September 9, 2015  

SoftEther Server

The SoftEther VPN server installation is fairly well documented at http://www.softether.org.  The download file for x64 is http://www.softether-download.com/files/softether/v4.18-9570-rtm-2015.07.26-tree/Linux/SoftEther_VPN_Client/64bit_-_Intel_x64_or_AMD64/softether-vpnclient-v4.18-9570-rtm-2015.07.26-linux-x64-64bit.tar.gz

What isn’t document is how to start the service under CentOS, which uses the new systemd files for services instead of the init.d scripts that SoftEther is expecting.

  1. Create a file in /etc/systemd/system named vpnserver.service.  This should be owned by root, have attributes 644 and contain:

    #  This file is part of systemd.
    #

    [Unit]
    Description=Vpnserver
    #Documentation=
    DefaultDependencies=no
    #Requires=
    #After=
    [Service]
    Type=simple
    ExecStart=/usr/local/vpnserver/vpnserver start
    ExecStop=/usr/local/vpnserver/vpnserver stop
    [Install]
    WantedBy=multi-user.target

  2. sudo systemctl enable vpnserver
  3. systemctl start vpnserver
systemctl status vpnserver # optional, just to verify
May 26, 2014  

Creating a Windows 8 WiFi hotspot

Windows 8 supports ad hoc networks and WiFi sharing, but not through a GUI interface.  To setup the WiFi adapter on a Windows 8 system to act as a hotspot:

  1. Open an administrative command prompt (Administrator: cmd) via the Win + X shortcut.  You can also type cmd on the Start Screen, right-click and select Run as administrator.
  2. Confirm the WiFi NIC supports virtualization.  Run: netsh wlan show drivers.  The “Hosted network supported : Yes” should be listed.
  3. If it says No then try updating the adapter driver.
  4. Configure an ad hoc connection: netsh wlan set hostednetwork mode=allow ssid=<ad hoc network name> key=<password>.  This sets up a WPA2 PSK network.
  5. Start the network: netsh wlan start hostednetwork
  6. If step 5 fails with a hosted network couldn’t be started and a message about not being in the correct state, go into the Device Manager, and find the Microsoft  virtual NIC under Network adapters.  Disable it, then re-enable it.
  7. Open up the Network Connections and right click on the connection with Internet connectivity.  That’s probably “Local Area Connection”.  Select the Sharing tab, and enable Allow other network users to connect through this computer’s Internet connection.  For the Home networking connection, select the virtual NIC setup by the ad hoc network.  That’s probably something like Local Area Connection*32.  Don’t select the Allow other network users to control or disable the shared Internet connection.
  8. If using something like WireShark for capturing network traffic, select the virtual NIC for the capture interface.  There’s no need to run in Promiscuous mode, and that isn’t well tolerated under Windows 8 anyway.
  9. The ad hoc network will have an adapter IP of 192.168.137.1.  It’s best to make the devices using the hotspot have fixed IPs and then specify192.168.137.1 as the gateway address.  Not specifying IPs results in DHCP, but I’ve never seen the ad hoc gateway successfully act as a DHCP server.  In that case, APIPA kicks in and the hotspot clients have to specify the gateway’s APIPA IP.  Messing with the ICS service under Windows 8 didn’t seem to help the situation.
May 26, 2014  

Changing the boot order in a dual-boot configuration

The default entry for booting in a dual-boot Ubuntu 14.04 and Windows configuration is the first entry in the list.  The dual-boot configuration uses Grub2 for the boot manager.  The settings are under /etc/default and not Grub’s /boot/grub location.  While there are GUI ways to update the order (Grub-Customizer from the Software Center), people have had mixed results with it.  It is easy to go the text file route to change the order.

  1. sudo vi /etc/default/grub
  2. find the GRUB_DEFAULT=0 line and change 0 to 5.  The 5 corresponds to the zero based entry on the boot menu
  3. save the file
  4. run sudo update-grub

If you put an entry in for the index that’s invalid, then the boot loader will use 0 instead.

September 17, 2013  

Installing Flyspray

The list of prerequisites for Flyspray is long.  The easy way is to install XAMPP as a starting point.

http://www.apachefriends.org/en/xampp.html

Then download and install Flyspray.

http://flyspray.org/download

That should be easy, but it isn’t.  You get a .zip with .html instructions in it that you don’t know how to display.  The answer is:

  1. install XAMPP by:
    1. chmod 755 xampp-linux-x64-1.8.3-1-installer.run
    2. ./xampp-linux-x64-1.8.3-1-installer.run
    3. press <enter> to get the default settings for the install
    4. start the XAMPP server via /opt/lamp/lamp start
    5. check that <http://ip of box> displays a XAMPP page
  2. delete or move off the files in /opt/lampp/htdocs.
  3. unzip the Flyspray files into the /opt/lampp/htdocs directory.  You should have files like robots.txt and index.php in it.
  4. chmod 777 /opt/lampp/htdocs/cache and /opt/lampp/htdocs/attachments
  5. delete the flyspray.conf.php file from /opt/lampp/htdocs if it exists.  It probably doesn’t.
  6. chmod 777 /opt/lampp/htdocs – this changes the write permission so you don’t get the ../flyspray.conf.php unwriteable warning about a file that doesn’t even exist (yet.)
  7. tighten security on XAMPP by running /opt/lampp/lampp security
  8. display the root of the web site for install instructions and checklists.
  9. delete the /opt/lamp/htdocs/setup directory
August 31, 2013  

Installing an RPM under CentOS from a local repository

The problem with the standard -Uvh install of an RPM is that it doesn’t resolve any dependencies.  For example, the iperf package from:

ftp.pbone.net iperf-2.0.5-5.3.i686.rpm

needs a boatload of other packages.  You could add the dependencies one at a time, but you’d be doing that all afternoon.  Using yum and a local repository will do the heavy lifting.

  • Create a directory for you local repository, e.g. /root/repo.
  • Put a copy of the RPM into that directory.
  • Fix the ownership and files permissions if root doesn’t own the repository directory: 
    # chown -R root.root /root/repo
  • Install the createrepo package if not installed yet, and then run: 
    # createrepo /root/repo
# chmod -R o-w+r /root/repo
  • Make a repository configuration file in /etc/yum.repos.d/, e.g. /etc/yum.repos.d/my.local.repo containing: 
    [local]
name=My local repository
baseurl=file:///root/repo
enabled=1
gpgcheck=0
  • Install the package (iperf in this case) using: 
    # yum install iperf
  • Once the local repository is setup, you can add other RPMs to the repository directory without need to rerun the repository creation or configuration steps.
August 30, 2013  

Startup script in Fedora 19

In /etc/systemd/system/<x>.service:

[Unit]
Description=What the script will do

[Service]
Type=oneshot
ExecStart=/bin/sh -c ‘/full/path/to/script.sh’

[Install]
WantedBy=multi-user.target
EOF

Then systemctl enable <x>.service

August 26, 2013  

Building MPTCP iproute

You built a new Multi-Path TCP kernel from https://github.com/multipath-tcp/.  Guess what?  You didn’t get matching tools like a revised “ip” to go with it.  Here’s how to build them and get them to a target Fedora 19+ system:

  1. git clone –depth=1 git://github.com/multipath-tcp/iproute-mptcp.git
  2. yum install libdb-devel  this is needed for Berkley DB support
  3. cd iproute-mptcp
  4. make
  5. scp ./etc/iproute2/* <dest>:/etc/iproute2
  6. cd ip
  7. scp ifcfg ip routef routel rtacct rtmon rtpr <dest>:/sbin
  8. cd ../tc
  9. scp tc <dest>:/sbin
August 22, 2013  

Compacting a Linux VM disk

This only works for dynamic disks.

  1. cd to /
  2. dd if=/dev/zero of=ZERO bs=1M
  3. rm ZERO
  4. cd to /boot and repeat

The dd copies blocks of zeros in 1M chunks to a file named ZERO.  The idea is to go to different mount points and zero out unused space.  Only blocks with zero in them are compacted.

As an alternative to using dd, Ben Armstrong suggests:

cat /dev/zero > zero.dat ; sysnc ; sleep 1 ; sync ; rm zero.dat

  1. Shutdown the vm
  2. Vboxmanage modifyhd /fullpath/to/the.vdi –compact

Vboxmanage is in the “\Program Files\Oracle\VirtualBox” directory.

For Hyper-v, you need the PowerShell Hyper-v GUI Management tools installed.  Then run:

Optimize-VHD -Path /fullpath/to/the.vdi -Mode Full

Mounted disks can’t be fully compacted, but mounting the disk as read-only allows a subset of compaction options.

August 14, 2013  

Building a CentOS 6.4 module

  1. Install necessary tools.
    • yum groupinstall "Development Tools
    • yum install rpm-build redhat-rpm-config asciidoc hmaccalc perl-ExtUtils-Embed xmlto
    • yum install binutils-devel elfutils-libelf-devel newt-devel python-devel zlib-devel
  2. Get the kernel headers.
    • yum install kernel-devel
  3. Create a build tree and get the kernel source
  4. Unpack the source files
    • cd ~/rpmbuild/SPECS
    • rpmbuild -bp --target=$(uname -m) kernel.spec
  5. The source tree will be under ~/rpmbuild/BUILD/kernel*/linux*/
  6. Prepare the kernel
    • cd ~/rpmbuild/BUILD/kernel-2.6.32/linux-2.6.32.`uname -m`
    • cp /boot/config-`uname -r` .config
    • make oldconfig
    • make prepare
    • make modules_prepare
  7. Note: make modules_prepare will not build a Module.symvers file. If you need module versioning then the kernel needs to be built.  See http://wiki.centos.org/HowTos/Custom_Kernel
  8. Change directory to the module you want to build
  9. Build the module
    • make -C /lib/modules/`uname -r`/build M=`pwd` modules
  10. Copy the .ko to /lib/modules/`uname -r`/extra on the target system
  11. Update the dependencies
    • depmod -a
  12. Use modprobe to load the module. To display info about a loaded module use modinfo
August 6, 2013  

OpenVPN on CentOS

  1. wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
    rpm -Uvh epel-release-6-8.noarch.rpm
  2. yum install openvpn -y
  3. Easy-rsa isn’t included in OpenVPN anymore.  This is from http://safesrv.net/install-openvpn-on-centos/ –
    Download easy-rsa from below:
    wget https://github.com/downloads/OpenVPN/easy-rsa/easy-rsa-2.2.0_master.tar.gz
    Extract the package:
    tar -zxvf easy-rsa-2.2.0_master.tar.gz
    Copy to the OpenVPN directory:
    cp -R easy-rsa-2.2.0_master/easy-rsa/ /etc/openvpn/
    Open up with vi or other favorite editor /etc/openvpn/easy-rsa/2.0/vars and edit the below line:
    Change:
    export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
    To:
    export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnfNext change the KEY_COUNTRY through KEY_OU values at the end of the file.Save and exit
  4. From same 2.0 directory as var, cp openssl-1.0.0.cnf openssl.cnf
  5. Build the CA, previous changes should be defaults to questions:
    source ./vars
    ./clean-all
    ./build-ca
  6. Create server certificate, answering yes to commit:
    ./build-key-server server
  7. Generate Diffie Hellman key exchange files:
    ./build-dh
    cd keys
    cp dh1024.pem ca.crt server.crt server.key /etc/openvpn
  8. Generate client certificates:
    cd ..
    ./build-key <client name>
  9. Get ca.crt, and <client name>.crt/key to OpenVPN client
  10. cp /usr/share/doc/openvpn-*/samples/sample-config-files/server.conf /etc/openvpn
  11. vi /etc/openvpn/server.conf and set the “local” ip for OpenVPN to listen on.  Uncomment the user and group nobody lines.
  12. service openvpn start
    chkconfig –level 3 openvpn on
  13. modify iptables rules for listening to port 1194 TCP: 
    iptables -A INPUT -i eth0 -p tcp --dport 1194 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

    Next you need to allow certain traffic going through the tunnel.  For no restrictions use:

    iptables -A INPUT -i tun0 -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A FORWARD -o tun0 -j ACCEPT
« Older Posts