Sunday, December 18, 2011

install PPTP VPN on AWS CentOS 6 machine

Configuring the server

yum install ppp -y
rpm -Uhv http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.i686.rpm
echo "localip 192.168.55.1" >> /etc/pptpd.conf
echo "remoteip 192.168.55.2-100" >> /etc/pptpd.conf 
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
echo "ms-dns 4.2.2.1" >> /etc/ppp/options.pptpd
echo "$USERNAME pptpd $PASSWORD *" >> /etc/ppp/chap-secrets
chkconfig iptables on
service iptables start
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
echo "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" >> /etc/rc.local
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables restart
service iptables save
chkconfig pptpd on
On the AWS console, go to "Security Groups", select either your security group or "default", select the "Inbound" tab. Select "Custom TCP rule" with "Port Range" 1723, Click "Add Rule", then click "Apply rule changes". At this point the PPTP server should be ready to accept connections. You can test if the server is properly started by running 
telnet $SERVERIP 1723
where $SERVERIP is the public IP of the PPTP server machine.

Configuring a KDE client

Open "System Settings", click "Network Settings" and go to the VPN tab. Click the "Add" drop-button and select "PPTP".
  • Optionally check the "Connect automatically" and the "System connection" checkboxes.
  • Enter a connection name.
  • Enter $SERVERIP for "Gateway".
  • Enter $USERNAME for Login.
  • Enter $PASSWORD for Password.
  • Click the "Advanced" button in the bottom of the dialogue.
  • In the middle check the "Use MPPE Encryption" checkbox, and select "128 bit" in the Crypto drop down.
  • Click OK twice to close the settings dialogue.
Open a shell and test the connection: 
ping 192.168.55.1

Configuring Network Manager on linux manually

Create a new connection file under /etc/NetworkManager/system-connections/ with the following content: 
[connection]
id=CONNECTION NAME
type=vpn

[vpn]
service-type=org.freedesktop.NetworkManager.pptp
gateway=$SERVERIP
user=$USERNAME
require-mppe-128=yes

[vpn-secrets]
password=$PASSWORD

[ipv6]
method=ignore

[ipv4]
method=auto

Configuring a Windows XP client

  • Click Start > Sttings > Control Panel > Network Connections
  • Click File > New connection
  • Click Next
  • Select “Connect to the Network at my Workplace”, click Next
  • Select "Virtual Private Network connection", click Next
  • Enter a name for the connection, click Next
  • Enter the $SERVERIP, click Next
  • Click Finish
A new dialogue box will pop prompting for the username and password for the new connection.
Enter both, and check the "Save this username ..." checkbox.
Click "Connect".
After a successful connection you can test the connection by running the following in a cmd window: 
ping 192.168.55.1
Guide with nice screen shots: http://doc.m0n0.ch/handbook/pptp-windows.html

Configuring an iPhone client

  • Go to Settings and open the "General" settings
  • Select "Network"
  • Select "VPN"
  • Choose "Add VPN Configuration"
  • Select the "PPTP" tab.
  • Enter a name for the VPN connection
  • Enter the address of the server, the login and the password.
  • Ensure that "Send All Traffic" is "ON&".
  • Click "Save".
  • Switch the "VPN" to "ON".
Guide with nice screen shots: http://www.dikant.de/2011/10/03/configuring-a-pptp-vpn-on-ios-and-android/

Configuring Apache for sites on the private network

In /etc/httpd/conf/httpd.conf, add 
NameVirtualHost 192.168.55.1:80
Then add a new VirtualHost section for each site: 
<VirtualHost 192.168.55.1:80>
 ...
</VirtualHost>
Reload apache configuration: 
service httpd reload
Posted by at No comments:

Saturday, October 29, 2011

Moving from one amazon ec2 instance to another

I wanted to upgrade my web server in Amazon's ec2 from CentOS 5 to CentOS 6.
Instead of upgrading I decided to start a fresh new server.

I used the CentOS 6 AMI from http://support.rightscale.com/21-Community/RightScale_OSS
For some reason I did not notice that they also provide an EBS based AMI, so I went the hard way - started with an instance-store AMI and converted it to EBS stored one.
I largely followed this guide: http://www.capsunlock.net/2009/12/create-ebs-boot-ami.html
I used this script (which is a slightly modified version from https://gist.github.com/249915) to create the snapshot from the instance-store: 
#!/bin/bash
# Run this script on the instance to be bundled

EBS_DEVICE=${1:-'/dev/xvda1'}
IMAGE_DIR=${2:-'/mnt/tmp'}
EBS_MOUNT_POINT=${3:-'/mnt/ebs'}

mkdir -p $EBS_MOUNT_POINT
mkfs.ext3 ${EBS_DEVICE}
mount ${EBS_DEVICE} $EBS_MOUNT_POINT

# make a local working copy
mkdir -p $IMAGE_DIR
rsync --stats -av --exclude='/root/.bash_history' --exclude='/home/*/.bash_history' --exclude='/etc/ssh/ssh_host_*' --exclude='/etc/ssh/moduli' --exclude='/etc/udev/rules.d/*persistent-net.rules' --exclude='/var/lib/ec2/*' --exclude='/mnt/*' --exclude='/proc/*' --exclude='/tmp/*' / $IMAGE_DIR

#clear out log files
cd $IMAGE_DIR/var/log
for i in `ls ./**/*`; do
    echo $i && echo -n> $i
done

cd $IMAGE_DIR
tar -cSf - -C ./ . | tar xvf - -C $EBS_MOUNT_POINT
#NOTE, You could rsync / directly to EBS_MOUNT_POINT, but this tar trickery saves some space in the snapshot

umount $EBS_MOUNT_POINT
Get the kernel id info about the running instance 
ec2-describe-images $INSTANCE_STORE_AMI
Register the newly created snapshot 
ec2-register --snapshot $SNAPID --kernel $KERNEL --description "NEW OS" --name "new-os-i386-yyyymmdd" --architecture i386 --block-device-mapping /dev/sda2=ephemeral0 --root-device-name /dev/sda1
Once the snapshot is registered and the new AMI is created, launch it. Make sure to launch it in the same availability zone as the main EBS volumes that we will attach later
Get the connection settings from AWS console, login into the new instance and run 
yum update
yum install yum-priorities httpd php mysql mysql-server php-cli php-gd php-mbstring php-pdo php-pecl-fileinfo php-mysql php-imap php-ldap php-pear php-xml php-xmlrpc mod_ssl ImageMagick elinks emacs fetchmail mod_python netpbm netpbm-progs nmap ntp strace webalizer rdiff-backup trac gcc gcc-c++ bzr 
rpm -Uvh http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.noarch.rpm

wget http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip
cd /usr/local/ec2
unzip /root/ec2-api-tools.zip
ln -s ec2-api-tools-* apitools

pear install HTML_QuickForm
pear install Mail
pear install Net_SMTP

chkconfig rightscale off
chkconfig iptables off
chkconfig netfs off
chkconfig mcstrans off

chkconfig httpd on
chkconfig mysqld on
chkconfig ntpd on

# edit /etc/logrotate.d/httpd and add /var/www/logs/*log

export MYUSER=oldusername
export GID=oldgroupid
export UID=olduserid
groupadd -g $GID  $MYUSER
useradd -g apache -G $MYUSER -u $UID $MYUSER
passwd $MYUSER
passwd

#copy crontab for $MYUSER from old system

mkdir /vol
edit /etc/fstab and add 
/dev/vg1/lv1          /vol              ext3    defaults,noatime        0 0
/vol/home             /home             none    bind                    0 0
/vol/etc/httpd        /etc/httpd        none    bind                    0 0
/vol/etc/pki          /etc/pki          none    bind                    0 0
/vol/var/www          /var/www          none    bind                    0 0
/vol/var/trac         /var/trac         none    bind                    0 0
/vol/var/lib/mysql    /var/lib/mysql    none    bind                    0 0
On the old instance stop the services and unmount the filesystems. Then disable LVM 
/etc/init.d/httpd stop
/etc/init.d/mysqld stop

umount /home/jail/var/lib/mysql
umount /vol/var/lib/mysql
umount /vol/var/www
umount /vol/var/trac
umount /vol/etc/pki
umount /vol/etc/httpd
umount /vol/home
umount /vol

vgchange -a n
From AWS Console detach the EBS volumes from the old instance and attach them to the instance.
Then on the new instance run: 
pvscan
pvdisplay
vgscan
vgdisplay
vgchange -a y
lvscan

mount /vol
mount /home
mount /etc/httpd
mount /etc/pki
mount /var/www
mount /var/trac
mkdir /var/trac
mount /var/trac
mount /var/lib/mysql

/etc/init.d/ntpd start
/etc/init.d/mysqld start
/etc/init.d/httpd start
Check where httpd.pid is located. I had to edit /etc/sysconfig/httpd and set 
PIDFILE=/var/run/httpd.pid
Edit /etc/php.ini and set the timezone to avoid php 5.3 warnings: 
date.timezone = America/New_York
Edit /etc/sysconfig/network and set the HOSTNAME (e.g. example.com). Also set on the shell, for example: 
hostname example
From AWS Console, associate the reserved IP with the new instance
Posted by at No comments:

Sunday, September 25, 2011

Rebuilding a debian/ubuntu deb package

mkdir rebuild 
mv $PACKAGE.deb rebuild
cd rebuild
dpkg -x $PACKAGE.deb common 
dpkg --control $PACKAGE.deb 
nano -w DEBIAN/control 
       remove the "Dependency: libc..." 
cp -a DEBIAN/ common/ 
dpkg -b common $PACKAGE.deb 
sudo dpkg --force-all -i $PACKAGE.deb 
rm -rf common DEBIAN
Posted by at No comments:

Saturday, May 21, 2011

The not so obvious list of movies I really like from the past few years


The Incredibles
The Visitor
There Will Be Blood
In Bruges
Into the Wild
City of God
Ethernal sunshine of the spotless mind
Sideways

Other pretty ok movies


Gone baby gone
Lost in Translation
Before the devil knows you're dead
No Country For Old Men
District 9
Pan's Labyrinth
Posted by at No comments:
Subscribe to: Posts (Atom)