Sunday, November 23, 2008

OpenVPN+WindowsXP+Debian Linux

How to connect Windows XP and Debian Linux using secure connection over OpenVPN.

Prepare your working tools
su
apt-get install openvpn
cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/
gzip -d *.gz
mkdir -p /etc/openvpn/tools
ln -s tools/keys /etc/openvpn/keys
make install DESTDIR=/etc/openvpn/tools
cd /etc/openvpn/tools

Change key size (optionally):
Open file: /etc/openvpn/tools/vars
Change: export KEY_SIZE=1024
To value: 2048

or change key size by executing following commands (still optional):
cp vars vars.bak
cat vars.bak | \
sed -e 's/export KEY_SIZE=1024/export KEY_SIZE=2048' > vars


Generate keys:
source vars
./clean-all # Warning: this will delete all your previous keys!
# optionally: mv keys .. ; ln ../keys keys
./build-ca
./build-dh
./build-key-server server
./build-key client1
./build-key client2
./build-key client3

In future you can add new client certificate by following commands:
source ./vars
./build-key client4

# Optionally:
mkdir logs
mkdir var

Your client key is stored to files client1 - 3. Copy appropriate client file with certificates to your Windows desktop.

Customize configuration files:
On Linux: server.conf / client.conf
On Windows: server.ovpn / client.ovpn

Further settings:
Setup firewall rules
Open access through firewall to OpenVPN server:
iptables -I INPUT -s trusted-client.com -p UDP --dport 1194 -j ACCEPT
iptables -I FORWARD -s trusted-client.com -p UDP --dport 1194 -j ACCEPT

Allow forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

Allow access from VPN to anywhere around the world (optional):
iptables -I INPUT -i tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT

Allow NAT for VPN
iptables -F -t nat
iptables -t nat -A POSTROUTING -s 10.1.0.0/24 -o eth0 -j MASQUERADE

Setup OpenVPN server on Debian Linux:
Copy files: ca.crt, server.key, server.crt
To: /etc/openvpn

Setup OpenVPN client on Windows XP:
Copy files: cli/*, ca.crt, server.crt, client3.key, client3.crt
To: C:\Progra~1\OpenVPN\config

Start OpenVPN server on Debian Linux:
/etc/init.d/openvpn restart
or
openvpn --config /etc/openvpn/server.conf

Start OpenVPN client on Windows XP:
right click OpenVPN tray icon, choose "connect"
or run from command line:
openvpn --config C:\Progra~1\OpenVPN\config\client3.ovpn
 ... can be stopped by the F4 key.

Start  or shutdownOpenVPN on Windows7 as a service:
net start OpenVPNService
net stop OpenVPNService

SSH without password

You can access your remote Linux server over SSH without password. This is faster and some cases prefered way.

The goal is in generating of pair of public-private keys which will authorize your access. You will leave your private key on your local computer (kept in secret) and copy public key to any remote server you want to access. After registering the public key you will be able to access remote server without entering passowrd.


Generate public-private key pair on your local Linux desktop:
$ ssh-keygen -b 2048 -t dsa

Distribute your public key to remote server:
$ scp ~/.ssh/id_dsa.pub \
user@server.com:.ssh/id_dsa.pub.tmp


or alternatively you can use:
ssh-copy-id -i ~/.ssh/id_dsa.pub user@server.com

Register your public key on your remote server:
$ ssh user@server.com
$ cat ~/.ssh/id_dsa.pub.tmp >> ~/.ssh/authorized_keys2


Access your remote server without password:
$ ssh user@server.com

step by step guide in Czech

Wednesday, November 19, 2008

Time synchronization in Linux

Date and time settings in Debian Linux

Set date and time approximately (optional step):

$ sudo su
# apt-get install ntpdate
# ntpdate ntp.cesnet.cz


Install NTP for higher precission with automatic time synchronization:

# apt-get install ntp ntp-server ntp-simple ntp-doc


Configure NTP for automatic time synchronization:
Open file /etc/ntp.conf

Add lines:

server clock1.zcu.cz
server clock2.zcu.cz
server ntp.cesnet.cz

Comment out everything except following directives:

driftfile, statsdir, statistics, filegen (more lines in sequence)


Start NTP server:

# /etc/init.d/ntp-server restart


Display current time settings:

# ntpq -p
- shows table of servers accessibility and accuracy
- main server is marked by star (*), else automatic synchronization does not work


Store date and time to hardware clock:

# /usr/sbin/ntpdate -s
# /sbin/hwclock --adjust
# /sbin/hwclock --systohc

Tuesday, November 18, 2008

Command com in Linux Shell

If you liked it and if you miss it...

while `/bin/true` ; do
read -p 'C:\> ' cmd
if [ "$cmd" != "" ]
then
echo Bad command or file name
# echo $cmd
echo
fi
done

Monday, November 17, 2008

Shell regular expressions

Sedatives with sed

sed -i -e 's/template/supplement/g'

parameters:
-e allows to chain more rules for replace
/g replaces all occurences (global)
-i edit current file in place (use -ibackup for backup)

Fresh grepfruit

grep -P 'template' file

prints lines from file which match regex template.
-P uses Perl-compatible regular expressions (if not available, try -E instead)
-E uses extended regular expressions


Awkward tasks

who | awk -F ' ' '{print $1}'

prints first item of each line.
-F specifies item delimiter, default is white character.

Tuesday, November 11, 2008

Faster scp with tar

scp using tar:

Following sequence retrieves data from remote server immediately without need to store compressed tar to file.

ssh root@server tar -c /www/domain.com | tar -x

Following sequence sends local data via ssh to the remote server.

tar -c /www/domain.com | \
ssh root@server cd /www/domain.com '&&' tar -x


Bash - functions, timestamp, date diff

Bash function - command line calculator
calcfn () { echo "$*" | bc -l; }

Bash timestamp of specific date
date +%s -d 20070103

Date difference in Bash
dateOfPast='20080103'
today=`date +%Y%m%d`
timeStampToday=`date +%s -d $today`
timeStampOfPast=`date +%s -d $dateOfPast`
secondsInDay=86400
dayDiff=`echo \($timeStampToday - $timeStampOfPast\) / $secondsInDay | bc`
echo $dayDiff

Convert Unix timestamp to local date time
echo $timeStamp | perl -n -e 'chop; print localtime( ($_)[0] ) . "\n";'

Convert Unix timestamp to GMT
echo 1234567890 | perl -n -e 'chop; print gmtime( ($_)[0] ) . "\n";'
Unix Timestamp
1234567890 ... Friday The 13th.

Monday, November 10, 2008

Vim - File Differences with vimdiff

Brief usage of vimdiff. For detailed description see man, info and online docs.

Start vim in diff mode
vimdiff file1.php file1.php~

Alternatives:
gvimdiff
vimdiff -O ==horizontal windows
vim -d

Switch between windows
Ctrl+w Ctrl+w

Put new lines to other window
dp

Obtain new lines (from another window)
do

Skip between diff groups
previous group
[c

next group
]c

(Un)folding
open folded difference
zo

close folded diff
zc

Source: vimdoc

Thursday, November 06, 2008

Czech Weather Forecast - Pocasi.cz

Our team was hard working last weeks. And here is the result:
Pocasi.cz - Czech and European Weather Forecast (Czech language)