Edgerouter Configure Remote Access VPN

Assumptions:

  • Local network is eth1-eth4, using DHCP 10.0.1.0/24
  • WAN/Internet connectivity is on eth0, used DHCP

Commands:
Enter config mode using:

#> configure

Type these commands to configure VPN:

set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec nat-networks allowed-network 10.0.0.0/8
set vpn ipsec nat-traversal enable
set vpn l2tp remote-access authentication local-users username your-remote-user password your-unique-password-here
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access client-ip-pool start 10.10.10.100
set vpn l2tp remote-access client-ip-pool stop 10.10.10.150
set vpn l2tp remote-access dhcp-interface eth0
set vpn l2tp remote-access dns-servers server-1 8.8.8.8
set vpn l2tp remote-access dns-servers server-2 10.0.1.1
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret your-pre-shared-key-here
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn l2tp remote-access mtu 1420
set vpn ipsec auto-firewall-nat-exclude enable

Type these commands to configure firewall to allow VPN connections:

set firewall name WAN_LOCAL rule 3 action accept
set firewall name WAN_LOCAL rule 3 description "Allow NAT-T"
set firewall name WAN_LOCAL rule 3 destination port 4500
set firewall name WAN_LOCAL rule 3 log enable
set firewall name WAN_LOCAL rule 3 protocol udp
set firewall name WAN_LOCAL rule 4 action accept
set firewall name WAN_LOCAL rule 4 description "Allow ESP"
set firewall name WAN_LOCAL rule 4 log enable
set firewall name WAN_LOCAL rule 4 protocol 50
set firewall name WAN_LOCAL rule 5 action accept
set firewall name WAN_LOCAL rule 5 description "Allow L2TP"
set firewall name WAN_LOCAL rule 5 destination port 1701
set firewall name WAN_LOCAL rule 5 log enable
set firewall name WAN_LOCAL rule 5 protocol udp
set firewall name WAN_LOCAL rule 6 action accept
set firewall name WAN_LOCAL rule 6 description "Allow IKE"
set firewall name WAN_LOCAL rule 6 destination port 500
set firewall name WAN_LOCAL rule 6 log enable
set firewall name WAN_LOCAL rule 6 protocol udp
set firewall name WAN_LOCAL rule 7 action accept
set firewall name WAN_LOCAL rule 7 description "Allow Established"
set firewall name WAN_LOCAL rule 7 log disable
set firewall name WAN_LOCAL rule 7 protocol all
set firewall name WAN_LOCAL rule 7 state established enable
set firewall name WAN_LOCAL rule 7 state related enable

Now, commit and save:

commit
save

Making Ubuntu Server A Mac Time Capsule

Intro
This is a tutorial about how to make Ubuntu server a Mac Time Capsule. What we need is a functional PC that can install Ubuntu and a Mac machine. This server can be used as not only a file server, but also a Time Machine for Mac backup.

The systems I am using are Ubuntu Server 16.04 LTS and OS X 10.11.5.

Now let’s get it started!

Step 1. Install Ubuntu (Server) 16.04 LTS on your server machine.
Install the LAMP server, OpenSSH server, and Samba file server. Wired network required.

After the installation finished, you may login the server via your Mac machine. Below are some optional configurations.

[Optional] Add new user:

$ sudo useradd -c “King the Brave” -m -s /bin/bash King
$ sudo passwd sam # you may use this to reset root’s password
$ sudo usermod -aG sudo King
[Optional] Delete old user

$ sudo userdel -r old_king # with “-r”, we can delete the home directory for “old_king”

Step 2. Mount your backup disk on Ubuntu.
$ sudo lshw -C disk # to determine the hard drive information
$ sudo fdisk /dev/sda # and create a new partition in the fdisk program by typing “n”
$ mkdir ~/Xserve # as a mount point
$ sudo mount /dev/sda ~/Xserve # to mount the hard drive

Step 3. Configurations.

$ sudo apt-get install netatalk libc6-dev avahi-daemon libnss-mdns

$ sudo vim /etc/nsswitch.conf # to replace the hosts line as below:
hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns

$ sudo vim /etc/avahi/services/afpd.service # to edit as below:
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
    <name replace-wildcards="yes">%h</name>
    <service>
        <type>_afpovertcp._tcp</type>
        <port>548</port>
    </service>
    <service>
        <type>_device-info._tcp</type>
        <port>0</port>
        <txt-record>model=Xserve</txt-record>
    </service>
</service-group>

$ sudo vim /etc/netatalk/AppleVolumes.default # to edit as below:
# change the line ~/ to:
/home//Xserve options:tm

$ sudo vim /etc/default/netatalk # to edit as below:
# uncomment/ add the entries below:
ATALKD_RUN=no
PAPD_RUN=no
CNID_METAD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no
A2BOOT_RUN=no

Step 4. Restart the services.
$ sudo service avahi-daemon restart
$ sudo service netatalk restart