Posted on Sep 2nd, 2009 At 1:16 am by baldo
Checking if graphics acceleration already enabled
Required package:
* mesa-utls
# glxgears 524 frames in 5.0 seconds = 104.564 FPS 486 frames in 5.1 seconds = 95.546 FPS 540 frames in 5.0 seconds = 107.794 FPS 420 frames in 5.0 seconds = 83.957 FPS 480 frames in 5.1 seconds = 93.990 FPS
You can see the very poor rate of frames per second. It seems direct rendering is not enabled.
# glxinfo | grep direct direct rendering: No (If you want to find out why, try setting LIBGL_DEBUG=verbose) OpenGL renderer string: Mesa GLX Indirect
Enabling graphics acceleration
Required packages:
* xserver-xorg-video-i810
* libgl1-mesa-dri
# glxgears 3374 frames in 5.0 seconds = 674.634 FPS 3499 frames in 5.0 seconds = 699.728 FPS 2674 frames in 5.0 seconds = 534.604 FPS # glxinfo | grep direct direct rendering: Yes
Now, with direct rendering enabled, I get a high rate of frames per second.
Category: Linux
Posted on Aug 11th, 2009 At 3:16 am by baldo
Prerequisites
Road-Warrior(Host to Net) configuration with OpenVPN
IP forwarding
With IP forwarding you can set your Linux box to act as a router. To enable IP forwarding as root issue the following command.
# echo "1" > /proc/sys/net/ipv4/ip_forward
Note: To enable by default when your system boots up edit the "/etc/sysctl.conf" (on a Debian system).
# Uncomment the next line to enable packet forwarding for IPv4 #net.ipv4.ip_forward=1
Masquerading or packet mangling
Since Internet routers can not forward traffic from private IP addresses you need to invoke IP masquerading. Masquerading is when your Linux system rewrites the IP headers of network packets so the network packet appears to originate from a non-private IP address.
Iptables rules.
This is the set of iptables rules that I use for IP forwarding and packet mangling.
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i tun+ -j ACCEPT -A FORWARD -i tun+ -j ACCEPT -A FORWARD -o tun+ -j ACCEPT . . *nat :PREROUTING ACCEPT [244:17449] :POSTROUTING ACCEPT [2:486] :OUTPUT ACCEPT [2:486] -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE . . .
Finally in your server configuration file, add the following line and restart the OpenVPN:
push "redirect-gateway def1"
Basically all traffic coming from the internal network(tun0) is forwarded to the Internet through the eth0 interface. Now all the Internet sites I visit record the IP of the OpenVPN server not the IP given by my ISP. One useful application for this configuration is that you can avoid the lack of security on wireless networks, because you connect to the Internet through the VPN.
Posted on May 23rd, 2009 At 4:19 am by baldo
The goal to accomplish is to share files stored in a Virtual Private Server(VPS) among clients connected to a Virtual Private Network(VPN), all this in a secure fashion over a public internet.
This configuration is called "Road-Warrior" or Host to Net, for best understanding of what is this all about, take a look at the following picture.
There are commercial and Open Source tools to set up Virtual Private Networks, the popular ones are IPSec and OpenVPN. For this post I use OpenVPN 2.0.
One of the highlights of OpenVPN is that it runs on user space, this means that if OpenVPN's security is compromised it won't affect the whole system or low level processes. Another highlight is that it is relatively easy to configure, actually you can have a basic VPN up and running in just a few minutes.
On the other hand is IPSec, honestly I have not work with it yet, but according to my search it is very difficult to configure and it has a very insecure design because it runs on kernel level, to be more specific at ring 0.
Take a look at what its creators said about it:
We are of two minds about IPSec. On the one hand, IPSec is far better than any IP security protocol that has come before: Microsoft PPTP, L2TP, etc. On the other hand, we do not believe that it will ever result in a secure operational system. It is far too complex, and the complexity has lead to a large number of ambiguities, contradictions, inefficiencies, and weaknesses. We strongly discourage the use of IPSec in its current form for protection of any kind of valuable information, and hope that future iterations of the design will be improved. However, we even more strongly discourage any current alternatives, and recommend IPSec when the alternative is an insecure network. Such are the realities of the world.
— Ferguson and B. Schneier.
Well, let's get our hands dirty!
Basically the tools you need are:
* VPS with a GNU/Linux system (I'm using a XEN VPS with a GNU/Linux Debian OS) * A set of tools to set up VPNs(OpenVPN 2.0) * SAMBA server to share files * Obvious stuff like client machines, internet, electricity, etc.
Note: I assume you already have OpenVPN and dependencies installed on both server and client machines, please refer to the documentation of your favorite GNU/Linux distribution to install these packages.
Dependencies:
* openssl * lzo * pam
Setting up Public Key Infrastructure (PKI)
Step 1:
Create Master Certificate Authority (CA) and key
Copy the preconfigured examples to the /etc/openvpn directory
# cp -r /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
Edit the vars file by setting your own parameters(KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL).
# cd /etc/openvpn/easy-rsa/2.0/ # vi vars . .
Then initialize the PKI.
# . ./vars # ./clean-all # ./build-ca
Enter your Common Name parameter(in my case "OpenVPN-mg-tech").
Note: you can leave most parameters as default.
Step 2:
Create Certificate and Key for Server
# ./build-key-server server
Enter "server" as Common Name parameter and answer "yes" to the last two queries.
Step 3:
Create Certificate and Key for client1
Note: Repeat these steps for each client you want to add to the VPN.
# ./build-key client1
Enter "client1" as Common Name parameter.
Step 4:
Diffie Hellman parameters
# ./build-dh
For more information on Diffie-Hellman refer to the RSA Laboratories.
Up to now you must have all keys and certificates in the "keys" subdirectory. In order to configure your clients you need to copy the generated files to the client machines, in my case these are:
* ca.crt * client1.crt * client1.key
Note: Ensure to copy these files over a secure channel like ssh.
Server and Client configuration.
For the configuration I want to accomplish I need a routed VPN. I use tun0 virtual interface to handle traffic among clients and server over UDP protocol.
Server configuration (/etc/openvpn/server.conf)
port 1194 proto udp dev tun persist-tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 10.8.0.0 255.255.255.0 # server ip will be 10.8.0.1 ifconfig-pool-persist ipp.txt client-to-client # i want clients can reach each other. keepalive 10 120 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 4
Client configuration (/etc/openvpn/client.conf)
This configuration is for a GNU/Linux client and it is placed on the client machine.
client proto udp dev tun persist-tun ca ca.crt cert client1.crt key client1.key remote 67.23.12.223 1194 # IP of the VPS server and OpenVPN port resolv-retry infinite nobind comp-lzo user nobody group nogroup persist-key verb 4
Test configuration
Once restart OpenVPN on both server and client test the configuration with a simple ping from client to server and server to client.
Ping from client(10.8.0.6) to server(10.8.0.1)
# ping 10.8.0.1 PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. 64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=105 ms 64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=102 ms 64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=99.5 ms . .
Ping from server(10.8.0.1) to client(10.8.0.6)
# ping 10.8.0.6 PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data. 64 bytes from 10.8.0.6: icmp_seq=1 ttl=64 time=112 ms 64 bytes from 10.8.0.6: icmp_seq=2 ttl=64 time=100 ms 64 bytes from 10.8.0.6: icmp_seq=3 ttl=64 time=100 ms . .
Configuring SAMBA server to share files among clients.
Note: I assume you have a SAMBA server already installed.
Configure by editing the smb.conf file.
# vi /etc/samba/smb.conf
When you add your windows clients to the VPN ensure to set the same "workgroup" for them.
workgroup = WORKGROUP
I want to access my whole home directory so I have to change the following options.
[homes] comment = Home Directories browseable = yes read only = no
Finally set the SMB password to an existing system user, in my case I already have a user added to the system called client1.
# smbpasswd -a client1 New SMB password: Retype new SMB password: Added user client1.
Firewall rules
In your firewall set of rules, ensure the OpenVPN and SAMBA ports are open.
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT -A INPUT -p tcp -m tcp --dport 445 -j ACCEPT
Note: To load the firewall rules at startup add the following line to the "/etc/network/interfaces" file.
pre-up iptables-restore < /etc/iptables.up.rules
Here some screen shots
Login
Remote home
If it worked for you, Поздравляю!
, if not try again and again until get it work. Here some links that could be helpful:
http://openvpn.org/papers/BLUG-talk
http://openvpn.org/index.php/documentation/howto.html
Category: Linux
Posted on April 25th, 2009 At 1:38 am by baldo
I just upgrade my kernel and when I try to start VirtualBox OSE, I get this message:
$ VBoxManage startvm "Open Solaris"
WARNING: The character device /dev/vboxdrv does not exist.
Please install the virtualbox-ose-modules package for your kernel and
load the module named vboxdrv into your system.
You will not be able to start VMs until this problem is fixed.
VirtualBox Command Line Management Interface Version 1.6.6_OSE
(C) 2005-2008 Sun Microsystems, Inc.
All rights reserved.
.
.
Well, the WARNING is self explanatory, I need to rebuild the module “vboxdrv” for my new kernel version.
# aptitude install virtualbox-ose-modules-$(uname -r) linux-headers-$(uname -r)
# m-a prepare
# m-a a-i virtualbox-ose
# modprobe vboxdrv
To avoid modprobe every time you reboot or shut down the system, is good idea to load the module at startup. Just type:
# echo "vboxdrv" >> /etc/modules
Now, the problem is gone.
$ VBoxManage startvm "Open Solaris"
VirtualBox Command Line Management Interface Version 1.6.6_OSE
(C) 2005-2008 Sun Microsystems, Inc.
All rights reserved.
Waiting for the remote session to open...
Remote session has been successfully opened.
Category: Linux
Posted on April 22nd, 2009 At 1:34 am by baldo
In the beginning it was darkness and then ...
"BIG BANG**"
the universe was created and million, million and million of planets (among other things) ...
I'm glad to be an inhabitant of a planet called "Planeta Linux México", a Mexican community of users, geeks and newbies of the most wonderful Operating System in the world, of course, I'm talking about GNU/Linux (other UNIX flavors are great too).
Whether you want to "Share Your Knowledge" and contribute to the GNU/Linux community, this is the right place to do that.
Fore more information, please visit the following links.
http://planetalinux.org/faq.php
http://planetalinux.org/lineamientos.php
**Honestly I don't know how the universe was created, “The Big Bang” is just a theory.
Category: Linux
