OpenVPN Setup for CentOS 5.5

Cryptographically secure pseudorandom number g...

Today I came across CentOS 5.5 where I had to test a solution encapsulated in PPTP VPN. I tried pptp-setup based VPN but it was old enough for not supporting it. So I had to come up with something else. I use OpenVPN on Ubuntu so I thought of it and started searching.

After around 30 minutes, I came up with this tutorial to install OpenVPN in your CentOS 5.5.

 

Step 1: Check TUN/TAP status if it’s active or not, using:

cat /dev/net/tun

The response should be:

cat: /dev/net/tun: File descriptor in bad state

Step 2: Install Compilation Tools, using:

yum install gcc make

Step 3: Download OpenVPN Package in /usr/local/src

cd /usr/local/src

and then

wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

Step 4: Check your Processor Architecture using:

uname -a

If result says something including i386 OR i686 OR x86 then you have 32 bit machine.

If result says something including i686_64 or x86_64 then you have 64 but machine.

Step 5: Download OpenVPN Repo, using:

For 32 bit systems:

wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

For 64 bit systems:

wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Step 7: Install Required YUM Packages using:

yum install rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel

Step 8: Install the Downloaded RPMs and Add them to your repo using given statements one by one. Replace x86_64 with i386 in second & third command in case you’re using 32 bit system:

rpmbuild –rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh /usr/src/redhat/RPMS/x86_64/lzo-*.rpm
rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Step 9: Install OpenVPN Yum Package

yum install openvpn

Step 10: Get your OpenVPN Files from http://www.vpnbook.com. Go to OpenVPN Section and download appropriate server’s Zip file.  The link to download was http://www.vpnbook.com/free-openvpn-account/VPNBook.com-OpenVPN-Euro1.zip in my case so I did:

wget http://www.vpnbook.com/free-openvpn-account/VPNBook.com-OpenVPN-Euro1.zip

Step 11: Unzip file using:

unzip VPNBook.com-OpenVPN-Euro1.zip

You will now see multiple .ovpn files with different ports. I recommend using udp port. Assuming that I have to use vpnbook-euro1-udp25000.ovpn file available at /home/max/Downloads/ I will follow this command start VPN:

openvpn /home/max/Downloads/vpnbook-euro1-udp25000.ovpn

Step 12: Use Credentials provided from http://www.vpnbook.com

You will be prompted for usernamd and password. VPNBook username is always vpnbook. The password can be changed and if your ISP doesn’t even allow to open the website, you can simply follow @vpnbook on Twitter where they always announce their current updated password (which is same for all servers).

Once done, OpenVPN will take care of default route itself.

 

P.S: I can’t do VoIP Calls (SIP Based) on VPNBook, so if you have any other good free or psudo-free service in head, please let me know in comments.

Enhanced by Zemanta
Advertisements

PPTP Client Setup on CentOS

It can be simple or complicated. For complicated there’s Google. But if for some reason you’ve reach here on this page, here’s the simple way to configure yout PPTP VPN on CentOS.

First, search for yum package for your OS using:

yum search pptp

You may find different results. Go for one with something like pptp.i686 or pptp.x86_64 (you’re not going to see both of them rather just one depending upon your machine processor architecture, i.e. 32 bit or 64 bit). Assuming that yours is x86, you will have to go with:

yum -y install pptp.i686

Once done, install pptp-setup to simplify the whole PPTP Client Setup:

yum -y install pptp-setup

That’s it. Installation part is done. Now to start VPN Client:
pptpsetup –create your_vpn_connection_name –server vpn_server_hostname_or_ip –username your_vpn_server_username –password your_vpn_server_password –encrypt –start

After this, don’t forget to route your traffic to VPN. You have to delete the current default route first:

route del default

and then add the new one pointing to your PPTP device:

 

route add default dev ppp0

That’s it. You’re encrypted and anonymous on your ISP now (except deep packet filtering ones).

To stop the pptp service:

pptpsetup –delete yout_vpn_connection_name

Don’t forget to add back the default gateway (assuming that your eth0 IP is 10.0.8.166), followed by Network Service restart:

route add default gateway 10.0.8.166 eth0

service network restart

Beware: Being Anti-Gay can lay you off !

Brendan Eich, Mozilla Corporation Taken by Aci...
Brendan Eich, Mozilla Corporation Taken by AcidJazzed 03:14, 22 January 2007 (UTC) 11/21/2006 (Photo credit: Wikipedia)

If supporting gayism is an opinion, and raising voice for it is freedom of speech, being against it is another school of thought… and by the way what’s the relationship between being an anti-gay and a web browser? What technology has to do with your sexual orientation? What religion or Sexual Orientation a router, switch, wireless access point or a software solution has?

It’s not about hatred.. it’s about expressing your opinion. I don’t hate gays, but I dislike the concept, so I will always speak against this concept. I will endorse, promote and appreciate anyone who shares the same sentiments as mine. This, for sure, is my personal opinion. It doesn’t mean that I hate gays or I don’t want to have professional relation with them. Never. If a gay is an exceptional graphics desginer, he’s going to be my first choice for a vacancy that requires a brilliant graphics desginer.

Kicking out anyone who believes in Anti-Gayism is equally insane as knowcking out someone who’s Pro-Gayism.. It’s like you don’t have any problem with stripping clubs but yeah you have issues with Hijab and you ban it..

If you’re allowing Side A to share their sentiments, you shouldn’t be reluctant while Side B is expressing their views… Should you ask for resignation to anyone who has funded Gayism? If No then the other way around shouldn’t have happened either.

Pretty understandable.. live and let others live.. not about hatred.. it’s about freedom of speech, acts and behaviours… Promoting Gayism is one side, Promoting Straight Sexual Orientation is other… we should learn to live with both… Ney?

Brendan Eich got mobbed by an angry group of illogical folks. Remember, you’re seeing decent looking beautiful websites and one of the core reasons of this beauty is Eich’s JavaScript language. Firefox was, is and (I hope) will remain my favorite browser, and I don’t believe in quitting it’s use if a Gay, Muslim or a Black guy takes it over as CEO.

 

 

Enhanced by Zemanta

Ubuntu 13.10 Desktop Capture

I had to create a video and tried couple of applications on Ubuntu 13.10 to record my desktop session. A little Googling suggested RecordMyDesktop and Istanbul as being the best in the business, however, due to some reasons (probably due to Unity interface) both didn’t work for me.

In the end I have to come up with a command line option (proving it to be my best friend). If by any means, you’re facing the same issue, just try to use ffmpeg with switches as under:

ffmpeg -y -f alsa -ac 2 -i pulse -f x11grab -r 25 -s 1920×1080 -i :0.0 -vcodec libx264 -vpre lossless_ultrafast -crf 22 -acodec libmp3lame -ar 44100 -ab 126k -threads 3 ~/Desktop/screencast.mkv

And if you’re a bit more curious about the CLI Switches, here are the details so that you can modify it as per your own requirement:

‘-y (global)’

Overwrite output files without asking.

‘-f fmt (input/output)’

Force input or output file format. The format is normally auto detected for input files and guessed from the file extension for output files, so this option is not needed in most cases.

‘-ac[:stream_specifierchannels (input/output,per-stream)’

Set the number of audio channels. For output streams it is set by default to the number of input audio channels. For input streams this option only makes sense for audio grabbing devices and raw demuxers and is mapped to the corresponding demuxer options.

‘-i input file’

Input file name

‘-r rate’

Set frame rate (Hz value, fraction or abbreviation)

‘-o Output file’

Output file name

‘-vcodec codec (output)’

Set the video codec. This is an alias for -codec:v.

‘-vpre codec (output)’

Preset Codec Suboptions

‘-crf float

Enables constant quality mode, and selects the quality (x264)

‘-acodec codec (input/output)’

Set the audio codec. This is an alias for -codec:a.

‘-ar[:stream_specifierfreq (input/output,per-stream)’

Set the audio sampling frequency. For output streams it is set by default to the frequency of the corresponding input stream. For input streams this option only makes sense for audio grabbing devices and raw demuxers and is mapped to the corresponding demuxer options.

‘-ab int’

Set bitrate (may be deprecated in your version, use -b instead in this case)

‘-threads count’

Threads Count

 

Update: After playing with couple of options, I used this one to avoid large file sizes. I didn’t need any voice though.

 

ffmpeg -y -f alsa -ac 2 -i pulse -f x11grab -r 17 -s 1920×1080 -i :0.0 -vcodec libx264 -crf 11 -acodec libmp3lame -ar 2250 -ab 163k -threads 3 ~/Desktop/screencast2.mkv

 

PPTP VPN Autoconnect

We had a requirement to keep a PPTP VPN Service up 24/7 for one of our servers. We purchased an Online PPTP account that was good enough however, the problem was that PPTP Dialer keeps on disconnecting like once in a day or so. The services relying upon that account were getting disrupted and so we were facing issues.

So I decided to write a startup script in CentOS that could monitor PPTP interface, sense it’s disconnection, dial the VPN again and change the default route to PPP device so that traffic finds a way tunnelled patch to WAN.

For those who are not aware of Linux, you can create a startup service using either of init.d or init (upstart) script. The concept of these two startup scripts is that everytime Linux changes it’s state from one Runlevel to another, it looks for some scripts that are supposed to be run while entering in this Runlevel. The Runlevel is a number ranging from 0 to 6 and declares a particular state of a system.

As stated earlier, your script can either be a traditional init.d script or comparatively newer Upstart Script. Init.d scripts are not smart enough specially when it comes to the scripts that are dependent on each other. Other than that, init.d scripts are complex to be written. On the other hand, the Upstart scripts can be made dependent on each other by defining certain events everytime they start successfully. Besides, they can also made dependent on other events/runlevels or even running services. Another great benefit of upstart script is that it can generate certain subscripts before starting/stopping or after starting/stopping.

So, keeping the advantages in mind, I decided to go ahead with Upstart Script. The script should be capable of 4 tasks automation which are:

  • Startup and Halt on Specific Runlevel
  • Deleting Old Default Route
  • PPTP Dialing
  • Adding New Default Route Pointing to PPP Device

First of all, define the Start and Stop Conditions:

start on runlevel [2345]

stop on runlevel [06]

Since we want our script to monitor the VPN Service continuously, we need to make sure it restarts in case it gets killed by any means. For that we need to respawn it and to daemonize it. This can be done by following two statements:

respawn

expect fork

Now let’s start the script we need to generate before dialing PPTP VPN. This part is supposed to delete the default route and add a new host via default gateway. In our case default gateway is 10.0.8.1 and Host is 109.x.x.x:

pre-start script

/sbin/route del default || true

sleep 1s

/sbin/route add -host 109.x.x.x gw 10.0.8.1 || true

end script

At this point we need to dial our VPN:

exec pppd call ukvpn

Let’s change default static route pointing towards recently connected PPP device using Post Start Script:

post-start script

sleep 3s

/sbin/route add default dev ppp0

end script

So the overall script becomes:

start on runlevel [2345]
stop on runlevel [06]
respawn
expect fork

pre-start script
/sbin/route del default || true
sleep 1s
/sbin/route add -host 109.x.x.x gw 10.0.8.1 || true
end script

exec pppd call ukvpn

post-start script
sleep 3s
/sbin/route add default dev ppp0
end script

You need to create a new file using sudo vi /etc/init/pptps.conf and then paste these contents in that file. Once done, you can start and stop service using start pptps, stop pptps. Restart will be like restart pptps and status can be seen using status pptpts.

Drop questions if you need any help.

Enhanced by Zemanta

Adding “Backspace” to Go Up One Level (Folder Browsing)

If you’re old windows user, and in love with the common feature in Gnome to use Backspace key to go back one level in File Manager, you might get disappointed by not finding the same Backspace to serve the purpose in Ubuntu 13.04.

To enable this edit the file (may require Sudo):
vim ~/.config/nautilus/accels
And add (using a in vim):

(gtk_accel_path “<Actions>/ShellActions/Up” “BackSpace”)

Restart Nautilus by:
nautilus -q

Enhanced by Zemanta

Asterisk 11 Installation on CentOS 6

CentOS
CentOS (Photo credit: Wikipedia)
Logo de Asterisk
Asterisk Logo (Photo credit: Wikipedia)

This page shows installation of Asterisk 11.0.0 on CentOS 6. It’s been assumed that you have already installed CentOS 6 on your machine. The main steps of installation can be summarized as:

1. CentOS Updates (If Any)
2. Disabling SELinux
3. Reboot
4. Installation of Dependencies for Asterisk 11
5. Downloading your Asterisk Source Code
6. Extraction of Downloaded Files
7. DAHDI Installation
8. LibPRI Installation
9. Change Asterisk Directory
10. Run Configure Script for Asterisk
11. Install Sample Files
12. Start DAHDI
13. Start Asterisk

Each step is elaborated as under:

1. CentOS Updates

Update your CentOS 6 Server for any possible unimplemented updates.

yum update -y

2. Disabling SELinux

You can use any text editor (VIM etc) to commit this change. Go to /etc/selinux/config and change SELINUX=enforcing to SELINUX=disabled
This can also be done by using command line:

sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config

3. Reboot

Once the aforementioned change is committed and the file is updated, reboot the system using:

reboot

4. Installation of Basic Dependencies

Asterisk 11.0.0 requires some prerequisite dependencies. Here is the command line to install them:

yum install -y make wget openssl-devel ncurses-devel newt-devel libxml2-devel kernel-devel gcc gcc-c++ sqlite-devel

5. Downloading Your Asterisk Source Code

Move to directory /usr/src by given command:

cd /usr/src/

and then download the Source Code tar balls using these commands (one by one or at a time):

6. Extraction of Downloaded Files

Extract the downloaded tar balls to their corresponding directories using:

tar zxvf dahdi-linux-complete*
tar zxvf libpri*
tar zxvf asterisk*

7. DAHDI Installation

DAHDI (Digium Asterisk Hardware Device Interface) can be installed using the command line:

cd /usr/src/dahdi-linux-complete*
make && make install && make config

8. LibPRI Installation

In order to enable your BRI, PRI and QSIG based hardware, you will be needing PRI Library or LibPRI. You can install these libraries using:

cd /usr/src/libpri*
make && make install

9. Changing Asterisk Directory

Now you have to move back to the Asterisk Installation Directory:

cd /usr/src/asterisk*

10. Running Configure Script for Asterisk

At this point, you need to know your CentOS 6 Architecture (32 or 64 Bit). In many cases you are aware of it. In case you are not, try this command:

uname -a

For 32 Bit, you will be getting response like:

2.6.18-238.12.1.el5 #1 SMP Tue May 31 13:23:01 EDT 2011 i686 i686 i386 GNU/Linux

For 64 Bit, system will respond with something like:

2.6.18-238.19.1.el5 #1 SMP Fri Jul 15 07:31:24 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux

Based on your OS Architecture, go ahead with these commands for Asterisk Configuration Script. For 32 Bit:

./configure && make menuselect && make && make install

For 64 Bit:

./configure –libdir=/usr/lib64 && make menuselect && make && make install

11. Installing Sample Files

Sample files are great resource specially for the newbies. Install Sample Files using:

make samples

Once done, add the Asterisk Install Script in directory /etc/init.d/ using:

make config

12. Starting DAHDI

To start DAHDI Device Drivers, use:

service dahdi start

13. Start Asterisk

Finally, start Asterisk:

service asterisk start

Do your stuff by connecting to the Asterisk Console:

asterisk -rvvv
Enhanced by Zemanta