13:02:56
|
#open
open_init_pty openoffice.org-1.9 openssl openvt openjade openoffice.org-2.0 openvpn |
| /l3/users/10-12-2007/unix-win/linux3.net.nt/root :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 :17 :18 :19 :20 :21 :22 :23 :24 :25 :26 :27 :28 :29 |
|
|
#open
open_init_pty openoffice.org-1.9 openssl openvt openjade openoffice.org-2.0 openvpn |
|
#openvpn --help
--push-reset : Don't inherit global push list for specific
client instance.
--ifconfig-pool start-IP end-IP [netmask] : Set aside a pool of subnets
to be dynamically allocated to connecting clients.
--ifconfig-pool-linear : Use individual addresses rather than /30 subnets
in tun mode. Not compatible with Windows clients.
--ifconfig-pool-persist file [seconds] : Persist/unpersist ifconfig-pool
data to file, at seconds intervals (default=600).
If seconds=0, file will be treated as read-only.
--ifconfig-push local remote-netmask : Push an ifconfig option to remote,
...
--show-tls : Show all TLS ciphers (TLS used only as a control channel).
Generate a random key (only for non-TLS static key encryption mode):
--genkey : Generate a random key to be used as a shared secret,
for use with the --secret option.
--secret file : Write key to file.
Tun/tap config mode (available with linux 2.4+):
--mktun : Create a persistent tunnel.
--rmtun : Remove a persistent tunnel.
--dev tunX|tapX : tun/tap device
--dev-type dt : Device type. See tunnel options above for details.
|
|
#/sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:07:E9:3C:29:FF
inet addr:192.168.16.3 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::207:e9ff:fe3c:29ff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18958 errors:0 dropped:0 overruns:0 frame:0
TX packets:47653 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4853916 (4.6 MiB) TX bytes:47550270 (45.3 MiB)
Base address:0xbc00 Memory:ff8e0000-ff900000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:121955 errors:0 dropped:0 overruns:0 frame:0
TX packets:121955 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:481757939 (459.4 MiB) TX bytes:481757939 (459.4 MiB)
|
|
#sudo openvpn --genkey --secret /etc/openvpn/static.key
Mon Dec 10 14:04:30 2007 Cannot open shared secret file '/etc/openvpn/static.key' for write: No such file or directory (errno=2) Mon Dec 10 14:04:30 2007 Exiting |
|
#whereis openvpn
openvpn: /usr/src/openvpn-2.0.9/openvpn.8 /usr/src/openvpn-2.0.9/openvpn.c /usr/src/openvpn-2.0.9/openvpn.h /usr/src/openvpn-2.0.9/openvpn.o /usr/src/openvpn-2.0.9/openvpn.spec /usr/src/openvpn-2.0.9/openvpn /usr/local/sbin/openvpn |
|
#open
open_init_pty openoffice.org-1.9 openssl openvt openjade openoffice.org-2.0 openvpn |
|
#open
open_init_pty openoffice.org-1.9 openssl openvt openjade openoffice.org-2.0 openvpn |
|
#ls /etc/op
openldap/ opt/ |
|
#ls /etc/op
openldap/ opt/ |
|
#ls /etc/op
openldap/ opt/ |
|
#mkdir /etc/openvpn
|
|
#openvpn --genkey --secret /etc/openvpn/static.key
|
|
#whereis openvpnsample.conf
openvpnsample: |
|
#whereis sample.conf
sample: |
|
#find / -name sample.conf
/etc/acpi/events/sample.conf /usr/share/doc/xinetd-2.3.13/sample.conf find: /usr/share/cups/model/el: Ошибка ввода/вывода find: /proc/1132/task: Нет такого файла или каталога find: /proc/1132/fd: Нет такого файла или каталога |
|
#ls /etc/openvpn/
key.txt static.key |
|
#cat /etc/openvpn/sample.conf
cat: /etc/openvpn/sample.conf: Нет такого файла или каталога |
|
#dev tap
bash: dev: command not found |
|
#ifconfig 172.16.0.1 255.255.255.0
SIOCSIFADDR: Нет такого устройства 172.16.0.1: unknown interface: Нет такого устройства |
|
#secret key.txt
bash: secret: command not found |
|
#comp-lzo
bash: comp-lzo: command not found |
|
#vim /etc/openvpn/sample.conf
|
|
#LANG=C
|
|
#vim /etc/openvpn/sample.conf
|
|
#vim /etc/openvpn/sample.conf
2c2,4 < ifconfig --- > ifconfig 172.16.0.1 255.255.255.0 > secret key.txt > comp-lzo |
|
#openvpn --config /etc/open
openldap/ openvpn/ |
|
#openvpn --config /etc/openvpn/sample.conf
Mon Dec 10 14:16:44 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 14:16:44 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Mon Dec 10 14:16:44 2007 Cannot open file key file 'key.txt': No such file or directory (errno=2) Mon Dec 10 14:16:44 2007 Exiting |
|
#vim /etc/openvpn/sample.conf
3c3 < secret key.txt --- > secret /etc/openvpn/key.txt |
|
#openvpn --config /etc/openvpn/sample.conf
Mon Dec 10 14:17:24 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 14:17:24 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Mon Dec 10 14:17:24 2007 WARNING: file '/etc/openvpn/key.txt' is group or others accessible Mon Dec 10 14:17:24 2007 LZO compression initialized Mon Dec 10 14:17:25 2007 TUN/TAP device tap0 opened Mon Dec 10 14:17:25 2007 /sbin/ifconfig tap0 172.16.0.1 netmask 255.255.255.0 mtu 1500 broadcast 172.16.0.255 Mon Dec 10 14:17:25 2007 UDPv4 link local (bound): [undef]:1194 Mon Dec 10 14:17:25 2007 UDPv4 link remote: [undef] Mon Dec 10 14:17:43 2007 Peer Connection Initiated with 192.168.16.103:1194 Mon Dec 10 14:17:43 2007 Initialization Sequence Completed [1]+ Stopped openvpn --config /etc/openvpn/sample.conf |
|
#bg
[1]+ openvpn --config /etc/openvpn/sample.conf & Mon Dec 10 14:18:20 2007 event_wait : Interrupted system call (code=4) |
|
#ifconfig
eth0 Link encap:Ethernet HWaddr 00:07:E9:3C:29:FF
inet addr:192.168.16.3 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::207:e9ff:fe3c:29ff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25088 errors:0 dropped:0 overruns:0 frame:0
TX packets:53546 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9326650 (8.8 MiB) TX bytes:48421079 (46.1 MiB)
Base address:0xbc00 Memory:ff8e0000-ff900000
lo Link encap:Local Loopback
...
collisions:0 txqueuelen:0
RX bytes:481758039 (459.4 MiB) TX bytes:481758039 (459.4 MiB)
tap0 Link encap:Ethernet HWaddr 1A:AD:DF:30:D9:30
inet addr:172.16.0.1 Bcast:172.16.0.255 Mask:255.255.255.0
inet6 addr: fe80::18ad:dfff:fe30:d930/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:50 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:6669 (6.5 KiB) TX bytes:738 (738.0 b)
|
|
#fg
openvpn --config /etc/openvpn/sample.conf Mon Dec 10 14:18:40 2007 event_wait : Interrupted system call (code=4) Mon Dec 10 14:18:40 2007 SIGINT[hard,] received, process exiting |
|
#vim /etc/openvpn/sample.conf
2c2 < ifconfig 172.16.0.1 255.255.255.0 --- > ifconfig 172.16.3.1 255.255.255.0 |
|
#openvpn --config /etc/openvpn/sample.conf
Mon Dec 10 14:19:59 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 14:19:59 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Mon Dec 10 14:19:59 2007 WARNING: file '/etc/openvpn/key.txt' is group or others accessible Mon Dec 10 14:19:59 2007 LZO compression initialized Mon Dec 10 14:19:59 2007 TUN/TAP device tap0 opened Mon Dec 10 14:19:59 2007 /sbin/ifconfig tap0 172.16.3.1 netmask 255.255.255.0 mtu 1500 broadcast 172.16.3.255 Mon Dec 10 14:19:59 2007 UDPv4 link local (bound): [undef]:1194 Mon Dec 10 14:19:59 2007 UDPv4 link remote: [undef] Mon Dec 10 14:20:09 2007 Peer Connection Initiated with 192.168.16.103:1194 Mon Dec 10 14:20:09 2007 Initialization Sequence Completed [1]+ Stopped openvpn --config /etc/openvpn/sample.conf |
|
#bg
[1]+ openvpn --config /etc/openvpn/sample.conf & Mon Dec 10 14:20:30 2007 event_wait : Interrupted system call (code=4) |
|
#netstat -lnp | grep 22
tcp 0 0 :::22 :::* LISTEN 2159/sshd unix 2 [ ACC ] STREAM LISTENING 6511 2295/hald @/tmp/hald-local/dbus-Xr6w6RVkGv unix 2 [ ACC ] STREAM LISTENING 6239 2200/gpm /dev/gpmctl unix 2 [ ACC ] STREAM LISTENING 6297 2239/xfs /tmp/.font-unix/fs7100 unix 2 [ ACC ] STREAM LISTENING 8488 2696/metacity /tmp/orbit-user/linc-a88-0-3932282d2307c unix 2 [ ACC ] STREAM LISTENING 6373 2278/dbus-daemon /var/run/dbus/system_bus_socket |
|
#mkdir /etc/open
openldap/ openvpn/ |
|
#mkdir /etc/openvpn/keys
|
|
#ls /etc/openvpn/keys
ca.cer certnew.cer server.cer server2.cer |
|
#fg
openvpn --config /etc/openvpn/sample.conf Mon Dec 10 14:49:18 2007 event_wait : Interrupted system call (code=4) Mon Dec 10 14:49:19 2007 SIGINT[hard,] received, process exiting |
|
#vim /etc/openvpn/sample.conf
3,4c3,7 < secret /etc/openvpn/key.txt < comp-lzo --- > #comp-lzo > tls-server > ca /etc/openvpn/keys/ca.cer > cert /etc/openvpn/keys/server.cer > key /etc/openvpn/keys/server.key |
|
#vim /etc/openvpn/sample.conf
|
|
#openvpn --config /etc/openvpn/sample.conf
Options error: You must define DH file (--dh) Use --help for more information. |
|
#vim /etc/openvpn/sample.conf
4a5 > dh /etc/openvpn/keys/dh1024.pem |
|
#vim /etc/openvpn/sample.conf
|
|
#openvpn --config /etc/openvpn/sample.conf
Mon Dec 10 15:08:53 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 15:08:53 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Mon Dec 10 15:08:53 2007 Cannot load certificate file /etc/openvpn/keys/server.cer: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib Mon Dec 10 15:08:53 2007 Exiting |
|
#openvpn --config /etc/openvpn/sample.conf
Mon Dec 10 15:41:48 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 15:41:48 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Mon Dec 10 15:41:48 2007 Cannot load certificate file /etc/openvpn/keys/server.cer: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib Mon Dec 10 15:41:48 2007 Exiting |
|
#vim /etc/openvpn/sample.conf
5c5 < dh /etc/openvpn/keys/dh1024.pem --- > dh /etc/openvpn/keys/dh2048.pem |
|
#openvpn --config /etc/openvpn/sample.conf
Mon Dec 10 15:42:23 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 15:42:23 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Mon Dec 10 15:42:23 2007 Cannot load certificate file /etc/openvpn/keys/server.cer: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib Mon Dec 10 15:42:23 2007 Exiting |
|
#vim /etc/openvpn/sample.conf
7c7 < cert /etc/openvpn/keys/server.cer --- > cert /etc/openvpn/keys/server2.cer |
|
#ls /etc/openvpn/keys/
ca.cer certnew.cer dh1024.pem dh2048.pem ruslan.key server.cer server.key server2.cer |
|
#openvpn --config /etc/openvpn/sample.conf
Mon Dec 10 15:45:21 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 15:45:21 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Mon Dec 10 15:45:21 2007 Cannot load certificate file /etc/openvpn/keys/server2.cer: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib Mon Dec 10 15:45:21 2007 Exiting |
|
#vim /etc/openvpn/sample.conf
6,7c6,7 < ca /etc/openvpn/keys/ca.cer < cert /etc/openvpn/keys/server2.cer --- > ca /etc/openvpn/keys/ca2.cer > cert /etc/openvpn/keys/serverb64.cer |
|
#openvpn --config /etc/openvpn/sample.conf
Mon Dec 10 16:01:48 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 16:01:48 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Enter Private Key Password: Mon Dec 10 16:01:52 2007 Cannot load private key file /etc/openvpn/keys/server.key: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Mon Dec 10 16:01:52 2007 Error: private key password verification failed Mon Dec 10 16:01:52 2007 Exiting |
|
#openvpn --config /etc/openvpn/sample.conf
Mon Dec 10 16:02:02 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 16:02:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Enter Private Key Password: Mon Dec 10 16:02:05 2007 Cannot load private key file /etc/openvpn/keys/server.key: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Mon Dec 10 16:02:05 2007 Error: private key password verification failed Mon Dec 10 16:02:05 2007 Exiting |
|
#openvpn --config /etc/openvpn/sample.conf
Mon Dec 10 16:02:14 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 16:02:14 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Enter Private Key Password: Mon Dec 10 16:02:16 2007 Cannot load private key file /etc/openvpn/keys/server.key: error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt: error:0906A065:PEM routines:PEM_do_header:bad decrypt: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib Mon Dec 10 16:02:16 2007 Error: private key password verification failed Mon Dec 10 16:02:16 2007 Exiting |
|
#vim /etc/openvpn/sample.conf
7,8c7,8 < cert /etc/openvpn/keys/serverb64.cer < key /etc/openvpn/keys/server.key --- > cert /etc/openvpn/keys/svr1.cer > key /etc/openvpn/keys/svr1.key |
|
#openvpn --config /etc/openvpn/sample.conf
--ping-restart, --setenv, --persist-key, --persist-tun, --echo
--push-reset
Donât inherit the global push list for a specific client in-
stance. Specify this option in a client-specific context such
as with a --client-config-dir configuration file. This option
will ignore --push options at the global config file level.
--disable
Disable a particular client (based on the common name) from con-
necting. Donât use this option to disable a client due to key
[ --fragment max ] [ --genkey ] [ --group group ]´Ð¸Ñе...
...
[ --cipher alg ] [ --engine ] [ --keysize n ] [ --no-replay ]
Note that cmd can be a shell command with multiple arguments, in
--ifconfig-pool-persist file [seconds]
which case all OpenVPN-generated arguments will be appended to
Persist/unpersist ifconfig-pool data to file, at seconds inter-
vals (default=600), as well as on program startup and shutdown.
[ --auth-user-pass-verify script ] [ --auth-user-pass up ]
The goal of this option is to provide a long-term association
between clients (denoted by their common name) and the virtual
IP address assigned to them from the ifconfig-pool. Maintaining
|
|
#openvpn --help
--push-reset : Don't inherit global push list for specific
client instance.
--ifconfig-pool start-IP end-IP [netmask] : Set aside a pool of subnets
to be dynamically allocated to connecting clients.
--ifconfig-pool-linear : Use individual addresses rather than /30 subnets
in tun mode. Not compatible with Windows clients.
--ifconfig-pool-persist file [seconds] : Persist/unpersist ifconfig-pool
data to file, at seconds intervals (default=600).
If seconds=0, file will be treated as read-only.
--ifconfig-push local remote-netmask : Push an ifconfig option to remote,
...
--show-tls : Show all TLS ciphers (TLS used only as a control channel).
Generate a random key (only for non-TLS static key encryption mode):
--genkey : Generate a random key to be used as a shared secret,
for use with the --secret option.
--secret file : Write key to file.
Tun/tap config mode (available with linux 2.4+):
--mktun : Create a persistent tunnel.
--rmtun : Remove a persistent tunnel.
--dev tunX|tapX : tun/tap device
--dev-type dt : Device type. See tunnel options above for details.
|
|
#openvpn --crl-verify http://dc.clinika.net/certenroll/tech.crl
Mon Dec 10 16:18:29 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 16:18:29 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Enter Private Key Password: Mon Dec 10 16:18:33 2007 WARNING: file '/etc/openvpn/keys/svr1.key' is group or others accessible Mon Dec 10 16:18:33 2007 TUN/TAP device tap0 opened Mon Dec 10 16:18:33 2007 /sbin/ifconfig tap0 172.16.3.1 netmask 255.255.255.0 mtu 1500 broadcast 172.16.3.255 Mon Dec 10 16:18:33 2007 UDPv4 link local (bound): [undef]:1194 Mon Dec 10 16:18:33 2007 UDPv4 link remote: [undef] Mon Dec 10 16:18:51 2007 CRL: cannot read: http://dc.clinika.net/certenroll/tech.crl: No such file or directory (errno=2) Mon Dec 10 16:18:51 2007 Exiting |
|
#openvpn --help | less
|
|
#openvpn --crl-verify http://dc.clinika.net/ce
|
|
#openvpn --crl-verify /etc/openvpn/keys/tech.crl --config /etc/openvpn/sample.con
Mon Dec 10 16:21:12 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 16:21:12 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Enter Private Key Password: Mon Dec 10 16:21:16 2007 WARNING: file '/etc/openvpn/keys/svr1.key' is group or others accessible Mon Dec 10 16:21:16 2007 TUN/TAP device tap0 opened Mon Dec 10 16:21:16 2007 /sbin/ifconfig tap0 172.16.3.1 netmask 255.255.255.0 mtu 1500 broadcast 172.16.3.255 Mon Dec 10 16:21:16 2007 UDPv4 link local (bound): [undef]:1194 Mon Dec 10 16:21:16 2007 UDPv4 link remote: [undef] Mon Dec 10 16:21:31 2007 CRL: cannot read CRL from file /etc/openvpn/keys/tech.crl Mon Dec 10 16:21:31 2007 Exiting |
|
#openvpn --help | less
|
|
#openvpn --help | less
|
|
#openvpn --ca /etc/openvpn/keys/ca2.cer
Mon Dec 10 16:25:06 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 16:25:06 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Enter Private Key Password: Mon Dec 10 16:25:10 2007 WARNING: file '/etc/openvpn/keys/svr1.key' is group or others accessible Mon Dec 10 16:25:10 2007 TUN/TAP device tap0 opened Mon Dec 10 16:25:10 2007 /sbin/ifconfig tap0 172.16.3.1 netmask 255.255.255.0 mtu 1500 broadcast 172.16.3.255 Mon Dec 10 16:25:10 2007 UDPv4 link local (bound): [undef]:1194 Mon Dec 10 16:25:10 2007 UDPv4 link remote: [undef] Mon Dec 10 16:25:23 2007 CRL: cannot read CRL from file /etc/openvpn/keys/tech.crl Mon Dec 10 16:25:23 2007 Exiting |
|
#openvpn --help | less
|
|
#vim /etc/openvpn/sample.conf
8a9 > crl-verify /etc/openvpn/keys/tech.crl |
|
#openvpn --help | less
|
|
#vim /etc/openvpn/sample.conf
|
|
#openvpn --crl-verify /etc/openvpn/keys/tech.c
|
|
#openvpn --config /etc/openvpn/sample.conf
Mon Dec 10 16:30:04 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 16:30:04 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Enter Private Key Password: Mon Dec 10 16:30:07 2007 WARNING: file '/etc/openvpn/keys/svr1.key' is group or others accessible Mon Dec 10 16:30:07 2007 TUN/TAP device tap0 opened Mon Dec 10 16:30:07 2007 /sbin/ifconfig tap0 172.16.3.1 netmask 255.255.255.0 mtu 1500 broadcast 172.16.3.255 Mon Dec 10 16:30:07 2007 UDPv4 link local (bound): [undef]:1194 Mon Dec 10 16:30:07 2007 UDPv4 link remote: [undef] Mon Dec 10 16:30:17 2007 CRL: cannot read CRL from file /etc/openvpn/keys/tech.crl Mon Dec 10 16:30:17 2007 Exiting |
|
#vim /etc/openvpn/sample.conf
|
|
#ping dc.clinika.net
ping: unknown host dc.clinika.net |
|
#vim /etc/hosts
|
|
#vim /etc/resolv.conf
3c3 < nameserver 192.168.16.254 --- > nameserver 192.168.16.253 |
|
#ping dc.clinika.net
PING dc.clinika.net (192.168.16.253) 56(84) bytes of data. 64 bytes from 192.168.16.253: icmp_seq=0 ttl=128 time=0.316 ms 64 bytes from 192.168.16.253: icmp_seq=1 ttl=128 time=0.398 ms --- dc.clinika.net ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 0.316/0.357/0.398/0.041 ms, pipe 2 |
|
#vim /etc/openvpn/sample.conf
9c9 < crl-verify /etc/openvpn/keys/tech.crl --- > crl-verify http://dc.clinka.net/CertEnroll/tech.crl |
|
#openvpn --config /etc/openvpn/sample.conf
Mon Dec 10 16:38:55 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 16:38:55 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Enter Private Key Password: Mon Dec 10 16:38:59 2007 WARNING: file '/etc/openvpn/keys/svr1.key' is group or others accessible Mon Dec 10 16:38:59 2007 TUN/TAP device tap0 opened Mon Dec 10 16:38:59 2007 /sbin/ifconfig tap0 172.16.3.1 netmask 255.255.255.0 mtu 1500 broadcast 172.16.3.255 Mon Dec 10 16:38:59 2007 UDPv4 link local (bound): [undef]:1194 Mon Dec 10 16:38:59 2007 UDPv4 link remote: [undef] Mon Dec 10 16:39:09 2007 CRL: cannot read: http://dc.clinka.net/CertEnroll/tech.crl: No such file or directory (errno=2) Mon Dec 10 16:39:09 2007 Exiting |
|
#vim /etc/openvpn/sample.conf
9c9 < crl-verify http://dc.clinka.net/CertEnroll/tech.crl --- > crl-verify /etc/openvpn/keys/tech.crl |
|
#openvpn --config /etc/openvpn/sample.conf
Mon Dec 10 16:39:59 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Mon Dec 10 16:39:59 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Enter Private Key Password: Mon Dec 10 16:40:02 2007 WARNING: file '/etc/openvpn/keys/svr1.key' is group or others accessible Mon Dec 10 16:40:02 2007 TUN/TAP device tap0 opened Mon Dec 10 16:40:02 2007 /sbin/ifconfig tap0 172.16.3.1 netmask 255.255.255.0 mtu 1500 broadcast 172.16.3.255 Mon Dec 10 16:40:02 2007 UDPv4 link local (bound): [undef]:1194 Mon Dec 10 16:40:02 2007 UDPv4 link remote: [undef] Mon Dec 10 16:40:13 2007 CRL: cannot read CRL from file /etc/openvpn/keys/tech.crl Mon Dec 10 16:40:13 2007 Exiting |
|
#openvpn --config /etc/openvpn/sample.conf
Tue Dec 11 08:56:47 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Tue Dec 11 08:56:47 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Enter Private Key Password: Tue Dec 11 08:56:51 2007 WARNING: file '/etc/openvpn/keys/svr1.key' is group or others accessible Tue Dec 11 08:56:51 2007 TUN/TAP device tap0 opened Tue Dec 11 08:56:51 2007 /sbin/ifconfig tap0 172.16.3.1 netmask 255.255.255.0 mtu 1500 broadcast 172.16.3.255 Tue Dec 11 08:56:51 2007 UDPv4 link local (bound): [undef]:1194 Tue Dec 11 08:56:51 2007 UDPv4 link remote: [undef] Tue Dec 11 08:57:09 2007 CRL: cannot read CRL from file /etc/openvpn/keys/MyCrl.crl Tue Dec 11 08:57:09 2007 Exiting |
|
#vim /etc/openvpn/sample.conf
9c9 < crl-verify /etc/openvpn/keys/MyCrl.crl --- > crl-verify /etc/openvpn/keys/ruslan2.cer |
|
#ls /etc/openvpn/keys/
ca2.cer certnew.cer dh2048.pem ruslan.key serverb64.cer server.key svr1.key tech.crl ca.cer dh1024.pem MyCrl.crl server2.cer server.cer svr1.cer svr1.req |
|
#vim /etc/openvpn/sample.conf
|
|
#openvpn --config /etc/openvpn/sample.conf
Tue Dec 11 08:59:06 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Dec 10 2007 Tue Dec 11 08:59:06 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Enter Private Key Password: Tue Dec 11 08:59:09 2007 WARNING: file '/etc/openvpn/keys/svr1.key' is group or others accessible Tue Dec 11 08:59:09 2007 TUN/TAP device tap0 opened Tue Dec 11 08:59:09 2007 /sbin/ifconfig tap0 172.16.3.1 netmask 255.255.255.0 mtu 1500 broadcast 172.16.3.255 Tue Dec 11 08:59:09 2007 UDPv4 link local (bound): [undef]:1194 Tue Dec 11 08:59:09 2007 UDPv4 link remote: [undef] Tue Dec 11 08:59:22 2007 CRL: cannot read CRL from file /etc/openvpn/keys/ruslan2.cer Tue Dec 11 08:59:22 2007 Exiting |
|
#yum install samba
Setting up Install Process Setting up repositories base 100% |=========================| 951 B 00:00 updates-released 100% |=========================| 951 B 00:00 Reading repository metadata in from local files Parsing package install arguments Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Downloading header for samba to pack into transaction set. samba-3.0.24-1.110asp.i38 100% |=========================| 124 kB 00:46 ... samba-common i386 3.0.24-1.110asp updates-released 7.9 M Transaction Summary ============================================================================= Install 1 Package(s) Update 2 Package(s) Remove 0 Package(s) Total download size: 28 M Is this ok [y/N]: n Exiting on user Command Complete! |
|
#ls /media/cdrom/
Add-ONS GPG-KEY LafoxNet.koi LICENSE.RUS RELEASE_NOTES ASPLinux GPL LafoxNet.utf LICENSE.RUS.koi RELEASE_NOTES.RUS ASPLinux-updates LafoxNet.dos LICENSE.ENG README RELEASE_NOTES.RUS.koi |
|
#ls /media/cdrom/A
Add-ONS/ ASPLinux/ ASPLinux-updates/ |
|
#ls /media/cdrom/Add-ONS/
acroread-7.0.1 opera-8.52-20060201.6-shared-qt.i386-en.rpm acroread_7.0.1.orig.tar.gz VmWare flash-player-7.0.25 w32codecs-20050412 java w32codecs_20050412.orig.tar.gz NVIDIA-Linux-x86-1.0-8178-pkg1.run |
|
#ls /media/cdrom/ASPLinux
base boot RPMS |
|
#ls /media/cdrom/ASPLinux/RPMS/
jakarta-commons-lang-2.0-2jpp_1fc.noarch.rpm jakarta-commons-lang-javadoc-2.0-2jpp_1fc.noarch.rpm jakarta-commons-launcher-0.9-3jpp_1fc.noarch.rpm jakarta-commons-launcher-javadoc-0.9-3jpp_1fc.noarch.rpm jakarta-commons-logging-1.0.4-2jpp_4fc.i386.rpm jakarta-commons-logging-javadoc-1.0.4-2jpp_4fc.i386.rpm jakarta-commons-modeler-1.1-3jpp_4fc.i386.rpm jakarta-commons-modeler-javadoc-1.1-3jpp_4fc.i386.rpm jakarta-commons-pool-1.2-2jpp_1fc.noarch.rpm jakarta-commons-pool-javadoc-1.2-2jpp_1fc.noarch.rpm ... lazarus-0.9.11-0.20051230.110asp.i386.rpm lcdf-typetools-2.36-1.110asp.i386.rpm lcms-1.14-3.i386.rpm lcms-devel-1.14-3.i386.rpm ldapjdk-4.17-1jpp_3fc.noarch.rpm ldapjdk-javadoc-4.17-1jpp_3fc.noarch.rpm less-394-1.fc4.i386.rpm lftp-3.3.0-1.110asp.i386.rpm lha-1.14i-19.i386.rpm libacl-2.2.32-1.FC4.2.i386.rpm |
|
#ls /media/cdrom/ASPLinux/RPMS/samba*
/media/cdrom/ASPLinux/RPMS/samba-3.0.20-0.110.2asp.i386.rpm /media/cdrom/ASPLinux/RPMS/samba-client-3.0.20-0.110.2asp.i386.rpm /media/cdrom/ASPLinux/RPMS/samba-common-3.0.20-0.110.2asp.i386.rpm /media/cdrom/ASPLinux/RPMS/samba-swat-3.0.20-0.110.2asp.i386.rpm |
|
#man rpm
|
|
#cd /media/cdrom/ASPLinux/RPMS/
|
|
#rpm -i samba-3.0.20-0.110.2asp.i386.rpm
|
|
#yum list | grep samba
samba.i386 3.0.20-0.110.2asp installed samba-client.i386 3.0.20-0.110.2asp installed samba-common.i386 3.0.20-0.110.2asp installed samba-swat.i386 3.0.20-0.110.2asp installed samba.i386 3.0.24-1.110asp updates-released samba-client.i386 3.0.24-1.110asp updates-released samba-common.i386 3.0.24-1.110asp updates-released samba-swat.i386 3.0.24-1.110asp updates-released system-config-samba.noarch 1.2.31-1 base |
| Время первой команды журнала | 13:02:56 2007-12-10 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Время последней команды журнала | 09:10:22 2007-12-11 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в журнале | 101 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент команд с ненулевым кодом завершения, % | 29.70 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент синтаксически неверно набранных команд, % | 2.97 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Суммарное время работы с терминалом *, час | 2.32 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в единицу времени, команда/мин | 0.73 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Частота использования команд |
|
В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l bash: l: command not found |
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4 |
Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
$ find / -name abc find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C |
Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id uid=0(root) gid=0(root) Gruppen=0(root) |
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc
|
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc |
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.
Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
$ whoami
user
$ #^ Интересно, кто я?в журнале это будет выглядеть так:
$ whoami
user
| Интересно, кто я? |
Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:
$ whoami
user
$ cat > /dev/null #^ Интересно, кто я?
Программа whoami выводит имя пользователя, под которым мы зарегистрировались в системе. - Она не может ответить на вопрос о нашем назначении в этом мире.В журнале это будет выглядеть так:
$ whoami user
|
Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=
1
2
3
4
Группы команд, выполненных на разных терминалах, разделяются специальной линией.
Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
Для того чтобы посмотреть команды только одного сенса,
нужно щёкнуть по этому названию.
LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008