Debian/Ubuntu Tips and Tricks

Debuntu

Debian/Ubuntu Tips and Tricks

Archive for the 'HowTo' Category

How-To: Bash Parameter Expansion and Default Values

Posted by chantra on 28th January 2013

Bash is a sh-compatible command language interpreter that executes commands read from the standard input or from a file.
There is much more to bash than running a sequence of commands, one of the features bundled with bash is parameter expansion.

Any shell user has most likely used shell variables, be it $1 or $myvar, to save values... but there is more to it. This tutorial will cover a subset of shell parameter expansion that can become really handy and save you a lot of time.

Read the rest of this entry »

Tags: , , ,
Posted in Administration, HowTo, Softwares, System | No Comments »

Mastering Top

Posted by chantra on 22nd January 2013

top is most likely one of the most known Linux command and also one of the most used one, however most people do not take full advantage of its capabilities.

In this tutorial, we will see a few usages of top that will make allow you to get more out of it.

Read the rest of this entry »

Tags: , ,
Posted in Administration, HowTo, System | 4 Comments »

How-To: OpenVPN on Debian Squeeze with Username/Password authentication

Posted by chantra on 16th January 2013

Client configuration

To get the client configuration set, you will need to provide the following file:

  • ta.key
  • ca.crt

# mkdir clientconfig
# cp /etc/openvpn/easy-rsa/2.0/keys/{ca.crt,ta.key} clientconfig/

And finally create the config file clientconfig/client.ovpn

client
dev tun
proto udp
# change to your vpn server
remote 172.16.132.5 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
ns-cert-type server
tls-auth ta.key 1
# in UDP mode, explicitely notify
# the server that we exit
# send up to 3 attempts
explicit-exit-notify 3
comp-lzo
verb 3
auth-user-pass

Finally, provide the clientconfig folder and its content to a client.

I would recommend using network-manager-openvpn package on Debian/Ubuntu. It is a easy as importing the configuration through network-manager wizard.

Another way to connect to your newly intalled openvpn server is to run the following command:

chantra@fb-ubu1210-64:~/clientconfig$ sudo openvpn ovpn.ovpn
Tue Jan 15 20:22:14 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct  8 2012
Enter Auth Username:chantra
Enter Auth Password:
Tue Jan 15 20:22:22 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jan 15 20:22:22 2013 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Jan 15 20:22:22 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 15 20:22:22 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 15 20:22:22 2013 LZO compression initialized
Tue Jan 15 20:22:22 2013 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Jan 15 20:22:22 2013 Socket Buffers: R=[212992->131072] S=[212992->131072]
Tue Jan 15 20:22:22 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan 15 20:22:22 2013 Local Options hash (VER=V4): '504e774e'
Tue Jan 15 20:22:22 2013 Expected Remote Options hash (VER=V4): '14168603'
Tue Jan 15 20:22:22 2013 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Tue Jan 15 20:22:22 2013 UDPv4 link local: [undef]
Tue Jan 15 20:22:22 2013 UDPv4 link remote: [AF_INET]172.16.132.5:1194
Tue Jan 15 20:22:22 2013 TLS: Initial packet from [AF_INET]172.16.132.5:1194, sid=8c1e69ca 24d3f240
Tue Jan 15 20:22:22 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jan 15 20:22:22 2013 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston CA/emailAddress=me@myhost.mydomain
Tue Jan 15 20:22:22 2013 VERIFY OK: nsCertType=SERVER
Tue Jan 15 20:22:22 2013 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston CA/emailAddress=me@myhost.mydomain
Tue Jan 15 20:22:22 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 15 20:22:22 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 15 20:22:22 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 15 20:22:22 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 15 20:22:22 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 15 20:22:22 2013 [frd1h01] Peer Connection Initiated with [AF_INET]172.16.132.5:1194
Tue Jan 15 20:22:24 2013 SENT CONTROL [frd1h01]: 'PUSH_REQUEST' (status=1)
Tue Jan 15 20:22:24 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
Tue Jan 15 20:22:24 2013 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jan 15 20:22:24 2013 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jan 15 20:22:24 2013 OPTIONS IMPORT: route options modified
Tue Jan 15 20:22:24 2013 OPTIONS IMPORT: route-related options modified
Tue Jan 15 20:22:24 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jan 15 20:22:24 2013 ROUTE default_gateway=172.16.132.2
Tue Jan 15 20:22:24 2013 TUN/TAP device tun0 opened
Tue Jan 15 20:22:24 2013 TUN/TAP TX queue length set to 100
Tue Jan 15 20:22:24 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jan 15 20:22:24 2013 /sbin/ifconfig tun0 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Tue Jan 15 20:22:24 2013 /sbin/route add -net 172.16.132.5 netmask 255.255.255.255 gw 172.16.132.2
Tue Jan 15 20:22:24 2013 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.1
Tue Jan 15 20:22:24 2013 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.1
Tue Jan 15 20:22:24 2013 GID set to nogroup
Tue Jan 15 20:22:24 2013 UID set to nobody
Tue Jan 15 20:22:24 2013 Initialization Sequence Completed

That's it, you should now be able to connect to your OpenVPN server and encrypt all the traffic between your workstation and your server!

Tags: , , , ,
Posted in Administration, HowTo, Networking, Softwares, System | No Comments »

How-To: Running Munin 2.0 on Debian Squeeze (6.0)

Posted by chantra on 7th January 2013

Munin 2.0 has been released and a .deb package has even been backported to Debian Squeeze!.

Version 2.0 comes with a bunch of new features and scalability improvements. This how-to will explain how to install and configure Munin 2.0 using Apache and mod-fcgid on Debian Squeeze.

munin graph

Munin Zoomed Graph

The feature that I was really looking forward in Munin 2 was graph zooming which makes it really easy and convenient to visualize what happened at a given moment in time.

Most of the install process is actually detailed in http://munin-monitoring.org/wiki/CgiHowto2 but there were some missing bits to get it properly working on my set up (Debian Squueze + Apache2), hence while this how-to will look pretty similar to that wiki page, it should hopefully fill the gaps.

I will not cover the munin-node part as there should not be anything different since 1.4 and this old tutorial should still be accurate: How-To: Monitoring A Server With Munin.

Installing Munin

Debian backport is providing a .deb for Debian Squeeze, so once you have added debian backports repository, installing Munin is nearly an apt-get away.

Adding Debian Backport Repository

Create and edit /etc/apt/sources.list.d/backports.list and add:

deb http://backports.debian.org/debian-backports squeeze-backports main

Update your repositories:

# apt-get update

and finally, install Munin from the squeeze-backports:

# apt-get install munin -t squeeze-backports

The default /etc/munin/munin.conf is enough to monitor localhost. Within the next 5 minutes, a cron job will be ran and will start collecting metrics.

Now, we need to configure Apache to serve munin pages.

Apache settings

This new version of Munin now defaults to using CGI to generate HTML and GRAPH, so if you don't have any CGI module installed yet, get it rolling and install one and enable it:

# apt-get install libapache2-mod-fcgid
# a2enmod fcgid

Then, we will create a new virtual host that will serve Munin graphs. So, let's create /etc/apache2/sites-available/munin and edit it with:

<VirtualHost *:80>
        DocumentRoot /var/cache/munin/www
        ServerName munin.example.com
        Alias /static /etc/munin/static
        # Rewrites
        RewriteEngine On
        # HTML
        RewriteCond %{REQUEST_URI} !^/static
        RewriteCond %{REQUEST_URI} .html$ [or]
        RewriteCond %{REQUEST_URI} =/
        RewriteRule ^/(.*)           /usr/lib/munin/cgi/munin-cgi-html/$1 [L]
        # Images
        # - remove path to munin-cgi-graph, if present
        RewriteRule ^/munin-cgi/munin-cgi-graph/(.*) /$1
        RewriteCond %{REQUEST_URI}                 !^/static
        RewriteCond %{REQUEST_URI}                 .png$
        RewriteRule ^/(.*)  /usr/lib/munin/cgi/munin-cgi-graph/$1 [L]
        # Ensure we can run (fast)cgi scripts
        ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
        <Location /munin-cgi/munin-cgi-graph>
                Options +ExecCGI
                <IfModule mod_fcgid.c>
                        SetHandler fcgid-script
                </IfModule>
                <IfModule !mod_fcgid.c>
                        SetHandler cgi-script
                </IfModule>
                Allow from all
        </Location>
        ScriptAlias /munin-cgi/munin-cgi-html /usr/lib/munin/cgi/munin-cgi-html
        <Location /munin-cgi/munin-cgi-html>
                Options +ExecCGI
                <IfModule mod_fcgid.c>
                        SetHandler fcgid-script
                </IfModule>
                <IfModule !mod_fcgid.c>
                        SetHandler cgi-script
                </IfModule>
                Allow from all
        </Location>
        <Location />
                Options +ExecCGI
                <IfModule mod_fcgid.c>
                        SetHandler fcgid-script
                </IfModule>
                <IfModule !mod_fcgid.c>
                        SetHandler cgi-script
                </IfModule>
                Allow from all
        </Location>
        <Location /static/>
                SetHandler None
                Allow from all
        </Location>
        <Directory /var/cache/munin/www>
                Order allow,deny
                #Allow from localhost 127.0.0.0/8 ::1
                Allow from all
                Options None
                # Set the default expiration time for files to 5 minutes 10 seconds from
                # their creation (modification) time.  There are probably new files by
                # that time.
                #
            <IfModule mod_expires.c>
                ExpiresActive On
                ExpiresDefault M310
            </IfModule>
        </Directory>
</VirtualHost>

Finally, enable this new site:

# a2ensite munin

That's it, we now need to reload apache:

# /etc/init.d/apache2 reload

Now, you should be able to access munin at http://munin.example.com and zoom on graph!

Tags: , , ,
Posted in Administration, HowTo, System | No Comments »

How-To: Change boot runlevel with Grub2

Posted by chantra on 14th December 2012

Linux start up behaviour is driven by the so-called runlevels. It will use the default value provided in /etc/inittab for some systems (Debian...), or /etc/init/rc-sysinit.conf or some others (Ubuntu...).

This tutorial will show how to change the runlevel used during boot by modifying Grub2 start up prompt.

One of the common use case to change runlevel during boot is when you lost the root password and need to change it. In that case, you will want to boot linux in runlevel 1, this runlevel is a single user mode and makes you land on a system directly with a root prompt \o/.
This is also called in many distribution as the Recovery mode or Rescue mode.

Accessing Grub Screen

Grub2 Startup

Grub2 Startup

In order to be able to modify the runlevel used at boot, you will first need to access Grub 2 boot start up screen. Most distro will stay on that screen for about 10 seconds and will boot a default kernel in case you did not touch any keys, on some others, this screen is getting more and more hidden and in that case, you will need to try out a combinaison of either Esc or Shift keys until you get Grub2 startup screen.

Editing boot parameters

Once there, you need to enter

e

On the Grub entry you would like to boot.

Boot parameter edition

Boot parameter edition

This will get you to the boot parameter edition screen.
You now need to go to the end of the linux line and add a 1.

Booting it

Finally, hit F10 or Ctrl-x to boot linux with this new parameter.

root prompt

Root prompt

You should now have a root prompt!

Tags: , ,
Posted in Administration, HowTo, System | No Comments »

How-To: Tmux a Terminal Multiplexer

Posted by chantra on 7th December 2012

As a sysadmin, most of my time is spent working on remote machines and different task. tmux is a terminal multiplexer, meaning it allows you to run multiple terminals in the same windows.

This tutorial will explain the basics features of tmux that should help you be more productive with your every day task.

If you do now have tmux installed yet, well, it is time to fire up a terminal and get it installed:

# apt-get install tmux

Just like screen, tmux has the great feature of being able to detach the sessions, this means that you can start a session on a remote machine from your office, do your work there during the day, detach the session and go how and finally, the day after re-attach to your session and have everything set up just like you left the office the previous day.

So, let's start with handling sessions first

Session Management

Single Session

If you plan to only run a single session on your session, it will be enough to just run:

$ tmux

This should give you a session called [0] and is nothing more than shell.

If you want to exit that process, you can exit like you would do with a normal command prompt, and that would kill the session, or you can type Ctrl-b d and you will detach the session.

The next time you want to attach the session, you will run

$ tmux attach

and that will get you back to it.

Nice, we can now create a session, do some stuff in it, detach it and re-attach it later.

Multiple Session

Let's get a step further and handle multiple session, but before that I think it is worth understanding the jargon used in tmux lingua.

Lingua

tmux

tmux sessions

Tmux can create multiple session, each session is composed of windows, which can then be split vertically and horizontally.

In the picture, you can see that there is 2 sessions (session1 and session2) which respectively contain s1win1, s1win2 for the former and s2win1, s2win2 for the latter.
The window which has the focus is s2win1 in session2. The active session is mentionned between square brackets [session2] while the active window is marked with an asterisk s2win1.

Managing Sessions and Windows

Here are a few commands that we will be using:

  • Ctrl-b c create a new window
  • Ctrl-b , rename window
  • Ctrl b n next window
  • Ctrl b p previous window
  • Ctrl-b : command prompt
  • Ctrl-b w choose window
  • Ctrl-b s choose tree
  • Ctrl-b $ rename session
  • Ctrl-b ? help

Now, let's create some sessions and windows and play a bit with them to get a better understanding of what can be done.

First, we will create a first session called session1 which will have its first window called s1win1:

$ tmux new -s session1 -n s1win1

then, we will create a second session from within the running tmux client instance we are using and will call the sesion session2 with its first window called s2win1. Type Ctrl-b :, this gives you a prompt. now type:

new -s session2 -n s2win1

You should now have created a new session with a new window and this should be your active window.

Let create a new window within that session:

Ctrl-b c

and rename it to s2win2:

Ctrl-b ,

At the prompt, change the name of the window to s2win2 and hit enter.
Good, we now have 2 sessions with some window in them. Let's detach from it and play a bit more with it.

Ctrl-b d

now, from the shell prompt, we can list the sessions with:

$ tmux ls

and re-attach session 1 using:

$ tmux a -t session1

Now, lets rename session1 to myfirstsession:

Ctrl-b $

and type the the name of the session.
Now, let get back to session2 s2win2 by typing:

Ctrl-b s

And using the left-right arrows to fold/unfold the sessions'windows list and up-down to move around.
Finally, once the cursor is on (4) └─> 1: s2win2* hit enter.

To go back to s2win1, type:

Ctrl-b p

and

Ctrl-b n

To switch back to s2win2, or we could have used

Ctrl-b w

to move between windows.
Finally, get close all this up and press

Ctrl-d

twice, this should tell you that the session [exited].
Let's check the sessions left:

$ tmux ls
myfirstsession: 1 windows (created Fri Dec 7 00:00:42 2012) [238x56]

Let's attach to it:

$ tmux a

and close it

Ctrl-d

That's it! we have created multiple sessions and windows, moved around, rename things and finally cleaned everything. There is much more that can be done with tmux but that will be it for this post, and hopefully, more to come soon!

In the meantime, dont forget to use Ctrl-b ? within tmux to access the help along with man tmux for even more help!

Tags: ,
Posted in Administration, HowTo, System | 2 Comments »

How-To: Log HAProxy messages only once

Posted by chantra on 27th January 2012

When enabling logs with HAProxy on a busy web site, hard disk space can quickly become a scarce resource.

The reason is that, most of the time, HAProxy is set to use local0 facility which tend to write logs to a bunch of files in /var/log such as messages...

Thanks to rsyslog, we will be able to canalize those logs to a more appropriate location and only once, saving a bunch of disk space.

This tutorial will go over the steps required to accomplish this set up.

This how-to is based on Debian Lenny, but I believe settings are pretty much the same on the actual stable: Debian Squeeze.

In our setup, we are going to log HAProxy messages in a dedicated directory in order avoid getting too many files in /var/log. Here, I have chosen /var/log/haproxy.

So let's get started and create that directory:

# mkdir /var/log/haproxy

Then, we tell HAProxy to log info and notice messages. this is done by editing /etc/haproxy/haproxy.cfg as follow:

...
global
     log /dev/log   local0 info
     log /dev/log   local0 notice
....
....

Then, we tell rsyslog to catch those messages and write them in a specific file. Create and edit /etc/rsyslog.d/haproxy.conf woth:

if ($programname == 'haproxy' and $syslogseverity-text == 'info') then -/var/log/haproxy/haproxy-info.log
& ~
if ($programname == 'haproxy' and $syslogseverity-text == 'notice') then -/var/log/haproxy/haproxy-notice.log
& ~

Finally, we need to tell logrotate how to rotate those logs. This is done by Creating and editing /etc/logrotate.d/haproxy with:

/var/log/haproxy/*.log {
        weekly
        missingok
        rotate 7
        compress
        delaycompress
        notifempty
        create 640 root adm
        sharedscripts
        postrotate
                /etc/init.d/haproxy reload > /dev/null
        endscript
}

Which basically rotate the file every week and keep 7 week worth of copies.

Now, everything should be set up properly, we just have to restart rsyslog and haproxy to take those new changes into account:

/etc/init.d/rsyslog reload
/etc/init.d/haproxy reload

That's it, now, your notice and info message from haproxy should be in separate files and only there, not in 4 or 5 of them in /var/log.

Tags: ,
Posted in Administration, HowTo, System | 6 Comments »

How-To: WMware Workstation 7.1 on Ubuntu Maverick Meerkat 10.10

Posted by chantra on 13th July 2010

There were some changes in the latest kernel release (2.6.34) that prevent VMware's VMCI Socket module to compile on Ubuntu 10.10 (Maverick Meerkat).

When starting vmware from the command line, one might get the following message:

make[1]: Entering directory `/usr/src/linux-headers-2.6.35-7-generic-pae'
  CC [M]  /tmp/vmware-root/modules/vsock-only/linux/af_vsock.o
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:312: warning: initialization from incompatible pointer type
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:359: warning: initialization from incompatible pointer type
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c: In function ‘VSockVmciStreamConnect’:
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:3224: error: ‘struct sock’ has no member named ‘sk_sleep’
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:3247: error: ‘struct sock’ has no member named ‘sk_sleep’
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:3259: error: ‘struct sock’ has no member named ‘sk_sleep’
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c: In function ‘VSockVmciAccept’:
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:3319: error: ‘struct sock’ has no member named ‘sk_sleep’
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:3335: error: ‘struct sock’ has no member named ‘sk_sleep’
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:3369: error: ‘struct sock’ has no member named ‘sk_sleep’
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c: In function ‘VSockVmciPoll’:
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:3467: error: ‘struct sock’ has no member named ‘sk_sleep’
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c: In function ‘VSockVmciStreamSendmsg’:
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:4107: error: ‘struct sock’ has no member named ‘sk_sleep’
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:4144: error: ‘struct sock’ has no member named ‘sk_sleep’
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:4197: error: ‘struct sock’ has no member named ‘sk_sleep’
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c: In function ‘VSockVmciStreamRecvmsg’:
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:4431: error: ‘struct sock’ has no member named ‘sk_sleep’
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:4471: error: ‘struct sock’ has no member named ‘sk_sleep’
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:4537: error: ‘struct sock’ has no member named ‘sk_sleep’
make[2]: *** [/tmp/vmware-root/modules/vsock-only/linux/af_vsock.o] Error 1
make[1]: *** [_module_/tmp/vmware-root/modules/vsock-only] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.35-7-generic-pae'
make: *** [vsock.ko] Error 2
make: Leaving directory `/tmp/vmware-root/modules/vsock-only'

To fix this and get VMware workstation up and running, apply the patch attached as follow:

tar -xzvf vmware-7.1-ubuntu10.10-patch.tar.gz
cd vmware-7.1-ubuntu10.10-patch
sudo ./apply_patch.sh

Then, restart Workstation and the module should compile just fine.

Mind that this patch applies to VMware workstation 7.1 261024.

UPDATE:

This patch also works for VMware Workstation 7.1.2 build-301548 on Ubuntu 10.10 with kernel 2.6.35-22-generic-pae

A new file has been attached which should also solve the issue:

make: Entering directory `/tmp/vmware-root/modules/vmmon-only'
make -C /lib/modules/2.6.35-22-generic/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
	  MODULEBUILDDIR= modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.35-22-generic'
  CC [M]  /tmp/vmware-root/modules/vmmon-only/linux/driver.o
  CC [M]  /tmp/vmware-root/modules/vmmon-only/linux/driverLog.o
  CC [M]  /tmp/vmware-root/modules/vmmon-only/linux/hostif.o
/tmp/vmware-root/modules/vmmon-only/linux/hostif.c: In function ‘HostIFReadUptimeWork’:
/tmp/vmware-root/modules/vmmon-only/linux/hostif.c:2004: warning: ‘newUpBase’ may be used uninitialized in this function
  CC [M]  /tmp/vmware-root/modules/vmmon-only/linux/iommu.o
/tmp/vmware-root/modules/vmmon-only/linux/iommu.c: In function ‘IOMMU_SetupMMU’:
/tmp/vmware-root/modules/vmmon-only/linux/iommu.c:156: error: implicit declaration of function ‘iommu_map_range’
/tmp/vmware-root/modules/vmmon-only/linux/iommu.c: In function ‘IOMMU_VMCleanup’:
/tmp/vmware-root/modules/vmmon-only/linux/iommu.c:403: error: implicit declaration of function ‘iommu_unmap_range’
make[2]: *** [/tmp/vmware-root/modules/vmmon-only/linux/iommu.o] Error 1
make[1]: *** [_module_/tmp/vmware-root/modules/vmmon-only] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.35-22-generic'
make: *** [vmmon.ko] Error 2
make: Leaving directory `/tmp/vmware-root/modules/vmmon-only'

Tags: ,
Posted in HowTo, Virtualization | No Comments »

How-To: Set up a L2TP over IPSec VPN using a Radius backend — page 3

Posted by chantra on 18th June 2010

This entry is part 3 of 3 in the series How-To: Set up a L2TP over IPSec VPN using a Radius backend

Using freeradius for authentication

Here I am going to consider that the freeradius server is set up correctly, meaning that you can already authenticate your users with freeradius using radtest utility.

In order to get ppp to use freeradius, we need to install libradius1:

# apt-get install libradius1

No we need to set up the server we use in /etc/radiusclient/servers. Here we use the default password on localhost:

localhost testing123

and finally, we tell ppp to use the radius plugin by adding at the end of /etc/xl2tpd/ppp-options.xl2tpd :

plugin radius.so

And that should be it!

Tags: , , , ,
Posted in Administration, HowTo, Networking, System | No Comments »

How-To: Set up a L2TP over IPSec VPN using a Radius backend — page 2

Posted by chantra on 18th June 2010

This entry is part 1 of 3 in the series How-To: Set up a L2TP over IPSec VPN using a Radius backend

XL2TP

Now, let's get on the next phase: XL2TP.

Packages Requirements

You can install xl2tp with the following command:

# apt-get install xl2tp

Configuration

The configuration of xl2tp happens in /etc/xl2tpd/xl2tpd.conf. We are going to provide IPs in the range 10.10.10.2-10.10.10.254, 10.10.10.1 being the endpoint IP of the VPN server.

So go ahead and open /etc/xl2tpd/xl2tpd.conf and make it look like:

[global]
ipsec saref = yes
listen-addr = your external IP address
port = 1701
[lns default]
ip range = 10.10.10.2-10.10.10.254
local ip = 10.10.10.1
refuse chap = yes
require pap = yes
require authentication = no
name = LinuxVPNserver
hostname = YourHostName
ppp debug = yes
length bit = yes
pppoptfile = /etc/xl2tpd/ppp-options.xl2tpd

Copy an example config from xl2tp doc:

sudo cp /usr/share/doc/xl2tpd/examples/ppp-options.xl2tpd /etc/xl2tpd/ppp-options.xl2tpd

Now go and edit etc/xl2tpd/ppp-options.xl2tpd and make it look like:

require-pap
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000

Same here, change it with whatever mstches your settings (DNS...)

Finally test your configuration with:

sudo xl2tpd -D

Tags: , , , ,
Posted in Administration, HowTo, Networking, System | 1 Comment »