TOP

How to Ensure the IPv6 Default Route is Active On Boot

IPv6 World LaunchA common issue we notice is that users who have IPv6 enabled on their VPS have connectivity issues when rebooting. The problem 99% of the time, is the default route for IPv6 traffic is not present. By default, OpenVZ virtualization doesn’t seem to add the default route via the venet device unless specified by the user (unlike IPv4 behaviour).

The solution

Type the following command as root:

ip route add ::/0 dev venet0

While the above solution will work, it is not practical as most admins don’t want to manually type this each time they restart network services or reboot their machines.

To ensure the default route is present on boot. Add the following 2 lines of code to the /etc/sysconfig/network file.

NETWORKING_IPV6=”yes”
IPV6_DEFAULTDEV=”venet0″

This will ensure that your OS will add the default route for IPv6 on boot.

Read More
TOP

Using Email Greylisting to Reduce SPAM

One of the most common problems faced by anyone hosting a mail server in today’s internet world is SPAM. Whether it comes from the outside world to your clients or originating from your clients themselves. Every server administrator will need to deal with this at some point. This article is to clarify what “Greylisting” means, what it will do, what it won’t do and hopefully give you enough information to decide whether or not it’s a good idea for your environment.

In short, Greylisting does two main things. The first, is to temporarily reject the first email received from a non-whitelisted sender, the second is to keep a list of possible spam servers to chose whether or not to reject the first email.

This does sound a little weird at first, but the methodology behind rejecting the first email comes from a basic principle. SPAM servers generally send a lot of mail OUT. The faster the better (in most cases) as Administrators try to shut down these servers through blacklist databases all the time. Since these servers gernerally process a large amount of outgoing mail from potentially old mailing lists or manually created ones in some cases, most spammers don’t always know what email accounts actually exist. Going on this priciple, majority of SPAM server will not try to deliver mail more than once (ie: if it sent mail gets rejected it will not try and resend it). A properly configured mail server will try multiple times before sending it back undelivered.

As a result, Greylisting takes advantage of this by initially denying the message and waiting for the origin server to re-send it. If it receives a second request for the original message then it will accept and deliver it locally.

The most common configuration we use on our networks utilize Postfix mail servers with a plugin called PostGrey.  Although I won’t get into the configuration of PostGrey here, there are many articles online that can help you out.

Is Greylisting Right for You?

The reason you need to ask yourself this question is that it can provide benefits but at a small cost. Since Greylisting initially rejects the first email message, the immediate implications are that you will not get “instant” delivery of your mail. While most providers will never say that email delivery is instant by nature, it’s generally very fast. Normally within 1 minute of it being sent it should be received at the other end.

So if you are running a mail server that forwards messages to blackberrys or various handheld devices, these mobile users need to know that they will not get their messages “instantly” when they are sent by another user.

Also, mail servers can be configured in different ways. While most don’t wait very long to re-send a message, depending on the configuration the message could take up to 10 minutes to be re-sent. So it may not be a good idea to use this on a support or high-availability help-desk style situation.

The good news: You can exclude certain mail accounts from grey-listing. So you can still install and configure PostGrey on your server and specify which mailboxes to not Greylist.

Conclusion

GreyListing is very effective if you understand how it works and behaves. When used correctly it will reduce the amount of SPAM destined to your users by a very large factor (it did for us, but your mileage may vary).  In turn, this will reduce the amount of work other filters that are installed will need to do (IE: spamassassin etc…) thus allowing you to use much less resources for processing mail and limiting it to real mail in most cases.

 

Read More
TOP

Setup a Tun/Tap OpenVPN Server on OpenVZ in Under 5 Minutes

How can I install a VPN server on my VPS in order to access the internet through it? If you want to skip the background and methodology behind the script, skip to the section called “Installing OpenVPN on OpenVZ.”

One of the pre-requisites to run common PPTP and IPSEC VPN protocols is PPP. Due to the nature of OpenVZ virtualization, it requires it’s own custom version of the Linux Kernel to run. As a result, ppp is not available for us to use.

So, OpenVPN is the simplest way to get a VPN server running on your VPS since it utilizes the TUN interface /dev/net/tun and creates a tunnel to your client software running on your PC. Then, using simple IPTables rules, you can masquerade or NAT your traffic to your public interface. Sounds complicated? to a degree it can be (depending on your linux knowledge level).

So we have come up with  a script that will allow you to install a “simple” version of OpenVPN server and allow you to download the appropriate configuration file (.ovpn & certificate) to import into the OpenVPN client software. This requires no configuration from your side other than running the script and answering some questions in the wizard.

Installing OpenVPN on OpenVZ

The following script will do the following things:

  1. It will check to ensure tun/tap is enabled. If it isn’t you will need to contact your support department and have it enabled before continuing.
  2. It will download and install the RPMForge Repository for CentOS (where OpenVPN packages are located)
  3. It will use YUM and install all the required packages (openvpn openssl openssl-devel)

Once the required packages are installed the script will create a sample easy to use configuration for OpenVPN and put the required files you will need for your Client to connect in /root/openvpn-keys.tgz

It will set OpenVPN to run on boot and create the necessary iptables NAT rules to route your traffic to your primary Public IP address and save it so it will remember when iptables is restarted.

Installation Steps

Download the following script (tested and supported on CentOS 5 32bit) and run as root:  OpenVPN Install Script

or

Type the following commands as root:

cd ~
wget http://www.openvz.ca/scripts/install-openvpn.sh
chmod 700 install-openvpn.sh
./install-openvpn.sh

Wizard Instructions:

  • When asked to enter a “Passphrase” do not enter one, leave it blank and just press “enter”
  • When asked for Country Code, Province, City… These do not have the be accurate. Any values will do.
  • When asked if you want to build/sign the generated certificates enter yes (y).
  • It is normal for it to ask you two times for the same information (Since you are generating both client/server keys)

The final step is to download the /root/openvpn-keys.tgz archive, unzip it on your PC and import the .ovpn file in your OpenVPN Client (you can download it here if you haven’t already). This will create a simple button in your client and allow you to quickly establish a VPN connection to your VPS whenever you need it.

Questions? Contact Us or post a comment on this blog so we can clarify anything not mentioned.

pre-requisites

Read More
TOP

Canadian WordPress Hosting in a Snap!

To all the bloggers out there, a solution has finally come. OpenVZ.ca is proud to offer WordPress users a simple solution to install wordpress with no technical knowledge right from your control panel. No matter what Web Hosting Plan you have. Your blog will be setup in the time it takes to type in your administration username and password!

We know that blogging is a very important aspect to most websites today, and blog website in general are gaining very high amounts of traffic. Canadians are starting to recognize credible up-to-date blogs as a way to get unbiased news as an alternative to the mainstream media.

If you’re up for the challange, OpenVZ.ca is willing to support you though implementing the most professional, reliable, stable and FAST blog for you so that you can spend your time thinking about what you’re going to write about.

How to Install WordPress

Already have a web hosting account with us? You can install wordpress in three simple steps.

  1. Login to your control panel (http://www.yoursite.com/cpanel)
  2. Locate the section called “Software/Services” and click on “Site Software” and then “WordPress”
  3. On the installation page, specify the administrator username/password and select create new database.

Thats it! Your blog is now live and ready to go.

Read More