sudo -s
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add -
echo "deb http://build.openvpn.net/debian/openvpn/<version> <osrelease> main" > /etc/apt/sources.list.d/openvpn-aptrepo.list
echo "deb http://build.openvpn.net/debian/openvpn/stable xenial main" > /etc/apt/sources.list.d/openvpn-aptrepo.list
apt-get update && apt-get install openvpn
References
https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
sudo nano /etc/sysctl.d/99-sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1
sudo sysctl -p
References
https://www.linuxbabe.com/ubuntu/disable-ipv6-on-ubuntu
https://askubuntu.com/questions/440649/how-to-disable-ipv6-in-ubuntu-14-04
https://support.purevpn.com/how-to-disable-ipv6-linuxubuntu
https://xxx.xxx.xxx.xxx:943/admin https://xxx.xxx.xxx.xxx:943/
References
https://openvpn.net/index.php/access-server/overview.html
https://www.loganmarchione.com/2015/08/setup-openvpn-access-server-on-ubuntu-server/
Installing OpenConnect VPN Server on Ubuntu 16.04/17.10
sudo apt install ocserv
Installing Let’s Encrypt Client (Certbot) on Ubuntu 16.04/17.10 Server
sudo apt install ocserv sudo apt install software-properties-common sudo add-apt-repository ppa:certbot/certbot sudo apt update sudo apt install certbot
Obtaining a TLS Certificate from Let’s Encrypt
certbot certonly --standalone -d ocserv.example.com
Editing OpenConnect VPN Server Configuration File
sudo nano /etc/ocserv/ocserv.conf
auth = "plain[/etc/ocserv/ocpasswd]" tcp-port = 443 udp-port = 443 run-as-user = nobody run-as-group = daemon socket-file = /var/run/ocserv-socket server-cert = /etc/letsencrypt/live/ocserv.ml/fullchain.pem server-key = /etc/letsencrypt/live/ocserv.ml/privkey.pem ca-cert = /etc/letsencrypt/live/ocserv.ml/chain.pem max-clients = 8 max-same-clients = 0 try-mtu-discovery = true device = vpns dns = 8.8.8.8 dns = 8.8.4.4 cisco-client-compat = true default-domain = ocserv.example.com tunnel-all-dns = true
Then comment out all the route directives (add # symbol at the beginning of the following four lines), which will set the server as the default gateway for the clients.
route = 10.10.10.0/255.255.255.0 route = 192.168.0.0/255.255.0.0 route = fef4:db8:1000:1001::/64 no-route = 192.168.5.0/255.255.255.0
Fixing DTLS Handshake Failure
DTLS handshake failed: Resource temporarily unavailable, try again.
sudo cp /lib/systemd/system/ocserv.service /etc/systemd/system/ocserv.service sudo nano /etc/systemd/system/ocserv.service
Comment out the following two lines.
Requires=ocserv.socket Also=ocserv.socket
sudo systemctl daemon-reload sudo systemctl stop ocserv.socket sudo systemctl disable ocserv.socket sudo systemctl restart ocserv.service
Creating VPN Accounts
sudo ocpasswd -c /etc/ocserv/ocpasswd username
Enable IP Forwarding
sudo nano /etc/sysctl.conf
net.ipv4.ip_forward = 1
sudo sysctl -p
Configure Firewall for IP Masquerading
ifconfig
sudo iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
Preserving Iptables Rules
apt-get install iptables-persistent
If apt-get install iptables-persistent has no effect, run dpkg-reconfigure iptables-persistent instead
Or do it manually :
By default, iptables ruls are lost after reboot. To preserve them, you can switch to root user and then save your rules to a file.
su - iptables-save > /etc/iptables.rules
nano /etc/systemd/system/iptables-restore.service
[Unit] Description=Packet Filtering Framework Before=network-pre.target Wants=network-pre.target [Service] Type=oneshot ExecStart=/sbin/iptables-restore /etc/iptables.rules ExecReload=/sbin/iptables-restore /etc/iptables.rules RemainAfterExit=yes [Install] WantedBy=multi-user.target
sudo systemctl daemon-reload sudo systemctl enable iptables-restore
Install and Use OpenConnect VPN client on Ubuntu 16.04/17.10 Desktop
sudo apt install openconnect
sudo openconnect -b vpn.example.com:port-number
-b flag will make it run in the background after connection is established
sudo pkill openconnect
sudo apt install network-manager-openconnect network-manager-openconnect-gnome
References
https://www.linuxbabe.com/ubuntu/openconnect-vpn-server-ocserv-ubuntu-16-04-17-10-lets-encrypt
https://yoursunny.com/t/2017/ocserv-letsencrypt/
https://lowendbox.com/blog/install-openconnect-server-on-ubuntu-16-04/
https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules
Install Linux Kernel 4.9 or Above
TCP BBR is supported by Linux since kernel version 4.9. Use the following command to check your Linux kernel version.
uname -r
Simply install the Hardware Enablement Stack (HWE), which provides newer kernel for Ubuntu LTS releases
sudo apt install --install-recommends linux-generic-hwe-16.04
sudo nano /etc/sysctl.conf
net.core.default_qdisc=fq net.ipv4.tcp_congestion_control=bbr
sudo sysctl -p
References
https://www.linuxbabe.com/ubuntu/enable-google-tcp-bbr-ubuntu
sudo dpkg --add-architecture i386
wget -nc https://dl.winehq.org/wine-builds/Release.key sudo apt-key add Release.key sudo apt-add-repository https://dl.winehq.org/wine-builds/ubuntu/
sudo apt-get update
sudo apt-get install --install-recommends winehq-stable
References
https://wiki.winehq.org/Ubuntu
nano /etc/sysctl.conf
fs.file-max = 999999 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_rmem = 4096 4096 16777216 net.ipv4.tcp_wmem = 4096 4096 16777216 net.ipv4.tcp_syncookies = 1 # this gives the kernel more memory for tcp # which you need with many (100k+) open socket connections net.ipv4.tcp_mem = 50576 64768 98152 net.core.netdev_max_backlog = 2500
nano /etc/security/limits.conf
* soft nofile 262144 * hard nofile 262144 * soft nproc 262144 * hard nproc 262144
cat /proc/sys/net/ipv4/ip_local_port_range
cat /proc/sys/kernel/threads-max
nano .bashrc
ulimit -t unlimited ulimit -c unlimited
ulimit -a
References
https://lists.launchpad.net/mosquitto-users/msg00163.html
crontab -e
@reboot /path/to/script
References
https://askubuntu.com/questions/814/how-to-run-scripts-on-start-up
You could try adding this to your shell profile export _JAVA_OPTIONS=-Xmx2048m to assign more memory to Java by defualt
References
https://stackoverflow.com/questions/6064112/how-to-set-default-maximum-heap-size-for-java-xmx-for-linux-centos
https://askubuntu.com/questions/542585/how-to-increase-java-heap-size
First install SDKMAN
curl -s "https://get.sdkman.io" | bash source "$HOME/.sdkman/bin/sdkman-init.sh"
Install Gradle
sdk install gradle
References
http://sdkman.io/install.html
https://gradle.org/install/