Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
CentOS blocking P2P on OpenVPN
New on LowEndTalk? Please Register and read our Community Rules.

CentOS blocking P2P on OpenVPN

geodirkgeodirk Member
edited August 2011 in General

I've got several CentOS-5 LEB's on which I'm running OpenVPN. I have a bunch of users from many countries in the world who use these connections to ensure that their traffic won't be monitored by the government. Unfortunately, one of my users decided to torrent a copy of 'NCIS' on a US server and it resulted in a DMCA take down.

I sent out the nasty-gram notice to my users about doing illegal things like that. But what other steps could I take to prevent this from happening again? Is there a simple way of blocking bittorrent? If I pushed OpenDNS back to the user for their DNS, would that stop this? Open source or commercial solutions are welcome.

Sarcasm: Just one more service I offer

Comments

  • I'm in the same boat. looking for something like that.

    The first thing is blocking access to trackers, but it's not that useful.

  • I've never liked OpenDNS as some of the categories their users put sites into don't really reflect what the site is actually about. I know some of the security sites that I monitor are labeled hacking and blocked but yet the commercial security sites, where they try to sell you subscriptions to view those same warnings are labeled as news and programming sites. Some hate sites are not labeled as such either.

    And they seem to miss a lot of sites. For example @mrm2005's trackers up there. I know I can't view the torrent site I use but the trackers are wide open and resolve without issue. Needless to say, I'm not going to point that out to them. ;)

    Unfortunately there's really not anything at the same level and that's probably going to be your only choice.

  • MrAndroidMrAndroid Member
    edited August 2011

    drmike said: I've never liked OpenDNS

    Ignore this, stupid me skimming post again.

    The Original Daniel.

  • FranciscoFrancisco Top Provider

    OpenDNS is used by a few people to control torrent access (like our old Portland datacenter - morons). It works OK but unless you find some way to force the users to do DNS lookups through your VPN (not really possible I don't think?) then you're kinda hosed.

    I mean, OpenVPN should be routing DNS lookups through the VPN to another spot. It would be possible to just filter port 53 and run your own local caching servers. This is a jimmy rig of a solution but yea...

    Francisco

    Thanked by 1geodirk
    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • By the way, if anyone knows how to tell a Xandros based laptop how to use a specific set of DNS servers instead of what's being provided to it by DHCP, I'd love to know it. All the fixes that I've come across assume that you're only on a single wireless network instead of the 20 or so that I wind up using during the week.

  • skagerrakskagerrak Member
    edited September 2011

    Doesn't it help to simply specify the servers in the resolv.conf? As Xandros is based on Debian...

  • Yup, tried it. Changes got overridden on the next boot. And yes, I checked to see if they had been saved.

  • FranciscoFrancisco Top Provider

    @drmike - that's because of DHCP.

    One solution is do do like

    chattr +i /etc/resolv.conf

    as root :)

    You'll need to remember to -i it whenever you want to modify it though.

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • Think I tried that. I know I tried file ownership....

  • FranciscoFrancisco Top Provider

    chattr is different :P

    dhclient will run as root, but it won't be smart enough to remove a chattr

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • drmikedrmike Member
    edited September 2011

    Gives me this error:

    chattr: Inappropriate ioctl for device while reading flags on /etc/resolv.conf

    Google'ing for that error gives me a whole lot of broken links, 404's and a couple of "You must be typing it wrong."

    edit: If wanderingwifi would just fix their network....

  • FranciscoFrancisco Top Provider

    are you root? :)

    You might need to sudo.

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • drmikedrmike Member
    edited September 2011

    Yes, I'm at root. Got the blue and red text instead of the normal green text.

    edit: And if I didn't need to deal with 22 different wireless networks....

  • FranciscoFrancisco Top Provider

    Welp, what I recommend is checking if /etc/resolv.conf is a symlink elsewhere or not. I'm not sure if you can chattr a symlink.

    Other than that i'm not sure 'doc

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • Yup, it' symlinks down to /etc/resolvconf/run/resolv.conf Tried that as well.

  • FranciscoFrancisco Top Provider

    You chattr'd that file?

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • drmikedrmike Member
    edited September 2011

    Yup, same error.

    edit: I did a temp work around and stuck the ip addresses of some of the sites in hosts to get around the opendns lookup. Not a real solution but it'll get me a bit further.

  • Is possible to override the dns servers that dhclient gets

    I have something like this in /etc/dhclient.conf

    interface "wlan1" {
       supersede domain-name-servers 8.8.8.8;
    }
    
Sign In or Register to comment.