Sunday, August 15, 2021

Solving ''missing vpn plugin error" in ubuntu 20.04

I was trying to configure l2tp VPN on my Kubuntu 20.04 connecting to my office Mikrotik router, after setting up l2tp VPN on my router and configure it on my laptop, when connecting I got "missing VPN plugin" after few Google searches were able to resolve it, and simple solution is Ubuntu 20.04 was missing "network-manager-l2tp". 

So first I run the command below to see allow available plugins for network-manager 

$ apt search network-manager

 The command will list all the plugins including the l2tp plugin 

 ----- output omitted --- 

network-manager-iodine-gnome/focal 1.2.0-3 amd64 network management 
framework (iodine plugin GNOME GUI)
network-manager-l2tp/focal 1.2.16-1 amd64 network management 
framework (L2TP plugin core)
network-manager-l2tp-gnome/focal 1.2.16-1 amd64 network management 
framework (L2TP plugin GNOME GUI) 

 ----- output omitted --- 

 As I was only requiring the l2tp plugin for my VPN I installed only the required plugin for my l2tp VPN to work, for l2tp VPN install the plugin as below:

$ sudo apt-get install network-manager-l2tp 

So if you're running another type of VPN, install the required plugin.

Hope it will help someone. Cheers!

Saturday, February 11, 2017

How to mount QNAP shared folder in Linux

QNAP is the popular Network Attached Storage(NAS) are systems that consist of one or more hard drives. For more information about QNAP refer to this link here.
In this how to am going to show you how to mount a shared folder in QNAP in your machine running Linux. To mount the shared folder follow the steps below:

1. Log in to your NAS and create a shared folder.

a. Login to your NAS and go to Control Panel --> Previlege Settings --> Shared Folders


b. Create a shared folder by clicking Create then select Shared Folder, give a folder any name of your preference then create.


c. After creating the folder edit Folder Shared Permission which is found on Action section.
On select permission type choose NFS host access then access rights choose No Limit, on Host/IP/Network you may specify your network or leave it black.


Click Apply to save your settings.


2. Login to your linux machine and mount the shared folder.

a. Create a mount folder in your computer

$cd /home/james/Documents/
$ mkdir MyBackup
I have created a folder in my Document named MyBackup. 

 b. Install nfs helper program by command below.

$sudo apt-get install nfs-common 

 c.Mount the partition by running below command.

$sudo mount -t nfs A.B.C.D:/MyData /home/james/Documents/MyBackup 

 where: A.B.C.D is IP address of QNAP server.

 After running the command go your computer and you will see the shared folder mounted with exactly size.

Which means anything saved in this shared folder in your computer will be uploaded directly to your NAS.

3.To unmount the shared folder anytime run the following command.

$sudo umount -t nfs A.B.C.D:/MyData /home/james/Documents/MyBackup

Enjoy.

Saturday, October 29, 2016

How to create and activate SSL self-signed certificate in Ubuntu 16.04/14.04

When running server with critical applications which involves credit card transactions,data transfer and logins, security is first thing you should put in mind, this lab is going to show you how to install self-signed certificate from scratch, the certificate will ensure secure connection between your server and clients.
To create and apply certificate follow simple steps below:


1. Update your system and install Apache
This step assumes that the server is new and apache is not yet installed, if already installed move to step 2
sudo su 
apt-get update
apt-get install apache2

To test if your apache is well installed, open your server IP/hostname on your browser and you you will see APACHE2 UBUNTU DEFAULT PAGE, otherwise restart apache,

 /etc/init.d/apache2 restart

2. Create the certificate
Run below command to create your certificate
mkdir /etc/apache2/ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

This certificate will be valid for 10 years, but if you want the certificate to be valid for few years change the value 3650 by indicating how many days the certificate to be valid.

After running second command above it will ask you to provide information about your company, below is example

What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TZ
State or Province Name (full name) [Some-State]:ARUSHA
Locality Name (eg, city) []:ARUSHA
Organization Name (eg, company) [Internet Widgits Pty Ltd]:JARASYOLA LTD
Organizational Unit Name (eg, section) []:ICT
Common Name (e.g. server FQDN or YOUR name) []:web.jarasyola.co.tz
Email Address []:administrator@jarasyola.co.tz

Now the certificate is created.

3. Configure Apache

a. Make sure that mod_rewrite, mod_ssl,  and the default SSL virtual host is enabled - you'll need these line items to be able to force visitors to use HTTPS.

a2enmod rewrite ssl
a2ensite default-ssl

b. The key must not be password protected, and it must be locked down such that only the root user can read it,
chmod 600 /etc/apache2/ssl/apache.key

c. Configure Apache to read new certificates
Change these lines in /etc/apache2/sites-enabled/default-ssl.conf, open the file

vim /etc/apache2/sites-enabled/default-ssl.conf
 and change:

 From:
SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
To:
SSLCertificateFile  /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

d. Add the following in /etc/apache2/sites-available/000-default.conf


        <Directory "/var/www/html">

            Options FollowSymLinks

            AllowOverride All

        </Directory>

This assumes /var/www/html is your document root. e. Restart Apache

/etc/init.d/apache2 restart

4. Push visitors to HTTPS

Now as you certificate is installed and apply, to push visitors to HTTPS, put something similar to the following snippet into /var/www/html/.htaccess





RewriteEngine On
# Redirect all HTTP traffic to HTTPS.
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://SERVERHOSTNAME/IPADDRESS/$1 [R,L]

Change SERVERHOSTNAME/IPADDRESS to actual server hostname/ip address.



Now your server is secure and all your traffic from your server to browser (client) is encrypted.


Friday, October 14, 2016

Updating calling rates in A2billing

It's normal for VOIP providers to update their rate cards once and a while and this may cause issues especially getting loss when the rates are increased.

I wrote a tutorial a while ago on how to create the rate in A2billing, to update rates may be very challenging sometimes, here are two options,  either updating the rates in mysql database or creating new ratecard, the later is simple.

Use the steps below to update the rates.

1. Create a new ratecard
    RATES -->Rate Cards --> Add RateCard


2. Login in mysql and edit the new rate card with per instruction found on my last post found here.

When updating the commands remember to change idtariffplan to match the ID of your new rate card, example

mysql> SELECT id,tariffname FROM cc_tariffplan;
+----+-----------------------+
| id | tariffname            |
+----+-----------------------+
|  1 | Ratecard1             |
|  2 | Ratecard2             |
|  3 | Ratecard141016  |
+----+-----------------------+

New rate card ID is 3, the command will be 

UPDATE cc_ratecard SET buyrate = rateinitial WHERE idtariffplan = 3

3. Apply the new rate card
Go to:

RATES --> Call Plan --> Update Call Plan with new rate card.


Hope it will help someone, drop comment if you face any issue.

Happy Nyerere day!!






Saturday, September 24, 2016

Replicating Emails between two mail servers by Dovecot dsync

If you're running mail server for large ISP, sometimes we may need to think of replicating your emails in two servers for redundancy, this is very possible if your are running Linux mail server with postfix, dovecot and mysql, and this is archived by using Devocot dsync.

dsync is Dovecot's mailbox synchronization utility. It can be used for several different use cases: Two-way synchronization of mailboxes, creating backups of mails, and convert mailboxes from/to different mailbox formats. All of these can be used within the same server or between different servers (via ssh(1) or tcp connections). Remote mailboxes can be accessed also via IMAP protocol, which allows using dsync for mailbox migration purposes.

Below is configuration on how to sync emails between two servers, Server A is fully configured original server and server B is new server which you will sync emails from Server A, make sure Server B is fully configured also, then follow the steps below to sync emails between server A and B.

Server A
Backup/export the email database from original server

mysqldump -u [username] -p [database name] > [database name].sql

eg. if my database is mail and user is postfix the command will be,

mysqldump -u postfix -p mail > emailbackup.sql

Server B
Restore/import email database to second server.

mysql -u [username] -p newdatabase < [database name].sql


The following configuration should be done on both servers

a.  Enable notify and replication plugins
Open the file,

/etc/dovecot/conf.d/10-mail.conf

and add the following,

# Enable globally the notify and replication plugins
# This will then apply to all protocols dovecot supports
mail_plugins = notify replication

b. Enable iterative _query
Open the file
/etc/dovecot/dovecot-sql.conf.ext or /etc/dovecot/dovecot-sql.conf , according to your settings and add the following or just un-commenting the existing one.

iterate_query = SELECT username AS user FROM mailbox WHERE active = '1';

c. Create the dsync configuration file 

 # vi  /etc/dovecot/conf.d/30-dsync.conf

and add the following:

# From here
# This sets globally the port needed to connect # Configure the aggregator service for notifications
service aggregator {
    fifo_listener replication-notify-fifo {
        # Your mail user that's managing files generally is used here
        user = vmail
        mode = 0666
    }
    unix_listener replication-notify {
        user = vmail
        mode = 0666
    }
}


# Configure the replicator service
service replicator {
    process_min_avail = 1
    unix_listener replicator-doveadm {
        mode = 0666
    }
}
service doveadm {
     user = vmail
    inet_listener {
        # port to listen on
        port = 12345
        # enable SSL
        #ssl = yes
    }
}

doveadm_port = 12345
doveadm_password = dovecot password
# Configure target hosts for replication
# tcps can be tcp if you don't want to connect with SSL
# :port can be omitted if it's the default set globally for doveadm

plugin {

    mail_replica = tcp:replica_server_IP
}

service config {
  unix_listener config {
    user = vmail
  }
}

# Up to here.

d. Restart dovecot

service dovecot restart

f. If configuration is done well, run the following to check the status of syncing,

doveadm replicator status '*'

You should see the syncing is on progress.


Note,

The doveadm_password should be the same on both servers, mail_replica = tcp:replica_server_IP, for ServerA replica_server_IP is ip address of ServerB, and for ServerB replica_server_IP is ip address of ServerA.

Some usefully commands,

i. To check the replication on each server:

doveadm replicator status '*'

ii. Replicate a given email account manually

doveadm replicator replicate <email>

iii.  Replicate a given email account manually IN FULL

doveadm replicator replicate -f <email> 

iv. Check replication status. Also works without the email parameter.

doveadm replicator status <email>
Hope it helps someone, drop comments if you face any issues.