Documente Academic
Documente Profesional
Documente Cultură
0817125
By Damilola Yusuph
YUSUPH DAMILOLA
0817125
Contents
1.0 INTRODUCTION ................................................................................................................................. 3 1.1 AIM OF THE TASK .............................................................................................................................. 3 1.2 OBJECTIVES ....................................................................................................................................... 3 1.3 METHOD AND EXPERIMENTATION ................................................................................................... 4 1. 4 BLOCK TASK 1: DHCP SERVER CONFIGURATION ........................................................................... 11 1.5 BLOCK TASK 2: DNS SERVER CONFIGURATION .............................................................................. 18 1.6 BLOCK TASK 3: POSTFIX MAIL SERVER CONFIGURATION .............................................................. 26 1.8 BLOCK TASK 5: OPENVPN CONFIGURATION .................................................................................. 37 CONCLUSION......................................................................................................................................... 51 REFERENCES .......................................................................................................................................... 52
YUSUPH DAMILOLA
0817125
1.0 INTRODUCTION
A client-server network is defined as a communication network where one or more computers (called servers) stores resources such as applications, database, directories, files and shared peripheral devices that are centrally accessed by clients computers via a network medium.(Mitchell, 2010). Typically, the server co-ordinates the allocation and use of its resources and only shared resources can be assessed by clients who requests for a particular service.(Mitchell, 2010). This work will demonstrate a secured gateway connection between a server and client by making use of an OPEN VPN solution.(Cowley, 2012)
1.2 OBJECTIVES
The following configurations will take place in order to fully achieve the aim above i. Configuration of a DHCP Server on a Centos machine for dynamically leasing internet protocol(IP) addresses to clients when it is required (Windows XP (Nessenko, 2010) A Domain name system(DNS) will be configured on the Linux machine for resolving DNS names into IP addresses and vice versa(Harrison, 2012) A Postfix mail server will be configured on the Linux machine to facilitate the sending and receiving of electronic emails between server(Linux) and client(XP).(Galuschka, 2013) Lastly, a secure OPENVPN connection will be setup using which is a transport Layer TLS based system and will provide a secure tunnel where packets can be transmitted between server and client through TLS that can be forwarded (SafeSVR, 2013),
ii. iii.
iv.
YUSUPH DAMILOLA
0817125
LINUX BOX AS ROUTER CONFIGURATION The Linux machine will be configured to act as a router thus you will need to add an additional network adapter - Follow the steps below 1. Launch the VMware workstation 8 from the start menu
2. Select Centos from the library pane as shown in the screenshot below
YUSUPH DAMILOLA
0817125
3. Click on "Edit virtual machine settings", select "Network Adapter" then click Add
4. Select "Network Adapter" then click "Next" to add a new network adapter to the Linux box
5. Select the "Bridged Network connection" for the Network Adapter Type and click Finish
YUSUPH DAMILOLA
0817125
6. As shown in the screenshot below, the Linux box should list two network adapters in the virtual machine settings. Click Ok to finalise this step.
YUSUPH DAMILOLA
0817125
3. Drag and Drop the XP and Linux VMs into the folder you just created as illustrated in the screenshot below
4. Select the Linux VM and select > Settings. On the hardware tab, choose the (second Network Adapter)
YUSUPH DAMILOLA
0817125
5. Click on "LAN Segment", and select the LAN segment just created from the drop down menu to change the network connection type. Click "OK" to save your changes.
6. Select XP NAM from the library pane of the VMware workstation and repeat the steps above from 4 - 5 to put the Windows XP client on the same LAN segment as the Centos Linux Server.
NETWORK CONFIGURATION SETTINGS : Create network etho1 for the Local Segment on the Linux server
1. Click on the "System" tab > "Administration" and click on "Network" to access the network configuration window
YUSUPH DAMILOLA
0817125
4. Select "Advanced Micro Devices eth1" from the list and click "Forward"
YUSUPH DAMILOLA
0817125
The Linux box has been successfully configured to act as a router and both client(XP) and Server(Linux) have been added to the same network segment. In the next stage, the IP address, Subnet mask and gateway address will be configured prior to the configuration of the DHCP server .
YUSUPH DAMILOLA
0817125
2. Edit the configuration file with the parameters shown in the screenshot below. Press the esc key and type :wq to save and quit
3. Finally, restart the networking service. Enter "Service network restart" from the terminal as shown in the screenshot below and set it to boot with this command "Chkconfig network on"
YUSUPH DAMILOLA
0817125
2. Next you will configure the DHCP server configuration file which is the "dhcp.conf" file. To do this - Type: "vi/etc/dhcpd.conf" from the terminal, Make changes to the file by Pressing "i" (insert mode) and enter the script shown in the screenshot below
YUSUPH DAMILOLA
0817125
3. Save the changes and exit using the command ":wq" 4. Restart the Dhcpd service as illustrated in the screenshot below."Service dhcpd restart" To enable dhcpd service at boot up, enter the following command "chconfig dhcpd on"
Set the Client machine(XP) for a DHCP lease from the server(Linux)
Now that the Dhcp server is running, the client side will be tested to ascertain that the server is actually delivering its proposed services of leasing IP addresses and client is taking IP dynamically from the DHCP server's IP pool. Follow the steps below 1. Click start, control panel, and double click on network connections
YUSUPH DAMILOLA
0817125
2. Right click the "Local Area network" connection icon and then choose "Properties"
3. Highlight "Internet Protocol(TCP/IP)" and select "Obtain an IP address automatically" for both the subnet and the DNS options.
4. Type the following: Ipconfig/renew from the command prompt - This releases any IP currently attained by the client. Next enter IPconfig/renew to get an IP from the DHCP server.
YUSUPH DAMILOLA
0817125
5. Ping the server from the client in order to verity connectivity using the following command - ping 192.16.0.1
6. Use the "ipconfig/all" command on the command prompt of the window box to view the lease and a detailed view of the IP configuration. As shown in the screenshot below, the client got IP address "192.168.0.14" from the DHCP sever pool.
YUSUPH DAMILOLA
0817125
5. Click OK to finish and Close all open windows (Microsoft TechNet, 2012)
6. Check the status of the connection by going to "Network connection" from "Control panel" As shown in the screenshot, IP Address type indicates it has been assigned by the DHCP server.
7. To test the connectivity at the sever end, perform the ping operation and enter this command from the terminal - ping 192.168.0.253! As shown in the screenshot, the ICMP echo replies indicate communication with the XP client.
YUSUPH DAMILOLA
0817125
8. The lease given by the Linux DHCP Server to the client can be located using the following command from the terminal - "cat /var/lib/dhcpd/dhcpd.leases"
From the screenshot above, it is evident that the DHCP server is working fine and a lease was given to the client uob-nam for IP address 192.168.0.14.
Problem Encountered
I had problems pinging the client IP address from the server and was getting a "connection denied" message however, this was due to a firewall issue. After doing some research online, the problem was resolved by configuring the windows firewall settings to allow incoming echo requests which then enabled the server to communicate with the client machine. Another problem that was faced was the DHCP server failed to start however, checking the error generated in /var/log/messages helped pinpoint the problem area. Ultimately, it revealed errors were present in the dhcpd.conf file. This was later re-edited, errors were rectified and the DHCP server started running.
YUSUPH DAMILOLA
0817125
2. Edit the dhcpd.conf file and add the highlighted options as shown in the screenshots below(Harrison, 2012), (Nessenko, 2010)
YUSUPH DAMILOLA
0817125
The screenshot above shows the name server and zones that will be queried when the client client(XP) requests the IP address of the server hostname, vice versa. (Harrison, 2012), (Nessenko, 2010) 3. From the terminal, use the following command "service dhcpd restart" to restart the dhcpd service
Now the DHCPD service is running, we will configure the following files to get the domain name resolution system running named.conf - (configuration file) dami_com.zone (forward lookup file) 192-168-0.zone (reverse lookup file) resolv.conf (DNS resolver) 4. Type (as root): "yum install bind" on the terminal to install the BIND package and its dependencies
YUSUPH DAMILOLA
0817125
5. Enter "yum install caching" in the console to install the caching name server and its dependencies
6. Enter the command shown in the screenshot to verify the installations of the BIND and CACHING packages.
7. Copy the contents of "named.caching-nameserver.conf" into the directory /var/named/chroot/etc using the following command - "cat named* > named.conf " as shown in the screenshot below
8. Configure named.conf file by typing the command below in the terminal - "vi /etc/named.conf " (Harrison, 2012), (Nessenko, 2010)
The names "dami_com" and "192-168-0" identifies the forward and reverse zones
YUSUPH DAMILOLA
0817125
8. The next step is to create the forward lookup and reverse zone files which was included in named.conf. Rename two files localdomain.zone and named.local already present in/var/named/chroot/var/named directory as "dami_com.zone" and "192-168-0.zone". Type the following command shown in the screenshot below -
1. From the terminal, open the forward zone file using command: vi dami_com.zone
2. Once in the text editor, adjust the changes by entering the details shown in the screenshot.
3. Exit from (Insert mode) by pressing ESC then Type :wq to save and exit
YUSUPH DAMILOLA
0817125
We will now configure the reverse zone file: 1. From the terminal, open the reverse zone file using command:
vi 192-168-0_.zone
2. Once in the text editor, adjust the changes by entering the details displayed in the screenshot.
3. Exit from (Insert mode) by pressing ESC then Type :wq to save and exit
YUSUPH DAMILOLA
0817125
2. Modify the network file by setting "Networking to yes" and enter ns1.dami.com as the host name
3. Exit from (Insert mode) by pressing ESC then Type :wq to save and exit
As shown in the screenshot above, the named service was successfully started
5. The status of the named service can be checked using the command displayed in the screenshot; this lists a detailed information about different the configurations and number of zones up.
YUSUPH DAMILOLA
0817125
TEST 1. Type the dig command "dig ns1.dami.com" from the terminal to query the DNS
server. this interrogates the DNS root zone for any type of record information i.e host address and nameservers.
Test 2: From the terminal, use the host command "host dami.com" to perform a forward
lookup(Harrison, 2012), (Nessenko, 2010). As shown in the screenshot, this translates the domain name to the server IP Address.
Test 3: From the terminal, use the host command "192.168.0.254" to perform a reverse
look up. This translates IP addresses into domain names as illustrated in the screenshot below -
YUSUPH DAMILOLA
0817125
Test 4: From the terminal, enter the nslookup command "nslookup dami.com", and
"nslookup 192.168.0.254" to query the DNS server. As shown in the screenshot below, the query was returned with the results shown below.
Test 5: To verify the DNS name resolution system is working, we will query the DNS server
from the client machine(XP). As shown in the screenshot below, the " nslookup dami.com" command was used and the information details are returned hence the name resolution system is working fine.
YUSUPH DAMILOLA
0817125
2. Type y for yes to download and install Postfix and its dependencies
3. From the terminal, type the command : "cp /etc/postfix/main.cf /etc/postfix/main.cf.orig" to make a backup copy. Then proceed to open the main.cf file by entering the following command: vi /etc/postfix/main.cf as illustrated in the screenshot below
YUSUPH DAMILOLA
0817125
4. Edit the following entries in the postfix main.cf file as shown in the screenshot below. Change hostname to "mail.dami.com", domain name to "dami.com" and uncomment the "inet_interfaces", "mydestination" and "myorigin" to make them executable.
5. Exit from (Insert mode) by pressing ESC then Type :wq to save and exit DOVECOT CONFIGURATION 1. Next, we will edit the Dovecot configuration file/etc/dovecot.conf. From the terminal, type vi /etc/dovecot.conf
2. Modify the following entries in the dovecot.conf file as illustrated in the screenshot below
3. Exit from (Insert mode) by pressing ESC then Type :wq to save and exit
YUSUPH DAMILOLA
0817125
2. From the terminal, use the passwd command "passwd yusuph" to assign passwords to the created accounts
3. To list all users in the passwd database, use the command " cat /etc/passwd" to view the accounts just created. The added user accounts are highlighted below in the screenshot
YUSUPH DAMILOLA
0817125
4. From the terminal, enter the following command "mkdir /home/yusuph/Maildir to create a mailbox in each user's home directory.
5. Next, we will set up ownership and permission, for each user in their Maildir directory (Galuschka, 2013). Enter the command displayed in the screenshot below
YUSUPH DAMILOLA
0817125
2. Select Postfix as the MTA and click Ok. As shown in the screenshot above, the Mail Transport Agent(MTA) was successfully updated.
3. Next, restart the postfix and dovecot services respectively with the commands shown in the screenshot below -
YUSUPH DAMILOLA
0817125
SEND E-MAIL
In this step, we will use the mail command to send emails. Follow the steps outlined below 1. From console window, enter "mail yusuph@dami.com" 2. Type in the Subject of the email > press enter 3. Type the email message > press enter 4. Press Ctrl+D to continue 5. Enter the email address to send the message to > enter to finish The steps above are illustrated in the screenshot below
6. To view the sent mail above, navigate to Computer > file system > home > dami > Maildir > new and double-click on the email message as shown in the screenshot below.
SET UP SQUIRRELMAIL
The above step used the console to send messages; For this task, SquirrelMail will be installed. This is a free web mail which will make retrieving mails easy using a web browser such as Internet explorer/Mozilla firefox.(Harrison, 2009). In order to use SquirrelMail, The following services should be installed and running Dovecott(IMAPv4) httpd Webserver (Apache) User email accounts Postfix Mail Server (Galuschka, 2013)
YUSUPH DAMILOLA
0817125
1. From the terminal, enter the following command "yum install squirrelmail" to install the squirrelmail packages and its dependencies
2. Ensure the httpd web server (Apache) is installed. If not, use the following command yum install httpd from the terminal! Start the httpd server after installation using the "/etc/init.d/httpd command
3. From the console, enter the following command usr/share/squirrelmail/config/conf.pl to open the SquirrelMail configuration file
YUSUPH DAMILOLA
0817125
4. From the menu options, enter the corresponding number to make the changes you want. The Organization Preferences for squirrel was modified with the details shown in the screenshot below - (Galuschka, 2013)
5. The Server setting for the Squirrelmail is shown below - Domain is changed to "dami.com"
6. Now we will test the squirrelmail using a web browser by logging in to an email account. Enter the following http://dami.com/webmail in a web browser and provide a valid username and password created earlier. Click login to proceed
YUSUPH DAMILOLA
0817125
As shown in the screenshot below, the authentication was successful and the user is able to view their mailbox via a web browser from the Linux server
7. The screenshot below shows the user logging into squirrel from the client(WindowsXP). To do this, go to your browser in the XP client and enter the following "http://dami.com/webmail/src.login.php" as illustrated in the screenshot below
8. - Type in a correct username and password that was created earlier in the space provided to view the email box
YUSUPH DAMILOLA
0817125
9. As shown in the screenshot below, the user above has successfully logged in and can now view their mailbox
SENDING EMAIL FROM SERVER TO CLIENT Now we are going to test the configuration to ensure client and servers can send each other emails. 1. From the server side, login to the email and enter the text in the body of the email, subject and the receiver's email address. Click send to send the email.
YUSUPH DAMILOLA
0817125
2. Log in to the email from the client side to view the email that was sent from the server side. As shown in the screenshot below the client received the email sent from the server side.
Client viewing the content of the email sent from the server side #
Problems Encountered In this task block, i ran nto problems getting a connection from the server to client, however, this was resolved by resetting the network connection and rebooting both the client and server machines respectively after which client users were able to successfully send email to server users and vice versa.
YUSUPH DAMILOLA
0817125
OPENVPN INSTALLATION
1. The first step is to check if tun/tap is active on the Linux machine. From the terminal, Enter "cat /dev/net/tun". You should see the output shown in the screenshot below shows if tun/tap is active.
2. Next we will download the Openssl packages, enter the command shown in the screenshot below to verify that the latest Openssl packages are installed on your computer
YUSUPH DAMILOLA
0817125
3. From your terminal, type "wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm" to download LZO RPM dependencies packages required for the OpenVPN installation. As shown in the screenshot below
4. Having installed the dependencies above, we will now proceed with the Installation of OpenVPN: From the terminal, type "yum install openvpn"
5. After the installation, Copy the easy-rsa folder using the command show in the screenshot below to /etc/openvpn/: for the public key infrastructure management .
YUSUPH DAMILOLA
0817125
6. Next we will set permissions to the easy-rsa folder. To do this, enter the command illustrated in the screenshot below
Setting up Certificate Authority (CA) and generating certificates and keys for the OpenVPN server.
1. In this section, we will be generating a master certificate key. The command shown in the screenshot below will build the authority (CA) certificate and key by invoking the interactive openssl command
2. Next, we will generate and build a key and certificate for the server. Enter the following from the terminal "./build-key-server server"
YUSUPH DAMILOLA
0817125
3. A key for the windows client will also be generated using the command show in the screenshot below - "build-key window"
As shown in the screenshot below, the "ls keys command" shows the key generated for both the server and clients
4. From the terminal, type "./build-dh" to generate the Diffie Hellman encryption for the server as illustrated in the screenshot below
YUSUPH DAMILOLA
0817125
5 Edit the OpenVPN server configuration file by typing the command in the screenshot
Make the necessary changes in the configuration file by specifying your server address, local port and client authentication method e.t.c Click Save and Exit (Safesrv, 2013)
6. From the terminal, enter "IfconnfigTAP" command to ensure Ethernet tunnel software network interface is assigned to tap interfaces on the server
YUSUPH DAMILOLA
0817125
7. Enable IP forwarding by entering the following parameters shown in the screenshot below
8. Having configured OpenVPN, we will now start the service to ensure it is error free and running. To do this, Enter "service openvpn restart". It is evident from the screenshot that the OpenVPN server was successfully started
In this stage, we will configure OpenVpn on the windows box. To get started, we will first need to download OpenVPN from the Internet onto the Windows XP desktop using the link provided here: http://openvpn.net/index.php/open-source/downloads.html html (Chang, 2013) After the download is complete, The binary files can be executed directly by double clicking the icons on the desktop. OPENVPN INSTALLATION 1. After downloading OpenVpn, double click the setup.exe file then follow the on screen instructions. Click Next to install the program
YUSUPH DAMILOLA
0817125
2. Accept the licence agreement and click the check mark "I agree", click Next.
YUSUPH DAMILOLA
0817125
4. Choose a destination folder to save the OpenVpn installation and click Install
5. The screenshot below shows the installation progress of the OpenVPN setup
YUSUPH DAMILOLA
0817125
7. After the installation, the generated client public, private key and certificate authority file
was sent to the remote machine using the postfix mail server on Linux
Screenshot showing the client machine receiving the sent file from the server
8. The generated keys and ca were saved in the installation directory of the OpenVPN,
YUSUPH DAMILOLA
0817125
9. Edit the Openvpn configuration on windows machine. specify your remote server, port
number , authentication method and other parameters. Click save and exit (SafeSXr, 2013)
10. To test the VPN is active between the server and client, restart the openvn server from the Linux box and navigate to c:/programfiles/Openvpn/config and right click on the Client configuration file, select "Start OpenVPN" to start the VPN connection. As illustrated in the screenshot below
YUSUPH DAMILOLA
0817125
YUSUPH DAMILOLA
0817125
As shown in the screenshot below, the User account was succesfully added.
CONFIGURE REMOTE DEKSTOP ON WINDOWS XP(CLIENT) Remote desktop will be configured on the windows machine to enable remote connections 1. From your computer, Navigate to start>My computer>properties
YUSUPH DAMILOLA
0817125
3. From the list of users below, select the user account that was created
4. Select the user ID 0817125 and click OK to add it to the remote desktop users
YUSUPH DAMILOLA
0817125
5. Check the box that specifies "Allow users to connect remotely to this computer and click OK"
1. From the windows terminal, enter "yum install Rdesktop" - This install the packages and dependencies(Adam Mallul, 2013)
2. After installation is complete, specify the IP address of the OpenVpn server , user account
YUSUPH DAMILOLA
0817125
CONCLUSION
Implementing various client and server services was very challenging atimes although also interesting. I have gained an in depth knowledge of the concept behind client-server technology and i have had a firsthand experience of configuring various client and server services across different operating systems. All the tasks assigned were successfully implemented and OpenVPn solution delivered. Based on the knowledge gained and hands on practical, it can be said that the client and server technology has tremendous benefits in allowing the centralisation of network resources, management and accessibility however, a drawback to implementing this technology is its single point of failure which leads to making the server respond slowly to clients request or even worse its resources been unavailable.
YUSUPH DAMILOLA
0817125
REFERENCES
Mitchell Bradley. (2010). Introduction to Server and Client. Available at: http://compnetworking.about.com/od/basicnetworkingfaqs/a/client-server.htm. (Accessed: 10 May 2013) Nessenko Kiril. (2010). Building Linux Router, Modem and DHCP Server. Available at: http://geekacad.com/guides/howto_router_dns_modem.pdf. (Accessed: 13 April 2013) Harrison Peter. (2012) Available at: http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch18_:_Configuri ng_DNS#.UaJv2JwpuhE ((Accessed: 8 May 2013). Oracle (2013) Java SE downloads. Available at: http://www.oracle.com/technetwork/java/javase/downloads/index.html (Accessed: 9 May 2013). Galuschka, C. (2012) CentOS How To POSTFIX Available at: http://wiki.centos.org/HowTos/postfix (Accessed 18 April 2013) Microsoft TechNet (2010) Windows Firewall Configure ICMP Exception. Available at: http://technet.microsoft.com/en-us/library/cc738456%28v=ws.10%29.aspx(Accessed 20 April 2013) Internet Systems Consortium (2013) BIND. Available at: http://www.isc.org/software/bind/. (Accessed: 17 April 2013). SafeSVR (2013)Installing OpenVPN on CentOS 5 and CentOS 6. Available at: http://safesrv.net/install-openvpn-on-centos/(Accessed 23 May 2013)