MIKROTIK as a bandwidth management Agustus 28, 2009
Posted by setijoagus in Mikrotik, Network.Tags: bandwidth, bandwidth management, Mikrotik
add a comment
16. klik Queues
17. pada Tab Simple Queues –> klik +
isikan Name Queues : ALL NETWORK
isikan Target Address : 172.20.0.0/16
18. pada Tab Simple Queues –> klik +
isikan Name Queues : PC.33.33
isikan Target Address : 172.20.33.33
Max Limit untuk upload dan download 64Kbps
19. test dari komputer 172.20.33.33 & gunakan browser untuk mengakses bandwidthmeter, didapat hasil lebih dari 64 Kbps, hal ini terjadi karena maximal untuk upload dan download mengikuti Queues : ALL NETWORK.
artinya pada saat bandwidth secara keseluruhan Queues ALL NETWORK belum maximal, maka Queues : PC.33.33, dapat menggunakan semaximal mungkin bandwidth yang ada.
20. hapus Queues ALL NETWORK, sehingga pada Simple Queues hanya terdapat Queues : PC.33.33
21. hasil yang didaptkan dibawah 64Kbps
MIKROTIK as a BRIDGE Agustus 28, 2009
Posted by setijoagus in Mikrotik, Network.Tags: bridge, Mikrotik
add a comment
LAN 1 [dengan ip : 172.20.0.0/16] akan dihubungkan LAN 2 [juga dengan ip : 172.20.0.0/16], LAN 1 bisa diganti sebagai router yang connect ke internet
1. lewat WinBox akan dikonfigurasi MIKROTIK sebagai BRIDGE
2. dari menu klik Interface, terlihat 2 ethernet
3. setup ip, dari menu klik IP –> klik Address –> klik + –> isikan alamat ip
untuk ether 1 172.20.2.21
4. untuk ether 2 172.20.2.22
5. setup bridge, dari menu klik Bridge
6. klik + –> isikan [default]
7. tab pindah ke Port –> + –> isikan [default] dengan ether1
8. ulangi langkah 6 untuk ether2
9. setup router, dari menu klik IP –> klik Routes
10. klik +
isikan destination : 172.20.0.0/16
isikan gateway : 172.20.114.73 [sesuaikan, sbg contoh gateway di jaringan LAN 1]
11. testing dari mikrotik, dari menu klik Tools –> klik Ping
12. ping ke 172.20.140.31
13. ping ke 172.20.140.33
14. testing dari client LAN 2, ping ke anggota client di LAN 1
15. testing dari client LAN 1, ping ke anggota client di LAN 2
C. ASTERISK & SPA-400 [Setup asterisk] Agustus 25, 2009
Posted by setijoagus in Linux, Network, voip.Tags: asterisk, spa 400
add a comment
5. membuat user di /etc/asterisk/sip.conf
[root@linux ~]# vi /etc/asterisk/sip.conf
[general]
register= spa400@172.20.140.142/spa400
[spa400]
type=friend
user=spa400
host=172.20.140.142
dtmfmode=rfc2833
canreinvite=no
context=from-trunk
insecure=very
6. membuat extentions di /etc/asterisk/extensions.conf
[root@linux ~]# vi /etc/asterisk/extensions.conf
;——————————————————————-
; dari sip ke pstn UBS [spa400]
; contoh 888160, artinya dari sip akan dial ke pabx no telpon 160
;——————————————————————-
exten => _888X.,1,Dial(SIP/${EXTEN:3}@spa400,30,rt)
;——————————————————————-
; dari pstn ke sip [spa400]
; contoh semisal extention pabx / FXO : 160 didial maka,
; artinya dari pstn akan dial ke sip no ext 001
;——————————————————————-
[from-pstn-custom]
exten=>spa400,1,Goto(voipubs,001,1)
B. ASTERISK & SPA-400 [Setup SPA-400] Agustus 25, 2009
Posted by setijoagus in Linux, Network, voip.Tags: asterisk, spa 400
add a comment
1. menentukan IP SPA-400
Pada saat pembelian pertama dari pabrik IP SPA-400, diset DHCP, sehingga untuk melakukan setting lewat browser akan kesulitan [sebab khan nggak tahu IPnya].
Untuk itu perlu tool, salah satunya menggunakan angry IP scanner (http://www.angryziber.com), yang digunakan untuk scan IP SPA-400 dengan port 5060.
2. difinisikan SPA-400 lewat browser
Default username = Admin (capital A)
Default password = blank
3. Setup -> Basic Setup
• pilih Fixed IP address & isi fixed IP address : 172.20.140.142
• DNS server : 172.20.140.33
• Set time zone :
• Click Save Settings
• Restart System
4. Setup->SPA9000 Interface.
• User ID : spa400 [user yang disetup di /etc/asterisk/sip.conf]
• static Address : 172.20.140.33
• Port : 5060
• Port ID 1 : PortID1
• Port ID 2 : PortID2
• Port ID 3 : PortID3
• Port ID 4 : PortID4
• Click Save Settings
Mengetahui Device – Device cisco Agustus 24, 2009
Posted by setijoagus in Network.Tags: cisco, neihbors
add a comment
Perintah CISCO untuk mengetahui device – device lain, yang terpasang di jaringan LAN, yaitu menggunakan perintah show cdp neighbors detail
CORE-SWITCH#show cdp neighbors detail
————————-
Device ID: SW-KL-13
Entry address(es):
IP address: 173.22.22.131
Platform: cisco WS-C3560-48PS, Capabilities: Switch IGMP
Interface: GigabitEthernet2/0/3, Port ID (outgoing port): GigabitEthernet0/3
Holdtime : 129 sec
Version :
Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(25)SEB4, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Tue 30-Aug-05 14:19 by yenanh
advertisement version: 2
Protocol Hello: OUI=0×00000C, Protocol ID=0×0112; payload len=27, value=00000000FFFFFFFF0102250D000000000000001818AB7300FF0000
VTP Management Domain: ‘CISCOKU’
Native VLAN: 1
Duplex: full
Management address(es):
IP address: 173.22.22.131
VIRTUAL PRIVATE NETWORK dengan Open VPN (server login with password) Agustus 21, 2009
Posted by setijoagus in Linux, Network.Tags: Network, openvpn
add a comment
VPN user & password
25. Agar VPN menanyakan user dan password
a. Tambahkan pada server
[root@router easy-rsa]# vi /etc/openvpn/server.conf
##############################################################
# server openvpn
##############################################################plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so login
client-cert-not-required
username-as-common-name
b. Tambahkan pada client
[root@iscatm2 easy-rsa]# vim /etc/openvpn/client.conf
auth-user-pass
1. VIRTUAL PRIVATE NETWORK dengan Open VPN (pendahuluan)
2. VIRTUAL PRIVATE NETWORK dengan Open VPN (server)
3. VIRTUAL PRIVATE NETWORK dengan Open VPN (client linux)
4. VIRTUAL PRIVATE NETWORK dengan Open VPN (client windows)
5. VIRTUAL PRIVATE NETWORK dengan Open VPN (server login with password)
VIRTUAL PRIVATE NETWORK dengan Open VPN (client windows) Agustus 21, 2009
Posted by setijoagus in Linux, Network.Tags: Linux, Network, vpn. open vpn
add a comment
VPN CLIENT WINDOWS
14. Double Klik openvpn-x.x.x-install.exe.
15. Klik tombol Next >, Klik tombol I Agree.
16. Klik tombol Next >, Klik tombol Install.
17. Setelah beberapa saat, akan muncul, pop-up window peringatan sebagai berikut, Klik tombol Continue Anyway.
18. Klik tombol Next > , Klik tombol Finish.
19. Di tray sudut kanan bawah akan muncul ikon sbb :
20. Untuk konek ke Openvpn server, yang diatur pertama-tama file client.ovpn, yang dapat dicopy dari directory C:\Program Files\OpenVPN\sampel-config\ ke direktori C:\Program Files\OpenVPN\config.
21. Setelah itu klik kanan pada tray ikon OpenVPN GUI, pilih Edit Config.
############################################################################
# client openvpn
#
############################################################################
client
dev tun
proto tcp
remote 202.43.252.1 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert myclient1.crt
key myclient1.key
comp-lzo
verb 3
22. Copykan juga file – file yang dibutuhkan hasil generate dari server openvpn : ca.crt, myclient1.crt, myclient1.key
23. Connect ke internet terlebih dahulu, bisa menggunakan dial up dan broadband
24. Setelah terkoneksi ke internet, klik kanan pada OpenVPN GUI dan Klik Connect.
1. VIRTUAL PRIVATE NETWORK dengan Open VPN (pendahuluan)
2. VIRTUAL PRIVATE NETWORK dengan Open VPN (server)
3. VIRTUAL PRIVATE NETWORK dengan Open VPN (client linux)
4. VIRTUAL PRIVATE NETWORK dengan Open VPN (client windows)
5. VIRTUAL PRIVATE NETWORK dengan Open VPN (server login with password)
VIRTUAL PRIVATE NETWORK dengan Open VPN (client linux) Agustus 21, 2009
Posted by setijoagus in Linux, Network.Tags: Network, openvpn
add a comment
VPN CLIENT LINUX
11. install rpm yang dibutuhkan
http://dag.wieers.com/rpm/packages/lzo2/
[root@router test]# rpm -Uvh lzo2-2.02-3.el4.rf.i386.rpm lzo2-devel-2.02-3.el4.rf.i386.rpm
warning: lzo2-2.02-3.el4.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6
Preparing… ########################################### [100%]
1:lzo2 ########################################### [ 50%]
2:lzo2-devel ########################################### [100%]
http://dag.wieers.com/rpm/packages/openvpn/
[root@iscatm2 oracle]# rpm -Uvh openvpn-2.0.9-1.el5.rf.i386.rpm
warning: openvpn-2.0.9-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
Preparing… ########################################### [100%]
1:openvpn ########################################### [100%]
12. copy file /etc/openvpn/vars dari Server. Copy key client dari Server
[root@iscatm2 keys]# scp -r root@202.43.252.1:/etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/easy-rsa/keys
root@202.43.252.1’s password:
ca.crt 100% 1261 1.2KB/s 00:00
[root@iscatm2 keys]# scp -r root@202.43.252.1:/etc/openvpn/easy-rsa/keys/myclient1.* /etc/openvpn/
root@202.43.252.1’s password:
myclient1.crt 100% 3569 3.5KB/s 00:00
myclient1.csr 100% 749 0.7KB/s 00:00
myclient1.key 100% 887 0.9KB/s 00:00
[root@iscatm2 keys]# touch /etc/openvpn/openvpn-status.log
[root@iscatm2 keys]# touch /etc/openvpn/openvpn.log
[root@iscatm2 keys]# chown nobody:nobody /etc/openvpn/openvpn-status.log
[root@iscatm2 keys]# chown nobody:nobody /etc/openvpn/openvpn.log
13. Konfigurasi OpenVPN client
[root@iscatm2 easy-rsa]# vim /etc/openvpn/client.conf
############################################################################
# client openvpn
#
############################################################################
client
dev tun
proto tcp
remote 202.43.252.1 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert myclient1.crt
key myclient1.key
comp-lzo
verb 3
1. VIRTUAL PRIVATE NETWORK dengan Open VPN (pendahuluan)
2. VIRTUAL PRIVATE NETWORK dengan Open VPN (server)
3. VIRTUAL PRIVATE NETWORK dengan Open VPN (client linux)
4. VIRTUAL PRIVATE NETWORK dengan Open VPN (client windows)
5. VIRTUAL PRIVATE NETWORK dengan Open VPN (server login with password)
VIRTUAL PRIVATE NETWORK dengan Open VPN (server) Agustus 21, 2009
Posted by setijoagus in Linux, Network.Tags: Network, open vpn
add a comment
SERVER GATEWAY & OPENVPN
1. Install rpm yang dibutuhkan
http://dag.wieers.com/rpm/packages/lzo2/
[root@router test]# rpm -Uvh lzo2-2.02-3.el4.rf.i386.rpm lzo2-devel-2.02-3.el4.rf.i386.rpm
warning: lzo2-2.02-3.el4.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6
Preparing… ########################################### [100%]
1:lzo2 ########################################### [ 50%]
2:lzo2-devel ########################################### [100%]
http://dag.wieers.com/rpm/packages/openvpn/
[root@router test]# rpm -Uvh openvpn-2.0.9-1.el4.rf.i386.rpm
warning: openvpn-2.0.9-1.el4.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6
Preparing… ########################################### [100%]
1:openvpn ########################################### [100%]
2. CA configuration
[root@router test]# cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa /etc/openvpn/
[root@router test]# cd /etc/openvpn/easy-rsa
[root@router easy-rsa]# vim vars
export D=`pwd`
export KEY_CONFIG=$D/openssl.cnf
export KEY=$D/keys
export KEY_SIZE=1024
export KEY_COUNTRY=ID
export KEY_PROVINCE=JAWATIMUR
export KEY_CITY=SURABAYA
export KEY_ORG=”ISCUBS”
export KEY_EMAIL=”setijo@gmail.com”
export KEY_OU=”IT”
export KEY_COMMON=”ubslinux.com”
[root@router easy-rsa]# chmod u+x *
[root@router easy-rsa]# source ./vars
NOTE: when you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
[root@router easy-rsa]# ./clean-all
3. Build CA
[root@router easy-rsa]# ./build-ca
Generating a 1024 bit RSA private key
…………++++++
……………………………..++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [ID]:
State or Province Name (full name) [JAWATIMUR]:
Locality Name (eg, city) [SURABAYA]:
Organization Name (eg, company) [ISCUBS]:
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server’s hostname) []:ubslinux.com
Email Address [setijo@gmail.com]:
4. Building server key
[root@router easy-rsa]# ./build-key-server isc
Generating a 1024 bit RSA private key
…………………………………………..++++++
……++++++
writing new private key to ‘isc.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [ID]:
State or Province Name (full name) [JAWATIMUR]:
Locality Name (eg, city) [SURABAYA]:
Organization Name (eg, company) [xxx]:
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server’s hostname) []:ubslinux.com
Email Address [setijo@gmail.com]:
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName 
RINTABLE:’ID’
stateOrProvinceName RINTABLE:’JAWATIMUR’
localityName RINTABLE:’SURABAYA’
organizationName RINTABLE:’xxx’
organizationalUnitName:PRINTABLE:’IT’
commonName RINTABLE:’ubslinux.com’
emailAddress :IA5STRING:’setijo@gmail.com’
Certificate is to be certified until Jul 7 08:17:47 2018 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@router easy-rsa]#
5. Generate Diffie Hellman parameter
[root@router easy-rsa]# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
………………………………………..+…………….+..+………..+…………………………………………………………………..+……………………………………………….+………….+………………………………………………………………………………………………….+……+………………………………………………….+……+…………………………………………………………………….+………………………………………………………………………….+………………………………………………..+………………………………………………………………………………..++*++*++*
6. Konfigurasi OpenVPN
[root@router easy-rsa]# cd /etc/openvpn
[root@router openvpn]# cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/
[root@router openvpn]# cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/
[root@router openvpn]# cp /etc/openvpn/easy-rsa/keys/isc.key /etc/openvpn/
[root@router openvpn]# cp /etc/openvpn/easy-rsa/keys/isc.crt /etc/openvpn/
[root@router openvpn]# cp /etc/openvpn/easy-rsa/keys/dh1024.pem /etc/openvpn/
[root@router openvpn]# vim /etc/openvpn/server.conf
############################################################################
# server openvpn
############################################################################
port 1194
proto tcp
dev tun
ca ca.crt
cert isc.crt
key isc.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “route 172.20.0.0 255.255.0.0″
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
7. Cara menjalankan VPN Server
[root@router openvpn]# service openvpn restart
Shutting down openvpn: [ OK ]
Starting openvpn: [ OK ]
8. Generate key dan certificate untuk client
[root@router easy-rsa]# ./build-key myclient1
Generating a 1024 bit RSA private key
………………………..++++++
…………………………………++++++
writing new private key to ‘myclient1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [ID]:
State or Province Name (full name) [JAWATIMUR]:
Locality Name (eg, city) [SURABAYA]:
Organization Name (eg, company) [xxx]:
Organizational Unit Name (eg, section) []:myclient1
Common Name (eg, your name or your server’s hostname) []:myclient1
Email Address [setijo@gmail.com]:
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName RINTABLE:’ID’
stateOrProvinceName RINTABLE:’JAWATIMUR’
localityName RINTABLE:’SURABAYA’
organizationName RINTABLE:’xxx’
organizationalUnitName:PRINTABLE:’myclient1′
commonName RINTABLE:’myclient1′
emailAddress :IA5STRING:’setijo@gmail.com’
Certificate is to be certified until Jul 7 09:08:21 2018 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@router easy-rsa]# ./build-key myclient2
Generating a 1024 bit RSA private key
………++++++
…………++++++
writing new private key to ‘myclient2.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [ID]:
State or Province Name (full name) [JAWATIMUR]:
Locality Name (eg, city) [SURABAYA]:
Organization Name (eg, company) [xxx]:
Organizational Unit Name (eg, section) []:myclient2
Common Name (eg, your name or your server’s hostname) []:myclient2
Email Address [setijo@gmail.com]:
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName RINTABLE:’ID’
stateOrProvinceName RINTABLE:’JAWATIMUR’
localityName RINTABLE:’SURABAYA’
organizationName RINTABLE:’xxx’
organizationalUnitName:PRINTABLE:’myclient2′
commonName RINTABLE:’myclient2′
emailAddress :IA5STRING:’setijo@gmail.com’
Certificate is to be certified until Jul 7 09:09:01 2018 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@router easy-rsa]#
9. setup iptables
[root@router easy-rsa]# iptables -F -t nat
[root@router easy-rsa]# iptables -L -t nat
[root@router easy-rsa]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE
[root@router easy-rsa]# echo 1 > /proc/sys/net/ipv4/ip_forward
10. agar setiap kali reboot dijalankan
[root@router easy-rsa]# vim /etc/rc.local
/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
1. VIRTUAL PRIVATE NETWORK dengan Open VPN (pendahuluan)
2. VIRTUAL PRIVATE NETWORK dengan Open VPN (server)
3. VIRTUAL PRIVATE NETWORK dengan Open VPN (client linux)
4. VIRTUAL PRIVATE NETWORK dengan Open VPN (client windows)
5. VIRTUAL PRIVATE NETWORK dengan Open VPN (server login with password)
VIRTUAL PRIVATE NETWORK dengan Open VPN (pendahuluan) Agustus 21, 2009
Posted by setijoagus in Linux, Network.Tags: Network, open vpn
add a comment
Seandainya kita memiliki kantor cabang dan diinginkan agar komputer yang berangkutan menjadi bagian LAN kantor pusat maka solusinya adalah membangun VPN, salah satu software yang pas adalah openvpn. Dengan VPN kita dapat mobile dan tetap terhubung dengan LAN kantor asal tetap terhubung dengan internet.
Kesimpulannya seolah-olah kita terkoneksi ke LAN kantor secara lokal dengan cara yang aman. Hal ini dapat terjadi karena kita membangun tunel yang dienkripsi baik dengan user/password, sertifikat maupun dengan share secret key.
Salah satu solusi dari aplikasi VPN yang populer adalah OpenVPN. Aplikasi ini dikembangkan oleh James Yonan dan Francis Dinha
1. VIRTUAL PRIVATE NETWORK dengan Open VPN (pendahuluan)
2. VIRTUAL PRIVATE NETWORK dengan Open VPN (server)
3. VIRTUAL PRIVATE NETWORK dengan Open VPN (client linux)
4. VIRTUAL PRIVATE NETWORK dengan Open VPN (client windows)
5. VIRTUAL PRIVATE NETWORK dengan Open VPN (server login with password)
