Howto: TeamSpeak 3 server in pfSense 2.0
-
Warning!!! This is probably not a good idea since most people want their firewalls to have minimal attack footprints and to be as secure as possible.
But it is nice to have a TS server without requiring another power sucking box. :)1.) Download teamspeak 3 FreeBSD archive from http://www.teamspeak.com 2.) Upload arcive to /root 3.) `tar -xvf teamspeak3-server_freebsd-x86-3.0.7.1.tar.gz` 4.) `mv teamspeak3-server_freebsd-x86 /usr/local/lib/` 5.) `pw user add -n teamspeak -c "TeamSpeak User" -d /usr/local/lib/teamspeak3-server_freebsd-x86 -s /usr/sbin/nologin` 6.) `passwd teamspeak` (Set the user's password for added security even though it will not be used because the shell is nologin` 7.) `chown -R teamspeak:teamspeak /usr/local/lib/teamspeak3-server_freebsd-x86` 8.) `vi /usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.sh` #!/bin/sh export LD_LIBRARY_PATH=".:$LD_LIBRARY_PATH" export PATH=".:$PATH" cd "$(dirname "${0}")" /usr/sbin/daemon -f -p ts3server.pid ts3server_freebsd_x86 $@ 9.) `chown teamspeak:teamspeak /usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.sh` 10.) `chmod 755 /usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.sh` 11.) `vi /usr/local/etc/rc.d/teamspeak3-server` #!/bin/sh # # PROVIDE: teamspeak3 # REQUIRE: DAEMON # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf.local or /etc/rc.conf # to enable this service: # # teamspeak3_enable (bool): Set to NO by default. # Set it to YES to enable teamspeak3. # . /etc/rc.subr name="teamspeak3" rcvar=`set_rcvar` teamspeak3_user="teamspeak" command="/usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.sh" procname="ts3server_freebsd_x86" pidfile="/usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.pid" load_rc_config $name run_rc_command "$1" 12.) `chmod 755 /usr/local/etc/rc.d/teamspeak3-server` 13.) Disable the teamspeak server during reboot by adding "/usr/local/etc/rc.d/teamspeak3-server stop" to /etc/rc.reboot right before the line that says "# If PLATFORM is pfSense then remove": example: sleep 1 /usr/local/etc/rc.d/teamspeak3-server stop # If PLATFORM is pfSense then remove Disable the teamspeak server during shutdown by adding "/usr/local/etc/rc.d/teamspeak3-server stop" to /etc/rc.shutdown right before the line that says "# If PLATFORM is pfSense then remove": example: export PATH /usr/local/etc/rc.d/teamspeak3-server stop # If PLATFORM is pfSense then remove 14.) `vi /usr/local/etc/rc.d/run_teamspeak3-server.sh` #!/bin/sh /usr/local/etc/rc.d/teamspeak3-server onestart 15.) `chmod 755 /usr/local/etc/rc.d/run_teamspeak3-server.sh` 16.) Open the appropriate network ports for local and remote access to the teamspeak server: WAN UDP 9987 17.) Check the logs for your ServerAdmin privilege key: /usr/local/lib/teamspeak3-server_freebsd-x86/logs ***Check the latest log for the key.*** ex: ServerAdmin privilege key created, please use the line below token=v1H32gAavrEI8U718bK0WZssL9Cl39OxktQS2Q3Z 18.) When connecting your Client enter this token in the "One-Time Privelege Key:" field. You are now the Admin of this TS server. -
This is how we upgrade the server:
1.) Shutdown the teamspeak server: a.) `/usr/local/etc/rc.d/teamspeak3-server stop` 2.) `cd /usr/local/lib/` 3.) Backup the teamspeak server: a.) `tar -pczvf teamspeak3-server_freebsd-x86.tar.gz teamspeak3-server_freebsd-x86` 4.) Verify the backup contains our server files: a.) `tar -ztvf teamspeak3-server_freebsd-x86.tar.gz` 5.) Download teamspeak 3 FreeBSD archive from http://www.teamspeak.com 6.) Upload arcive to /root 7.) `cd /root` 8.) `tar -xzvf teamspeak3-server_freebsd-x86-3.0.8.tar.gz -C /usr/local/lib` 9.) `chown -R teamspeak:teamspeak /usr/local/lib/teamspeak3-server_freebsd-x86` 10.) Start the teamspeak server and verify everything works: a.) `/usr/local/etc/rc.d/teamspeak3-server onestart` 11.) If you wish to, restart the router and verify the teamspeak server starts as expected. -
This sounds like something I would like to try, I am running 2 24/7 computers. My power bill is sometimes a bit high due to all my "hobbies" in light of that, I would like to make my self more efficient and run a ts3 server and pfsense on one box, if my TS3 server were to be hacked or compromised in anyway, what are the implications of this? Or I guess what I am asking, would this method still be safer than a traditional home firewall?
-
This sounds like something I would like to try, I am running 2 24/7 computers. My power bill is sometimes a bit high due to all my "hobbies" in light of that, I would like to make my self more efficient and run a ts3 server and pfsense on one box, if my TS3 server were to be hacked or compromised in anyway, what are the implications of this? Or I guess what I am asking, would this method still be safer than a traditional home firewall?
Having a dedicated TS3 box would probably be safer. If you add TS3 to your pfsense box and it gets compromized the hacker could do some nasty things with your internet traffic. sniffing/DDOS stuff like that. The hacker would need to be able to compromize The OS to become root if they wanted to cause real damage of course. I do this to save power. Remember nothing is 100% safe. :)
-
I have been looking for some info on this for a while.
Every thing worked nicely until i got to this part:8.) `vi /usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.sh` #!/bin/sh export LD_LIBRARY_PATH=".:$LD_LIBRARY_PATH" export PATH=".:$PATH" cd "$(dirname "${0}")" /usr/sbin/daemon -f -p ts3server.pid ts3server_freebsd_x86 $@i'm very new to linux/FreeBSD and i have no clue on how to get this to work.
i did try ./ts3server_startscript.sh start and the server started and gave me my superadmin info and server admin Token.
the server is up and running :D
Also is there a way to make it a LAN only server? Like block anyone from connecting from the WAN interface?
-
I have been looking for some info on this for a while.
Every thing worked nicely until i got to this part:8.) `vi /usr/local/lib/teamspeak3-server_freebsd-x86/ts3server.sh` #!/bin/sh export LD_LIBRARY_PATH=".:$LD_LIBRARY_PATH" export PATH=".:$PATH" cd "$(dirname "${0}")" /usr/sbin/daemon -f -p ts3server.pid ts3server_freebsd_x86 $@i'm very new to linux/FreeBSD and i have no clue on how to get this to work.
i did try ./ts3server_startscript.sh start and the server started and gave me my superadmin info and server admin Token.
the server is up and running :D
Also is there a way to make it a LAN only server? Like block anyone from connecting from the WAN interface?
The
vicommand edits a new file. You need to enter the proceeding lines into the file.To make this a LAN only TS server on step 16 only open the port on the LAN and not the WAN interface.
-
Ok i will try this soon.
I didn't know #!/bin/sh is the start of a file ;)
I have to update the server anyway.
Also i haven't tried to get anyone to connect to to see if its blocked on the WAN side.
It works very well via lan only 8) -
Ok i will try this soon.
I didn't know #!/bin/sh is the start of a file ;)
I have to update the server anyway.
Also i haven't tried to get anyone to connect to to see if its blocked on the WAN side.
It works very well via lan only 8)Unix like operating systems use the she-bang to start a script. That is how the operating system knows what shell to use when reading the script. Consider it the same as a batch script(.bat file) in windows.
Source: http://en.wikipedia.org/wiki/Shebang_(Unix)
-
Thank you for the info :D
-
Nice :) to see more people are using Teamspeak on their PFSense box. I have created a package to install, update and manage Teamspeak using the webinterface. I have also made a few modification to run the service as a non-root user; to minimize the security risk (in similar way you are doing). I still agree on the warning; you should only use this in your home environment, never install such service in a corporate or production network!
But I wondering if people would like to use this package?
-
Nice :) to see more people are using Teamspeak on their PFSense box. I have created a package to install, update and manage Teamspeak using the webinterface. I have also made a few modification to run the service as a non-root user; to minimize the security risk (in similar way you are doing). I still agree on the warning; you should only use this in your home environment, never install such service in a corporate or production network!
But I wondering if people would like to use this package?
I think it would be nice to have a package installer for Teamspeak for pfSense.
I was thinking about doing the same thing but i don't even know how to start making a package installer.
As soon as i can check it out i would like to see what it can do.
-
I gonna look into how to distribute this (to the packages GIT). One thing that might be a license issue: my code downloads the Teamspeak 3 binaries from their (update) servers. Teamspeak 3 is closed source, so would that be an issue? Can anyone tell if this allowed?
-
I gonna look into how to distribute this (to the packages GIT). One thing that might be a license issue: my code downloads the Teamspeak 3 binaries from their (update) servers. Teamspeak 3 is closed source, so would that be an issue? Can anyone tell if this allowed?
I just posted on Teamspeaks forum about what you want to do. Maybe an moderator will answer soon.
Here is the thread http://forum.teamspeak.com/showthread.php/94571-Is-This-OK-pfSense-Package-for-TS3 -
Thanks. I have sent them a message with some details about the URL we are using. So waiting for them to reply if this is allowed.
-
Thanks. I have sent them a message with some details about the URL we are using. So waiting for them to reply if this is allowed.
I have received a response: "Thank you for contacting TeamSpeak and inquiring about direct downloading of our files. Unfortunately, we only allow our files to be downloaded by the actual individuals directly from our website because the must accept the End User License Agreement (EULA) before they are allowed to download our software. This whole process is bypassed if the software is directly downloaded by any other means, and is therefore, not allowed."
So linking directly is not allowed; I will look into another solution. I'm thinking about letting the user download the files (some kind of archive file) manually and providing an upload form to put the files on PFSense. It would do the trick and Teamspeak is happy as users have to accept their EULA.
-
Yea I kinda figured that may be the case.
Let me know when you get it to the testing faze, I would like to help test it out.
-
Awsome Sander88! This would be great for people who are afraid to install the manual way.
-
Yea I kinda figured that may be the case.
Let me know when you get it to the testing faze, I would like to help test it out.
The Teamspeak 3 package is available for testing purposes in my fork of the pfSense package GIT: https://github.com/sander1988/pfsense-packages . I made some last minute modifications to make it compatible with PFSense 2.1 and added the server upload form (as discussed earlier in this thread).
HooKed and others please test it! ;) I'm looking forward to your feedback. Please include the PFSense version and architecture in your message when you are running into any issues. Just a little reminder: it's a first test release; so don't test it on your production box at this time as it might break things!
-
Awesome! As soon as i get a little free time i'm going to check this out.
I do have a test pfsense server to play with. :)
-
Thanks for suggestion to make teamspeak available on pfsense. I did like op wrote. Everything is working, but there is one thing i don´t understand. Every time i restart the box, teamspeak won´t come up. I have to login (ssh) and start teamspeak manually. I can´t figure out what is going on. Would be nice if someone can help me. And how do i use the scripts from Sander88? Can u get me to the point?
Thank you all…
Regards
