Category Archives: Networking

Setting up a pptp vpn server

Share Button

It’s always been very useful to be able to vpn in to your network and access file-shares or internal websites as you would be able to do on your computer at work. PPTP VPN is very easy and fast to set up and it works for most of the devices and operating systems out there without additional software necessary. The pptpd service listens on port 1723 and your firewall needs to be adjusted to let it pass to the internal server that handles this. This video below demonstrates the install and configuration of a simple pptpd server on a Ubuntu Server 12.04LTS edition. I hope you enjoy this video and don’t forget to leave a comment here or on my youtube channel.

Thanks MSJ ūüėČ


Enable SSL on Apache2

Share Button

Apache Web Server works great out of a box but in some cases you like to secure your site with a certificate and this Article will walk you¬†through¬†it step by step enabling SSL and generating a certificate. The only down site with self-signed certificates is that they are not trusted in the public internet and the customer will see a certificate warning. This doesn’t mean it’s not working it’s just that the certificate could not be verified but if you continue with the certificate it still secures your connection.

Let’s get started and install Apache2 enter:

sudo apt-get install apache2

type in ps ax |grep apache and you should see something like that:

23783 ? Ss 0:00 /usr/sbin/apache2 -k start
23787 ? S 0:00 /usr/sbin/apache2 -k start
23788 ? Sl 0:00 /usr/sbin/apache2 -k start
23789 ? Sl 0:00 /usr/sbin/apache2 -k start

that means the installation worked and apache is running. Now start firefox and enter the address of your web server in the URL and you should see this:



Great everything work the way it should. Now let’s create a certificate. First of all create a directory where we place our certificate. Type in:

sudo mkdir /etc/apache2/ssl

now create a certificate with the following command (it’s all in one line):

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

now openssl will ask you a bunch of questions. Let’s go over those together:

Generating a 2048 bit RSA private key
writing new private key to ‘/etc/apache2/ssl/apache-test.key’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New Mexico
Locality Name (eg, city) []:Albuquerque
Organization Name (eg, company) [Internet Widgits Pty Ltd]:UbuntuVideoCast
Organizational Unit Name (eg, section) []:IT Department
Common Name (e.g. server FQDN or YOUR name) []
Email Address []

this above should give you a good idea what you should fill in on those questions. Now that this is done lets prepare Apache to use it. Type in:

sudo nano /etc/apache2/sites-available/default-ssl

and now go down till you see the SSLEngine on directive. Now below that you should see the following two directives:

SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

we have to change it to match our new certificate, it should something like that:

SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

save it and enable ssl on apache by issuing this commands:

sudo a2enmod ssl

sudo a2ensite default-ssl

and last but now least restart or reloading the new configuration. Type:

sudo service apache2 restart

and try to hit it with your browser. If everything works you should see something like this:



This is the warning I was talking about earlier. Click on the link “I understand the risk” and you will see this:



Click on the button “Add Exception” and you will see this:



Click on the “View” button to verify it is really our certificate that we set up. You should see something like that:



Everything is there ..great…click on close and on the remaining screen click on “Confirm security exception” and we are done and should see this:



Cool…..that’s it…I hope it helped you in getting an SSL Certificate installed and running with your Web Server. Let me know if you have any further questions. Please comment on this article.


Setup your own DNS Server with Bind

Share Button

If you are playing with the thought setting up your own DNS Server than this article is for you, just follow the steps and you won’t run into problems. What does DNS stands for and what does a DNS Server do? DNS stands for Domain Name Service. It maps out IP (Internet Protocol) address to fully qualified domain names (FQDN) to one another. This will makes it easy for use human because we don’t have to remember the IP addresses any longer just the name. Ubuntu will make use of BIND (Berkeley Internet Naming Daemon) as a DNS Server and that’s what I am going to walk you through in setting up.


The installation is very simple and there are two ways I am going to show you. Start a terminal window or if you are using a Ubuntu Server just login. Elevate the Terminal/Console to superuser with the following command:

sudo -s

hit enter and type in your password. from now on we don’t need to use sudo any longer for each command. In the next step we are installing BIND and a collection of dnsutilities. Enter the following:

apt-get install bind9 dnsutils

hit enter and accept any dependencies if any showing. That’s it your DNS Server is installed.


The installation was easy now we have to start the configuration which required some hands on work. What I am going to show you will be a Primary Master DNS Server with forwarders to Googles DNS Servers even though you don’t really need to add forwarders to Googles DNS Server because the ROOT Hints would take care of forwarding all requests that can not be answered by your local DNS Server to the root dns servers. By using the forwarder your local DNS Server will cache all requests and will be quicker the next time. I thought that might be a nice feature to have. On Ubuntu all BIND configurations files are located under /etc/bind and the main configuration file is /etc/bind/named.conf. Let have a look at this one.

// This is the primary configuration file for the BIND DNS server named.
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

As you can see there only three commands in this file and all it does is to load three other files. The named.conf.option is intended for general bind options, the named.conf.local content is for the zones and the named.conf.default-zones is for the localhost and root zones. Let’s get started and add our forwarders. As our forwarders I will use Googles DNS Servers with the following IP addresses: & Go and use your favorite text editor and open up /etc/bind/named.conf.options and you should see something like this:

options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See

    // If your ISP provided one or more IP addresses for stable 
    // nameservers, you probably want to use them as forwarders.  
    // Uncomment the following block, and insert the addresses replacing 
    // the all-0's placeholder.

     forwarders {;;

    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See
    dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };

The section with the red words is usually commented just remove the // and fill in your desired DNS Servers and save this file. Now restart the bind9 server to enable the configuration changes we just made. Enter the following command to restart:

service bind9 restart

Now you should be able to point your computers on the network to your own DNS Server and all requests to the internet will be forwarded. Just try one machine and do a nslookup and you should receive the following.


Non-authoritative answer:

Well that was not too bad. Let’s get right to setting up our Primary Master DNS Server for our network. We are going to create two new files and db.192. The first one is the forward lookup zone for our network and the other one is the reverse lookup zone. Use your desired text editor and open the file /etc/bind/names.conf.local and you should see something like this:

// Do any local configuration here
zone "" {
    type master;
    file "/etc/bind/";
zone "" {
    type master;
    file "/etc/bind/db.192";
logging {
    channel query.log {
        file "/var/log/query.log";
        severity debug 3;
    category queries { query.log; };
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

The section in red will add our forward lookup zone, the section in blue will add our reverse lookup zone and the green section is for extra logging. Use those as a template for your own network set up. In order to save us some typing we just copy the localhost forward lookup zone and change the values to match our network. Just enter

cp /etc/bind/db.local /etc/bind/

and now use your desired text editor and open /etc/bind/ and you should see something like this: ¬†¬†¬†¬†¬†¬†¬† (I’ll make comments on each line in blue)

; BIND data file for bms.lan network
$TTL    604800                                     ;This is the Time To Live option keep the default
@    IN    SOA (   ;This tells BIND the Start of Authority, in the is your NameServers FQDN and in green is the SysAdmins Email address, you have to entere the dots on the end of each name
             2012102600    ; Serial    ;This is the serial number and needs to be incremented upon each modification, I recommend to use YYYYMMDD##
             604800        ; Refresh    ;refresh time
              86400        ; Retry         ;retry time
            2419200        ; Expire     ;after it expires
             604800 )    ; Negative Cache TTL ;time when cache expires
       IN    A            ;IP address of this SOA
@      IN    NS    ;your nameservers FQDN
@      IN    A       ;the IP of your nameserver
@      IN    AAAA    ::1               ; IPv6 localhost address
ns1     IN    A      ; A record of your nameserver with IP address
dd-wrt    IN    A  ;another A record for the device on IP
storage    IN    A   ;another A record for the device on IP
ap     IN    A   ;another A record for the device on IP

Here are some examples of common record types for this forward zone. There is the Canonical Name record:

accesspoint IN CNAME ap    ;This means that accesspoint in another name for ap

Then there a mailbox entries for example:

          IN MX 10
     mail IN A

The first line indicates the mailbox (MX) with priority of 10 to be and the second line has that corresponding A record pointing to The priority number will be used to determine which server should be asked first if there are not than one MX record. The lower the number the higher the priority and there is also the NameServer record (NS) like you have seen in our configuration. The NS records lists all NameServers that carry a copy of the zones.

Now save your file and restart bind9 enter the following:

service bind9 restart !!!Don't restart yet unless you already have a working set up !!!

you should be able now to query those entries from a workstation that uses your nameserver. Everything works??? Great!! Let’s setup the reverse lookup zone. Here again to save some typing time let’s copy the db.127 to our db.192. Type the following:

cp /etc/bind/db.127 /etc/bind/db.192

Use your desired text editor and open /etc/bind/db.192 and you should see something like this:

; BIND reverse data file for 192.168.0 network
$TTL    604800
@    IN    SOA (
             2012102500    ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )      ; Negative Cache TTL
@    IN    NS     ns1.
2    IN    PTR
1    IN    PTR
20   IN    PTR
254  IN    PTR

I don’t have to say too much to this since its almost the same except the bottom part. We only have to use the last octet out of the entire IP address and add IN PTR and then the FQDN followed by a dot. PTR stands for Pointer and tells BIND that IP x points to FQDN. The same rule for the serial number from the previous file applies here too, increment it upon each change to the file. I also recommend here to use the same scheme YYYYMMDD##. In order to make the changes work enter the following:

service bind9 restart

Now everything should work local name resolution and internet name resolution. Please let me know if you have anything to add or if you just have some questions. In case you like to know more about BIND I recommend the following two books:

DNS and BIND 5th Edition

DNS and BIND Cookbook


Thanks for reading MSJ ūüėČ

1 2 3 13