{"id":2058,"date":"2020-01-05T20:27:31","date_gmt":"2020-01-05T19:27:31","guid":{"rendered":"https:\/\/rostman.pl\/?p=2058"},"modified":"2020-12-09T22:45:33","modified_gmt":"2020-12-09T21:45:33","slug":"router-debian-cz-2","status":"publish","type":"post","link":"https:\/\/rostman.eu\/index.php\/2020\/01\/05\/router-debian-cz-2\/","title":{"rendered":"Router Debian cz. 2"},"content":{"rendered":"<p>&nbsp;<\/p>\n<h2 id=\"mcetoc_1dtrs3eur1\">Instalacja i konfiguracja serwera DHCP<\/h2>\n<p>Zainstalowanie i skonfigurowanie serwera DHCP na interfejsie eth1 (eth0 \u2013 jest zawsze interfejsem WAN)<br \/>\ninstalacja:<br \/>\n<code>apt-get update<\/code><br \/>\n<code>apt-get install isc-dhcp-server<\/code><\/p>\n<p>edytujemy:<br \/>\n<code>\/etc\/default\/isc-dhcp-server<\/code><br \/>\nDodajemy interfejs na kt\u00f3rym ma dzia\u0142a\u0107 server DHCP (je\u015bli mamy kilka interfejs\u00f3w na kt\u00f3rych ma dzia\u0142a\u0107 dhcp to dopisujemy po spacji np. INTERFACES=&#8221;eth1 eth2 eth3&#8243; Odpowiednia podsie\u0107 zostanie przyporz\u0105dkowana po adresie ip interfejsu.<br \/>\nINTERFACES=&#8221;eth1&#8243;<\/p>\n<p><!--more--><br \/>\nEdytujemy:<br \/>\n<code>\/etc\/dhcp\/dhcpd.conf<\/code><br \/>\ndodajemy pul\u0119 adresow\u0105<\/p>\n<p><code><br \/>\nsubnet 192.168.100.0 netmask 255.255.255.0 {<br \/>\nrange 192.168.100.50 192.168.100.250;<br \/>\noption domain-name-servers 1.1.1.1, 8.8.4.4;<br \/>\noption domain-name \"nazwa_firmy.local\";<br \/>\noption routers 192.168.100.1;<br \/>\noption broadcast-address 192.168.100.255;<br \/>\n# 1 day (86400 seconds)<br \/>\n# 7 days (7*86400 = 604800 seconds)<br \/>\ndefault-lease-time 86400;<br \/>\nmax-lease-time 604800;<br \/>\n}<\/code><\/p>\n<p>restartujemy serwis:<br \/>\n<code>service isc-dhcp-server restart<\/code><br \/>\nsprawdzamy czy wszystko ok poleceniem:<br \/>\n<code>systemctl status isc-dhcp-server.service<\/code><\/p>\n<h2 id=\"mcetoc_1dtrs305s0\">Przekazywanie pakiet\u00f3w<\/h2>\n<p>Edycja pliku:<br \/>\n<code>nano \/etc\/sysctl.conf<\/code><br \/>\n# Uncomment the next line to enable packet forwarding for IPv4<br \/>\nnet.ipv4.ip_forward=1<\/p>\n<p>aby dzia\u0142a\u0142o przed restartem routera:<\/p>\n<p><code>echo 1 &gt; \/proc\/sys\/net\/ipv4\/ip_forward<\/code><\/p>\n<h2 id=\"mcetoc_1dtrsqujl0\">Prosty &#8222;Firewall&#8221;<\/h2>\n<p>W katalogu domowym roota tworzymy pliki:<\/p>\n<p><code>touch firewall &amp;&amp; chmod 755 firewall<\/code><\/p>\n<p>wpisujemy zawarto\u015b\u0107:<br \/>\n<code>#!\/bin\/bash<br \/>\nmodprobe ip_nat_ftp<br \/>\nmodprobe ip_conntrack<br \/>\nmodprobe ip_conntrack_ftp<br \/>\npublic=172.27.211.50<br \/>\niptab=iptables<br \/>\n#Najpierw czyscimy<br \/>\necho \"Czyscimy i kasujemy wszystkie reguly\"<br \/>\n$iptab -F<br \/>\n$iptab -X<br \/>\n$iptab -t nat -F<br \/>\n$iptab -t nat -X<br \/>\necho \"Blokujemy wszystko\"<br \/>\n$iptab -P INPUT ACCEPT<br \/>\n$iptab -P OUTPUT ACCEPT<br \/>\n$iptab -P FORWARD ACCEPT<br \/>\n$iptab -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT<br \/>\necho \"Postrouting\"<br \/>\n$iptab -A POSTROUTING -t nat -o eth0 -j SNAT --to-source $public<br \/>\n<\/code><\/p>\n<h2 id=\"mcetoc_1dtrs3tvv2\">ustawiamy serwis rc.local<\/h2>\n<p><code>nano \/etc\/systemd\/system\/rc-local.service<\/code><br \/>\nTworzymy plik rc-local.service w lokalizacji \/etc\/systemd\/system o zawarto\u015bci:<\/p>\n<p><code>[Install]<br \/>\nWantedBy=multi-user.target<\/code><\/p>\n<p>[Unit]<br \/>\nDescription=\/etc\/rc.local<br \/>\nConditionPathExists=\/etc\/rc.local<\/p>\n<p>[Service]<br \/>\nType=forking<br \/>\nExecStart=\/etc\/rc.local start<br \/>\nTimeoutSec=0<br \/>\nStandardOutput=tty<br \/>\nRemainAfterExit=yes<br \/>\nSysVStartPriority=99<\/p>\n<p>tworzymy plik rc.local w \/etc o zawarto\u015bci:<br \/>\n<code>nano \/etc\/rc.local<\/code><\/p>\n<p><code>#!\/bin\/sh -e<br \/>\n#<br \/>\n# rc.local<br \/>\n#<br \/>\n# This script is executed at the end of each multiuser runlevel.<br \/>\n# Make sure that the script will \"exit 0\" on success or any other<br \/>\n# value on error.<br \/>\n#<br \/>\n# In order to enable or disable this script just change the execution<br \/>\n# bits.<br \/>\n#<br \/>\n# By default this script does nothing.<br \/>\nexit 0<br \/>\n<\/code><\/p>\n<p>nadajemy uprawnienia do wykonywania rc.local i w\u0142\u0105czamy skrypt:<\/p>\n<p><code>chmod +x \/etc\/rc.local<br \/>\nsystemctl enable rc-local<br \/>\nsystemctl start rc-local.service<\/code><\/p>\n<p>edytujemy rc.local i dodajemy swoje ustawienia<\/p>\n<p>Sprawdzamy czy nie ma b\u0142\u0119d\u00f3w:<br \/>\n<code>systemctl status rc-local.service<\/code><\/p>\n<p>Do pliku \/etc\/rc.local dodajemy przed exit 0<br \/>\n# By default this script does nothing.<br \/>\n<strong>\/root\/firewall<\/strong><br \/>\nexit 0<\/p>\n<h2 id=\"mcetoc_1dtrs4e1h3\">OpenVPN<\/h2>\n<p>touch makeopenvpn &amp;&amp; chmod 755 makeopenvpn<br \/>\nwpisujemy zawarto\u015b\u0107:<br \/>\n#!\/bin\/bash<br \/>\nfolder=\/root\/kluczeopenvpn<br \/>\ncd \/usr\/share\/easy-rsa<br \/>\nsource .\/vars<br \/>\n.\/build-key $1<br \/>\ncp \/usr\/share\/easy-rsa\/keys\/$1* \/root\/kluczeopenvpn\/<br \/>\ncp $folder\/wzor.ovpn $folder\/$1.ovpn<br \/>\necho cert $1.crt &gt;&gt; $folder\/$1.ovpn<br \/>\necho key $1.key &gt;&gt; $folder\/$1.ovpn<br \/>\nzip -j $folder\/$1.zip $folder\/$1.*<br \/>\nzip -j $folder\/$1.zip $folder\/ca.crt<\/p>\n<p>Tworzymy w katalogu domowy root folder kluczeopenvpn<br \/>\nmkdir kluczeopenvpn &amp;&amp; cd kluczeopenvpn &amp;&amp; touch wzor.ovpn<br \/>\nzawarto\u015b\u0107 wzor.ovpn:<br \/>\nclient<br \/>\ndev tun<br \/>\nproto udp<br \/>\nremote 172.27.211.50 1194<br \/>\nresolv-retry infinite<br \/>\nnobind<br \/>\npersist-key<br \/>\nca ca.crt<br \/>\nns-cert-type server<br \/>\ncipher BF-CBC<br \/>\ncomp-lzo<br \/>\nverb 3<\/p>\n<p>Instalujemy dodatkowe programy:<br \/>\napt-get update<br \/>\napt-get install iptraf nmap rcconf tcpdump zip<\/p>\n<p>Instalacja i konfiguracja openvpn<\/p>\n<p>apt-get install openvpn<br \/>\nprzechodzimy do scie\u017cki:<br \/>\ncd \/usr\/share\/easy-rsa\/<\/p>\n<p>Kopiujemy plik:<br \/>\nroot@wawa:\/usr\/share\/easy-rsa# cp openssl-1.0.0.cnf openssl.cnf<br \/>\ndodatkowo zmodyfikowa\u0107 mo\u017cna plik vars o podanie prawid\u0142owych danych:<br \/>\nexport KEY_COUNTRY=&#8221;US&#8221;<br \/>\nexport KEY_PROVINCE=&#8221;CA&#8221;<br \/>\nexport KEY_CITY=&#8221;SanFrancisco&#8221;<br \/>\nexport KEY_ORG=&#8221;Fort-Funston&#8221;<br \/>\nexport KEY_EMAIL=&#8221;me@myhost.mydomain&#8221;<br \/>\nexport KEY_OU=&#8221;MyOrganizationalUnit&#8221;<br \/>\ni wydajemy polecenia:<br \/>\n. .\/vars<br \/>\n.\/clean-all<br \/>\n.\/build-ca<\/p>\n<p>przyk\u0142adowe dane:<br \/>\n\/usr\/share\/easy-rsa# .\/build-ca<br \/>\nGenerating a 2048 bit RSA private key<br \/>\n&#8230;&#8230;&#8230;&#8230;+++<br \/>\n&#8230;+++<br \/>\nwriting new private key to 'ca.key&#8217;<br \/>\n&#8212;&#8211;<br \/>\nYou are about to be asked to enter information that will be incorporated<br \/>\ninto your certificate request.<br \/>\nWhat you are about to enter is what is called a Distinguished Name or a DN.<br \/>\nThere are quite a few fields but you can leave some blank<br \/>\nFor some fields there will be a default value,<br \/>\nIf you enter &#8217;.&#8217;, the field will be left blank.<br \/>\n&#8212;&#8211;<br \/>\nCountry Name (2 letter code) [US]:PL<br \/>\nState or Province Name (full name) [CA]:MA<br \/>\nLocality Name (eg, city) [SanFrancisco]:WARSAW<br \/>\nOrganization Name (eg, company) [Fort-Funston]:NAZWA_FIRMY<br \/>\nOrganizational Unit Name (eg, section) [MyOrganizationalUnit]:BIURO<br \/>\nCommon Name (eg, your name or your server&#8217;s hostname) [Fort-Funston CA]:NAZWA_FIRMY<br \/>\nName [EasyRSA]:<br \/>\nEmail Address [me@myhost.mydomain]:<\/p>\n<p>Konfiguracja certyfikatu i klucza dla servera:<br \/>\n.\/build-key-server server<\/p>\n<p>przyk\u0142adowe dane:<br \/>\n\/usr\/share\/easy-rsa# .\/build-key-server server<br \/>\nGenerating a 2048 bit RSA private key<br \/>\n&#8230;&#8230;&#8230;+++<br \/>\n&#8230;&#8230;&#8230;&#8230;&#8230;.+++<br \/>\nwriting new private key to 'server.key&#8217;<br \/>\n&#8212;&#8211;<br \/>\nYou are about to be asked to enter information that will be incorporated<br \/>\ninto your certificate request.<br \/>\nWhat you are about to enter is what is called a Distinguished Name or a DN.<br \/>\nThere are quite a few fields but you can leave some blank<br \/>\nFor some fields there will be a default value,<br \/>\nIf you enter &#8217;.&#8217;, the field will be left blank.<br \/>\n&#8212;&#8211;<br \/>\nCountry Name (2 letter code) [US]:PL<br \/>\nState or Province Name (full name) [CA]:MA<br \/>\nLocality Name (eg, city) [SanFrancisco]:WARSAW<br \/>\nOrganization Name (eg, company) [Fort-Funston]:NAZWA_FIRMY<br \/>\nOrganizational Unit Name (eg, section) [MyOrganizationalUnit]:BIURO<br \/>\nCommon Name (eg, your name or your server&#8217;s hostname) [server]:NAZWA_FIRMY<br \/>\nName [EasyRSA]:<br \/>\nEmail Address [me@myhost.mydomain]:<\/p>\n<p>Please enter the following 'extra&#8217; attributes<br \/>\nto be sent with your certificate request<br \/>\nA challenge password []:<br \/>\nAn optional company name []:<br \/>\nUsing configuration from \/usr\/share\/easy-rsa\/openssl-1.0.0.cnf<br \/>\nCheck that the request matches the signature<br \/>\nSignature ok<br \/>\nThe Subject&#8217;s Distinguished Name is as follows<br \/>\ncountryName :PRINTABLE:&#8217;PL&#8217;<br \/>\nstateOrProvinceName :PRINTABLE:&#8217;MA&#8217;<br \/>\nlocalityName :PRINTABLE:&#8217;WARSAW&#8217;<br \/>\norganizationName :PRINTABLE:&#8217;Nazwa firmy&#8217;<br \/>\norganizationalUnitName:PRINTABLE:&#8217;BIURO&#8217;<br \/>\ncommonName :PRINTABLE:&#8217;Nazwa firmy&#8217;<br \/>\nname :PRINTABLE:&#8217;EasyRSA&#8217;<br \/>\nemailAddress :IA5STRING:&#8217;me@myhost.mydomain&#8217;<br \/>\nCertificate is to be certified until May 18 09:23:10 2025 GMT (3650 days)<br \/>\nSign the certificate? [y\/n]:y<\/p>\n<p>1 out of 1 certificate requests certified, commit? [y\/n]y<br \/>\nWrite out database with 1 new entries<br \/>\nData Base Updated<\/p>\n<p>Generate Diffie Hellman parameters<br \/>\n.\/build-dh<\/p>\n<p>tworzymy i edytujemy plik konfiguracyjny:<br \/>\nnano \/etc\/openvpn\/server.conf<br \/>\no zawarto\u015bci:<\/p>\n<p>port 1194<br \/>\nproto udp<br \/>\ndev tun<br \/>\ntopology subnet #istotne je\u015bli \u0142\u0105czy si\u0119 du\u017co klient\u00f3w<br \/>\nserver 10.9.8.0 255.255.255.0 # internal tun0 connection IP<\/p>\n<p>ca \/etc\/openvpn\/ca.crt # generated keys<br \/>\ncert \/etc\/openvpn\/server.crt<br \/>\nkey \/etc\/openvpn\/server.key # keep secret<br \/>\ndh \/etc\/openvpn\/dh2048.pem<\/p>\n<p>ifconfig-pool-persist ipp.txt<br \/>\npush &#8222;route 172.28.181.0 255.255.255.0&#8221;<br \/>\npush &#8222;dhcp-option DNS 8.8.8.8&#8221;<br \/>\npush &#8222;dhcp-option DOMAIN nazwa_firmy.local&#8221;<br \/>\nkeepalive 10 120<br \/>\ncomp-lzo<br \/>\nuser nobody<br \/>\ngroup nogroup<br \/>\npersist-key<br \/>\npersist-tun<br \/>\nstatus openvpn-status.log<br \/>\nverb 3<br \/>\n#crl-verify crl.pem<\/p>\n<p>Skopiwa\u0107 klucze i certyfikaty do \/etc\/openvpn\/:<br \/>\ncp \/usr\/share\/easy-rsa\/keys\/* \/etc\/openvpn\/<br \/>\ncp \/usr\/share\/easy-rsa\/keys\/* \/root\/kluczeopenvpn\/<\/p>\n<p>wykonanie restartu servera:<br \/>\nreboot<\/p>\n<h2 id=\"mcetoc_1dtrs4rbh4\">Opcja SITEtoSITE<\/h2>\n<p>&nbsp;<\/p>\n<p>Mamy ju\u017c wygenerowane certyfikaty dla serwera i klienta<\/p>\n<p>Wirtualna sie\u0107 dla OpenVPN: 10.8.0.0\/24<\/p>\n<p>Serwer:<\/p>\n<p>adresacja sieci lokalnej: 192.168.100.1\/24<br \/>\nadres publiczny: 172.27.211.50<\/p>\n<p>Klient:<\/p>\n<p>adresacja sieci lokalnej: 192.168.200.1\/24<br \/>\nadres publiczny: bez znaczenia<\/p>\n<p>Pliki Konfiguracyjne<\/p>\n<p>Serwer:<\/p>\n<p>\/etc\/openvpn\/server.conf<\/p>\n<p>#<br \/>\nport 1194<br \/>\nproto udp<br \/>\ndev tun<br \/>\nserver 10.8.0.0 255.255.255.0 # internal tun0 connection IP<\/p>\n<p>ca \/etc\/openvpn\/ca.crt # generated keys<br \/>\ncert \/etc\/openvpn\/server.crt<br \/>\nkey \/etc\/openvpn\/server.key # keep secret<br \/>\ndh \/etc\/openvpn\/dh2048.pem<\/p>\n<p>client-config-dir ccd # folder \/etc\/openvpn\/ccd ma zawiera\u0107 pliki z konfiguracj\u0105 poszczeg\u00f3lnych klient\u00f3w (konkretnie linijk\u0119 &#8222;iroute adres maska&#8221; z podsieci\u0105 u klienta &#8211; trasa dla openVPN<br \/>\ntopology subnet # &#8222;nowa&#8221; topologia sieci &#8211; ka\u017cdy klient dostaje jeden adres IP, zamiast marnowa\u0107 4 sztuki<br \/>\npush &#8222;route 192.168.100.0 255.255.255.0&#8221; # wysy\u0142am klientowi adresacj\u0119 podsieci po stronie serwera<br \/>\nroute 192.168.200.0 255.255.255.0 # ustawienie trasy do sieci zdalnej (dla kernela)<br \/>\nkeepalive 10 120 # keepalice co 10 sek. po 120 sek. uznaj po\u0142aczenie z martwe<br \/>\ncomp-lzo # kompresja<br \/>\nuser nobody<br \/>\ngroup nogroup<br \/>\npersist-key # persist-key i persist-tun s\u0105 potrzebne, \u017ceby nie-root m\u00f3g\u0142 restartowa\u0107 po\u0142\u0105czenia (chyba tak to lecia\u0142o)<br \/>\npersist-tun<br \/>\nstatus openvpn-status.log<br \/>\ncipher AES-256-CBC #Przyzwoite szyfrowanie (domy\u015blne Blowfish-CBC jest s\u0142abe<br \/>\nverb 3 # 3 to zwyk\u0142y poziom log\u00f3w. Przy 4 i 5 jest za du\u017co informacji<\/p>\n<p>#crl-verify crl.pem # sprawdzanie wa\u017cno\u015bci\/odwo\u0142a\u0144 certyfikat\u00f3w. Wymaga samodzielnego generowanie i kopiowania crl: openssl ca -config \/usr\/share\/easy-rsa\/openssl.cnf -gencrl -out \/etc\/openvpn\/crl.pem<\/p>\n<p>\/etc\/openvpn\/ccd\/abu &#8211; ka\u017cdy klient musi mie\u0107 sw\u00f3j plik w folderze &#8222;CCD&#8221;. Tu wpisujemy tylko adresacj\u0119 sieci lokalnej po stronie klienckiej. <span style=\"color: #ff0000;\"><strong>Nazwa pliku zgodna z CN (common name)<\/strong><\/span> w certyfikacie klienta<\/p>\n<p>iroute 192.168.200.0 255.255.255.0<\/p>\n<p>Klient:<\/p>\n<p>\/etc\/openvpn\/<strong><span style=\"color: #ff0000;\">abu<\/span><\/strong>.conf<\/p>\n<p>#<br \/>\nclient<br \/>\nremote 172.27.211.50<br \/>\nresolv-retry infinite<br \/>\nport 1194<br \/>\nproto udp<br \/>\ndev tun0<\/p>\n<p>ca ca.crt<br \/>\ncert abu.crt<br \/>\nkey abu.key<\/p>\n<p>persist-tun<br \/>\npersist-key<br \/>\ncomp-lzo<br \/>\nkeepalive 10 120<\/p>\n<p>cipher AES-256-CBC<br \/>\nuser nobody<br \/>\ngroup nogroup<br \/>\nverb 3<br \/>\nstatus openvpn-status.log<\/p>\n<p>W\u0142\u0105czenie us\u0142ugi podczas startu<\/p>\n<pre>systemctl enable openvpn@<strong><span style=\"color: #ff0000;\">abu<\/span><\/strong>.service\r\n\r\nWystartowanie serwisu:<\/pre>\n<pre>service openvpn@<strong><span style=\"color: #ff0000;\">abu<\/span><\/strong> start\r\n\r\nsprawdzenie statusu:<\/pre>\n<pre>service openvpn@<strong><span style=\"color: #ff0000;\">abu<\/span><\/strong> status\r\n\r\nTrzeba jeszcze doda\u0107 routing po stronie serwera:\r\nroute add -net <strong><span style=\"color: #ff0000;\">192.168.100.0<\/span><\/strong> netmask <strong><span style=\"color: #ff0000;\">255.255.255.0<\/span><\/strong> gw <span style=\"color: #ff0000;\"><strong>10.8.0.2<\/strong><\/span> dev <strong><span style=\"color: #ff0000;\">tun0<\/span><\/strong>\r\nw firewallu clienta doda\u0107:\r\niptables -t nat -o tun+ -A POSTROUTING -s <strong><span style=\"color: #ff0000;\">10.8.0.0\/24<\/span><\/strong> -d <strong><span style=\"color: #ff0000;\">172.28.181.0\/24<\/span><\/strong> -j SNAT --to-source <strong><span style=\"color: #ff0000;\">192.168.100.1<\/span><\/strong><\/pre>\n<p>Odwo\u0142aj cert w folderze domowym root<\/p>\n<p>zrobi\u0107 skrypt odwolajcertyfikat o zawarto\u015bci:<br \/>\ncd \/usr\/share\/easy-rsa\/<br \/>\nsource .\/vars<br \/>\n.\/revoke-full $1<br \/>\ncp \/usr\/share\/easy-rsa\/keys\/crl.pem \/etc\/openvpn\/<br \/>\nmv \/root\/kluczeopenvpn\/$1* \/root\/odwolaneCertyfikaty\/<br \/>\nnadanie uprawnie\u0144 do wykonywania:<br \/>\nchmod 755 \/root\/odwolajcertyfikat<br \/>\nAktualizacje CRL<\/p>\n<p>Wpisa\u0107 do pliku: \/root\/generujcrl.sh:<\/p>\n<p>#!\/bin\/bash<br \/>\ncd \/usr\/share\/easy-rsa<br \/>\nsource .\/vars<br \/>\nopenssl ca -config \/usr\/share\/easy-rsa\/openssl.cnf -gencrl -out \/etc\/openvpn\/crl.pem<\/p>\n<p>Wykona\u0107:<\/p>\n<p>chmod +x \/root\/generujcrl.sh<\/p>\n<p>cp \/usr\/share\/easy-rsa\/openssl-1.0.0.cnf \/usr\/share\/easy-rsa\/openssl.cnf<\/p>\n<p>Dopisa\u0107 do pliku\/usr\/share\/easy-rsa\/vars (niekt\u00f3re wiersze ju\u017c s\u0105, wystarczy poprawi\u0107 warto\u015bci):<\/p>\n<p>export KEY_COUNTRY=&#8221;PL&#8221;<br \/>\nexport KEY_PROVINCE=&#8221;mazowieckie&#8221;<br \/>\nexport KEY_CITY=&#8221;Warszawa&#8221;<br \/>\nexport KEY_ORG=&#8221;Nazwa Firmy&#8221;<br \/>\nexport KEY_EMAIL=&#8221;domyslny@adres.ip&#8221;<br \/>\nexport KEY_OU=&#8221;IT&#8221;<br \/>\nexport KEY_CN=&#8221;CommonName&#8221;<br \/>\nexport KEY_ALTNAMES=&#8221;AltName&#8221;<br \/>\nexport KEY_NAME=&#8221;KeyName&#8221;<\/p>\n<p>uruchomi\u0107:<\/p>\n<p>crontab -e:<\/p>\n<p>i dopisa\u0107:<\/p>\n<p>#Aktualizacja CRL dla OpenVPN:<\/p>\n<p>0 1 * * * \/root\/generujcrl.sh<\/p>\n<p>Stworzy\u0107 folder \/root\/odwolaneCertyfikaty<\/p>\n<p>dopisa\u0107 w \/root\/odwolajCert:<\/p>\n<p>mv \/root\/kluczeopenvpn\/$1* \/root\/odwolaneCertyfikaty\/<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; Instalacja i konfiguracja serwera DHCP Zainstalowanie i skonfigurowanie serwera DHCP na interfejsie eth1 (eth0 \u2013 jest zawsze interfejsem WAN) instalacja: apt-get update apt-get install isc-dhcp-server edytujemy: \/etc\/default\/isc-dhcp-server Dodajemy interfejs na kt\u00f3rym ma dzia\u0142a\u0107 server DHCP (je\u015bli mamy kilka interfejs\u00f3w na kt\u00f3rych ma dzia\u0142a\u0107 dhcp to dopisujemy po spacji np. INTERFACES=&#8221;eth1 eth2 eth3&#8243; Odpowiednia podsie\u0107 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[41],"tags":[140,134,141,142],"_links":{"self":[{"href":"https:\/\/rostman.eu\/index.php\/wp-json\/wp\/v2\/posts\/2058"}],"collection":[{"href":"https:\/\/rostman.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rostman.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rostman.eu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rostman.eu\/index.php\/wp-json\/wp\/v2\/comments?post=2058"}],"version-history":[{"count":3,"href":"https:\/\/rostman.eu\/index.php\/wp-json\/wp\/v2\/posts\/2058\/revisions"}],"predecessor-version":[{"id":2364,"href":"https:\/\/rostman.eu\/index.php\/wp-json\/wp\/v2\/posts\/2058\/revisions\/2364"}],"wp:attachment":[{"href":"https:\/\/rostman.eu\/index.php\/wp-json\/wp\/v2\/media?parent=2058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rostman.eu\/index.php\/wp-json\/wp\/v2\/categories?post=2058"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rostman.eu\/index.php\/wp-json\/wp\/v2\/tags?post=2058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}