Openvpn+Radius setup+2FA

Installing FreeRADIUS3

Pfsense-Package Manager-FreeRADIUS3

Pfsense-Service-FreeRADIUS-Interfaces-Add
->Port: 1812, Interface Type: Authentication

Pfsense-Service-FreeRADIUS-Interfaces-Add
->Port: 1813, Interface Type: Accountung

Pfsense-Service-FreeRADIUS-Interfaces-NAS/Clients-Add
->Client IP Address : 127.0.0.1
->Client Shared Secret : something

User Management

pfsense-System-User Manager-Authentication Servers-Add
->Type:RADIUS
->Hostname or IP address: 127.0.0.1
->Shared Secret: something
->RADIUS NAS IP Attribute: choose network

pfsense-Service-FreeRADIUS-Users-Add
->Username, Password

Verification

pfsense-Diagonostics-Authentication
->Authentication Server: Radserver
->Username, Password

Pfsense-Diagonostics-Authentication-Test

Add users and assign to specific resources

Pfsense-VPN-OpenVPN-Wizards
->Trype of Server: RADIUS
->Complete to default settings

Pfsense-Services-Users
->Edit/Add user to assgn IP address (one of tunnel network ip address)

pfSense-Firewall-Rule-OpenVPN
->delete Rules
->Add Rules for each users

2FA(Optional)

Pfsense-System-User Manager-Authentication Servers
->Protocol: MS-CHAPv2->PAP

Pfsense-Services-FreeRADIUS-Users
->Password: Leave empty
->Mobile-One-Time-Password : enable
->OTP Auth Method : Google-Authenticator (standard ToTP authentication)
->Generate OTP Secret
->PIN

Configure SMTP

Installing mail server on Ubuntu 19.10 LTS Server

Install postfix
Install mailutils
(optional) mailjet.com

Reference

https://www.linuxbabe.com/mail-server/setup-basic-postfix-mail-sever-ubuntu
https://www.linuxbabe.com/mail-server/postfix-smtp-relay
https://app.mailjet.com/docs/spf-dkim-guide
https://linuxaria.com/pills/how-to-setup-postfix-to-forward-email-to-another-email-account-on-debianubuntu

Cloudflare SSL full strict mode

Copy Cert and Key
Cloudflare – Origin Server – Create Certificate
Copy certificate key(site.pem) and private key (site.key) to origin server (web server)
/etc/cloudflare/site.ca.pem
/etc/cloudflare/site.ca.key

Configure Apache
$sudo a2enmod ssl
$sudo vi /etc/apache2/sites-available/site.ca.conf

ServerAdmin [email protected]
ServerName site.ca
ServerAlias www.site.ca
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =site.ca [OR]
RewriteCond %{SERVER_NAME} =www.site.ca
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

ServerAdmin [email protected]
ServerName site.ca
ServerAlias www.site.ca
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on
SSLCertificateFile /etc/cloudflare/site.ca.pem
SSLCertificateKeyFile /etc/cloudflare/site.ca.key

$sudo apachectl configtest
$sudo systemctl restart apache2
$sudo a2ensite /etc/apache2/sites-available/site.ca.conf
$sudo a2enmod rewrite
$sudo systemctl restart apache2

Enable SSL Full strict mode on Cloudflare
Cloudflare – SSL/TLS – Full(strict)

Installing LAMP+WordPress in 5minutes

There are bunch of different instructions how to install LAMP+Wordpress on Ubuntu distro, I simplified the installation process based on Ubuntu 19.10 LTS, and it won’t take more than 5 minutes to complete entire procedures.

$sudo apt-get update && sudo apt-get upgrade
$sudo apt-get install lamp-server^
$sudo mysql_secure_installation

$sudo mysql
mysql>ALTER USER ‘root’@’localhost’ IDENTIFIED WITH mysql_native_password BY ‘root_password’;
mysql>CREATRE DATABASE dbname mysql>CREATE USER ‘username’@’localhost’ IDENTIFIED BY ‘user_password’;
mysql>GRANT ALL ON dbname.* TO ‘username’@’localhost’;
mysql>FLUSH PRIVILEGES;
mysql>exit;

Download latest wordpress at https://wordpress.org/latest.tar.gz and start installation on /var/www/html folder.

References;
https://www.techrepublic.com/article/how-to-install-a-lamp-server-on-ubuntu-server-19-10/
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-ubuntu-18-04
https://ma.ttias.be/mysql-8-removes-shorthand-creating-user-permissions/