LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-21-2009, 05:40 AM   #1
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Rep: Reputation: 33
OpenVPN to server on the internet to manage it ??


I have a VDS running that is on the public internet.
To be able to have a secure access to it to manage the server, can I run an OpenVPN-server on it and make a VPN-connection to it ?

Services like webmin, CSF&LFD-firewall GUI and other webGUI tools would then be safe to access ??
 
Old 08-21-2009, 06:04 AM   #2
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
Blog Entries: 11

Rep: Reputation: 233Reputation: 233Reputation: 233
Quote:
Originally Posted by jonaskellens View Post
I have a VDS running that is on the public internet.
To be able to have a secure access to it to manage the server, can I run an OpenVPN-server on it and make a VPN-connection to it ?

Services like webmin, CSF&LFD-firewall GUI and other webGUI tools would then be safe to access ??
As long as you secure the VPN in the right manner, sure will. Consider that you have to have the webmin and other webGUI stuff to only be accesible from localhost (aka 127.0.0.1). Else you would nearly defy the purpose of your vpn.

But I guess more hassel free is just to use ssh and install a cmd browser like w3m. Or go for an X eviroment through ssh.

I say it depends on your momentary knowlegde, the knowlegde you want to gain and the time you have.
 
Old 08-21-2009, 06:12 AM   #3
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by zhjim View Post
As long as you secure the VPN in the right manner, sure will. Consider that you have to have the webmin and other webGUI stuff to only be accesible from localhost (aka 127.0.0.1). Else you would nearly defy the purpose of your vpn.

But I guess more hassel free is just to use ssh and install a cmd browser like w3m. Or go for an X eviroment through ssh.

I say it depends on your momentary knowlegde, the knowlegde you want to gain and the time you have.
Configuration of the mailserver (ssmtp), asterisk, openvpn, and apache I have done through ssh with rsa-keys.
But the firewall configuration in iptables is not (yet) my thing.

X11 through ssh, is it possible when server is in runlevel 3 ??

webmin and webGUI stuff only accesible from localhost ??
When my OpenVPN-server gives me an IP of 10.8.0.1 I can not really use the webGUI-apps, no ?!
 
Old 08-21-2009, 07:20 AM   #4
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
Blog Entries: 11

Rep: Reputation: 233Reputation: 233Reputation: 233
Quote:
Originally Posted by jonaskellens View Post
But the firewall configuration in iptables is not (yet) my thing.
While configuring a remote host with iptables I always used this little gadget to prevent myself from being locked out

1.) Create a little shell script
Code:
iptables -t nat -F
iptables -F
iptables -t mangle -F
iptables -P ACCEPT INPUT
iptables -P ACCEPT OUTPUT
this clears all the iptables and reset the default policies to accept everything. This is just from mind and should be checked. Especially when it comes to the targets/chains with -t. cat /proc/net/ip_tables_name holds all possible targets

2.) Create a cronjob that runs every minute and executes the script above so in case of lockout you'll gain access.

Quote:
Originally Posted by jonaskellens View Post
X11 through ssh, is it possible when server is in runlevel 3 ??
Could be done when you add X11 to the start up scripts of runlevel 3. Normaly you'd need 4 or 5.

Quote:
Originally Posted by jonaskellens View Post
webmin and webGUI stuff only accesible from localhost ??
When my OpenVPN-server gives me an IP of 10.8.0.1 I can not really use the webGUI-apps, no ?!
You're right on this one. Just wanted to make clear that you need to restriced the acces from outside.

Something like
Code:
Order Deny,Allow
Allow from 127.0.0.1, your_vpn_ip
inside the apache config
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 03:20 AM
manage internet bandwidth alsharifhoussam Linux - Server 1 06-11-2009 01:46 AM
OpenVPN - LAN Without Internet tsj5j Linux - Networking 3 01-29-2007 07:11 AM
Software to manage backups across Internet from Windows server to Linux jamesrh Linux - Software 1 02-08-2006 09:54 PM
HOW to manage Internet Sharing? novices2k Red Hat 7 11-13-2003 08:07 PM


All times are GMT -5. The time now is 06:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration