OpenVPN install on a single Ubuntu 18.04 server with EasyRSA 3.0.5

Update the system and install the OpenVPN server

apt update && apt dist-upgrade -y
apt install openvpn

Get the right version of the EasyRSA from GitHub

cd ~
tar xvf EasyRSA-nix-3.0.5.tgz
cd ~/EasyRSA-3.0.5/

Configure the vars file

cp vars.example vars
nano vars
set_var EASYRSA_REQ_PROVINCE "California"
set_var EASYRSA_REQ_CITY "San Francisco"
set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
set_var EASYRSA_REQ_OU "My Organizational Unit"

Run init-pki to initiate the public key infrastructure

./easyrsa init-pki

Build the CA

./easyrsa build-ca nopass

Generate a request and sign the OpenVPN server’s certificate

 ./easyrsa gen-req server nopass 
./easyrsa sign-req server server

Copy the server.key server.crt and ca.crt to the right place

cp ~/EasyRSA-3.0.5/pki/private/server.key /etc/openvpn/
cp ~/EasyRSA-3.0.5/pki/issued/server.crt /etc/openvpn/
cp ~/EasyRSA-3.0.5/pki/ca.crt /etc/openvpn/

Create a strong Diffie-Hellman key and HMAC signature, than copy to /etc/openvpn/ directory

./easyrsa gen-dh
openvpn --genkey --secret ta.key
cp ~/EasyRSA-3.0.5/ta.key /etc/openvpn/
cp ~/EasyRSA-3.0.5/pki/dh.pem /etc/openvpn/

Generating a Client Certificate and Key Pair

mkdir -p ~/client-configs/keys
chmod -R 700 ~/client-configs
cd ~/EasyRSA-3.0.5/
./easyrsa gen-req client1 nopass
cp pki/private/client1.key ~/client-configs/keys/

System Rescue CD via PXE and HTTP

Download the ISO

Mount it under Linux, than copy rescue32 and the initram.igz to the tftp/sysres folder and sysrcd.dat and the md5 hash file under the /var/www/html/sysres/ folder.

Prepare the pxelinux.cfg/default file

LABEL sysres
MENU LABEL System Rescue CD x86
KERNEL sysres/rescue32
APPEND initrd=sysres/initram.igz netboot=http://{SERVER-IP-OR-DNS-NAME}/sysres/sysrcd.dat setkmap=hu

rc.local compatibility on Ubuntu 18.04

nano /etc/systemd/system/rc-local.service
Description=/etc/rc.local Compatibility

ExecStart=/etc/rc.local start

nano /etc/rc.local
#!/bin/sh -e
exit 0
chmod +x /etc/rc.local
systemctl enable rc-local
systemctl start rc-local.service
systemctl status rc-local.service

XCP-ng install via PXE

Get the install media


Mount it under Linux, and populate the xcp folder under the tftpboot like this:

├── pxelinux.cfg
│ └── default
├── pxelinux.0
└── xcp
├── efiboot.img
├── gcdx64.efi
├── grubx64.efi
├── install.img
├── isolinux
│ ├──
│ ├── isolinux.bin
│ ├── isolinux.cfg
│ ├── mboot.c32
│ ├── memtest
│ ├── menu.c32
│ ├── pg_help
│ ├── pg_main
│ └── splash.lss
├── vmlinuz
└── xen.gz
LABEL xcp-ng
MENU LABEL XCP-ng Hypervisor
KERNEL mboot.c32
APPEND xcp/xen.gz dom0_max_vcpus=1-2 dom0_mem=1024M,max:1024M com1=115200,8n1 console=com1,vga --- xcp/vmlinuz xencons=hvc console=hvc0 console=tty0 install --- xcp/install.img

Copy all the files from the iso to a read-only NFS share or to a webserver directory. During the install use NFS or HTTP as a media source.

VNC desktop on Xubuntu 18.04 / CentOS 7.5 with nvidia proprietary driver (x11vnc)

Nvidia driver install on CentOS 7.5

Download the nvidia drivers for unix systems

Install prerequisites

sudo yum -y update
sudo yum -y install epel-release
sudo yum -y groupinstall "GNOME Desktop" "Development Tools"
sudo yum -y install kernel-devel dkms

Edit /etc/default/grub. Append the following to “GRUB_CMDLINE_LINUX”

rd.driver.blacklist=nouveau nouveau.modeset=0

Generate a new grub configuration to include the above changes.

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

Edit/create /etc/modprobe.d/blacklist.conf and append:

blacklist nouveau

Backup your old initramfs and then build a new one

mv /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r)-nouveau.img
sudo dracut /boot/initramfs-$(uname -r).img $(uname -r)

The NVIDIA installer will not run while X is running so switch to text mode and run the installer:

sudo systemctl isolate
sh NVIDIA-Linux-x86_64-*.run

Nvidia driver install on Xubuntu 18.04

sudo apt update
sudo apt dist-upgrade -y
sudo apt autoremove -y
sudo apt install linux-headers-$(uname -r) build-essential
sudo add-apt-repository ppa:graphics-drivers
sudo apt install nvidia-driver-*latest*

x11nvc install and set up for autostart

sudo apt install x11vnc

Make the password file and set up with the right permissions

x11vnc -storepasswd /home/*USER*/.x11vnc.password
sudo chmod 744 .x11vnc.password

Test the connection with the current settings (might need some changes on the firewall)

x11vnc -noxrecord -noxfixes -noxdamage -display :0 -auth guess -forever -rfbauth /home/*USER*/.x11vnc.password -rfbport 5900

If it works, let’s make the autostart daemon
Create the /lib/systemd/system/x11vnc.service with the following content:

Description=Start x11vnc at startup.

ExecStart=/usr/bin/x11vnc -noxrecord -noxfixes -noxdamage -display :0 -auth guess -forever -rfbauth /home/USER/.x11vnc.password -rfbport 5900

sudo systemctl enable x11vnc.service
sudo systemctl daemon-reload
sudo systemctl start x11vnc.service

If there is no monitor attached to the PC, just create the /etc/X11/xorg.conf.d/10-monitor.conf file, with the following content:

Section        "Monitor"
Identifier "Monitor0"
VendorName "Unknown"
ModelName "Unknown"
HorizSync "28.0 - 33.0" #Virtual monitor needs this
VertRefresh "43.0 - 72.0" #this, too
Option "DPMS"
Section "Device"
Identifier "Device"
Driver "nvidia"
VendorName "NVIDIA Corporation"
Option "NoLogo" "1"

Section "Screen"
Identifier "Screen0"
Device "Device0"
Monitor "Monitor0"
DefaultDepth "24"
SubSection "Display"
Depth "24"
Virtual "1920 1080"
Option "AllowEmptyInitialConfiguration" "True"

TeamSpeak 3 server on systemd (Ubuntu 18.04, Debian 9, CentOS 7)

Create a user for the teamspeak server and switch to it

adduser --disabled-login teamspeak
su teamspeak

Get the latest TeamSpeak 3 files for 64-bit Linux server and unpack it

tar xvf teamspeak3-server_linux_amd64-*.tar.bz2

Get the admin token

cd teamspeak3-server_linux_amd64
touch .ts3server_license_accepted
sh start

Make the daemon file

nano /lib/systemd/system/teamspeak3-server.service
Description=TeamSpeak 3 Server

ExecStart=/home/teamspeak/teamspeak3-server_linux_amd64/ts3server inifile=ts3server.ini license_accepted=1


Enable the daemon

systemctl daemon-reload
systemctl start teamspeak3-server.service
systemctl enable teamspeak3-server.service

Ports used by TS3

  • 9987/UDP
  • 30033/TCP
  • 10011/TCP