Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


CentOS blocking P2P on OpenVPN
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

CentOS blocking P2P on OpenVPN

geodirkgeodirk Member
edited August 2011 in General

I've got several CentOS-5 LEB's on which I'm running OpenVPN. I have a bunch of users from many countries in the world who use these connections to ensure that their traffic won't be monitored by the government. Unfortunately, one of my users decided to torrent a copy of 'NCIS' on a US server and it resulted in a DMCA take down.

I sent out the nasty-gram notice to my users about doing illegal things like that. But what other steps could I take to prevent this from happening again? Is there a simple way of blocking bittorrent? If I pushed OpenDNS back to the user for their DNS, would that stop this? Open source or commercial solutions are welcome.

Comments

  • I'm in the same boat. looking for something like that.

    The first thing is blocking access to trackers, but it's not that useful.

  • I've never liked OpenDNS as some of the categories their users put sites into don't really reflect what the site is actually about. I know some of the security sites that I monitor are labeled hacking and blocked but yet the commercial security sites, where they try to sell you subscriptions to view those same warnings are labeled as news and programming sites. Some hate sites are not labeled as such either.

    And they seem to miss a lot of sites. For example @mrm2005's trackers up there. I know I can't view the torrent site I use but the trackers are wide open and resolve without issue. Needless to say, I'm not going to point that out to them. ;)

    Unfortunately there's really not anything at the same level and that's probably going to be your only choice.

  • MrAndroidMrAndroid Member
    edited August 2011

    drmike said: I've never liked OpenDNS

    Ignore this, stupid me skimming post again.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    OpenDNS is used by a few people to control torrent access (like our old Portland datacenter - morons). It works OK but unless you find some way to force the users to do DNS lookups through your VPN (not really possible I don't think?) then you're kinda hosed.

    I mean, OpenVPN should be routing DNS lookups through the VPN to another spot. It would be possible to just filter port 53 and run your own local caching servers. This is a jimmy rig of a solution but yea...

    Francisco

    Thanked by 1geodirk
  • By the way, if anyone knows how to tell a Xandros based laptop how to use a specific set of DNS servers instead of what's being provided to it by DHCP, I'd love to know it. All the fixes that I've come across assume that you're only on a single wireless network instead of the 20 or so that I wind up using during the week.

  • skagerrakskagerrak Member
    edited September 2011

    Doesn't it help to simply specify the servers in the resolv.conf? As Xandros is based on Debian...

  • Yup, tried it. Changes got overridden on the next boot. And yes, I checked to see if they had been saved.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @drmike - that's because of DHCP.

    One solution is do do like

    chattr +i /etc/resolv.conf

    as root :)

    You'll need to remember to -i it whenever you want to modify it though.

    Francisco

  • Think I tried that. I know I tried file ownership....

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    chattr is different :P

    dhclient will run as root, but it won't be smart enough to remove a chattr

    Francisco

  • drmikedrmike Member
    edited September 2011

    Gives me this error:

    chattr: Inappropriate ioctl for device while reading flags on /etc/resolv.conf

    Google'ing for that error gives me a whole lot of broken links, 404's and a couple of "You must be typing it wrong."

    edit: If wanderingwifi would just fix their network....

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    are you root? :)

    You might need to sudo.

    Francisco

  • drmikedrmike Member
    edited September 2011

    Yes, I'm at root. Got the blue and red text instead of the normal green text.

    edit: And if I didn't need to deal with 22 different wireless networks....

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    Welp, what I recommend is checking if /etc/resolv.conf is a symlink elsewhere or not. I'm not sure if you can chattr a symlink.

    Other than that i'm not sure 'doc

    Francisco

  • Yup, it' symlinks down to /etc/resolvconf/run/resolv.conf Tried that as well.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    You chattr'd that file?

    Francisco

  • drmikedrmike Member
    edited September 2011

    Yup, same error.

    edit: I did a temp work around and stuck the ip addresses of some of the sites in hosts to get around the opendns lookup. Not a real solution but it'll get me a bit further.

  • Is possible to override the dns servers that dhclient gets

    I have something like this in /etc/dhclient.conf

    interface "wlan1" {
       supersede domain-name-servers 8.8.8.8;
    }
    
Sign In or Register to comment.