Setting up OpenVPN on pfsense - Server Setup

Setting up OpenVPN on a pfSense firewall isn't one of those real obvious tasks, but can be accomplished easily enough with the proper instructions. I setup the VPN to depend on a Public Key Infrastructure (PKI). It would be easier to just use a pre-shared key, but less secure. For a more exhaustive, but slightly out-of-date tutorial, check out this pdf.

Case Study: A Small Non-profit Infrastructure Rebuild

At a small non-profit I consult with, we were able to take an office in the depths of chaos and confusion due to an unstable and unreliable technology foundation and rebuild it into a productive and flexible environment based on simple technology that repaid itself in under a year. The benefits to productivity and morale were also very tangible, though not measurable in financial terms.

CPOSC 2009

Here's the abstract for the session I'll be sharing tomorrow at Central Pennsylvania Open Source Conference. I've posted some "further reading" as well as a couple versions of the slide deck to help people retain the information. These conferences cram a lot in.

Linux has many advanced network traffic monitoring and manipulation capabilities. In this session we’ll assume you have command-line access to a Linux firewall or router between your network and the outside world. We’ll explore the tools available to most distros and how they can be used to gather and manipulate information from the network. We’ll primarily discuss tools available from the command line such as tcpdump and iproute2. The first will help us discover what is flowing and the second will help us manipulate it in the direction desired.

Ubuntu Intrepid on an old Dell PowerEdge 1400SC

I had an old Dell PE 1400SC that I wanted to run Ubuntu 8.10 (Intrepid) on. It turns out this required some dusting and cleaning of the digital type, but a little extra attention and it's humming along great now. If you're running into the same thing, maybe I can show you the way and save you some time. The two primary problems I had was an old BIOS firmware and a missing kernel option after install.

Upgrading Firmware
So it turns out that Dell has some firmware upgrade options for Linux based computers, but if the computer doesn't yet have an OS and you can't get Ubuntu installed yet because of the OS you have to pull out a Windows disk and install. I tossed a small IDE drive onto the same ribbon cable that the CD drive was on and popped in a Windows XP CD. Not intending to leave it installed for more than a couple hours, I don't believe licensing is an issue.

Once I did the typical install I acquired the firmware. Don't go with the default BIOS download. It requires floppies and I don't know about you, but I don't even have any in my office. The other will install from the running XP install. Select the proper one from this PE 1400SC BIOS Download page.

Then all you have to do is run it and your first problem is solved. Be sure to remove this drive before you install Ubuntu as this will end up holding the boot sector and you'll have some difficulty removing it later.

Won't Boot Intrepid After Install
After having done the complete install of Intrepid, I went to boot up the system and enjoy my fresh Linux goodness, but it was not to be. I receive a message complaining about a bad UUID and suggesting rootdelay be added to the kernel and some other things. Then it bounced me to the BusyBox prompt.

  1. At the busy box prompt, type reboot
  2. When the Grub prompt comes up, hit 'e' to edit the default line
  3. At the end of this line, type rootdelay=50
  4. Then hit 'b' to boot the box, this works, but is only temporary

In order to make the rootdelay stay between kernel upgrade and other process that upgrades grub, I also ran through this process after logging in.

  1. Run sudo vim /boot/grub/menu.lst
  2. Find the line starting with # kopt=root=UUID...
  3. Add rootdelay=50 to the end of that line. (type i in vim to insert text)
  4. Save and exit the document (hit your ESC key to leave insert mode and then :wq to write and quit vim)
  5. Run sudo update-grub
  6. Run sudo reboot just to prove that it worked

You should now be up and running. That old iron in renewed to its former glory through the power of linux.