Set up your Raspberry Pi as an IRC Server

This guide will teach you how to set up your raspberry pi as an IRC server. IRC stands for Internet Relay Chat and facilitates the transfer of messages. The operating system that i will be using is Raspbian and it will be a headless setup. First of all, we login via ssh and then run update and upgrade commands.

sudo apt-get update && sudo apt-get upgrade -y

The -y syntax means that it will assume yes for all prompts. This means that it will answer yes if you would like to update. We need to then install all of the necessary programs required.

sudo apt-get install gcc libssl-dev -y

The next stage is to download the UnrealIRCD3.2.10.2. We will install the program in the /usr/bin folder so first navigate to that part of the directory and download the file.

cd /usr/bin/

sudo wget http://www.unrealircd.com/downloads/Unreal3.2.10.2.tar.gz

sudo tar xvzf Unreal3.2.10.2.tar.gz

Then we should change into the Unreal folder to configure the program.

sudo su

cd Unreal3.2.10.2

./Config

Press the spacebar until you get to the end of the read me file, and then press enter. The only thing that you need to change is;

Do you want to support SSL (Secure Sockets Layer) connections?

[No] -> Yes

The rest of these settings you can leave as default. Once you have passed the configuration settings you then let it set itself up. Then you will be asked to generate and SSL certificate. Once you have generated a certificate you then need to run the make command.

make

Before we set up the unrealircd.conf file i recommend setting up a DNS profile so people cant see your public ip address. DNS service i used is no-ip at http://www.noip.com/. Once you have set up that account, you can then start to configure your unrealircd.conf file.

Firstly if you would like to use your own conf file you can find out how to by following this link. If you would like to use a config file that i have already made simply go into the Unreal3.2.10.2 folder that is located in /usr/bin and run;

Then using the nano editor open the file;

nano unrealircd.conf

Then you need to add your details. Firstly press CTRL + w, then CTRL+r, it should say “Search (to replace):” here is where you type in “Replace1” and press enter. Then “replace with:” should appear. Here is where you should type in the DNS entry you made earlier. The DNS i made was raspguide.no-ip.info yours should look similar to this.

Once you have replaced that you should;

Replace line 12 with the name of your IRC server (e.g. Johns IRC)

Replace line 17 with admin name for whois command (e.g. John)

Replace line 38 with the password required for server access (e.g. password1). Delete Line if password isnt required

Replace line 32 with the name of an oper (IRC operator) (e.g. john)

Replace line 47 with the oper account password (e.g. password2)

Replace line 68 and 69 with passwords to turn off and restart the IRC server (e.g. password3)

Replace line 164 with the channel that all users automatically join when logging into your server(e.g. #hello)

On line 151 you need to generate some cloak keys for. So save the file CTRL + o then enter. Then you need to run

./unreal gencloak

You will then get three lines of random keys. You need to save these three lines, open the unrealircd.conf, go to line 151 and paste those keys.

Then press CTRL + o then enter to save the file.

Once you have changed these details you will be able to start up the IRC server.

./unreal start

You need to have port 6697 and port 6667 forwarded from your router to successfully get your IRC to work.

If you have any questions please comment or chat to me on the IRC.

Server – raspguide.no-ip.info

There are many IRC clients about the i use is LimeChat but there are also online IRC that dont require any downloads such as kiwiirc.com.

You have successfully now set up your IRC server to customise your IRC further please refer to the UnrealIRCD documents http://www.unrealircd.com/files/docs/unreal32docs.html .

Advertisements

How to Create an OpenVPN server

This guide will show the necessary steps to get an OpenVPN server running on your Raspberry Pi

 

First of all you would want to make sure your Raspberry Pi is updated and upgraded. For this tutorial we are going to be running all commands as the root user. To change to the root user enter;

sudo su

apt-get install update

apt-get install upgrade

After everything has been upgraded and installed the next step is to install openvpn and openssl if you don’t already have it installed.

apt-get install openvpn openssl

Once OpenVPN has been installed, we have to now configure it. Firstly copy the easy-rsa file into the openvpn folder.

 cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa

Once that has been copied over we need to edit the var file so that when the script runs it put the config files correctly.

 nano /etc/openvpn/easy-rsa/vars

Then on line 15 change

export EASY_RSA=”`pwd`”

to

export EASY_RSA=”/etc/openvpn/easy-rsa”

Then press CTRL + x and save it.Then you need to clean-all the easy-rsa. This will make sure all files are in place. So next change into the easy-rsa directory.

cd /etc/openvpn/easy-rsa

view the files by typing ls

Screen Shot 2014-03-26 at 14.10.41

Then we need to run the clean-all command. But first we need to point it to the vars file. So run;

source /etc/openvpn/easy-rsa/vars

and then we run the clean-all command

/etc/openvpn/easy-rsa/clean-all

Now to see that that necessary files are there type ls again and hopefully you should see something  like this;

Now you have successfully configured your files you need to set up OpenVPN. Run;

 ln -s openssl-1.0.0.cnf openssl.cnf

cd ..

Now we need to create the keys and certificates for the VPN. You can either press enter on all of the certificate prompts or fill them out it makes no difference.

./easy-rsa/build-ca OpenVPN

./easy-rsa/build-key-server server

./easy-rsa/build-key client1

./easy-rsa/build-dh

build-dh takes a while so be patient

The next part is making the config file for OpenVPN. To do this type;

nano openvpn.conf

Edit this file to look like this;

dev tun
#defines which protocol tcp/udp
proto udp
#
#Defines the port to connect
port 1194
#
#This defines where keys and cert are kept
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
#
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
push “redirect-gateway def1"
#
#DNS to googles DNS servers
push “dhcp-option DNS 8.8.8.8"
push “dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo

Then save these files using CTRL + X.

echo 1 > /proc/sys/net/ipv4/ip_forward

ifconfig

When you see your network adapters you want to use for VPN traffic. If you are connected via ethernet port it is usually eth0, the inet address that comes from adapter should be your raspberry Pi’s IP address. We need this information to add to the ip tables.

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT –to 192.168.0.2

Tip: Instead of 192.168.0.2 add your raspberry Pi’s IP address

cd .. 

nano sysctl.conf  

On line 28 you need to remove the # from in front of “#net.ipv4.ip_forward=1” to make it “net.ipv4.ip_forward=1”.

service openvpn restart

Now you have fully configured your OpenVPN server. Now we need to create the files to connect to it.

nano /etc/openvpn/easy-rsa/keys/newvpn.ovpn

This editor will create a file called newvpn.ovpn. Enter the following into this file to connect with the vpn.


dev tun
client
proto udp
remote YOUR_NETWORK_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3

TIP: On line 4 make sure you add your public ip address and not your Pi’s IP

Save this file. Then run;

 nano /etc/rc.local

Add these two lines above exit 0;

iptables -t nat -A INPUT -i eth0 -p udp -m udp –dport 1194 -j ACCEPT

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT –to-source 192.168.0.2

Now we are up and running. We can copy the keys and certificates to our computer. Simple navigate to /etc/openvpn/easy-rsa/keys and do a copy function for all of the keys you need.

The keys we need are ca.crt, client1.crt, client1.key and newvpn.ovpn

Once these have been downloaded successfully open your client that you are going to use and configure the VPN tunnel.

You can use Tunnelblick for Mac – http://code.google.com/p/tunnelblick/

Use  OpenVPN for Windows – https://openvpn.net/index.php/open-source/downloads.html

To make another client just run;

sudo su

source /etc/openvpn/easy-rsa/vars

/etc/openvpn/easy-rsa/build-key client2

Then copy the client2 keys just like above. Finally dont forget to change the newvpn.ovpn file to point the client2 keys and not the client1 keys.

Thank you if you have any questions please comment below.

How to make a secure FTP server with vsftpd

This tutorial will guide you through how to make a secure ftp server on the Raspberry Pi, the program we will be using is vsftpd ( Very Secure File Transfer Protocol Deamon). This system is a secure version of the ftp protocol. Unlike ftp vsftpd encrypts all traffic so username and passwords aren’t sent over clear text.

The first step is to make sure all of your system is updated and upgraded. Then you need to install the program vsftpd, to do this run the install command;

sudo apt-get install vsftpd

 

As soon as you run this command you have set up and installed an ftp server. To make sure everything up to now has ran correctly and is all set up you can try to log in. First of all you need to download an ftp client for later on so go ahead and download it now. The client that i am going to use is FileZilla. FileZilla is a free open source program that can manage an ftp server connection.

Download a copy for your operating system – https://filezilla-project.org/

To test the server, get the program up and running  try and log in using anonymous as the user and leave the pass blank

Tip: Where the ip is 192.168.0.2, enter the address of your Raspberry Pi

But because ftp isnt secure you should configure the server to run over TLS. This would encrypt all traffic that goes between your machine and the ftp server. First of all we need to edit the vsftpd config file, before you edit all config files it is always reccomended to make a backup. So we back up the config file by running this command;

 sudo cp /etc/vsftpd.conf /etc/vsftpd.conf_bak

 

Once the file is backed up you can now edit the config file;

sudo nano /etc/vsftpd.conf

First of all you want to edit the following config file to look something like this one;

 

listen=YES
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# You may change the default value for timing out an idle session.
idle_session_timeout=600
#
#This is a welcome message responce from your server
ftpd_banner=Welcome to my FTP
#
# SSL
ssl_enable=YES
#this selects the cipher type
ssl_ciphers=HIGH
#
#choose according to your preference
force_local_data_ssl=YES
#
#choose according to your preference
force_local_logins_ssl=YES
#
#enable this if you enable ssl.
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
#
#give the correct path to your currently generated *.pem file
rsa_cert_file=/etc/vsftpd/vsftpd.pem
#the *.pem file contains both the key and cert
rsa_private_key_file=/etc/vsftpd/vsftpd.pem
#
pasv_enable=YES
pasv_min_port=12000
pasv_max_port=12100
#
#Some mobile clients require this
require_ssl_reuse=NO

Each of the lines are commented but if you need to understand this further please refer to the man page for vsftpd by typing in;

man vsftpd

Now just before you can connect to your ftp server with tls encryption you need to create a certificate and key for your ftp server to use. First of all we need to make sure OpenSSL is installed and updated. You should already have this installed and updated if you followed my previous tutorials.

sudo apt-get install openssl

sudo apt-get install update

sudo apt-get install upgrade

After this you then want to create the certificate and key for your server.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

Once you have ran this command you should then be able to connect to your server. Dont forget that each time you edit the config file you must then restart your vsftpd service. Run these commands to restart;

sudo service vsftpd restart

If this restarts with no errors you can now connect to your server, but beware that some routers must have ports forwarded to be able to work correctly. These are the ports that i have forwarded from my router;

Make sure that you put your IP address of your raspberry Pi in the IP address section. After this you should be able to get your ftp server working.

FileZilla Setup

Open the FileZilla program, go to file then site manager.

Screen Shot 2014-03-25 at 12.45.20

Then enter your Raspberry Pis Ip in the host section.

On the encryption box select “Require explicit FTP over TLS”

Change the logon type to normal and then enter your username and password into the boxes provided.

The screenshot doesnt show anything in Host But put your Raspberry Pi’s IP here.

When you then select connect you should get a pop up box asking if you wanted to accept the unknown certificate. Check that the credentials are the ones you entered earlier when you created the openssl certificate and key.

You should then be able to log in to your ftp server. If you would like to “jail” local users and have virtual users, keep an eye on this blog. I will be posting a part 2 soon.

If you have any comment or improvement please comment below. Also don’t be afraid to ask any question.