Directing all VPN traffic through the OpenVPN concentrator

Problem

It is necessary for some users to have all their traffic directed through the OpenVPN concentrator. The number one reason for such a configuration is to protect the HTTP traffic over unsecured WiFi (a.k.a. hotspots).

Solution

Add to the bottom of the connecting client’s configuration file (typically under /etc/openvpn/clients.d the following line:
push "redirect-gateway"


Installing RHEL from an AIX NIM master

Summary

The AIX NIM server allows a very flexible automated installation process to deploy hundreds or AIX nodes as well as LPARs in a matter of hours. It is possible to achieve similar results using the RHEL kickstart system. This article is about a way of automating the RHEL 5 deployment directly from AIX 6.1 NIM.

Process

  • Copy the RHEL 5 DVD to an NFS file system. E.g. /nfs/rhel5
  • Configure the NIM server to offer the correct boot image in /etc/bootptab:

    rhel-host1.domain.com:bf=/nfs/rhel5/images/netboot.img:ip=xxx.xxx.xxx.xxx:ht=ethernet::sa=xxx.xxx.xxx.yyy:sm=255.255.255.0:
    rhel-host2.domain.com:bf=/nfs/rhel5/images/netboot.img:ip=xxx.xxx.xxx.zzz:ht=ethernet::sa=xxx.xxx.xxx.yyy:sm=255.255.255.0
  • Configure TFTP on the NIM server in /etc/tftpaccess.ctl:

    # NIM access for network boot
    allow:/usr/lpp/sysback/netinst/boot
    allow:/tftpboot
    allow:/nfs/rhel5/images
  • Restart TFTP and reload INETD:

    stopsrc -s tftpd
    startsrc -a -n -s tftpd
    refresh -s inetd
  • Boot the network client with SMS: remote ip setup (with client ip, server ip, router ip, subnet mask, ping test), multiboot setup (with ethernet as first boot device)
  • Follow the regular RHEL install process. (This is where you can get kickstart going.)
  • Reboot the system and reset the boot order.