ubuntu

Site to Site IPSec VPN with strongSwan and OpenStack VPNaaS (IPsec)

Setup

# Left (Ubuntu client, behind NAT)
Ubuntu Client IP: 212.8.9.10
Ubuntu net: 192.168.178.0/24
 
# Right (OpenStack VPNaaS)
VPN_SERVICE_ID=$(openstack vpn service list -c ID -f value)
VPN_SERVICE_IP=$(openstack vpn service show ${VPN_SERVICE_ID} -c external_v4_ip -f value)
echo ${VPN_SERVICE_IP}
 
OpenStack VPN IP: 217.50.60.70
OpenStack Net: 10.0.1.0/24

Create OpenStack VPN endpoint
http://www.panticz.de/openstack/vpnaas

/etc/ipsec.secrets

217.50.60.70 : PSK "PASS1234"

/etc/ipsec.conf

config setup
 
conn vpn1
 keyexchange=ikev1
 left=%defaultroute
 leftid=212.8.9.10
 leftsubnet=192.168.178.0/24
 leftauth=psk
 leftfirewall=yes
 authby=psk
 auto=start
 ike=aes256-sha512-modp1024
 esp=aes256-sha512
 right=217.50.60.70
 rightsubnet=10.0.1.0/24
 rightauth=psk
 ikelifetime=3600s
 keylife=3600s
 type=tunnel

CLI

sudo ipsec status
sudo ipsec statusall
sudo ipsec restart
 
sudo ipsec up vpn1
sudo ipsec down vpn1
 
sudo ipsec listalgs

List

Ubuntu 20.04 Focal Fossa LTS

Schedule
https://wiki.ubuntu.com/FocalFossa/ReleaseSchedule

ReleaseNotes
https://wiki.ubuntu.com/FocalFossa/ReleaseNotes

Known issues
https://wiki.ubuntu.com/FocalFossa/ReleaseNotes#Known_issues

Download
Releases: http://releases.ubuntu.com/20.04/
Cloud image (minimal): https://cloud-images.ubuntu.com/minimal/daily/focal/current/focal-minimal-cloudimg-amd64.img
Netboot: http://archive.ubuntu.com/ubuntu/dists/focal/main/installer-amd64/current/images/netboot/mini.iso
Torrent: http://releases.ubuntu.com/20.04/ubuntu-20.04-desktop-amd64.iso.torrent

Repository

echo "deb http://de.archive.ubuntu.com/ubuntu focal main restricted universe multiverse" \
    sudo tee /etc/apt/sources.list.d/ubuntu-focal.list
echo "deb http://de.archive.ubuntu.com/ubuntu focal-updates main restricted universe multiverse" \
    sudo tee /etc/apt/sources.list.d/ubuntu-focal-updates.list
 
sudo apt update

Workarounds

Gnome / Ubuntu: Configure MIME-Type

Show default mime
https://wiki.ubuntuusers.de/xdg-utils/

xdg-mime query default inode/directory
xdg-mime query default text/html
xdg-mime query default x-scheme-handler/mailto
xdg-mime query default text/plain
xdg-mime query default image/jpeg
xdg-mime query default application/pdf

Configure user default MIME-Type application

xdg-mime default code.desktop text/plain
xdg-mime default code_code.desktop text/plain

# old
https://wiki.selfhtml.org/wiki/MIME-Type/%C3%9Cbersicht#T
by user

mkdir -p ~/.local/share/applications
 
cat <<EOF>> ~/.local/share/applications/mimeapps.list
[Default Applications]
text/plain = code.desktop
text/x-shellscript = code.desktop
EOF
 
sed -i 's|text/plain = .*|text/plain = code.desktop|g' ~/.local/share/applications/mimeapps.list

Configure global

/etc/gnome/defaults.list
sudo sed -i 's|text/plain=gedit.desktop|text/plain=code.desktop|g' /etc/gnome/defaults.list

gio
https://help.gnome.org/admin/system-admin-guide/stable/mime-types-application-user.html.en

Visual Studio Code

# deb download
# https://code.visualstudio.com/docs/setup/linux
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /etc/apt/trusted.gpg.d/
sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main" > /etc/apt/sources.list.d/vscode.list'

sudo apt-get install apt-transport-https
sudo apt-get update
sudo apt-get install code # or code-insiders

# manual download
wget -q https://update.code.visualstudio.com/latest/linux-deb-x64/stable -O /tmp/code.deb

Snap (Ubuntu package management)

Install
sudo apt install -y snapd

CLI
snap find
snap install

Configure proxy
sudo mkdir -p /etc/systemd/system/snapd.service.d/
echo -e '[Service]\nEnvironment="http_proxy=http://proxy.example.com:3128/"' | sudo tee /etc/systemd/system/snapd.service.d/http-proxy.conf
echo -e '[Service]\nEnvironment="https_proxy=http://proxy.example.com:3128/"' | sudo tee /etc/systemd/system/snapd.service.d/https-proxy.conf
sudo systemctl daemon-reload
sudo systemctl restart snapd

# debug proxy
systemctl show snapd | grep proxy

Install prometheus under Ubuntu

Install from repository
sudo apt-get install -y prometheus
# optional
sudo apt-get install -y prometheus-node-exporter
sudo apt-get install -y prometheus-alertmanager
sudo apt-get install -y prometheus-pushgateway

Ansible installation
https://github.com/panticz/ansible/tree/master/roles/prometheus
- hosts: localhost
roles:
- prometheus

Login
http://SERVER_IP:9090/

Commands
avg_over_time(node_memory_MemAvailable[5m])/1024/1024

Repositroy

Upgrade SSH to v7.3 (with include support)

echo "deb http://archive.ubuntu.com/ubuntu yakkety main" > /etc/apt/sources.list.d/yakkety.list
apt-get update
apt-get install -y ssh
rm /etc/apt/sources.list.d/yakkety.list
apt-get update

ssh -V
OpenSSH_7.3p1 Ubuntu-1, OpenSSL 1.0.2g 1 Mar 2016

mkdir ~/.ssh/config.d
sed -i '1iInclude config.d/*' ~/.ssh/config

Links
https://superuser.com/questions/247564/is-there-a-way-for-one-ssh-config-file-to-include-another-one