Archive for February, 2011

Gentoo as a OpenVPN Client

Posted in HowTo on 11/02/2011 by Undersys

You guessed this was coming…

Its quite simple to set up Gentoo as an OpenVPN client.

# emerge-av net-misc/openvpn

Now we need to create a config file and a place to store the keys. All config files (.conf) for your VPN connections should live under “/etc/openvpn”
This is the config file for the previous article (you can find the sample  configs on the server)
# cd /etc/openvpn
# vim server1.conf
client
cipher AES-128-CBC
comp-lzo
dev tun
proto udp
remote server1 1194
resolv-retry infinite
persist-keypersist-tun
ca /etc/openvpn/pki/server1/ca.crt
cert /etc/openvpn/pki/server1/client.crt
key /etc/openvpn/pki/server1/client.key
ns-cert-type server
verb 3
ping 10
ping-restart 60
tun-mtu 1500
mssfix 1400

Copy you client.key, client.crt and ca.crt into the “/etc/openvpn/pki/server1” directory. You can set this to any directory the above makes sense to me.

Now you need to create a start script.
# cd /etc/init.d
# ln -s openvpn openvpn.server1

You can now start your  vpn connection to server1 with:-
# /etc/init.d/openvpn.server1

Advertisements

Set up OpenVPN on Centos 5

Posted in HowTo on 11/02/2011 by Undersys

I’ve decided to setup OpenVPN on my VPS to save me from having a lot of SSH tunnels to the VPS.

First thing I needed to do was to log into my VPS control panel (vePortal)  and enable “Tun/Tap” this will make the “/dev/net/tun” device visible inside OpenVZ. You may or may not need to do that.

Commands are in Italics.

Next thing was to add the RPMForge repo
Download the rpm.
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm ( I am running 64bit)
Import the GPG key for the repo
# rpm –import http://apt.sw.be/RPM-GPG-KEY.dag.txt
Check to see if the downloaded RPM is tampered with.
# rpm -K rpmforge-release-0.5.2-2.el5.rf.*.rpm
Install the RPM
# rpm -i rpmforge-release-0.5.2-2.el5.rf.*.rpm

Now you can install OpenVPN.
# yum install openvpn.x86_64

Now we need to configure the server.

Find where the easy-rsa files are located
# find / -name easy-rsa
That should return a full path to where the easy-rsa directory and tools are, we need to copy them to “/etc/openvpn”
# cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa /etc/openvpn
Change into the following directory and edit the “vars” file
# cd /etc/openvpn/easy-rsa/2.0
Edit the vars file
# vim vars
You must change at last the following to match your setup:-
export KEY_COUNTRY=
export KEY_PROVINCE=
export KEY_CITY=
export KEY_ORG=
export KEY_EMAIL=

Source the vars file,
# source ./vars
Clean any existing builds
# ./clean-all
Build the CA
# ./build-ca

Next we need to build the server keys
# ./build-key-server server

Then we build the client key
# ./build-key client (you can call this what eve you want)

Lastly we build the Diffie Hellman key
# ./build-dh

Lets relocate the keys we just made.
Copy the following three files to your client “ca.crt client.crt client.key”

Copy the following server keys to “/etc/openvpn”
# cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn

Now we need to configure the server. Copy over a template.
# cp /usr/share/doc/openvpn-2.1.4/sample-config-files/server.conf /etc/openvpn/

This is what my config looks like, its very smilar to the example config.
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
tun-mtu 1500
mssfix 1400
cipher AES-128-CBC

Start the server
# /etc/init.d/openvpn start
Check /var/log/message , you should see “Initialization Sequence Completed”
You also should now see a “tun0” interface under ifconfig

Set it to start on boot.
# chkconfig openvpn on

Gentoo on the Lenovo Thinkpad Edge 13″ Intel

Posted in HowTo on 02/02/2011 by Undersys

I needed to buy a laptop for the moment.
Simple requirements..
1) Cheep
2) Supported by Linux
3) Lightish

The Thinkpad Edge 13″ meets all the requirements. Theres a few thins I had to do make everything work.

1)
make.conf flags. I’ve kept it simple. CFLAGS=”-O2 -pipe -march=native”
The version of GCC I am using supports all of the i3’s  quirks and features. You can check to see if  “native” will support your cpu by using the following two commands:-
# cc -march=native -E -v – </dev/null 2>&1 | grep cc1
# echo | gcc -dM -E – -march=native

2)
Internal Sound card
to get jack sence and for it to disable the internal mic and speaker when the jack was used, edit the following file:-
/etc/modprobe.d/alsa.conf

At the end of the file add the following :-
options snd-hda-intel model=”olpc-xo-1_5″ enable_msi=1

By using alsa-info we can find out we have a conexant pebble audio chip. Conexant CX20582 (Pebble)
From that we can check out:-
/usr/src/linux/sound/pci/hda/patch_conexant.c
To see all the possible modes for the 5066 chip, there is a few but the one that worked for me was “olpc-xo-1_5”
In addition to make jacksense work we can look at :-
# modinfo snd_hda_intel
This will tell us we can use msi=1 to enable the jack sense message bus.

3)
Much to my annoyance the USB chipset on this machine is the Intel 3400 series that have a bug related to there rate liming hub.
What this means is that for me my Edirol UA-25ex can not work in full duplex mode with USB2…..
You also must have the following two options on in your kernel:-
CONFIG_USB_EHCI_ROOT_HUB_TT=y
CONFIG_USB_EHCI_TT_NEWSCHED=y

This will help with some of the nastiness of the usb chipset.
I still needed to turn off “Advance” mode and swap to 41000khz. Annoying but its much better then nothing.. thanks Intel…

4)
Intel video card. This one is pretty easy, once you understand how KMS is different.
Ensure your kernel has NO other VGA/VESA drivers apart from the below:-
CONFIG_DRM=y
CONFIG_AGP=y
CONFIG_AGP_INTEL=y
CONFIG_DRM_I915=y
CONFIG_DRM_I915_KMS=y

With the above settings on boot your console will switch to native resolution. Ensure Xorg is using the “xf86-video-intel” driver and your done. No need for any addition tools, userspace mods or kernel boot options!

The card reader,wifi and ethernet work fine. I am unable to test the eSATA, HDMI and vga port.