Month: March 2019

Mengatasi Remot Desktop Error

~ suji2019 ~ Leave a comment

Cara mengatasi remot dekstop tidak bisa masuk dengan status di bawah ini,

Cara Mengatasinya adalah

  1. Masuk Command Prompt window dengan akses Administrator.
  2. jalankan perintah di bawah
    REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2
  3. silahkan di coba login
~ suji2019 ~ Leave a comment

Install Squid 3.1 Via Webmin dan Limit Access IP | CentOS

CentOS | Squid di port 80 dan limit koneksi ke IP tertentu

Inti dari tutor berikut adalah

  1. install squid di CentOS 5 32bit
  2. install squid di CentOS 6 32bit ada 1 perintah tambahan
  3. install squid di Debian 6 32bit step 6 dan 7 dilewati
  4. installasi dan konfigurasi full menggunakan webmin
  5. Squid di install di port 80
  6. Squid dapat diakses dari sembarang IP
  7. Squid dibatasi hanya dapat koneksi ke IP tertentu

TUTORIAL BERGAMBAR
1. login ke webmin

2. cari “squid”

s1

3. pilih “Squid Proxy Server”

s2

4. install Squid via Webmin

s3

5. Refresh Modules (dan refresh browser anda)

s4

6. Masuk ke Module “Squid Proxy Server”

s5

7. Bikin cache foldernya

 

untuk Debian 6 langkah berikut ini di skip /di lewati. Sedangkan untuk CentOs 6, sebelum membuat cache folder, jalankan command berikut diterminal:

sed -i 's/#cache_dir/cache_dir/g' /etc/squid/squid.conf

 

 

kemudian kembali ke webmin, klik “initialize Cache“:

s6

8. Kembali ke module “Squid Proxy Server”

s7

9. Masuk ke “Ports and Networking”

s8

10. Ganti Port ke 80 (atau port yang di inginkan) kemudian “Save”

s9

11. Masuk ke “Access Control”

s10

12. Buat ACL baru, pilih yg “Web Server Address”

s11

13. “ACL name” di isi bebas, From IP/To IP di isi IP server VPS anda atau IP ssh anda (kalo beda server),

Netmask isi: 32

acl

14. Pindah ke tab “Proxy restrictions” dan pilih “ Add proxy restriction.”

s13

15. Pilih Allow dan Nama ACL yg sebelumnya telah dibuat

Proxy Restriction

16. Pindahkan ACL name yang sebelumnya dibuat menjadi urutan pertama dan hapus ACL: !Safe_ports dan CONNECT !SSL_ports

s15

17. Jalankan Squid nya

s16

18. kalau start gagal, biasanya ada service httpd yang sudah running, matikan service tersebut terlebih dahulu

service httpd stop
chkconfig httpd off

19. Done

credit to: blog.jualssh; dengan beberapa editing seperlunya termasuk screenshot

~ suji2019 ~ Leave a comment

Install Squid sebagai Elite / High-Anonymous Proxy pada VPS

CentOS – update file support / dependencies

yum groupinstall "Development Tools" -y
yum install libxml2-devel libcap-devel -y
yum install kernel-devel kernel-headers -y
yum httpd nano -y
yum update -y

untuk debian atau ubuntu

apt-get install build-essential libssl-dev

Install Squid
CentOS

yum install squid -y

Debian atau Ubuntu

apt-get install squid

hapus config aslinya, jangan khawatir karena config defaultnya masih ada dengan nama file squid.conf.def

rm -rf /etc/squid/squid.conf

Kemudian buat file config nya

touch /etc/squid/squid.conf
nano /etc/squid/squid.conf

Konfigurasi untuk versi 3.xx

dns_nameservers 8.8.8.8 8.8.4.4 4.2.2.1 4.2.2.6 198.6.1.3 204.117.214.10 207.172.11.73
dns_defnames on
dns_retransmit_interval 2 seconds
dns_timeout 5 minutes
balance_on_multiple_ip on
cache_mgr not_to_be_disturbed
client_db on
detect_broken_pconn on
half_closed_clients off
httpd_suppress_version_string on
ignore_unknown_nameservers on
pipeline_prefetch on
prefer_direct on
query_icmp on
range_offset_limit -1
retry_on_error on
server_persistent_connections on
strip_query_terms off
uri_whitespace strip

## untuk password untuk versi 32bit, lokasi file ganti seperti di bawah ini :
## /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
# ACCESS CONTROLS
######################
#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# local networks.
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl SSL_ports port 21 22 25 53 109 143 443 554 563 993 21976
acl Safe_ports port 53 80 136 137 182
acl Safe_ports port 22 25 70 210 280
acl Safe_ports port 143 443 554 563 993
acl Safe_ports port 1025-65535
acl Safe_ports port 8000-8090
acl Safe_ports port 67-68
acl Safe_ports port 123 465 488 587 591 777 6667
acl Safe_ports port 9000-9091
acl Safe_ports port 110 119 995 2030 2401 3306 3690 6881 8443 8843
acl ncsa_users proxy_auth REQUIRED
acl CONNECT method CONNECT
#
#Recommended minimum configuration:
######################
## Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
##
http_access allow localhost
http_access allow ncsa_users
http_access deny to_localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
##
## disable multicast icp
miss_access allow all
ident_lookup_access deny all

# NETWORK OPTIONS
######################
http_port 143

# Leave coredumps in the first cache dir
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_access_log none
cache_store_log none
#
hierarchy_stoplist cgi-bin ?
acl apache rep_header Server ^Apache

ipcache_size 8192
ipcache_low 90
ipcache_high 95

#cache_dir null /tmp
cache_mem 16 MB
cache_dir ufs /var/spool/squid/cache0 1000 16 256
cache_dir ufs /var/spool/squid/cache1 1000 16 256
cache_dir ufs /var/spool/squid/cache2 1000 16 256
cache_dir ufs /var/spool/squid/cache3 1000 16 256
deny_info ::0 all

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

visible_hostname google.com

Konfigurasi untuk versi 2.6xx dan 2.7xx

dns_nameservers 8.8.8.8 8.8.4.4 4.2.2.1 4.2.2.6 198.6.1.3 204.117.214.10 207.172.11.73
cache_mgr not_to_be_disturbed
client_db on
detect_broken_pconn on
dns_defnames on
dns_retransmit_interval 2 seconds
dns_timeout 5 minutes
half_closed_clients off
httpd_suppress_version_string on
ignore_unknown_nameservers on
pipeline_prefetch on
prefer_direct on
query_icmp on
range_offset_limit -1
retry_on_error on
server_persistent_connections on
strip_query_terms off
uri_whitespace strip

## untuk password untuk versi 32bit, lokasi file ganti seperti di bawah ini :
## /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
# ACCESS CONTROLS
######################
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 21 22 25 53 109 143 443 554 563 993 21976
acl Safe_ports port 53 80 136 137 182
acl Safe_ports port 22 25 70 210 280
acl Safe_ports port 143 443 554 563 993
acl Safe_ports port 67-68
acl Safe_ports port 1025-65535
acl Safe_ports port 8000-8090
acl Safe_ports port 123 465 488 587 591 777 6667
acl Safe_ports port 9000-9091
acl Safe_ports port 110 119 995 2030 2401 3306 3690 6881 8443 8843
acl ncsa_users proxy_auth REQUIRED
acl CONNECT method CONNECT
#
#Recommended minimum configuration:
######################
## Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
##
http_access allow localhost
http_access allow ncsa_users
http_access deny to_localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

## disable multicast icp
miss_access allow all
ident_lookup_access deny all
# NETWORK OPTIONS
## open-port ###########
http_port 143
######################
cache_mem 16 MB
cache_dir ufs /var/spool/squid/cache0 1000 16 256
cache_dir ufs /var/spool/squid/cache1 1000 16 256
cache_dir ufs /var/spool/squid/cache2 1000 16 256
cache_dir ufs /var/spool/squid/cache3 1000 16 256

# Leave coredumps in the first cache dir
access_log /var/log/squid/access.log
cache_log  /var/log/squid/cache.log
cache_access_log none
cache_store_log none
#
hierarchy_stoplist cgi-bin ?
acl apache rep_header Server ^Apache

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

visible_hostname Google.com

Setting password
Buat file-nya dulu:

touch /etc/squid/squid_passwd

ubah permission filenya, agar tidak permission denied

chown root.root /etc/squid/squid_passwd

isikan user name dan passwd ke file

htpasswd -b /etc/squid/squid_passwd [user_1] [passwd_1]

Buat cache file dan test jalankan

cd /var/spool
chmod 775 squid
chmod g+w squid
squid -z
squid -d 1 -D
# tekan CTRL+C
service squid restart

start on boot dan start/stop/restart/status squid

chkconfig --add squid
chkconfig squid on
service squid status

all credits: john6000 – bugs4u.info

Solved VPN L2TP

~ suji2019 ~ Leave a comment 
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002

The registry change is mentioned in this KB article : http://support.microsoft.com/kb/926179

In case the KB article goes away, the possible values are as following:

  • 0 (default): A value of 0 (zero) configures Windows XP SP2 so that it cannot initiate IPsec-secured communications with responders that are located behind network address translators.
  • 1: A value of 1 configures Windows XP SP2 so that it can initiate IPsec-secured communications with responders that are located behind network address translators.
  • 2: A value of 2 configures Windows XP SP2 so that it can initiate IPsec-secured communications when both the initiators and the responders are behind network address translators.