Learn about Centmin Mod LEMP Stack today
Register Now

Upgrade MariaDB Create a intranet with a Centmin Cluster and VPN funcion

Discussion in 'Install & Upgrades or Pre-Install Questions' started by EckyBrazzz, Jul 21, 2019.

  1. EckyBrazzz

    EckyBrazzz Active Member

    916
    189
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +362
    Local Time:
    4:28 PM
    Latest
    Latest
    Finally, I got a Centmin Cluster working with lsyncd and a mariadb galera cluster on 3 servers. It is in a testing fase, but everything seems to work. The servers are on different continents. Final target are more servers, but for the mariadb part I only needed 3 and for testing that is oke.

    The setup of lsyncd was easy, I only use some parts of a server to sync. Most parts I took from an issue I found on GitHub. It actually simultaneous replicate files with multiple targets.

    mariadb galera cluster works out of the box, only trick is to start the servers one by one and expanding it with an extra server is also easy, you only have to add the IP of the server in the existing servers and bring up the new one.

    With Softether from the university of Tsubuka Japan you can create an Intranet with VPN functions. I followed many guides, but most of them are base on Ubuntu or Debian, but with a little adjustment I got the VPN part almost working. It gives me only some errors, but that is fine-tuning. https://www.softether.org/4-docs/1-...3_Install_on_Linux_and_Initial_Configurations.

    And the IPtables part, that locked me out several times. But on every step that worked I made snapshots, so I did not lose too much work. I know if I log in I see the warning iptables -F locks you out. But some manuals do that without clear instructions.


    The only difficult part now is to get the intranet working on 3 servers simultaneously.
    I used most parts of this site http://www.programmersought.com/article/7339149815/ but the main part is in Chinese and that language characters I don't understand quite well. But the pictures give a bit on what to do. Only the interface is different, it got updated, so I have to guess what to press. Also, the link from http://www.programmersought.com has a menu with more man pages.

    I don't know if anyone here knows someone with some experience in setting up a working intranet. Especially with the Softether VPN
    If so, please do let me know.
     
  2. EckyBrazzz

    EckyBrazzz Active Member

    916
    189
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +362
    Local Time:
    4:28 PM
    Latest
    Latest
    Made some progress with the VPN and it is amazing what you can do with it.
    I only run into troubles with the CSF firewall activated. At that moment it won't connect because to DHCP won't work. I already added many ports, IP's TCP/UPD in en out to the rules, but it's a no go. I have to do csf -x to get it working. SO I NEED SOME INFO ABOUT OUR CSF FIREWALL!!

    Some examples you can do:
    Did you connect to 2 VPN's simultaneously? Only if you use WireShark to analyze network traffic you get strange results.
    VPN_9.png
    Some options below:
    VPN_3.png

    VPN_4.png
    It even works at a cellphone!
    VPN_5.png

    You can create as much as Virtual Hubs as needed, each with their settings. And Yes, the option Virtual NAT & DHCP works fine.
    VPN_6.png

    Nice welcome screen on login (*layout depends on client)
    VPN_7.png
    Even my adjusted maintenance page works :)
    VPN_8.png
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,355
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    5:28 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You're on your own with networking and firewall configurations for various VPN software as you'd need to know what you're doing to properly configure everything.

    CSF Firewall is just a wrapper to IPTables so you can also use iptables runs just have to load the IPTables rules before CSF Firewall using /etc/csf/csfpre.sh bash script you can create and make executable and then restart CSF Firewall which will load whatever is in /etc/csf/csfpre.sh before hand.

    For VPN's these days I use Wireguard faster than any VPN server I have used to date https://www.wireguard.com/performance/ :)
     
  4. runos

    runos Member

    57
    17
    8
    Dec 17, 2019
    Ratings:
    +22
    Local Time:
    3:28 AM
    1.17.6
    10
  5. eva2000

    eva2000 Administrator Staff Member

    54,355
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    5:28 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Spin up a test VPS with CentOS 7 and try all 3 methods and see which works best for you. When I used Wiredguard, I source compiled it rather than use pre-built YUM packages.
     
  6. runos

    runos Member

    57
    17
    8
    Dec 17, 2019
    Ratings:
    +22
    Local Time:
    3:28 AM
    1.17.6
    10
    I just want to confirm which method will not affect my centmin installation.
     
  7. eva2000

    eva2000 Administrator Staff Member

    54,355
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    5:28 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  8. runos

    runos Member

    57
    17
    8
    Dec 17, 2019
    Ratings:
    +22
    Local Time:
    3:28 AM
    1.17.6
    10
    Ok it's too complicated for me. Will use dedicated VPN instead :)
     
    Last edited: Dec 19, 2023