05 Mar

Force apt-get to use IPv4 instead of IPv6

It seems that Ubuntu/Debian (or perhaps other distros as well) prefer IPv6 DNS records instead of IPv4 when applicable and some times this results in loss of connectivity or similar problems.
I ran into this issue today while trying to update an old VPS with apt-get/aptitude. Specifically, security.ubuntu.com was being resolved in an unreachable IPv6 address and I had to wait some minutes for timeout every time.
Fortunately, there is an easy fix for this; you just have to edit the file located at: /etc/gai.conf which is the configuration for getaddrinfo(). There you have to uncomment line ~54 which reads: “precedence ::ffff:0:0/96 100″, and you are all set! (assuming that every other option is commented out by default as in my case).

gai

Reference: http://bruteforce.gr/make-apt-get-use-ipv4-instead-ipv6.html

Incoming search terms:

  • force apt-get ipv4
  • force ubuntu to use ipv4
  • force yum ipv4
  • ubuntu force ipv4
30 Apr

XRDP

Install xrdp

apt-get install xrdp

Configure xrdp

GNOME

apt-get install gnome-session-fallback
echo gnome-session --session=gnome-fallback > ~/.xsession

Xfce (xubuntu)

echo xfce4-session > ~/.xsession

LXDE (lubuntu)

echo lxsession -s Lubuntu -e LXDE > ~/.xsession

Incoming search terms:

  • 192 168 88 1/userman
13 Jan

OpenVPN Access Server Essential Guide

logo

VPN Mode (Layer 2 or Layer 3)

vpnmode

Layer 2 = Use TAP interface, bridge your LAN to VPN Client. VPN client will reside within the same VPN segment. LAN Broadcast will works in this mode. Considered legacy, only Windows  vpn client support this method.

Layer 3 = Use TUN interface, VPN Client will be given a pool of ip address which is different from VPN segment. Better control and most of enterprise VPN deployment use this method.

vpnmode2

 

Create VPN User

By default, OpenVPN Access Server use PAM authentication, to add new vpn client we can just simply add a new user to our LINUX server.

root@advanxer:~# useradd nas
root@advanxer:~# passwd nas
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

adduser
If you checked “Allow Auto-login”, your vpn client will be automatically connect to vpn without entering any username/password, useful for automation.

Generate and download OpenVPN profile

Login to https://serverip and select “login”. Login option will allow you to download vpn profile, to connect to vpn server, select Connect.
openvpnlogin
Click on “Yourself (autologin profile) and keep the profile safely.

Connect to vpn server using CLI

Transfer the client profile to your box (in this example, to my OpenWRT router) via SCP. Your must have openvpn binary files installed prior to this.

root@OpenWrt:~# openvpn --config client.ovpn

If you received Initialization Sequence Completed, that’s mean the tunnel is up. You can verify using ifconfig and you will see new interface tun0 is there.

08 Jan

Install OpenVPN Access Server (Debian/Ubuntu)

logo
All configuration is performed in Virtual Private Server (VPS). If you have the intention to use VPS, make sure your provider support and enable TUN/TAP module in your VPS container. For the following example, I’m using Ramnode VPS (affiliate link) because of their good support, you can enable and disable TUN/TAP easily on your own and their price is relatively cheap. For myself, I’m subscribed to their OpenVZ SSD VPS (128MB RAM, 10GB SSD Space) for 20.40 USD Annually (USD1.70 per month). Don’t forget to enter the promotional code RN15OFF to enjoy 15% Recurring Discount off your VPS price.

Enable TUN/TAP

Go to your VPS Control Panel, and at the bottom you will see an option to enable TUN/TAP module. Turn it on and reboot your VPS.
2

Once boot up, check whether the module is enabled or not by executing below command:

root@advanxer:~# cat /dev/net/tun

If you receive the message File descriptor in bad state your TUN/TAP device is ready for use.
If you receive the message No such device the TUN/TAP device was not successfully created.

Download and Install OpenVPN Access Server

Go to OpenVPN Access Server download page and select your architecture. I’m using Debian 7 32bit OS.

root@advanxer:/home# wget http://swupdate.openvpn.org/as/openvpn-as-2.0.3-Debian7.i386.deb

Perform installation by executing:

root@advanxer:/home# dpkg -i openvpn-as-2.0.3-Debian7.i386.deb

Change openvpn default password:

root@advanxer:/home#  passwd openvpn

Now you can access OpenVPN Admin UI from below link:
Admin UI: https://serverip:943/admin
Client UI: https://serverip:943/

Incoming search terms:

  • TUN / TAP enable or disable on vps?
29 Oct

Munin & munin-node

The following examples use these addresses:
Munin server: 192.184.94.230 (ramnode.advanxer.com)
Munin node 1: 192.210.208.175 (bluevm.advanxer.com)
Munin node 2: 54.254.177.162 (ec2.advanxer.com)

Server side configuration
/etc/munin/munin.conf
htmldir /usr/share/nginx/www/munin
# a simple host tree
[ramnode.advanxer.com]
address 127.0.0.1
use_node_name yes

[bluevm.advanxer.com]
address 192.210.208.175
use_node_name yes

[ec2.advanxer.com]
address 54.254.177.162
use_node_name yes
# port 4950

Munin node configuration
/etc/munin/munin-node.conf
host_name vps.advanxer.com
allow ^192\.184\.94\.230$

Force node update: su - munin /usr/share/munin/munin-update
Look for update activity at /var/log/munin/munin-update.log

Reference:
http://www.mbse.eu/linux/homeserver/mgmt-maint/munin/
http://munin-monitoring.org/wiki/munin.conf
http://docs.mongodb.org/ecosystem/tools/munin/