Category: Linux

Automatic vpnc connection on DD-WRT

By , 2012-09-24 18:34

I sometimes have to work from home, which means using VPN. Cisco VPN works quite well, but it’s just not the same as being on the corp network.

Using a spare DD-WRT router (ASUS WL-520GU) running the VPN build of DD-WRT, I set up a persistent VPN connection. Now when I connect my work PC to this router, it behaves just like it’s on the corporate LAN.

How to do it

  1. First, get the recommended DD-WRT VPN build from dd-wrt.com and flash the router.
  2. Connect the VPN router’s WAN/Internet port to your home LAN.
  3. Make sure your router’s LAN IP doesn’t conflict with any subnets in the corp network or your existing home LAN. I used 192.168.133.0/24.
  4. Add your corporate domains and DNS servers to the dnsmasq config (Services tab)
  5. Next, customize the script at the end of this post and paste in the Administration>Commands section. Click Save Startup.
  6. Reboot the router. Wait about 5 minutes (it takes a while to start up) and verify you can ping/access servers on the corp LAN.
  7. Done!

This isn’t exactly the most stable solution, but it works and I haven’t had any disconnects so far. Also much cheaper and much less trouble than setting up a site-to-site VPN using a real Cisco router.

One sticking point is that from now on any changes to router config (DHCP, WiFi, etc.) will require a reboot. Otherwise your VPN tunnel will die and won’t come back for some reason.

Also, speeds are limited by the router’s processor. Mine is only a 266MHz ARM, so IPsec puts quite a load on it, meaning I can only sustain speeds of about 2Mbps – sadly still better than some of our WAN sites that are using T1 lines.

Script

mkdir /tmp/etc/vpnc
rm -f /tmp/etc/vpnc/vpnc.sh
#Create the VPNC startup script in /tmp
echo '
#!/bin/sh 
vpn_concentrator="your.vpn.gateway" ##enter ip or hostname of your Ipsec vpn concentrator
vpn_keepalive_host1="some.server.corp"        ##enter the ip or hostname of a computer that is only reachable if vpn connection is established.
vpn_keepalive_host2="other.server.corp"        ##enter the ip or hostname of a computer that is only reachable if vpn connection is established.
vpn_groupname="groupname"  ##enter the group name here
vpn_grouppasswd="grouppass"   ##enter the group password here
vpn_username="user"       ##enter your username here
vpn_password="pass"        ##enter your password here

#--do not edit this--
#Written by Alain R. 28.Sep.2007
#updated by Matthieu Y. 2012-09-24
vpnc-disconnect
rm -f /tmp/etc/vpnc/vpn.conf
#Create vpnc config file
echo "
IPSec gateway $vpn_concentrator
IPSec ID $vpn_groupname
IPSec secret $vpn_grouppasswd
Xauth username $vpn_username
Xauth password $vpn_password
" >> /tmp/etc/vpnc/vpn.conf
# allow dnsmasq to forward dns replies for LAN subnets
sed -i "s/stop-dns-rebind//g" /tmp/dnsmasq.conf
killall dnsmasq
dnsmasq --conf-file=/tmp/dnsmasq.conf 
#Check if we can ping the IPs specified above
pingtest1 () {
 ping -q -c1 $param1 >> /dev/null
 if [ "$?" == "0" ]; then
       echo 0 #reachable 

 else
	echo 1 #not reachable
 fi
}

pingtest2 () {
 ping -q -c2 $param2 >> /dev/null
 if [ "$?" == "0" ]; then
       echo 0 #reachable 

 else
	echo 1 #not reachable
 fi
}
doloop=true

while [ $doloop==true ]; do
			param1=$vpn_keepalive_host1;

			if [ "`pingtest1`" == "0" ]; then
				sleep 300
			else
				param2=$vpn_keepalive_host2;
				if [ "`pingtest2`" == "0" ]; then
					sleep 300
				else
					doloop=false
					vpnc-disconnect
					vpnc /tmp/etc/vpnc/vpn.conf --dpd-idle 0
					sleep 1
					if [ "`pingtest1`" != "0" ]; then
						sleep 10
					fi
					tundev="`ifconfig |grep tun |cut -b 1-4`"
					iptables -A FORWARD -o $tundev -j ACCEPT
					iptables -A FORWARD -i $tundev -j ACCEPT
					iptables -t nat -A POSTROUTING -o $tundev -j MASQUERADE
					sleep 9
				fi
			fi
done

return 0;
' >> /tmp/etc/vpnc/vpnc.sh
chmod 700 /tmp/etc/vpnc/vpnc.sh
/tmp/etc/vpnc/vpnc.sh&

References:

 

 

Enabling “swap” in an OpenVZ container

By , 2012-03-23 19:28

Oracle client for Linux for some reason requires 1GB of swap space, and will refuse to install, even if you have 9999999999TB of RAM, but 0 swap. Go figure.

Anyway, an OpenVZ container created with Proxmox will by default have 0 swap allocated, despite the Web UI allowing you to specify swap space.

In order to add swap to the container, from a shell prompt, run

On a somewhat related note, here’s how to install oracle client on Debian:

http://randrianiriana.wordpress.com/2010/08/25/debian-php5-oracle-oci8/

vzctl set 213 –swappages 262144 –save

 

Where 213 is your CTID, and 262144 is the amount of swappages you want. 1 page=4096 bytes , so 262144 = rougly 1024MB.

Also, Oracle installer detects 262144 swappages as 1023MB and change, so you will have to put something like 262200 instead.

 

ALSA: cannot find card ‘0’ when using USB sound card

By , 2012-02-24 10:16

I was trying to get my Alix board to properly output audio. It has no VGA and no onboard sound card, so I’m using a USB to audio adapater. The card was detected, all appropriate snd- modules loaded according to lsmod, and it showed up in /proc/asound/cards. Problem is it was card1, and alsamixer and most programs use card0 by default.

It seems that Debian configures snd-usb-audio in /etc/modprobe.d/alsa-base.conf with the index=2 option to prevent it from being the primary card. To disable this behaviour, simply comment out the line.

 

Original answer:

So are you using a USB sound card as your audio device?It looks like you might have removed some audio device from your computer, that is why card0 is missing, where as usb card is configured as card1.

Edit /etc/modprobe.d/alsa-base.conf, include/modify the line for snd-usb-audio

snd-usb-audio index=0

This would update snd-usb-audio to card0, in case you want that as the first card.

via Debian User Forums • View topic – ALSA: cannot find card ‘0’.

Missing shutdown button – lightdm-unity-greeter

By , 2012-02-02 15:13

Found the problem! Your log says ‘/usr/lib/indicators3/6/libsession.so does not exist.’ That file is part of the ‘indicator-session’ package, which provides the shutdown buttons for Unity and Lightdm.

via AUR en – lightdm-unity-greeter.

XBMC on Ubuntu clean install

By , 2012-01-14 17:22

Note to self: Always install ubuntu-restricted-extras first. Without it, XBMC will crash when playing MP3s since libmad is missing.

Ubuntu. TV for human beings. I gotta feeling.

By , 2012-01-12 14:14

So Ubuntu is getting into the TV business. If they can pull it off, and get into Cable/Satellite/IPTV STBs, the would would be a much better place. This looks way better than Microsoft Mediaroom or any proprietary cable box software I’ve seen.

Now, is it just me or does that video sound a lot like this one?

I have to say, I gotta feeling that Canonical might have got it right. Unfortunately, past experience says Big Telecom isn’t very interested in what’s good for the customer.

more at

http://www.ubuntu.com/tv
http://www.theverge.com/2012/1/10/2697982/interview-ubuntu-tv-pete-goodall

Why I use Debian and Ubuntu (Apt)

By , 2011-12-21 10:35

OK, rant time.

Way back in the day (I mean 2001 or so), I used to use rpm-based distros. Red Hat, Mandriva – or rather Mandrake- and they worked fine. As long as you didn’t have to install any packages. To be fair, this was in the early days of package managers and the like, and I was a novice Linux user at the time. Mandrake had put in a good effort with urpmi, but I still had to visit sites like http://rpm.pbone.net/ and http://rpmfind.net/ very often to find this or that package.

Then, in 2004/2005, I discovered Ubuntu. (The OS, not the philosophy. Ha ha.) It was a world of difference. Need a program? apt-get install program would automagically fetch and install it for you. Don’t know the name of the package, or exactly what you’re looking for? apt-cache search can help. If that package you want installed has dependencies, and those have dependencies? No problem, everything gets pulled in and the proposed changes are listed for you. The other advantage was that seemingly any program I could possibly want was available in a Debian/Ubuntu repo.

Fast forward to today. I’ve pretty much been using Debian based distros since then, although I have tried Arch and Slax, and possibly many others that I can’t remember right now. All my servers run either Debian or Ubuntu Server, and my Linux PCs are Ubuntu or Arch. Package management has become so easy that I rarely ever have to worry about it, unless I’m trying to make some major changes outside of repo packages.

Recently, however, I’ve started using some RPM distros again, to see how things have been on that side of the fence. It’s been mostly CentOS and a few CentOS/PBX distros (Elastix, Trixbox, pbxinaflash…). I have to say though, I can’t believe the state of the package management system. CentOS has got yum, which seems to be good in principle, but somehow I’ve seen it massively fail in ways that Apt never has for me. The first issue is not really to do with the package manager, but more the repositories.

For example, we had a service on a server at work that absolutely required “Arial”. In Ubuntu or Debian, all you have to do is enable the non-free repo, or an Arch, use one of the excellent AUR frontends such as yaourt. Then install msttcorefonts (Debian) or ttf-ms-fonts (Arch). The package manager will fetch the MS fonts package and its dependency, cabextract. It then downloads each of the fonts’ self-extracting EXEs from sourceforge, cabextracts them, then installs them to the appropriate fonts directory. Now, on the CentOS 5 server, no such luck.

$ yum install msttcorefonts
Loaded plugins: downloadonly, fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.mirror.nexicom.net
 * extras: centos.mirror.nexicom.net
 * updates: centos.mirror.nexicom.net
Excluding Packages from CentOS-5 - Addons
Finished
Excluding Packages from CentOS-5 - Base
Finished
Excluding Packages from CentOS-5 - Extras
Finished
Excluding Packages from CentOS-5 - Updates
Finished
Setting up Install Process
No package msttcorefonts available.
Nothing to do
$

Awesome. Time to break out the manual package manager, AKA Google. Which brings me to the corefonts sourceforge project homepage, fortunately with clear instructions on how to install on an rpm-based system.

  1. Make sure you have the following rpm-packages installed from from your favourite distribution. Any version should do.
    • rpm-build
    • wget
    • A package that provides the ttmkfdir utility. For example
      • For Fedora Core and Red Hat Enterprise Linux 4, ttmkfdir
      • For old redhat releases, XFree86-font-utils
      • For mandrake-8.2, freetype-tools
  2. Install the cabextract utility. For users of Fedora Core it is available from extras. Others may want to compile it themselves from source, or download the source rpm from fedora extras and rebuild.
  3. Download the latest msttcorefonts spec file from here
  4. If you haven’t done so already, set up an rpm build environment in your home directory. You can to this by adding the line %_topdir %(echo $HOME)/rpmbuild to your $HOME/.rpmmacros and create the directories $HOME/rpmbuild/BUILD and $HOME/rpmbuild/RPMS/noarch
  5. Build the binary rpm with this command:
    $ rpmbuild -bb msttcorefonts-2.0-1.spec

    This will download the fonts from a Sourcforge mirror (about 8 megs) and repackage them so that they can be easily installed.

  6. Install the newly built rpm using the following command (you will need to be root):
    # rpm -ivh $HOME/rpmbuild/RPMS/noarch/msttcorefonts-2.0-1.noarch.rpm

Sounds like fun. Let’s try and see if we’re lucky.

yum install wget rpm-build cabextract

Cool! rpm-build was installed! but wait, how about wget and cabextract? It didn’t mention those!

wget is probably installed, but let’s try anyway:

$ wget
wget: missing URL
Usage: wget [OPTION]... [URL]...

Try `wget --help' for more options.

OK, how about cabextract?

$ cabextract
sh: cabextract: command not found

Well then, that’s wonderful. Thanks for mentioning that you didn’t install cabextract, yum.

Fortunately the good people at corefonts provided a link to the download for cabextract, and fortunately, my server is i386 (I know it doesn’t seem like it from the screenshot), so I can use the pre-built RPM. (For those who need it, the x86_64 package) Now to the final step.

$ wget -O - http://corefonts.sourceforge.net/msttcorefonts-2.0-1.spec | rpm -bb msttcorefonts-2.0-1.spec
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.77304
+ umask 022+ cd /usr/src/redhat/BUILD

[… a hundred or so lines…]

Wrote: /usr/src/redhat/RPMS/noarch/msttcorefonts-2.0-1.noarch.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.22861
+ umask 022
+ cd /usr/src/redhat/BUILD
+ '[' /var/tmp/msttcorefonts-root '!=' / ']'
+ rm -rf /var/tmp/msttcorefonts-root
+ exit 0

Phew, that’s a lot of output. Well exit 0, that’s good. Aaand “Wrote: /usr/src/redhat/RPMS/noarch/msttcorefonts-2.0-1.noarch.rpm”. cool!

And finally:

$ rpm -ivh /usr/src/redhat/RPMS/noarch/msttcorefonts-2.0-1.noarch.rpm
Preparing...                ########################################### [100%]
   1:msttcorefonts          ########################################### [100%]
$

(Another thing that bugs me – no success message! After all that, not even a Yay! Package installed!? I’m disappointed, rpm.)

For illustrative purposes, Debian:

# apt-get install msttcorefonts
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  cabextract ttf-liberation ttf-mscorefonts-installer
The following NEW packages will be installed:
  cabextract msttcorefonts ttf-liberation ttf-mscorefonts-installer
0 upgraded, 4 newly installed, 0 to remove and 4 not upgraded.
Need to get 1103kB of archives.
After this operation, 2109kB of additional disk space will be used.
Do you want to continue [Y/n]? Y

[…]

All fonts downloaded and installed.
Updating fontconfig cache for /usr/share/fonts/truetype/msttcorefonts
Setting up msttcorefonts (2.7) ...
Setting up ttf-liberation (1.04.93-1) ...
Updating fontconfig cache for /usr/share/fonts/truetype/ttf-liberation

Wasn’t that easier? Also, a nice plain English message saying what was done: “All fonts downloaded and installed.” Take notes, rpm.

For completeness’ sake, Arch:

$ yaourt -S ttf-ms-fonts

==> Downloading ttf-ms-fonts PKGBUILD from AUR...
x PKGBUILD
x ttf-ms-fonts.install
x LICENSE

[…]

==> ttf-ms-fonts dependencies:
 - fontconfig (already installed)
 - xorg-fonts-encodings (already installed)
 - xorg-font-utils (already installed)
 - cabextract (package found)

[…]

Targets (1): ttf-ms-fonts-2.0-8

Total Download Size:    0.00 MB
Total Installed Size:   5.49 MB

Proceed with installation? [Y/n]
(1/1) checking package integrity                                         [########################################] 100%
(1/1) checking for file conflicts                                        [########################################] 100%
(1/1) installing ttf-ms-fonts                                            [########################################] 100%
Updating font cache... done.
$

A bit more user interaction, but that’s the point of Arch.

So, to summarize:

Arch/Debian package management > rpm package management (CentOS).

And that’s the end of my rant for today.

Quick and dirty bash script to apt-get update all OpenVZ containers

By , 2011-11-30 22:29

It’s a bit of a pain having to run upgrades on all servers. I could of course, set up unattended upgrades, but I always liked initiating the upgrade process myself. So I wrote a little bash script that will initiate apt-get update and apt-get upgrade on all running OpenVZ containers.

Note that this only works for Debian-based distros. So Debian, *buntu, Linux Mint and the like.

It’s very rough, no error-handling or safeguards, so use at your own risk. Works for me, but YMMV.

#!/bin/bash
#Delete temp file
rm /tmp/tmp-script.sh
#Get running VZ
CTIDS=$(vzlist | awk '{print $1}' | sed -e '/CTID/d' -e ':a;N;$!ba;s/\n/ /g' )
# Echo list of running IDs
echo "$CTIDS"
CTIDarray=($CTIDS)
for x in ${CTIDarray[@]}
do
    echo "#/bin/bash" > /tmp/tmp-script.sh
    chmod +x /tmp/tmp-script.sh
    echo vzctl exec $x "apt-get update &&;  apt-get -y upgrade" >> /tmp/tmp-script.sh
    screen -d -m /tmp/tmp-script.sh
done
#Delete temp file
rm /tmp/tmp-script.sh
#Show running screens
screen -x

First, we rm the /tmp/tmp-script.sh. Starting off with very bad form, I know, feeling lazy right now. Then I use awk and sed to get the IDs of running containers from the output of the vzlist command, and place them on a single line, separated by spaces. Those IDs are than put in an array, so that the update command can be called using a for loop.

For some reason, I couldn’t get screen to launch the

vzctl exec $x "apt-get update &&  apt-get -y upgrade"

command directly, hence the hideous use of a temp file. If anyone can fix/improve this, I would be glad to hear from you!

Quick bash script to restore all OpenVZ dumps

By , 2011-10-05 22:57

This script will read the container ID from the file name, and use it to restore the tgz dump to the same ID on the new OpenVZ/Proxmox server.

Note that this only works if the default name for the vzdumps is kept, and it only works for the next 89 years, because I’m lazy.

Thanks to
http://www.cyberciti.biz/faq/bash-loop-over-file/ and http://bashcurescancer.com/10-steps-to-beautiful-shell-scripts.html

#!/bin/bash
VZDUMPS=/path/to/backups/*.tgz
for f in $VZDUMPS
 
do
        f2=${f#*openvz-}
        VEID=${f2%-20*}
        echo "Restoring $f to $VEID"
        vzrestore $f $VEID
done

How to recursively delete files matching a pattern

By , 2011-09-13 09:45

cd to the folder, run :

$ find . -name '*attach*' | xargs rm

where attach is the keyword present in all filenames to delete.

Custom theme by me. Based on Panorama by Themocracy