How to Check an IP Address, Routes and links

To get the depth information of your network interfaces like IP Address, MAC Address information, use the following command as shown below.


# ip addr show


$ sudo ip addr show

]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:44:43:24 brd ff:ff:ff:ff:ff:ff
    inet 216.xx.xx.xx/24 brd 216.xx.xx.255 scope global eth0
    inet6 fe80::20c:29ff:fe44:4324/64 scope link
       valid_lft forever preferred_lft forever


# ip route show
216.xx.xxx.0/24 dev eth0  proto kernel  scope link  src 216.xx.xxx.xxx
169.254.0.0/16 dev eth0  scope link  metric 1002
default via 216.xx.xxx.1 dev eth0

#  ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:44:43:24 brd ff:ff:ff:ff:ff:ff

How to Setup networking on centos 7

Source: http://www.krizna.com/centos/setup-network-centos-7/

When installing Centos 7, You may not able to connect network in that machine. This will happen because Ethernet interfaces are not enabled by default and need additional configuration.

Type “nmcli d” command in your terminal

# nmcli d

Recommended for beginners
Step 1 » Type this command “nmtui” to open Network manager and press enter after choosing ” Edit a connection” ( Use TAB for choosing options ) .

Command Line

Network interface config files are located in /etc/sysconfig/network-scripts/ directory. Open ifcfg-en…


nano /etc/sysconfig/network-scripts/ifcfg-en

Find


BOOTPROTO=none
ONBOOT=no 

and replace with


BOOTPROTO=static
ONBOOT=yes 


And add the below lines at the end of the file.


IPADDR=172.27.0.32
NETMASK=255.255.255.0
GATEWAY=172.27.0.1
DNS1=172.27.0.5File will look like below after changes.
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=enp0s17
UUID=f0c5b37d-299a-43cb-b74b-618bb252d129
ONBOOT=yes
HWADDR=00:0C:29:A1:B5:CC
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPADDR=192.168.1.10
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.5


# systemctl restart network

Additionally you can use /etc/sysconfig/network file for hostname and DNS.
<pre>

HOSTNAME=server.krizna.com
DNS1=192.168.1.5
DNS2=8.8.8.8
SEARCH=domain.com

Add additional IP’s to Ubuntu Server

Here is how to add additional IP’s to your Ubuntu server

Add it to the server just on a temporary basis. A reboot will erase the changes.

Using ifconfig

If you want to add a secondary IP address to a NIC already in use in Linux, and have that change only temporary. Enter this command:

# ifconfig [nic]:0 [IP-Address] netmask [mask] up

Example:

#ifconfig eth0:0 192.168.1.2 netmask 255.255.255.0 up

If you prefer to use the ip command instead of ifconfig

# ip address add [ip]/[mask-digits] dev [nic]

IP command example

#ip address add 192.168.99.37/24 dev eth0

With this command you can add more ip address to the same NIC, the second is considered as secondary.

Add a permanent IP address to the Server

For Ubuntu systems, edit the /etc/network/interfaces file

# nano /etc/network/interfaces

Example:


auto eth0:1
iface eth0:1 inet static
address 192.168.0.1
gateway 192.168.0.254
netmask 255.255.255.0

The restart networking for the changes to take effect

~# service networking restart
 * Reconfiguring network interfaces... 

Check to see if the IP’s re enabled

# ifconfig

You should see the additional IP’s here

You can add What you need. Just change eth0:1 for eth0:2, eth0:3 etc. This can also be done for any other network cards like eth1, eth2, etc.

If the network show this:

# nano /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

auto em1
iface em1 inet static
address 162.xx.xx.xx
netmask 255.255.255.0
gateway 162.xx.xx.1
broadcast 162.xx.xx.255
dns-nameservers 8.8.4.4

Add this

auto em2
iface em1 inet static
address 10.156.1.xxx
netmask 255.255.255.224

Change the gateway in CentoS

Edit the netowrk file

# nano /etc/sysconfig/network

You should see this:

HOSTNAME=host.domain.com
# =============================================================
# Network Script generated by BareMetal
# =============================================================
NETWORKING=yes
NETWORKING_IPV6=no
GATEWAY=216.xx.xx.1

Change the Gateway and save then restart networking

# service  network restart

Changing the primary IP address of a CentOS Server

ssh to the server.

#nano /etc/sysconfig/network-scripts/ifcfg-eth0

You will find…

# =============================================================
# Network Interface Script generated by BareMetal
# =============================================================
DEVICE=eth0
BOOTPROTO=STATIC
ONBOOT=yes
IPADDR=216.55.xx.xx
NETMASK=255.255.255.0
HWADDR=6C:62:xx:xx:xx:C3

Change this line only to the new IP

IPADDR=216.55.xx.xx

Note: If you are changing to an IP on a different subnet and need to change your default gateway, this can be configured under /etc/sysconfig/network

Save the file and restart

# service network restart

Set up OpenVPN Server and Client on Windows 10

Need to setup a VPN? Here’s how to download and install OpenVPN.

Download the installer from https://openvpn.net/index.php/download/community-downloads.html and run it on the server computer.

  1. Remember to adjust the Windows firewall (open the 1194 UDP port).
  2. Assign a static IP to the new created TAP interface (like 10.8.0.1).
  3. Install OpenVPN on each client. (This step can be skipped for now and done at any convenient time)
  4. Choose All check boxes for the install

Certificates and Keys

Preparatory Steps

Navigate to the C:\Program Files\OpenVPN\easy-rsa folder in the command prompt:

Press Windows Key + R
Type “cmd.exe” and press Enter.
cmd.exe

Right click to run as administrator
Navigate to the correct folder:

cd "C:\Program Files\OpenVPN\easy-rsa"

Initialize the OpenVPN configuration:

init-config

NOTE: Only run init-config once, during installation.
Open the vars.bat file in a text editor:

notepad vars.bat

Edit the following lines in vars.bat, replacing “US”, “CA,” etc. with your company’s information:

set KEY_COUNTRY=US
set KEY_PROVINCE=CA
set KEY_CITY=SanFrancisco
set KEY_ORG=OpenVPN
set KEY_EMAIL=mail@host.domain

Save the file and exit notepad.
Run the following commands:

vars

clean-all

Building Certificates and Keys

The certificate authority (CA) certificate and key:

build-ca

When prompted, enter your country, etc. These will have default values, which appear in brackets. For your “Common Name,” a good choice is to pick a name to identify your company’s Certificate Authority. For example, “OpenVPN-CA”:

Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:OpenVPN-CA
Email Address [mail@host.domain]:

* This builds the ca key in C:\Program Files\OpenVPN\easy-rsa\keys

The server certificate and key:

build-key-server server

When prompted, enter the “Common Name” as “server”
When prompted to sign the certificate, enter “y”
When prompted to commit, enter “y”

Client certificates and keys:

For each client, choose a name to identify that computer, such as “mike-laptop” in this example.

build-key mike-laptop

When prompted, enter the “Common Name” as the name you have chosen (e.g. “mike-laptop”)
Repeat this step for each client computer that will connect to the VPN.
Generate Diffie Hellman parameters (This is necessary to set up the encryption)

build-dh

Set up the ta.key file.
In commnad prompt as administrator, go to cd “C:\Program Files\OpenVPN\bin”

# openvpn --genkey --secret ta.key

copy the file to the C:\Program Files\OpenVPN\config directory and to your config directory on your local machine.

Configuration Files

Find the sample configuration files:
Start Menu > All Programs > OpenVPN > OpenVPN Sample Configuration Files

Server Config File

go to C:\Program Files\OpenVPN\sample-config

Open server.ovpn

Find the following lines:

ca ca.crt
cert server.crt
key server.key
dh dh2048.pem

Edit them as follows:

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"

Save the file as C:\Program Files\OpenVPN\easy-rsa\server.ovpn

Client Config Files

This is similar to the server configuration.

Open client.ovpn
Find the following lines:

ca ca.crt
cert client.crt
key client.key

Edit them as follows:

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\mike-laptop.crt"
key "C:\\Program Files\\OpenVPN\\config\\mike-laptop.key"

Notice that the name of the client certificate and key files depends upon the Common Name of each client.
You can also include the ca, cert and key content in the client file. You have to copy the file content inside the tag .

Edit the following line, replacing “my-server-1” with your server’s public Internet IP Address or Domain Name. If you need help, see Static Internet IP below.

remote my-server-1 1194

Save the file as C:\Program Files\OpenVPN\easy-rsa\mike-laptop.ovpn (in this example. Each client will need a different, but similar, config file depending upon that client’s Common Name.)
Copying the Server and Client Files to Their Appropriate Directories
Copy these files from C:\Program Files\OpenVPN\easy-rsa\ to C:\Program Files\OpenVPN\config\ on the server:

ca.crt
dh1024.pem
server.crt
server.key
server.ovpn

Copy these files from C:\Program Files\OpenVPN\easy-rsa\ on the server to C:\Program Files\OpenVPN\config\ on each client (mike-laptop, in this example):

ta.key
ca.crt
mike-laptop.crt
mike-laptop.key
mike-laptop.ovpn

Starting OpenVPN

On both client and server, run OpenVPN from:
Start Menu -> All Programs -> OpenVPN -> OpenVPN GUI
Double click the icon which shows up in the system tray to initiate the connection. The resulting dialog should close upon a successful start.

Running OpenVPN as a Service

OpenVPN to be run from a non-administrator account.
OpenVPN to be started automatically on system startup. This is often preferred on the server machine, as well as any machines which will be constantly connected to the server.
Run the Windows Service administrative tool:
Press Windows Key + R
Type “services.msc” and press Enter.
services.msc
Find the OpenVPN service, and set its Startup Type to “automatic.”
Optionally, start the service now.

Further Considerations / Troubleshooting

Firewall Configuration
If you have connection problems, make sure to set a rule on your server’s firewall allowing incoming traffic on UDP port 1194.

Port Forwarding
If your server is behind a firewall/router, you will need to forward the port chosen for OpenVPN (in this example UDP 1194) to the server. Consult your router’s documentation for details on this.

To set up port forwarding, you will likely need to set up the server with a static local IP address instead of the default dynamic (changing) IP. Make sure to choose a static IP address that is not in the range your router might assign as a dynamic IP, but is within the router’s subnet (usually 192.168.0.xxx , 10.0.0.xxx , or similar).

Security Tips

Transmit all needed files to the client computers using a secure means such as a USB drive (email is not always a secure means).
Choose a port other than UDP 1194, and replace the port number wherever this guide mentions UDP port 1194.

IP or DNS leak

OpenVPN Internet Proxy Windows

This has all internet traffic route to the server IP so your IP is not disclosed.

Generate a TA key and place it in the same folder as the other certificates/keys:

cd C:\Program Files\OpenVPN\bin
openvpn --genkey --secret ta.key

Copy the key to the C:\Program Files\OpenVPN\config directory
Append the following lines to your server.ovpn profile:

# Route all traffic through VPN
push "redirect-gateway def1"
# Push Google DNS to prevent leak
push "dhcp-option DNS 8.8.8.8"
tls-auth ta.key 0 # This file is secret

Set the serer.ovpn file to use the following network as the network sharing below will use this network for the adaptor.

# server 192.168.137.0 255.255.255.0

Append the following lines to your client.ovpn profile:

# Block DNS leak
block-outside-dns
tls-auth ta.key 1 # This file is secret

Service tweaks on the Windows server
Open the Services window
Find Routing and Remote Access and set it to: Startup type – Automatic
Start the service
Adapter tweaks
Open the network adapters window
Right-click your internet adapter (e.g. Ethernet) and then: Properties -> Sharing -> Allow other network users to connect through this computer’s Internet connection
(if applicable) From the drop-down list select your OpenVPN TAP adapter (e.g. Ethernet?)
Note: Only one adapter can be shared at a time, so if you don’t see the Sharing tab, make sure no other adapter is being shared.

Registry tweaks

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value: IPEnableRouter
Type: REG_DWORD
Data: 0x00000001 (1)

Optional: Configure a static route (if behind router)
You have to route all packets sent to the client’s virtual IP back to the VPN server.

Example using Cisco router:

10.8.0.0 – virtual network subnet
255.255.255.0 – virtual network subnet mask
192.168.1.175 – VPN server internal IP (in the subnet of the router)

Hardening iformation; https://community.openvpn.net/openvpn/wiki/Hardening

Setting up new user certificates

Navigate to the C:\Program Files\OpenVPN\easy-rsa folder in the command prompt:

Press Windows Key + R
Type “cmd.exe” and press Enter.
cmd.exe

Right click to run as administrator
Navigate to the correct folder:

cd "C:\Program Files\OpenVPN\easy-rsa"

Run the following:

vars

For each client, choose a name to identify that computer, such as “newuser-openvpn” in this example.

build-key newuser-openvpn

Open the C:\Program Files\OpenVPN\easy-rsa\sample-config directory. Copy the clients.ovpn to the name for the new user, ie, newuser-openvpn.ovpn.

Copy these files from C:\Program Files\OpenVPN\easy-rsa\keys and C:\Program Files\OpenVPN\easy-rsa\sample-config on the server to C:\Program Files\OpenVPN\config\ on each client (newuser-openvpn.ovpn, in this example):

ta.key
ca.crt
newuser-openvpn.ovpn.crt
newuser-openvpn.ovpn.key
newuser-openvpn.ovpn.ovpn

Copy to the C:\Program Files\OpenVPN\config on the new user computer.

Adding additional IP addresses to your Windows Server 2012

From the Windows desktop, move your mouse to the top right corner of the screen to bring up the Charms bar, and click on Start to bring up the Start screen. In the Start screen, click on the Control Panel tile, and then in the Control Panel screen click on View network status and tasks under the Network and Internet heading.

This opens the Network and Sharing Center screen. To add a new public IP address, click on Local Area Connection. To add a new private IP address, click on Local Area Connection 2.

network_sharing

(This example uses Local Area Connection and a public IP address – the steps for Local Area Connection 2 and a private IP address are identical)

Clicking on Local Area Connection opens the Local Area Connection Status screen.

local_connection1

Click on Properties.

In the Local Area Connection Properties dialog, click on Internet Protocol Version 4 (TCP/IPv4)

local_connection_ipv4

Once you have clicked on Internet Protocol Version 4 (TCP/IPv4), click on Properties.

This takes you to the Internet Protocol Version 4 (TCP/IPv4) Properties screen, which shows the existing IP address, Subnet mask, and Default gateway. To add the new IP address, click on Advanced….

This takes you to the Advanced TCP/IP Settings page. Click on Add… to add the new IP address. Make sure to click the Add button under IP addresses (outlined in blue) and not the Add button under Default gateways.

local_connection_adv_add

This opens the TCP/IP Address dialog. Add the new IP address, and also the Subnet mask, and click on Add.

add_tcpip

his takes you back to the Advanced TCP/IP Settings screen, which should show the new IP address and Subnet mask (highlighted in yellow here).

ip_added

Click OK or Close to get back to the Network and Sharing Center screen. You may get a warning similar to this:

ip_warning

If so, just click on Yes to continue.

Once you get back to the Network and Sharing Center screen, close that screen. Your new IP address is now added to your Windows Server 2012 VS. You can verify this by opening Windows PowerShell and typing in the ipconfig /all command. Look for the new IP address under the Ethernet adapter Local Area Connection section (highlighted in yellow here). If you added a private IP address, it will be under Ethernet adapter Local Area Connection 2.

powershell

This shows that the new IP address has been successfully added to the Virtual Server and is ready for use.

Adding Additional IP Addresses CentOS

ssh to the server

# cd /etc/sysconfig/network-scripts
# ls -l | grep ifcfg-eth
-rw-r--r-- 1 root root   119 Jan 11 19:16 ifcfg-eth0
-rw-r--r-- 1 root root   119 Jan  3 08:45 ifcfg-eth0.bak
-rw-r--r-- 1 root root   119 Feb 24 04:34 ifcfg-eth1
-rw-r--r-- 1 root root   128 Jan 19 18:20 ifcfg-eth1.bak

If the main adapter is called “eth0” you have to call the next (virtual) adapter in a sequential order like so:

ifcfg-eth0 (primary adapter, physical)
ifcfg-eth0:1 (first virtual adapter to the physical primary adapter)
ifcfg-eth0:2 (second virtual adapter to the physical primary adapter)

Copy our primary adapter configuration file and name it to be the first virtual adapter:


# cp ifcfg-eth0 ifcfg-eth0:1
# ls -l | grep ifcfg-eth
-rw-r--r-- 1 root root   119 Jan 11 19:16 ifcfg-eth0
-rw-r--r-- 1 root root   119 Feb 24 08:53 ifcfg-eth0:1
-rw-r--r-- 1 root root   119 Jan  3 08:45 ifcfg-eth0.bak
-rw-r--r-- 1 root root   119 Feb 24 04:34 ifcfg-eth1
-rw-r--r-- 1 root root   128 Jan 19 18:20 ifcfg-eth1.bak

Configure this virtual adapter to be a static IP, no hardware address (MAC), configure netmask and of course rename the device.


# vim ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.1.1.2
NETMASK=255.255.255.0

There is no need to specify a MAC address – it is a virtual adapter and there is also no need to specify a default gateway as it is already routed through the primary adapter. Basically there are only four things that you will need to change:

File name for the adapter itself
DEVICE= (should correspond with the file name)
IPADDR=
NETMASK=

Restart the networking service:


# service network restart

That’s it; lets check ifconfig to make sure the virtual adapter is there and working:


# ifconfig eth0:1
eth0:1    Link encap:Ethernet  HWaddr 08:00:27:ED:05:B7
inet addr:10.1.1.2  Bcast:10.1.1.255  Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1


# ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.073 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.042 ms
64 bytes from 10.1.1.2: icmp_seq=3 ttl=64 time=0.029 ms
64 bytes from 10.1.1.2: icmp_seq=4 ttl=64 time=0.029 ms
--- 10.1.1.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.029/0.043/0.073/0.018 ms