Linux: PrivateInternetAccess Using OpenVPN and Squid Proxy – Part 1

This entry is part 1 of 4 in the series PrivateInternetAccess Using Squid Proxy and OpenVPN

PrivateInternetAccess Using OpenVPN and Squid Proxy – Introduction

This series of articles describes how to set up a VPN connection to PrivateInternetAccess using OpenVPN and squid proxy to share the VPN connection and overcome the 5 device limit on the PIA account.

We will be using:

  • Debian Wheezy netinstall ISO
    • webmin – to configure our server
    • OpenVPN – to create our VPN connection
    • squid proxy – to route specific traffic or applications through the VPN

Our network diagram for this example is as follows:

The client is sitting on the 172.16.16.0 network and accessing the proxy in the DMZ 192.168.101.0 subnet. Outgoing traffic will then be routed out through the VPN interface (tun0) encrypted and anonymised.

This series is organised as follows:

  1.  Installing Debian using the netinstall method and making sure we have the correct software installed
  2. Configuring squid proxy
  3. Installing and configuring OpenVPN to connect to the PrivateInternetAccess VPN
  4.  Final words

Enjoy and comments welcome!

 

Checkpoint: How To Reset “expert” Mode Password On SecurePlatform

This article describes how to reset the expert mode password on SecurePlatform for your Checkpoint appliance or open server.

For Open Servers

Obtain the live linux distribution Knoppix. You can download the current version from the Knoppix website: http://www.knoppix.net

1. Boot the machine from the Knoppix CD – you can use a built-in CD/DVD drive or an external one.

2. Once the desktop appears, click on the icon to open a terminal window, the run the following commands. See also the “Notes” section below.

$ su
# mkdir /checkpoint
# mount /dev/hda2 /checkpoint
# mount /dev/hda1 /checkpoint/boot
# chroot /checkpoint
# /bin/expert_passwd

3. At this point you are prompted to enter a password – type in the new password twice.

4. To change the regular cpshell admin users’s password:

# passwd admin

You are prompted to enter a password.

Type in the new password twice.

5. Run the “exit” and then the “reboot” command.

6. Remove the Knoppix CD and boot normally.

You can now log in as the user ‘admin’ and log in to Expert mode with each of the new passwords you just assigned.

———————

Notes for Point 2:

If the mount /dev/hda2/checkpoint command fails, use the following command instead:

/dev/hda3/checkpoint

If the system has SATA drives then use the following command:

mount /dev/sda8 /checkpoint and /dev/sda2 /checkpoint/boot

An easy way to find drive mappings is to use gparted from Knoppix “K menu” > system > gparted.

Knoppix will not let you run this unless you have root and a password for root.

To create valid passwords use sudo passwd, i.e.

# sudo passwd root

You need to mount the root partition on /checkpoint, and the boot partition on /checkpoint/boot

———————

For UTM-1 Appliances *AND* Open Servers

1. Obtain the Red Hat boot CD. (The current Fedora Core boot CD will as also work).

2. At the boot prompt, boot from the Red Hat boot CD with the following command: “linux rescue

3. When prompted, answer the questions presented by the boot process.

4. The system is mounted on the hard drive, and its location is indicated. Write down the system location (which should be: /mnt/sysimage/, or /mnt/sysimage/).

5. When the command prompt is displayed again, edit the following file (Vi editor should be available): /mnt/sysimage/boot/grub/grub.conf

Find the line that looks like this:

password --md5 <a bunch of scrambled numbers, letters, and symbols>

Add a ‘#‘ at the very beginning of that line. It should then look like this:

#password --md5 <a bunch of scrambled numbers, letters, and symbols>

6. Find a line that opens with the word ‘lock‘ and add a ‘#’ at the very beginning of that line.

7. Save and exit the editing session.

8. Reboot the machine.

9. Remove the boot CD from the CD-ROM drive before it boots from the CD (again).

10. When the following prompt appears:

GRUB … (the dots increase in number until it boots the default kernel)

Press the ‘Space‘ key. This should display the GRUB menu.

11. Select the line that has the word ‘Maintenance‘ in it and press ‘Enter‘ key.Note: if this step fails to boot into the Maintenance mode, do the following:

Select the line that contains ‘maintenance‘ and press ‘e‘ key.You are allowed to edit the GRUB options for this boot option.

  • Press ‘b‘ key to boot this option.
  • SecurePlatform boots until a prompt similar to the following appears:sh-bash 2.0.5#
  • Change the passwords for:
    • A user, like ‘admin‘, run:
      \ passwd admin
    • For Expert mode, run:
      /bin/expert_passwd
  • Reboot.

 

 

 

Checkpoint: Sample “dmidecode” Output from a UTM-1 130

This article shows a sample output when using dmidecode on a Checkpoint UTM-1 appliance.

Check here to see what the model numbers equate to e.g. this model is reported as a U-5-00 which is a UTM-1 130 appliance:

[Expert@fw-trinity:0]# dmidecode
# dmidecode 2.7
SMBIOS 2.3 present.
45 structures occupying 1755 bytes.
Table at 0x000FB380.

Handle 0x0000, DMI type 0, 24 bytes.
BIOS Information
Vendor: American Megatrends Inc.
Version: 080015
Release Date: 03/03/2009
Address: 0xF0000
Runtime Size: 64 kB
ROM Size: 1024 kB
Characteristics:
ISA is supported
PCI is supported
PNP is supported
APM is supported
BIOS is upgradeable
BIOS shadowing is allowed
ESCD support is available
Boot from CD is supported
Selectable boot is supported
BIOS ROM is socketed
EDD is supported
5.25″/1.2 MB floppy services are supported (int 13h)
3.5″/720 KB floppy services are supported (int 13h)
3.5″/2.88 MB floppy services are supported (int 13h)
Print screen service is supported (int 5h)
8042 keyboard services are supported (int 9h)
Serial services are supported (int 14h)
Printer services are supported (int 17h)
CGA/mono video services are supported (int 10h)
ACPI is supported
USB legacy is supported
LS-120 boot is supported
ATAPI Zip drive boot is supported
BIOS boot specification is supported
Function key-initiated network boot is supported
BIOS Revision: 8.15

Handle 0x0001, DMI type 1, 27 bytes.
System Information
Manufacturer: CheckPoint
Product Name: U-5-00
Version: To Be Filled By O.E.M.
Serial Number: To Be Filled By O.E.M.
UUID: 00020003-0004-0005-0006-000700080009
Wake-up Type: Power Switch
SKU Number: To Be Filled By O.E.M.
Family: To Be Filled By O.E.M.

Handle 0x0002, DMI type 2, 15 bytes.
Base Board Information
Manufacturer: To be filled by O.E.M.
Product Name: To be filled by O.E.M.
Version: To be filled by O.E.M.
Serial Number: To be filled by O.E.M.
Asset Tag: To Be Filled By O.E.M.
Features:
Board is a hosting board
Board is replaceable
Location In Chassis: To Be Filled By O.E.M.
Chassis Handle: 0x0003
Type: Motherboard
Contained Object Handles: 0

Handle 0x0003, DMI type 3, 21 bytes.
Chassis Information
Manufacturer: To Be Filled By O.E.M.
Type: Desktop
Lock: Not Present
Version: To Be Filled By O.E.M.
Serial Number: To Be Filled By O.E.M.
Asset Tag: To Be Filled By O.E.M.
Boot-up State: Safe
Power Supply State: Safe
Thermal State: Safe
Security Status: None
OEM Information: 0x00000000
Heigth: Unspecified
Number Of Power Cords: 1
Contained Elements: 0

Handle 0x0004, DMI type 4, 35 bytes.
Processor Information
Socket Designation: CPU 1
Type: Central Processor
Family: Celeron
Manufacturer: Intel
ID: 95 06 00 00 BF FB E9 A7
Signature: Type 0, Family 6, Model 9, Stepping 5
Flags:
FPU (Floating-point unit on-chip)
VME (Virtual mode extension)
DE (Debugging extension)
PSE (Page size extension)
TSC (Time stamp counter)
MSR (Model specific registers)
MCE (Machine check exception)
CX8 (CMPXCHG8 instruction supported)
APIC (On-chip APIC hardware supported)
SEP (Fast system call)
MTRR (Memory type range registers)
PGE (Page global enable)
MCA (Machine check architecture)
CMOV (Conditional move instruction supported)
PAT (Page attribute table)
CLFSH (CLFLUSH instruction supported)
DS (Debug store)
ACPI (ACPI supported)
MMX (MMX technology supported)
FXSR (Fast floating-point save and restore)
SSE (Streaming SIMD extensions)
SSE2 (Streaming SIMD extensions 2)
TM (Thermal monitor supported)
PBE (Pending break enabled)
Version: Genuine Intel(R) processor               600MHz
Voltage: 1.0 V
External Clock: 100 MHz
Max Speed: 600 MHz
Current Speed: 600 MHz
Status: Populated, Enabled
Upgrade: Other
L1 Cache Handle: 0x0005
L2 Cache Handle: 0x0006
L3 Cache Handle: 0x0007
Serial Number: To Be Filled By O.E.M.
Asset Tag: To Be Filled By O.E.M.
Part Number: To Be Filled By O.E.M.

Handle 0x0005, DMI type 7, 19 bytes.
Cache Information
Socket Designation: L1-Cache
Configuration: Enabled, Not Socketed, Level 1
Operational Mode: Write Back
Location: Internal
Installed Size: 32 KB
Maximum Size: 32 KB
Supported SRAM Types:
Other
Installed SRAM Type: Other
Speed: Unknown
Error Correction Type: Single-bit ECC
System Type: Data
Associativity: 8-way Set-associative

Handle 0x0006, DMI type 7, 19 bytes.
Cache Information
Socket Designation: L2-Cache
Configuration: Enabled, Not Socketed, Level 2
Operational Mode: Write Back
Location: Internal
Installed Size: 512 KB
Maximum Size: 512 KB
Supported SRAM Types:
Other
Installed SRAM Type: Other
Speed: Unknown
Error Correction Type: Single-bit ECC
System Type: Unified
Associativity: 4-way Set-associative

Handle 0x0007, DMI type 7, 19 bytes.
Cache Information
Socket Designation: L3-Cache
Configuration: Disabled, Not Socketed, Level 3
Operational Mode: Unknown
Location: Internal
Installed Size: 0 KB
Maximum Size: 0 KB
Supported SRAM Types:
Unknown
Installed SRAM Type: Unknown
Speed: Unknown
Error Correction Type: Unknown
System Type: Unknown
Associativity: Unknown

Handle 0x0008, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J1A1
Internal Connector Type: None
External Reference Designator: PS2Mouse
External Connector Type: PS/2
Port Type: Mouse Port

Handle 0x0009, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J1A1
Internal Connector Type: None
External Reference Designator: Keyboard
External Connector Type: PS/2
Port Type: Keyboard Port

Handle 0x000A, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J2A2
Internal Connector Type: None
External Reference Designator: USB1
External Connector Type: Access Bus (USB)
Port Type: USB

Handle 0x000B, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J2A2
Internal Connector Type: None
External Reference Designator: USB2
External Connector Type: Access Bus (USB)
Port Type: USB

Handle 0x000C, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J4A1
Internal Connector Type: None
External Reference Designator: LPT 1
External Connector Type: DB-25 male
Port Type: Parallel Port ECP/EPP

Handle 0x000D, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J2A1
Internal Connector Type: None
External Reference Designator: COM A
External Connector Type: DB-9 male
Port Type: Serial Port 16550A Compatible

Handle 0x000E, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J6A1
Internal Connector Type: None
External Reference Designator: Audio Mic In
External Connector Type: Mini Jack (headphones)
Port Type: Audio Port

Handle 0x000F, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J6A1
Internal Connector Type: None
External Reference Designator: Audio Line In
External Connector Type: Mini Jack (headphones)
Port Type: Audio Port

Handle 0x0010, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J6B1 – AUX IN
Internal Connector Type: On Board Sound Input From CD-ROM
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Audio Port

Handle 0x0011, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J6B2 – CDIN
Internal Connector Type: On Board Sound Input From CD-ROM
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Audio Port

Handle 0x0012, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J6J2 – PRI IDE
Internal Connector Type: On Board IDE
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Other

Handle 0x0013, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J6J1 – SEC IDE
Internal Connector Type: On Board IDE
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Other

Handle 0x0014, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J4J1 – FLOPPY
Internal Connector Type: On Board Floppy
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Other

Handle 0x0015, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J9H1 – FRONT PNL
Internal Connector Type: 9 Pin Dual Inline (pin 10 cut)
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Other

Handle 0x0016, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J1B1 – CHASSIS REAR FAN
Internal Connector Type: Other
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Other

Handle 0x0017, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J2F1 – CPU FAN
Internal Connector Type: Other
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Other

Handle 0x0018, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J8B4 – FRONT FAN
Internal Connector Type: Other
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Other

Handle 0x0019, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J9G2 – FNT USB
Internal Connector Type: Other
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Other

Handle 0x001A, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J6C3 – FP AUD
Internal Connector Type: Other
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Other

Handle 0x001B, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J9G1 – CONFIG
Internal Connector Type: Other
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Other

Handle 0x001C, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J8C1 – SCSI LED
Internal Connector Type: Other
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Other

Handle 0x001D, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J9J2 – INTRUDER
Internal Connector Type: Other
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Other

Handle 0x001E, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J9G4 – ITP
Internal Connector Type: Other
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Other

Handle 0x001F, DMI type 8, 9 bytes.
Port Connector Information
Internal Reference Designator: J2H1 – MAIN POWER
Internal Connector Type: Other
External Reference Designator: Not Specified
External Connector Type: None
Port Type: Other

Handle 0x0020, DMI type 9, 13 bytes.
System Slot Information
Designation: AGP
Type: 32-bit AGP 4x
Current Usage: Available
Length: Short
ID: 0
Characteristics:
3.3 V is provided
Opening is shared
PME signal is supported

Handle 0x0021, DMI type 9, 13 bytes.
System Slot Information
Designation: PCI1
Type: 32-bit PCI
Current Usage: Available
Length: Short
ID: 1
Characteristics:
3.3 V is provided
Opening is shared
PME signal is supported

Handle 0x0022, DMI type 10, 6 bytes.
On Board Device Information
Type: Video
Status: Enabled
Description:   To Be Filled By O.E.M.

Handle 0x0023, DMI type 13, 22 bytes.
BIOS Language Information
Installable Languages: 1
en|US|iso8859-1
Currently Installed Language: en|US|iso8859-1

Handle 0x0024, DMI type 15, 35 bytes.
System Event Log
Area Length: 4 bytes
Header Start Offset: 0x0000
Header Length: 2 bytes
Data Start Offset: 0x0002
Access Method: Indexed I/O, one 16-bit index port, one 8-bit data port
Access Address: Index 0x046A, Data 0x046C
Status: Invalid, Not Full
Change Token: 0x00000000
Header Format: No Header
Supported Log Type Descriptors: 6
Descriptor 1: End of log
Data Format 1: OEM-specific
Descriptor 2: End of log
Data Format 2: OEM-specific
Descriptor 3: End of log
Data Format 3: OEM-specific
Descriptor 4: End of log
Data Format 4: OEM-specific
Descriptor 5: End of log
Data Format 5: OEM-specific
Descriptor 6: End of log
Data Format 6: OEM-specific

Handle 0x0025, DMI type 16, 15 bytes.
Physical Memory Array
Location: System Board Or Motherboard
Use: System Memory
Error Correction Type: None
Maximum Capacity: 4 GB
Error Information Handle: Not Provided
Number Of Devices: 2

Handle 0x0026, DMI type 19, 15 bytes.
Memory Array Mapped Address
Starting Address: 0x00000000000
Ending Address: 0x000400003FF
Range Size: 1048577 kB
Physical Array Handle: 0x0025
Partition Width: 0

Handle 0x0027, DMI type 17, 27 bytes.
Memory Device
Array Handle: 0x0025
Error Information Handle: Not Provided
Total Width: 64 bits
Data Width: 64 bits
Size: 1024 MB
Form Factor: DIMM
Set: None
Locator: DIMM0
Bank Locator: BANK0
Type: SDRAM
Type Detail: Synchronous
Speed: Unknown
Manufacturer: Manufacturer0
Serial Number: SerNum0
Asset Tag: AssetTagNum0
Part Number: PartNum0

Handle 0x0028, DMI type 20, 19 bytes.
Memory Device Mapped Address
Starting Address: 0x00000000000
Ending Address: 0x0003FFFFFFF
Range Size: 1 GB
Physical Device Handle: 0x0027
Memory Array Mapped Address Handle: 0x0026
Partition Row Position: 1
Interleaved Data Depth: 1

Handle 0x0029, DMI type 17, 27 bytes.
Memory Device
Array Handle: 0x0025
Error Information Handle: Not Provided
Total Width: Unknown
Data Width: 64 bits
Size: No Module Installed
Form Factor: DIMM
Set: None
Locator: DIMM1
Bank Locator: BANK1
Type: Unknown
Type Detail: Unknown
Speed: Unknown
Manufacturer: Manufacturer1
Serial Number: SerNum1
Asset Tag: AssetTagNum1
Part Number: PartNum1

Handle 0x002A, DMI type 126, 19 bytes.
Inactive

Handle 0x002B, DMI type 32, 20 bytes.
System Boot Information
Status: No errors detected

Handle 0x002C, DMI type 127, 4 bytes.
End Of Table

Exit mobile version
%%footer%%