Child pages
  • CommIT VPC DNS and VPN Setup

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

To make the development environment identical to the production environment, configure your client to override the authoritative DNS server(s) for the commonidtrust.org domain to the development environment.  You can either configure your DNS, or you can use a VPN.

DNS 

Currently, the DNS server for VPC-Dev runs on a personal, free t2.micro instance in EC2 and is accessible at 52.24.15.28.  You will need a secondary resolver for real addresses, such as 4.2.2.1, 4.2.2.2 (Level3), or 8.8.8.8, or 8.8.4.4(Google).

...

VPN with L2TP over IPSec

...

Account Name: commitdev
Click Authentication Settings...

...

yum -y install Installation 

yum install -y --enablerepo=epel openswan xl2tpd bind


Configure /etc/named.conf and the zone file /var/named/masters/commonidtrust.org (see examples attached).  Configure xl2tpd and Openswan.

chkconfig named on

chkconfig ipsec on

chkconfig xl2tpd on

Recursion is disabled and rate limiting is set at 5 per second.  Since there are a total of 3 records, this is basically impossible to use in any form of attack, ever, and it's in a personal account anyway.

Logging

named logs to /var/log/messages

...

/etc/init.d/named stop

This is configured to serve up the A and/or CNAME records for account.commonidtrust.org, helpdesk.commonidtrust.org, and login.commonidtrust.org for the specific VPC environment. 

VPN Docs:

pretty much just stole http://www.stormacq.com/build-a-private-vpn-server-on-amazons-ec2/