Gentoo + OpenVPN : getting things started in the correct order

I’m running an OpenVPN server, configured in bridging mode.

I had quite a bit of trouble getting OpenVPN to start after networking is up, but before the the bridge is setup so that the tap0 device, which is created by OpenVPN can be added to the bridge.

The solution is simpler : let the tap0 be automatically created and added to the bridge by Gentoo Linux, then start OpenVPN with a config file instructing to use the already created tap0 device.

This post shows the configuration snippets to get things started in the right order on Gentoo.
Continue reading Gentoo + OpenVPN : getting things started in the correct order

Linux : Configuring a network bridge for your Virtual Machines

My new center of interest those days being virtualization, I tried quite a few software starting with Xen, then QEMU, then KVM, and finally VirtualBox. But as far as giving a network access to the VM is concerned, I’ve always sticked to a network bridge for the reason that this makes the VM appear on the network just like any other computer of your network.

This post provided a sample script to setup a bridge suitable to use with all of the named virtualization softwares.

Continue reading Linux : Configuring a network bridge for your Virtual Machines

Dell PowerConnect switches – Password recovery procedure

If you are looking for a procedure to reset the password of a Dell PowerConnect switch, you’ll find it at the Dell support forum in the following thread : PowerConnect Password Recovery Procedure for managed switches.

As far as the 5224 is concerned, you mostly have to hold Ctrl-F from the power-on till the end of the boot of the switch, which will bring the “reset to factory ?” question and solve the problem of the lost password.

The User Guide for the 5224 is available online.

Debian : update a dynamic DNS

A bit of context : I have a bind 9 DNS allowing DNS updates from clients on the LAN (ok this is fairly insecure, but still my LAN is my home LAN composed of 4 machines … let’s say that’s good enough for me ! 🙂 )

The named.conf allows those updates with this config directive in the zone config block :
allow-update {mynet; };

and mynet is defined an acl directive to be my LAN.

Then you can update your DNS with the nsupdate tool with a syntax along the following lines :
spaghetti:~# nsupdate
> server 192.168.0.1
> update delete spaghetti.domain.name A
> update add spaghetti.domain.name 8000 A 192.168.0.103
> send
> quit

I was then looking for a place to hook a code snippet doing that update after an update via DHCP and I found the answer in A dynamic dns update client on Debian with dhcp3-client (many thanks dude !).

Here is the drill down :

  1. install the dhcp3-client package (apt-get install dhcp3-client ): this version has easy to use hooks before and after querying the DHCP server to get network config
  2. you can drop a script which will automate the nsupdate in “/etc/dhcp3/dhclient-enter-hooks.d” and it will get run right after network configuration (see the sample debug script for the variable which are available upon script execution, such as $new_ip_address)

Multicast : Listing group memberships

Windows XP

To see multicast group memberships in Windows XP, you can use netsh :

U:>netsh interface ip show joins
Interface Addr   Multicast Group
---------------  ---------------
192.168.139.1    224.0.0.1
192.168.137.1    224.0.0.1
192.168.136.1    224.0.0.1

Solaris (and probably other Unixen as well)

In Solaris, the netstat command can be used :

$ netstat -g
Group Memberships: IPv4
Interface Group                RefCnt
--------- -------------------- ------
lo0       224.0.0.1                 1
eri0      224.0.0.1                 1
$

OpenBSD : Creating a transparent bridge

This post will be short, because it is actually easier than I expected … Anyway, considering my memory, better blog out that for later reference 😉

A bridge is a network device used to connect two or more network segments. You can achieve this easily on OpenBSD with the following commands :

# echo 'up' > /etc/hostname.if0
# echo 'up' > /etc/hostname.if1
# echo 'add if0 add if1 up' > /etc/bridgename.bridge0

This will setup the two interfaces if0 and if1 (replace with your own, like rl0, em0, etc etc) and add them into the bridge0.

Then you need to enable ip forwarding so that IP packets will pass from one interface to the others as needed. You do that by editing the file /etc/sysctl.conf and uncommenting the line which reads :

#net.inet.ip.forwarding=1
Once this is all done, reboot to activate.

This bridge is IP-less, which means it is “harder” to attack. You can still filter at MAC level and at IP level through PF (the firewall of OpenBSD).

Tested on OpenBSD 3.9

Man pages :

Estimating network throughput / bandwidth / performance with FTP

On a Unix machine, you can use this little ftp trick to have an idea of your throughput :

ftp somehost
ftp> put “| dd if=/dev/zero bs=100000 count=100” /dev/null
200 PORT command successful.
150 ASCII data connection for /dev/null (192.168.0.1,32953).
100+0 records in
100+0 records out
226 Transfer complete.
local: | dd if=/dev/zero bs=100000 count=100 remote: /dev/null
10000000 bytes sent in 2.9 seconds (3388.52 Kbytes/s)

This will generate a stream of bytes from one host to another and give you the data rate at the end

Proxying HTTPS throught Apache/mod_proxy

To allow a proxy to act as a tunnel for SSL connection as in HTTPS, you actually need to provide the HTTP method CONNECT. It took me some time to realize 😉

If you do this with Apache/mod_proxy, that means that you have to use the mod_proxy_connect and allow the CONNECT method.

Few pointers :