Tag Archives: linux

Apr 24

route ipv6 /64 via openvpn

Posted on by

Although many believe splitting up a /64 net shouldn't be done at all, you sometimes don't have a choice. Say you did get a /64 network from your serverhoster and you want to use it to get native ipv6 to every client in your vpn.

Here you go, for this example we use feed:dead:beef:affe/64 as our basenet :) Every client gets a /80 subnet, feel free to adjust

Server side config:
Just a basic openvpn server config with the three scripts from below linked.
server.conf
port 1195
proto udp
dev tap
ca ca.crt
cert mondialu.crt
key mondialu.key
tls-auth ta.key 0
dh dh2048.pem
server 10.23.1.0 255.255.255.0
script-security 2
up /etc/openvpn/server-up.sh
client-connect /etc/openvpn/client-connect.sh
client-disconnect /etc/openvpn/client-disconnect.sh
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user vpn
group vpn
persist-key
persist-tun
status openvpn-status.log
verb 3

Bring up the routing and neighbor proxy.

server-up.sh
#!/bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 1 > /proc/sys/net/ipv6/conf/eth0/proxy_ndp

Add the /80 to the interface and set the appropriate route. Add the new network to the neighbor proxy table.
client-connect.sh
#!/bin/bash
BASERANGE="feed:dead:beef:affe"
V6NET=$(echo ${ifconfig_pool_remote_ip} | awk -F. '{print $NF}')
# config routing for the new network
sudo /sbin/ip -6 addr add ${BASERANGE}:${V6NET}::1/80 dev $dev
sudo /sbin/ip -6 route add ${BASERANGE}:${V6NET}::/80 via ${BASERANGE}:${V6NET}::2 dev ${dev} metric 1
# add neighbor
sudo /sbin/ip -6 neigh add proxy ${BASERANGE}:${V6NET}::2 dev eth0
# log to syslog
echo "${script_type} client_ip:${trusted_ip} common_name:${common_name} local_ip:${ifconfig_local} \
remote_ip:${ifconfig_pool_remote_ip} sit:${SITID} ipv6net:${V6NET}" | /usr/bin/logger -t ovpn

Tear everything down.

client-disconnect.sh
#!/bin/bash
BASERANGE="feed:dead:beef:affe"
V6NET=$(echo ${ifconfig_pool_remote_ip} | awk -F. '{print $NF}')
sudo /sbin/ip -6 addr del ${BASERANGE}:${V6NET}::1/80 dev ${dev}
# log to syslog
echo "${script_type} client_ip:${trusted_ip} common_name:${common_name} local_ip:${ifconfig_local} \
remote_ip:${ifconfig_pool_remote_ip} sit:${SITID} ipv6net:${V6NET} duration:${time_duration} \
received:${bytes_received} sent:${bytes_sent}" | /usr/bin/logger -t ovpn

client config

Typical openvpn client config.

client.conf
dev tap
proto udp
remote your.hostname.de 1195
script-security 2
cert mondialu-maya.crt
key mondialu-maya.key
ca mondialu-ca.crt
tls-auth /etc/openvpn/mondialu-ta.key 1
ping 10
ping-restart 60
up /etc/openvpn/mondialu-up.sh
down /etc/openvpn/mondialu-down.sh
client
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ns-cert-type server
comp-lzo

After we're connected setup the ipv6 address and default route.

mondialu-up.sh
#!/bin/bash
# script that is run on the client when it creates a tunnel to the remote OpenVPN server
IPV6BASE=feed:dead:beef:affe
V6NET=$(echo ${ifconfig_local} | awk -F. '{print $NF}')
/sbin/ip -6 addr add ${IPV6BASE}:${V6NET}::2/80 dev $dev
/sbin/ip route add ::/0 via ${IPV6BASE}:${V6NET}::1
exit 0

Tear everything down when we go down.

mondialu-down.sh
#!/bin/bash
IPV6BASE=feed:dead:beef:affe
V6NET=$(echo ${ifconfig_local} | awk -F. '{print $NF}')
sudo /sbin/ip -6 addr del ${IPV6BASE}:${V6NET}:2/80 dev $dev
sudo /sbin/ip route del ::/0 via ${IPV6BASE}:${V6NET}:1
exit 0

Share

Sep 22

Bootsplash themes gallery

Posted on by

I was installing a new kernel and wanted a bootsplash theme. So I installed the splash themes packages:
emerge media-gfx/bootsplash-themes media-gfx/splash-themes-gentoo media-gfx/splash-themes-livecd

But then I dearly missed an overview of all the themes to choose one. I found no splash-theme selector or anything, so it seemed I had to do it myself. Fortunately the themes are fairly ordered and nicely named, one can easily create a little gallery of those:

mkdir /tmp/pics
cd /tmp/pics
for i in `find /etc/splash |grep -i 1024x768 |grep -i cfg| sed -e 's/\.\///g'|xargs cat |grep -i pic=|awk -F= '{print $2}'`; do cp $i /tmp/pics/${i//\//_} ; done
rename '_etc_splash_' '' *
rename '_images' '' *

The last two lines are just to create a little bit nicer names. Now you have a gallery of the silent and verbose images of each theme (that has an 1024x768 cfg) in /tmp/pics. Have fun selecting your favorite theme.

Here is the output gallery:

Share

Sep 16

Distribution Madness

Posted on by

Over the past 48hours I've gone through 3 different installations of distributions. I've started with an Ubuntu 64bit. Sadly the jaunty jackalope has only really old stuff in it. Mainly the old subversion version was a no go, as I need to work on my diploma thesis which I manage in a SVN-repository. The svn from jaunty told me it was too old. After an upgrade of the whole system to karmic (dev version I know... it's all my own fault now) just to get to a state where I can actually work with my system it worked for a while. Yesterday the update-manager bugged me again, wanted to do some 300 packages again. Fine with me. BUT after that the kernel wouldn't start no more. It seemed the splash screen was broken. After removing the relevant part from the grub config I could boot. Without the nice splashscreen... but whatever. After unlocking my encrypted discs everything was fine. At least it seemed that way. I could login, so far so good, but as soon as I tried to start a terminal -> could not start child process... in addition to that the network didn't work. Great. *annoyed*

Next step: Linux Mint. Mint is a derivate of Ubuntu and has some nice guitools to administrate your box. So I installed the x64 version. Looks nicer than ubuntu (imho). But still old software. (Firefox 3.0 ?!?!). After updating and googling for the dev release. Helena and karmic back in the sources.list. Some 1000 packages later, the update fails at xserver-xorg. Ah well. No worries, it's the dev-version so who am I to complain.

Tried to get some work done: installed GWT as eclipse plugin. Oh wonder what, it doesn't work with native 64bit java. So far I didn't have an problems with eclipse and 64bit java for some time. Ok, after installing and setting up a 32bit jvm for this project, GWT seemed to work. Beside the integrated browser (mozilla). That one needed some old libs (libstdc++5) which, of course, aren't available anymore in karmic/helena....

Ok, start over. Next try 32bit Mint 7. Additionally to upgrading to helena/karmic straight, I had to use the linux-server kernel, or otherwise I could only use 3.3 GB of my 8Gigs of ram :/ ..
So now I'm sitting here with a 32Bit Mint7. So far so good. Nearly everything works (the volume/track controls on my keyboard are broken again, those worked in ubuntu flawlessly)
Just the updates are failing again everywhere:
Errors were encountered while processing:
acpid
acpi-support
gnome-system-tools
xserver-xorg
inxi

Oh my. I just hope some day, one can have a current linux installation that simply works and has packages which are not from the stone age...
I just wonder how a user who just switched from MacOSX or Windows to linux should cope with such problems ...

Seems I'm going back to Gentoo. I'll have to do much more by myself, but at least it works then...

Share

Sep 13

Phoronix Test Suite on Ubuntu

Posted on by

After installing the Phoronix Test Suite on Ubuntu (9.10 Karmic Koala on AMD64) I tried to start the GUI.
Unfortunately there was an error:
kazamatzuri@maya:~$ phoronix-test-suite gui

The PHP GTK module must be loaded for the GUI.
This module can be found @ http://gtk.php.net/

After googling a bit, I found the fastes solution to be:

  1. Get the php-gtk package: http://www.phoronix-test-suite.com/misc/php5-gtk2_2.0.1-0_amd64.deb
  2. install it with sudo dpkg -i php5-gtk2_2.0.1-0_amd64.deb
  3. get your php to load the extension: sudo echo "extension=php_gtk2.so" > /etc/php5/conf.d/gtk.ini

There you go, now it works (at least for me;))

Share