OpenVPN Setup (Updated 11/02/2006)

I had two machines that I needed to install OpenVPN on yesterday, so I figured I would post the steps required to get them up and running. The servers where both running Ubuntu 6.06.

Here are the quick and dirty steps:
sudo apt-get install openvpn openssl

cd /usr/share/doc/openvpn/examples
sudo cp -R easy-rsa/ /etc/openvpn

cd /etc/openvpn/easy-rsa
sudo . ./vars
sudo ./clean-all
sudo ./build-ca
Answer the questions to create the key

Now we need to create the server key:
sudo ./build-key-server server
Again answer the questions to customize the key. You can use the defaults if you want and just enter the server name when asked. The name is required, if you do not enter a name the key will be a zero length and will not work. The error message if not all that straight forward, it only says the server failed to start.

Now we need to create the client keys:
sudo ./build-key 'name of key'
Again answer the questions to customize the key. You can use the defaults if you want and just enter the computer name when asked. I like to use the name of the computer the key is for, because it makes it easier to keep track of the keys if you need to remove one. The name is required, if you do not enter a name the key will be a zero length and will not work. The error message if not all that straight forward, it only says the server failed to start.

Now we create the Diffie-Hellman parameters:
sudo ./build-dh

When we pass the keys to the clients we need to distribute the following keys to each client:
ca.crt goes to the client and the server.
ca.key goes to the key signing machine only, which we set this on to be.
dh{n}.pem goes to the server only.
server.crt goes to the server only.
server.key goes to the server only.
.crt goes to the client only.
.key goes to the client only.

The last thing to do on the server is create the configuration file: (view sample)
sudo vi /etc/openvpn/server.conf

Restart the service and the server is done.
sudo /etc/init.d/openvpn restart

Next we have to create the configuration file for the client: (view sample)
This file needs to be saved in the same directory as the keys. On windows the configuration file should be saved with a .ovpn extension. Just double-click this file to establish the connection. Establish the connection on *nix or Windows run openvpn [client config file]. With a little luck you should be connected now.

VMware Server Setup

After another night of getting called do to server failure, I have decided make some changes to the servers at work. Currently we have two Windows 2000 servers that are running most of the company. The basic problem is that one program, Track-It!, started to generate error and took down the server it was running on. It is installed on the Primary Domain controller, yes I know that is a bad idea, which in turn took the Backup Domain controller down. So when you only have two servers, that is the whole show. This is the problem with only having two servers, they both wear too many hats.

The end result of all of this is that we were going to upgrade to Windows 2003 EE R2 during the July shutdown. This version allows you to run up to four virtual servers on one server. So now we are testing using VMware Server on ubuntu, with all the Windows servers running as virtual machines on top. If this works out good, we will look at maybe moving to VMware ESX next year, because it just is not in the budget for this year. I still have to workout how the backups are going to run. Right now I am looking at the Amanda Enterprise Edition backup software. This will also have to be tested before we put everything in place. I have been using ubuntu on my home server, which does get almost as much use as some of the servers at work, without ever having a crash.

Hardware:
Dell Poweredge 4400
Dual Processer 2.2 GHz
5 GB of memory

Server 1 will be running 4 Windows 2003 EE servers.
Server 2 will be running 1 Windows 2003 EE server, 1 Netware 3.12 server and 2 Windows XP desktops.

Server Setup:
Install ubuntu server on the hardware.
Edit the source list for apt to enable all the software repositories.

Install the other needed packages:
sudo apt-get update
sudo apt-get install linux-686 linux-headers-686 linux-image-686
sudo apt-get install build-essential gcc g++ make fakeroot xinetd libdb2
sudo apt-get samba openvpn x-window-system-core
sudo apt-get dist-upgrade

Download the vmware-server.tar.gz and copy to the /tmp directory
Extract it tar -zxf vmware-server.tar.gz
Move to the vmware-server-distrib directory and run ./vmware-install.pl

This is all for getting the base server going.

New Project … (PodPicker)

This is a PodCast aggregator that will auto-sync with an iPod. To the best of my knowledge there is nothing designed for Linux that works as smooth as iTunes. Which is the only application that is making me dual boot. Ad yes I know there are ways of doing this, but all the solutions that I have seen require several applications and way too much manual intervention.

See the project page for PodPicker

Ubuntu Dapper Drake 6.06

I have been using Dapper for two months now and I have to say that they have nailed this release. It has been stable from the word go and Ubuntu has added some really nice improvements, I like the new version of Gnome, power management has been improved and the networking has been much easier as well. I am going to be moving a production server to this build within the next couple of days, so we will see if the stability continues on the server, That will be running several things that the notebook is not and will also not be seeing the reboots that a notebook does as it is being transported.

Bad Idea, Happy Ending

I have been using Linux for almost two years now, however two weeks ago I became frustrated with some of the shortcomings of Linux. I formated my notebook and installed Windows XP on it. I develop software for several companies, so there are lots of tools and applications that need to be installed. After two days everything was installed and I was back in business. I took a total of three days of using Windows again to remember why I quit using it full time in the first place. It really does suck. Between to constant array of blue screens, lockups and other stupid problems. I always love it when you have two programs that just can not be installed on the same program. It didn’t take long for me to be back on Linux. So I am happily back on Ubuntu Dapper Drake.

One of the first things I did after getting back on Ubuntu was to get the NetworkManager working. This is used for configuring wireless networks and works almost as good as the wireless ability in Windows. It also supports both WEP and WPA without any extra configuration. The steps to install NetworkManager are:

sudo apt-get install network-manager-gnome
sudo gtk-update-icon-cache -f /usr/share/icons/hicolor/
sudo cp /etc/network/interfaces /etc/network/interfaces.back

Edit the file interfaces so only the following lines are left:
# The loopback network interface
auto lo
iface lo inet loopback

Then a quick reboot and you should be ready to go. If you are using KDE then you can install network-manager-kde. If you do not edit the interfaces file then NetworkManager will not be able to control the nic cards.
sudo vi /etc

The New Computer, Finally …

My new computer finally came in this week. It only took about two hours before it was being formated and Linux installed on it. I install Ubuntu Dapper Drake on it. so far I love the new computer, with the exception on the keyboard. The layout of the keys is very different that any other notebook that I have had, or used. I created a quick little shell script to configure my computer after doing an install. After installing the OS, I set the root password, switch to su and then run the script. At that point, it is a case of walk away and get something to eat.


#!/bin/bash
# System setup script.

# Update the software repositories ...
cp /etc/apt/sources.list /etc/apt/sources.list_backup
echo "" >> /etc/apt/sources.list
echo "" >> /etc/apt/sources.list
echo "" >> /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ dapper universe multiverse" >> /etc/apt/sources.list
echo "deb-src http://us.archive.ubuntu.com/ubuntu/ dapper universe multiverse" >> /etc/apt/sources.list
echo "" >> /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ dapper-backports main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb-src http://us.archive.ubuntu.com/ubuntu/ dapper-backports main restricted universe multiverse" >> /etc/apt/sources.list
echo "" >> /etc/apt/sources.list
echo "deb http://security.ubuntu.com/ubuntu dapper-security universe multiverse" >> /etc/apt/sources.list
echo "deb-src http://security.ubuntu.com/ubuntu dapper-security universe multiverse" >> /etc/apt/sources.list
apt-get -y --force-yes update

# Update the kernel packages ...
apt-get -y --force-yes install linux-686 linux-headers-686 linux-image-686 linux-restricted-modules-686 nvidia-glx
apt-get -y --force-yes remove linux-386 linux-headers-386 linux-image-386

# Update to enable a NVidia GeForce 6800 vidio card ...
apt-get -y --force-yes install nvidia-glx
nvidia-glx-config enable

# Install the development files ...
apt-get -y --force-yes install build-essential gcc-3.4 g++-3.4 make fakeroot java-package
apt-get -y --force-yes install mysql-admin mysql-query-browser mysql-server mysql-server eclipse-sdk monodevelop

# Install internet applications ...
apt-get -y --force-yes install mozilla-thunderbird bluefish gftp openvpn apache2 samba gsfonts gsfonts-x11

# Install multimedia applications ...
apt-get -y --force-yes install xine-ui libmad0 vlc vlc-plugin-alsa easytag audacity xmms k3b gnomebaker vorbis-tools
apt-get -y --force-yes install gstreamer0.10-plugins-ugly gstreamer0.10-ffmpeg gstreamer0.10-gl gstreamer0.10-plugins-ugly-multiverse
apt-get -y --force-yes install libxine-extracodecs ffmpeg lame faad sox mjpegtools mozilla-mplayer gstreamer0.10-plugins-bad-multiverse
dpkg -i libdvdcss.deb

wget ftp://ftp.nerim.net/debian-marillat/pool/main/w/w32codecs/w32codecs_20050412-0.0_i386.deb
dpkg -i w32codecs_20050412-0.0_i386.deb

# Install graphics applications ...
apt-get -y --force-yes install f-spot

# CD burning software ... (requires Nero windows license)
wget ftp://ftp4.usw.nero.com/nerolinux-2.0.0.5-x86.deb
dpkg -i nerolinux-2.0.0.5-x86.deb

# Install java support ...
# Note for creating the java packages can be found here:
# https://wiki.ubuntu.com/RestrictedFormats#head-e2ebd70ede0e3eb2117ffbd618d2295dd1540dca
dpkg -i sun-j2re1.5_1.5.0+update06_i386.deb
dpkg -i sun-j2sdk1.5_1.5.0+update06_i386.deb
update-alternatives --config java

# Update the system ...
apt-get -y --force-yes dist-upgrade

You may have to make some changes to fit your system. I am running a Pentium M, so I wand the 686 kernel image. If you are running a Athlon XP you would set the kernel version to k7, or 386. A quick google search should let you know which version will work for you.

Well that is all for now …

ECLUG Meeting for April

Tonight was our April meeting. The first of the hour was spent discussing Apple and some of the exiting things that they are working on. I personally do not work with any Apple computers, but it was still pretty good to hear were they are going and talk about how it could effect the IT industry. It did not hurt that Apple had just released details about Boot Camp earlier today.

NFA has been using VMWare ESX to consolidate there servers for the last couple of years, so we spent time looking at what they are doing. I have looked at using ESX at work to consolidate some servers myself. That made this all the more interesting, getting to actually see ESX in action. They are running 14 virtual machines spread over 2 actual servers. I have read about the resource usage and how it works, but it was more impressive seeing running.

The next meeting we have someone giving a demo of XEN, and if time permits we will setup a box with XEN and add a virtual machine. We have not had a hands on meeting for some time so that should be fun.

For anyone interested the ECLUG, Eastern Connecticut Linux User Group, meets the first Wednesday of each month in Norwich, CT at NFA.

ECLUG Meeting for tonight.

We had our monthly LUG meeting tonight. The meeting had a different flow tonight, as most of the officers were out. It was an open floor for discussing different topics that members wanted information on. Based on tonight’s meeting we are going to move forward on setting up the server for use at the meeting for demo’s and testing new distros and packages. That should be fun. Well this is not much of a post, but I need to be up early in the morning.

For anyone interested the ECLUG, Eastern Connecticut Linux User Group, meets the first Wednesday of each month in New London CT.