View Larger Map
Tuesday, September 16, 2008
Monday, September 08, 2008
Connecting Ubuntu Linux 8.04 (Hardy) to eduroam (INHOLLAND Diemen)
1) Make sure you are root (sudo su)
2) Create a file called /etc/wpa_supplicant/wpa_supplicant.conf and add the following lines in it:
network={
ssid="eduroam"
scan_ssid=1
key_mgmt=WPA-EAP
eap=PEAP
identity="STUDENT_ID@student.inholland.nl"
password="STUDENT_PASSWORD"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
subject_match="CN=radius.inholland.nl"
}
Replace STUDENT_ID with your student number and STUDENT_PASSWORD with our password. If you copy/paste from this document, make sure that the quotes (“) above are real quotes, and not a character that looks like a quote.
3) Run the following command (as root):
sudo wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -iwlan0 -Dwext
where wlan0 is your wireless interface. Don't close the terminal.
4) Run dhclient wlan0 as root in another terminal, where wlan0 is your wireless interface:
sudo dhclient wlan0
After you get an IP address you can close this terminal, but leave the other one open.
Happy browsing!
Troubleshooting:
If you get certificate error problems, make sure that the contents of /etc/ssl/certs/ca.pem is the same as the file located here: http://secure.globalsign.net/cacert/sureserverEDU.pem
1) Make sure you are root (sudo su)
2) Create a file called /etc/wpa_supplicant/wpa_supplicant.conf and add the following lines in it:
network={
ssid="eduroam"
scan_ssid=1
key_mgmt=WPA-EAP
eap=PEAP
identity="STUDENT_ID@student.inholland.nl"
password="STUDENT_PASSWORD"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
subject_match="CN=radius.inholland.nl"
}
Replace STUDENT_ID with your student number and STUDENT_PASSWORD with our password. If you copy/paste from this document, make sure that the quotes (“) above are real quotes, and not a character that looks like a quote.
3) Run the following command (as root):
sudo wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -iwlan0 -Dwext
where wlan0 is your wireless interface. Don't close the terminal.
4) Run dhclient wlan0 as root in another terminal, where wlan0 is your wireless interface:
sudo dhclient wlan0
After you get an IP address you can close this terminal, but leave the other one open.
Happy browsing!
Troubleshooting:
If you get certificate error problems, make sure that the contents of /etc/ssl/certs/ca.pem is the same as the file located here: http://secure.globalsign.net/cacert/sureserverEDU.pem
Friday, September 05, 2008
Too many open files - change ulimit values in Ubuntu 8.04 (Hardy Heron)
1) Add line
to /etc/security/limits.conf
Note: The * means every user except root
Note: 51200 represents the number of concurrent open files. This number must by a multiple of 1024
2) Add line
to /etc/pam.d/common-session
3) Stop all processes that need the new limit
4) Restart SSH server
5) Login again
6) Run ulimit -a to check the values
7) If the values haven't changed, reboot and try step 6 again
8) Start new processes from command line
1) Add line
* hard nofile 51200
to /etc/security/limits.conf
Note: The * means every user except root
Note: 51200 represents the number of concurrent open files. This number must by a multiple of 1024
2) Add line
session required pam_limits.so
to /etc/pam.d/common-session
3) Stop all processes that need the new limit
4) Restart SSH server
5) Login again
6) Run ulimit -a to check the values
7) If the values haven't changed, reboot and try step 6 again
8) Start new processes from command line
Upgrade Ubuntu 6.10 (Edgy Eft) to 7.04 (Feisty Fawn) to 7.10 (Gutsy Gibbon), then to 8.04 (Hardy Heron)
From 6.10 to 7.04:
From 7.04 to 7.10:
From 7.10 to 8.04.1:
From 6.10 to 7.04:
sed -e 's/\edgy/feisty/g' -i /etc/apt/sources.list
apt-get update && apt-get upgrade && apt-get dist-upgrade
From 7.04 to 7.10:
apt-get install update-manager-core
do-release-upgrade
From 7.10 to 8.04.1:
do-release-upgrade
Thursday, September 04, 2008
Tuesday, September 02, 2008
VPN Server + NAT on Ubuntu
(should work with Microsoft Windows Vista/XP and Apple Mac OS Panther/Tiger/Leopard etc clients also)
Tested on Ubuntu Hardy (8.04)
1) Install pptpd
2) Edit /etc/pptpd.conf and add the following two lines:
localip is the address of t he VPN (ppp0) interface on the VPN server (this interface will be create automatically).
remoteip is the range of IP addresses that will be given to the VPN clients
Please add an empty newline at the end of /etc/pptpd.conf, or the daemon will hang.
3) Edit /etc/ppp/chap-secrets and add one line for each VPN user:
where USERNAME is the username, pptpd should remain as it is, and PASSWORD is the password. The * at the end means that this particular user can connect to the VPN server from any IP address. You couldd replace it with an ip address range:
4) Add the following lines in /etc/rc.local
5) Start pptpd
6) Run /etc/rc.local
7) If you run a firewall on the server make sure to open port 1723. I do this with the following command:
8) Connect from your VPN client
(should work with Microsoft Windows Vista/XP and Apple Mac OS Panther/Tiger/Leopard etc clients also)
Tested on Ubuntu Hardy (8.04)
1) Install pptpd
sudo apt-get install pptpd
2) Edit /etc/pptpd.conf and add the following two lines:
localip 10.2.2.1
remoteip 10.2.2.2-5
localip is the address of t he VPN (ppp0) interface on the VPN server (this interface will be create automatically).
remoteip is the range of IP addresses that will be given to the VPN clients
Please add an empty newline at the end of /etc/pptpd.conf, or the daemon will hang.
3) Edit /etc/ppp/chap-secrets and add one line for each VPN user:
USERNAME pptpd PASSWORD *
where USERNAME is the username, pptpd should remain as it is, and PASSWORD is the password. The * at the end means that this particular user can connect to the VPN server from any IP address. You couldd replace it with an ip address range:
"Any following words on the same line are taken to be a list of acceptable IP addresses for that client. If there are only 3 words on the line, or if the first word is "-", then all IP addresses are disallowed. To allow any address, use "*". A word starting with "!" indicates that the specified address is not acceptable. An address may be followed by "/" and a number n, to indicate a whole subnet, i.e. all addresses which have the same value in the most significant n bits. In this form, the address may be followed by a plus sign ("+") to indicate that one address from the subnet is authorized, based on the ppp network interface unit number in use. In this case, the host part of the address will be set to the unit number plus one." (pptpd manual)
4) Add the following lines in /etc/rc.local
# pptp VPN NATwhere eth0 is your "Internet" interface on the server, the one connected directly to the Internet.
iptables -t nat -A POSTROUTING -s 10.2.2.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -s 10.2.2.0/24 -o eth0 -j ACCEPT
iptables -A FORWARD -d 10.2.2.0/24 -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT
route add -net 10.2.2.0 netmask 255.255.255.0 dev ppp0
5) Start pptpd
/etc/init.d/pptpd stop
/etc/init.d/pptpd start
6) Run /etc/rc.local
7) If you run a firewall on the server make sure to open port 1723. I do this with the following command:
# pptp VPNNotice that I am using a chain named "extern". This is probably not the case at your end.
/sbin/iptables -A extern -p tcp --dport 1723 -j RETURN
8) Connect from your VPN client
Subscribe to:
Posts (Atom)
