VPN Setup Guide – One click L2TP VPN Server or IPSEC VPN Server Setup

In this video you will learn how to setup your own private L2TP to IPSEC VPN Server using a KVM VPS or a Dedicated Server. I’ve used a Ubuntu 20 based installation but this same script or command even works on Debian, this is a fully automated setup for a VPN Server. I’ve used a Budget KVM VPS from https://hosteons.com/kvm_vps.php for this tutorial but this same script should work with any other providers’s VPS as long as it’s a KVM VPS and the OS is Debian or Ubuntu. This is a one click or one command setup to have your VPN Server ready almost instantly.

Command to install your L2TP VPN server is:

wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh

NOTE: Please make sure to backup your data before running this script as hosteons will not be responsible for any data loss.

Fix macOS Catalina broken Mail Search

This post is not related to hostEONS Hosting Services, but a very simple fix for macOS Catalina broken mail search.

Since most of our techs are using MAC and as soon as we are upgraded to Catalina we were surprised to find out that SpotLight or mail search was not displaying results from mails.

So here is how we fixed it.

Quit Apple Mail

Go to System Preferences

Now Click on Spotlight

Then Click on Privacy Tab

Now click on “+” and add whole Macintosh HD, it will give you warning that you are about to disable Spotlight search, proceed with it.

Now restart your MAC

Now again to System Preferences -> Spotlight -> Privacy Tab now select Macintosh HD and click on minus “-” sign and close System Preferences

Now you start using Mail in your Mac and give it couple of hours, it will reindex your whole drive including mails and all mails will be searchable again.

Logging or Showing Real IP in cPanel/Apache when using CloudFlare

We recently switched to CloudFlare for our own website but even after a lot of research could not find proper documentation moreover mod_cloudflare has been discontinued and all documents are too old, so here is how we fixed it.

  1. First login to WHM
  2. Customise your Apache config and under Apache Modules select mod_remoteip (yes we will use mod_remoteip instead of mod_cloudflare)
  3. Once Apache is recompiled now you need to edit a file with name “370_mod_remoteip.conf” it may be 360 or 350 or something else but last part will be “mod_remoteip.conf” and file is available in /etc/apache2/conf.modules.d.
  4. Just add following to above file:

RemoteIPHeader X-Real-IP
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/12
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32

 

5. Now go to WHM and under “Apache Configuration” click on “Include Editor” then under “Pre Main Include” edit the file and add:

<IfModule remoteip_module>
RemoteIPHeader X-Forwarded-For
</IfModule>
<IfModule log_config_module>
LogFormat “%{Referer}i -> %U” referer
LogFormat “%{User-agent}i” agent
LogFormat “%a %l %u %t \”%r\” %>s %b” common
LogFormat “%a %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined
CustomLog logs/access_log combined
</IfModule>

 

Now just save and restart Apache, it should now start showing your real IP in apache logs etc…

 

 

 

Manually Migrate a KVM VPS to another node where both source and destination nodes are running SolusVM

If for some reason SolusVM automated migration is failing or if you just want make your hands dirty and wants to manually migrate a KVM VPS to another VPS Node, just follow these simple steps:

Run following commands on Source VPS Node:

Assuming your KVM ID for your VPS is “kvm5368”

# lvdisplay | grep kvm5368
LV Path /dev/vg_node10/kvm5368_img
LV Name kvm5368_img

Now lets shutdown the Source VPS:

# virsh shutdown kvm5368

Now once it’s shutdown lets create an image of the VPS Disk:

#dd if=/dev/vg_node10/kvm5368_img | gzip | dd of=/root/kvm5368_backup.gz bs=4096

Now lets create a Logical Volume on the destination node, so run following commands on the destination node:

# lvcreate -n kvm5368_img –size 30G /dev/vg_node

Now transfer the VPS image file created earlier from source to destination node:

# scp -C /root/kvm454_backup.gz root@destinationvpsnode:/root/

Once it’s transferred then run following command on destination vps node to restore the VPS Image:

dd if=/root/kvm5368_backup.gz | gzip -d | dd of=/dev/vg_node/kvm5368_img bs=4096

Once it’s restored run following command on your SolusVM Master:

/scripts/vm-migrate <vserverid> <newnodeid>

Now you should be able to boot the new migrated VM from SolusVM

Getting Errors while booting a OpenVZ 7 VPS Container running on Ploop File System ?

Getting errors like:

2019-08-09T08:24:10-0400 : Error in e2fsck (fsutils.c:471): e2fsck failed (exit code 4)

2019-08-09T08:24:10-0400 vzctl : CT 392 : Failed to mount image /vz/private/392/root.hdd: Error in e2fsck (fsutils.c:471): e2fsck failed (exit code 4)
[41]

#vzctl start 392

Starting container…
Opening delta /vz/private/392/root.hdd/root.hdd
Adding delta dev=/dev/ploop61204p1 img=/vz/private/392/root.hdd/root.hdd (rw)
/dev/ploop61204p1p1: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY.
(i.e., without -a or -p options)
Error in e2fsck (fsutils.c:471): e2fsck failed (exit code 4)
Failed to mount image: Error in e2fsck (fsutils.c:471): e2fsck failed (exit code 4)

It can happen due to a file system crash or VPS Node crash etc…, don’t worry follow following tutorial to fix.

Solution:

1)Stop the container.

#vzctl stop 392

#vzlist 392

2)Mount the ploop image.

#ploop mount /vz/private/392/root.hdd/DiskDescriptor.xml

3)Perform fdisk -l

#fdisk -l /dev/ploop61204p1

4)Perform a file system check for the partition(note p1 at the end):

#e2fsck /dev/ploop61204p1p1

5)Unmount the ploop image

#ploop umount -d /dev/ploop61204p1

Unmounting device /dev/ploop61204p1

6)Start the container

#vzctl start 392

Beware! Always Ask your VPS Provider About CPU Clock Speed and Drives being used

You may find a a lot of VPS Providers popping up these days and some of them even offering like 2 CPU Cores even with a 512 MB VPS that too very cheap, but always ask the following few basic questions before ordering:

  1. CPU Clock Speed
  2. Kind of Drives Used
  3. Are they using RAID 10
  4. Do they Provide Native IPv6 and is it a /64 if you don’t get a /64 then it’ useless as /64 per customer is the minimum standard for IPv6 because all RBL now block a /64 and not individual IPv6 IP so if another user from same /64 is an abuser even you will be blocked/banned so it’s best to get a separate /64
  5. Is your provider offering unmetered data transfer ?
  6. Are they offering DDOS protection ?
  7. Ask for a test IP and check latency, just ask for Looking Glass if they have any, something like https://lg.hosteons.com

Hosteons.com offers CPU Clock Speed between 2.5Ghz – 3Ghz

Hosteons uses SSD Drives with RAID 10 for best Disk I/O Performance

Hosteons provides Free /64 IPv6 with all VPS

Hosteons VPS comes with unmetered data transfer

Hosteons offers Free DDOS Protection with all VPS Packages

Hosteons has very good routing globally, it can be verified from https://lg.hosteons.com it has test IP as well as other network utilities to check latency and routing.

How to enable iptables in CentOS 7

Just use the following commands to disable firewalld and enable the good old iptables in any CentOS 7 based VPS or server:

[root@test2 ~]# systemctl stop firewalld

[root@test2 ~]# systemctl mask firewalld
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.

[root@test2 ~]# yum install -y iptables iptables-services
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.centos.org
* extras: mirror.centos.org
* updates: mirror.centos.org
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
Package iptables-1.4.21-24.1.el7_5.x86_64 already installed and latest version
Resolving Dependencies
–> Running transaction check
—> Package iptables-services.x86_64 0:1.4.21-24.1.el7_5 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================================================================
Package Arch Version Repository Size
=========================================================================================================================================
Installing:
iptables-services x86_64 1.4.21-24.1.el7_5 updates 51 k

Transaction Summary
=========================================================================================================================================
Install 1 Package

Total download size: 51 k
Installed size: 25 k
Downloading packages:
iptables-services-1.4.21-24.1.el7_5.x86_64.rpm | 51 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : iptables-services-1.4.21-24.1.el7_5.x86_64 1/1
Verifying : iptables-services-1.4.21-24.1.el7_5.x86_64 1/1

Installed:
iptables-services.x86_64 0:1.4.21-24.1.el7_5

Complete!
[root@test2 ~]#

[root@test2 ~]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@test2 ~]#
[root@test2 ~]# systemctl start iptables

How to update SSH Port in CentOS 7

Update SSH Port in CentOS 7

Here are few simple steps on how to update SSH Port in CentOS 7 VPS or Dedicated Server

Edit the SSHD configuration file :

nano -w /etc/ssh/sshd_config

(if nano is not installed use any other text editor or install it with yum -y install nano)

and change the Port number from 22 to any custom port you choose :

e.g. Port 18989

Make sure to even remove the # mark before Port

Save the config file

SELinux is enabled by default in CentOS 7 so you need to even inform SELinux to change the SSH Port else it won’t allow you to restart SSHD with new Port.

To run semanage for updating SSHD Port you nee to first install policycoreutils, install it with :

yum -y install policycoreutils-python

now update SeLinux policy to allow new port for SSH service. to do this, run below :

semanage port -a -t ssh_port_t -p tcp 18989

now you need to update Firewall policy to allow new SSH Port, to do this run below :

firewall-cmd –permanent –zone=public –add-port=18989/tcp
firewall-cmd –reload
systemctl restart sshd.service

SSHD Port is now updated, you can now connect to your new SSH Port: 18989