register for a new account with IP Vanish

You can signup for a new account at https://signup.ipvanish.com/

After you have signed up and created a password, you can login to your account. If you visit the Server List you should be able to see the Configuration Options for OpenVPN and the list of Servers available

Install IP Vanish connection script

You can download the necessary script, to setup your version of linux from the following link https://www.ipvanish.com/vpn-setup/linux/#linux-setup

I am running CentOS 7 and I have used the OpenVPN file from the Fedora Setup. Once downloaded change to the ipvanish directory and run the command

./ipvanish-vpn-linux start

You will have to provide details like your username, password, the server which you wish to you to complete the startup process

Modify Firewall rules

If you are on CentOS 7 like me you just need one command and few rules to configure the firewall and routing. All below network configuration commands are to be run as a superuser

firewall-cmd --zone=external --add-interface=tun0
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT

This will configure your system accept packets from your internal network, masquerade and forward it to tun0. The above command assumes that, tun0 is your active tunnel. You can actually verify the interface name by using

ip addr show

You may have to check if ip forwarding has been enabled by using

sysctl net.ipv4.ip_forward

The outcome of the command should be net.ipv4.ip_forward = 1. In case it is not you can do so by running

sysctl net.ipv4.ip_forward=1

Modify Router configuration

Modify your router dhcp configuration as shown above. Set the Default Gateway IP to the IP Address of the linux box on which you are running IP Vanish (192.168.0.100 for me). You can test the connectivity by manually setting your ip address and the gateway values on a laptop and testing if your connectivity works fine. Post this you can change the configuration on the router

You can visit https://www.whatismyip.com/ to ascertain that your network is indeed using the VPN Tunnel and to ensure you do not have any leaks

With this your entire network should be setup to use the VPN tunnel. Please feel free to drop in a note or ask in case you come across any issues. I may not respond right away, but will try to come back soon.

I am running my tunnelling on a Virtualized CentOS guest on Xen. You can read more about setting up Xen here

I will be back next week with a solution to block all the ads and improve your surfing experience .Until then, Happy hacking!!!

Laptop Depicting some code

Xen HyperVisor on Debian with Ubuntu HVM

Shyam Unnithan Leave a comment

Installing the Xen Hypervisor on Debian Stretch

It’s not that complex

I have been trying to find installation instructions and commands for the Xen HyperVisor for Debian. Even after some long search I never found anything which made sense. After spending a couple of days, going through documentations, I finally managed to install it. I am sharing the steps which I used to create a domain and run an Ubuntu HVM on the same.

Script

You can modify the part of the scripts mentioned below as per your requirement and use the same to install Xen on your system.

#!/bin/sh
#Automation of installation of Xen Hypervisor

#Install non-free firmware
apt-get -y install firmware-linux-nonfree

#Install Large Volume Management
apt-get -y install lvm2

#Create the allocated LVM as a Physical Volume. Change sda4 to whichever
#device you had created as LVM for installation
pvcreate /dev/sda4

#Create a Volume Group (extents) using physical Volume
#Replace sda4 with device mentioned in pvcreate
vgcreate vg0 /dev/sda4

#Install bridge utils for network bridging
apt-get -y install bridge-utils

#Configure bridging interface
echo "" >> /etc/network/interfaces
echo "#The bridge network interface" >> /etc/network/interfaces
echo "auto xenbr0" >> /etc/network/interfaces && echo "iface xenbr0 inet dhcp" >> /etc/network/interfaces
# Change the iface name enp3s0 as applicable e.g. eth0
echo -e "\t bridge_ports enp3s0" >> /etc/network/interfaces

#Restart the network service
service networking restart

#Install Xen Server
apt-get -y install xen-hypervisor-4.8-amd64 xen-tools xen-utils-4.8

#Create a lv disk to be used with our vm
lvcreate -ndisk_0 -L20G vg0

Ubuntu.hvm

The HVM file contains the entire information for setting up the VM. You may need to change the <ISO_FOLDER> to folder which contains your ISO in this case the Ubuntu Server X64 version.

# =====================================================================
# Example HVM guest configuration
# =====================================================================
#
# This is a fairly minimal example of what is required for an
# HVM guest. For a more complete guide see xl.cfg(5)

# This configures an HVM rather than PV guest
builder = "hvm"

# Guest name
name = "ubuntu_srv"

# 128-bit UUID for the domain as a hexadecimal number.
# Use "uuidgen" to generate one if required.
# The default behavior is to generate a new UUID each time the guest is started.
#uuid = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"

# Enable Microsoft Hyper-V compatibile paravirtualisation /
# enlightenment interfaces. Turning this on can improve Windows guest
# performance and is therefore recommended
#viridian = 1

# Initial memory allocation (MB)
memory = 2048

# Maximum memory (MB)
# If this is greater than `memory' then the slack will start ballooned
# (this assumes guest kernel support for ballooning)
#maxmem = 512

# Number of VCPUS
vcpus = 2

# Network devices
# A list of 'vifspec' entries as described in
# docs/misc/xl-network-configuration.markdown
vif = [ 'bridge=xenbr0' ]
# Disk Devices
# A list of `diskspec' entries as described in
# docs/misc/xl-disk-configuration.txt
disk = [ '/dev/vg0/disk_0,raw,hda,w','/<ISO_FOLDER>/ubuntu-17.10.1-server-amd64.iso,raw,hdc,cdrom' ]
# Guest VGA console configuration, either SDL or VNC
sdl = 0
serial='pty'
vnc = 1
vnclisten=""
boot = "c"

Steps

  • Modify the shell script as per your requirement and run it. This will install Xen and all necessary tools. Restart the server.
  • Create a file ubuntu.hvm in your /etc/xen/ and copy the contents mentioned above. Modify information as per your system
  • Run the following command to create and start the VM
xl create /etc/xen/ubuntu.hvm

This will create a VM and start the VM with the the ISO image mentioned in the HVM file.

You will be able to see the installation screen by connect to the ip address of the debian machine on which Xen is currently installed on port 5900 using VNC viewer.

  • Walk through Ubuntu installation and you will have your Ubuntu VM ready at the end of it.
  • Run the command
xl list

and you should see a list of VM’s installed on the system e.g.

Name                                        ID   Mem VCPUs	State	Time(s)
Domain-0                                     0  3957     4     r-----     211.5
ubuntu_srv                                   1  2040     2     -b----     336.2

The b in the state column suggests that the VM is in blocked state. This does not indicate that the VM is hung. In case you run a processing intensive task on the VM you will see the state changed to r.

Things to Remember

In this section I am covering the key aspects which you should remember while creating the VM’s else you end up in the issues mentioned below.

Dreaded GRUB Install failure

I learnt this the hard way. Twice, after the entire installation process I was unable to install the GRUB boot manager in the MBR. After searching a lot of sites and going through equally large number of articles, I figured out that he size of the first partition has to be small, since a larger partition results in the size of core.img becoming greater than that the MBR can accommodate. This is a classic problem with LVM. So ensure when you partition the disk for installing ubuntu, create a /boot partition with roughly 200MB-300MB space and you will not encounter this issue.

Enabling auto configuration of eth0

On first boot of the guest VM you will have to edit the
/etc/network/interfaces file and update the information regarding the eth0 interface. Add following lines without the comment marks
# auto eth0
# iface eth0 inet dhcp
This will ensure that your guest vm is able to connect to the network get an IP and hosts will be able to connect to this guest

References

https://wiki.xenproject.org/wiki/Xen_Project_Beginners_Guide

href=”http://www.mimastech.com/2018/01/31/how-to-install-xen-hypervisor-on-debian-9-stretch-and-debian-8-jessie-linux-systems/

http://www.virtuatopia.com/index.php/Configuring_and_Installing_a_Xen_Hardware_Virtual_Machine_(HVM)_domainU_Guest

The above mentioned files install_xen.sh and ubuntu.hvm can also be obtained from the following github location

https://github.com/shyam-unnithan/xen

This was a small attempt at demystifying the Xen server installation. I hope you all will find it useful to run your own VM’s. Hope the information helps and look forward to your comments and suggestions.