FreeNAS Failed to create mountpoint

Problem

I have two FreeNAS servers running version 9.10 on a HP MicroServer Gen 8. The main server has 16 GB RAM with a Intel(R) Xeon(R) CPU E3-1220L V2 @ 2.30GHz while the secondary has 8 GB RAM and a Intel(R) Celeron(R) CPU G1610T @ 2.30GHz. These two replicate data in both directions for off site backup. I recently upgraded them both to FreeNAS 11 U2 while also taking the opportunity to migrate backups from ISCSI ZVOL to Datasets. This meant replicating the new datasets.

Read more…

Please share 🙂

NGINX Reverse Proxy LetsEncrypt Auto-Renew

Intro

I finally got round to moving all my web services off a single server and onto a new server using ESXi virtualisation. I got an older HP G7 DL380 with 2x Intel Xeon CPU’s and 64GB of RAM for around £300 off eBay. It does use more power (Averages 150W) however it is well worth it as it provides full RAID redundancy and virtualisation provides easy backup/snapshots before any modifications. I have decided to create a separate VM for each service and then use NGINX as a reverse proxy to handle all the SSL. This greatly reduces management overhead as I have only got to renew the certificates in one place, it also provides speed improvements as well as security.

I was initially put off LetsEncrypt with its short certificate lifetime and the need for automation, especially when I add a large and complex Apache configuration file however I decided to go for it with a brand new VM and I am glad I did; it is brilliant!!

Read more…

Please share 🙂

Create IPSec/L2TP, IPSec EAP for Android VPN

Introduction

Android supports IPSEC/L2TP & IPSEC with XAuth with either PSK or Certificates. I struggled to find any thorough information on setting up the server in its various forms so have written this blog mainly so I don’t forget how to do it! I am using a Ubuntu server with Strongswan providing the IPSec, XL2TPD providing the XL2TP and PPP. IPSec provides the encryption, L2TP does not provide any security! Firewall rules need to be added to prevent someone trying to connect to the L2TP port outside of the IPSec tunnel.

IPSec/L2TP PSK (Pre Shared Key)

Firstly lets start with the easiest one to setup; this doesn’t use certificates so makes it quicker to setup. We need to install strongswan to provide the IPSec, ppp and xl2tpd.

apt-get install strongswan xl2tpd ppp

Read more…

Please share 🙂

Install Kolab Mail Server on Ubuntu

This post will show you how to install Kolab mail server on ubuntu 14.04, in this example on a DigitalOcean VPS.  Kolab’s recipient policy will be removed because I do not need guaranteed unique email addresses, secondary alias addresses setup etc. DKIM is another important factor when configuring a mail server as it allows other mail servers to validate the authenticity of you emails. There are many useful plugins available for roundcube such as integration with Google Authenticator app. For sources see the reference section at the end.

Install Kolab

The first step is to install Kolab on the VPS. Add the following to /etc/apt/sources.list.d/kolab.list using nano or similar.

We need to import the authentication key to validate the packages. Run these commands.

To make sure the Ubuntu server priorities the packages from the Kolab repository we need to create a preferences file. Create and put the following in /etc/apt/preferences.d/kolab:

Setup Kolab

Read more…

Please share 🙂

Secure Webmin with Google Authenticator

This post will show you how to secure Webmin with Google Authenticator in Ubuntu 14.04 Server.

NTP Time Sync

First install NTP so the time can be synchronised, the time needs to be very accurate so Google Authenticator can work.

Sync the NTP service with a pool before starting the service. The second line is an example of the output of the command.

Start the NTP service. The service should have been added as a startup script.

Google Authenticator Install/Setup

Read more…

Please share 🙂

Setting up mail server dns records

This post will take you through setting up all the necessary DNS settings for your mail server and an additional server on a separate IP. The mail server will reside on a subdomain such as webmail.example.com while the main server will reside on example.com.

I highly recommend using DTDNS.com as they have provide an excellent service. I have a dynamic IP for one server and they automatically update the DNS records when the IP address changes. They also provide robust tools for managing advanced DNS settings including editing the file directly.

Read more…

Please share 🙂