network

Enable UEFI / PXE boot on Mellanox ConnectX NIC

Boot GRML iso
https://grml.org/download/

Enable SSH daemon
service ssh start
passwd
ip a

# ssh root@GRML_IP

Install Mellanox CLI tools (MFT)
http://www.mellanox.com/page/management_tools
apt update
apt install -y gcc make dkms linux-headers-$(uname -r)

URL=http://www.mellanox.com/downloads/MFT/mft-4.12.0-105-x86_64-deb.tgz
wget -O- ${URL} | tar xvz -C /tmp
/tmp/mft-*-deb/install.sh
mst start

Show device state
mst status
flint -d /dev/mst/mt4119_pciconf0 q

OpenVPN

Install
http://www.panticz.de/install_OpenVPN

Restore prevoius NetworkManager OpenVPN configurations
<?php
$URL="https://raw.githubusercontent.com/panticz/scripts/master/restoreOpenvpnConfig.sh";
echo "wget $URL -O - | bash -";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

# set file permission and owner
echo sudo chown root:root /etc/NetworkManager/system-connections/*.openvpn
echo sudo chmod 600 /etc/NetworkManager/system-connections/*.openvpn

config file

tls-client
client
dev tun
proto udp
tun-mtu 1400
remote YOUR_HOST.dyndns.org 1194
ca ca.pem
cert user.pem
key keys.pem
cipher BF-CBC
comp-lzo
verb 3
ns-cert-type server
tls-remote YOUR_HOST.dyndns.org
float

Connect to Client in same IP range
route add 192.168.1.31 dev tap0

extract p12 file
Zertifikat des Benutzers:
openssl pkcs12 -in *.p12 -clcerts -nokeys -nodes -out user.pem

Zertifikat der Zertifizierungsstelle:
openssl pkcs12 -in *.p12 -cacerts -nodes -out ca.pem

Privater Schlüssel:
openssl pkcs12 -in *.p12 -nocerts -nodes -out keys.pem

# remove passphrase from a pkcs12 certificate
openssl pkcs12 -in protected.p12 -nodes -out /tmp/temp.pem
openssl pkcs12 -export -in /tmp/temp.pem -out unprotected.p12

OpenVPN Gui (Client for Windows)
http://man.chinaunix.net/linux/efw-admin-guide-html-chunk/efw.vpn.openvpn.html

C:\Programme\OpenVPN\config\YOUR_VPN.ovpn (old)
client
proto udp
remote YOUR_SERVER.dyndns.org
resolv-retry infinite
nobind
persist-key
persist-tun
ca YOUR_CERT.cer
auth-user-pass
comp-lzo
dev tap

Configure Gnome Network Applet for Endian
VPN-Connections > VPN-Configure
Add
Create
Connection Name: YOUR_VPN_NAME
Gateway: YOUR_VPN_SERVER_IP
Type: Password
Username: YOUR_VPN_USER_NAME
Password: YOUR_VPN_PASS
CA Certificate: YOUR_ENDIAN .pem file

Advanced:
Use LZO Data Compression: checked
Use a TAP Device: check
OK

IPv4 settings > Routing:
Add
Address: YOUR_VPN_NETWORK (192.168.1.0)
Netmask: 255.255.255.0

backup your OpenVPN connections
tar cjf ~/backup/system-connections.$(date -I).tar.bz2 /etc/NetworkManager/system-connections/

Android
https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=de
http://www.rz.uni-kiel.de/pc/openvpn/AndroidVPN

Links
http://askubuntu.com/questions/29086/where-are-vpn-configuration-files-imported-by-network-manager-saved
http://www.ipcop-forum.de/forum/viewtopic.php?p=167998
http://www.ngs.ac.uk/useful-openssl-commands
http://www.sven-kuegler.de/tag/openvpn
http://www.ngs.ac.uk/useful-openssl-commands
http://man.chinaunix.net/linux/efw-admin-guide-html-chunk/efw.vpn.openvpn.html

Networks

# Example /etc/network/interfaces
auto lo
iface lo inet loopback

# device: eth0
auto eth0
iface eth0 inet static
address 178.63.46.216
broadcast 178.63.46.255
netmask 255.255.255.192
gateway 178.63.46.213

# default route to access subnet
up route add -net 178.63.46.192 netmask 255.255.255.192 gw 178.63.46.213 eth0
post-up /sbin/route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.1.1

#new
http://panticz.de/nmap-ip-and-portscan

VLAN
# show VLANs
cat /proc/net/vlan/config

# old
# scan ip from mac
NET=192.168.0