A Million Monkeys

This article follows on from my hamachi based VPN tutorial. PPTP is much easier to set up on a debian server, and very easy to connect to from a Windows XP machine.

With the ease of use though, there are some downfalls. PPTP is known to be less secure than other VPN’s such as OpenVPN and IPSEC, but for most uses it should be fine. One advantage over my hamachi VPN is that you will end up with an IP on the remote LAN (instead of the 5.0.0.0/8 address you have from hamachi), meaning you don’t need to do any routing tweaks.

First, set up the server:

apt-get install pptpd

That’s it! Now, to configure, you just need to edit 2 files:

/etc/pptpd.conf
Just add 2 lines to the bottom of the file, for the internal IP address of the server, and a range of IP’s which the remote connections will use.
localip 10.1.0.50
remoteip 10.1.0.90-99

The comments at the bottom of the file show some other ways of assigning ranges of IP’s in the remoteip section.

Finally, to add a user, edit /etc/ppp/chap-secrets and add a line for a remote user in the format:

username pptpd password *

To limit connections from specific hosts, use them instead of the * at the end.

To set up the connection on a windows XP client, do the following (from Control Panel):

Network Connections
Create a New Connection
Next
Connect to the network at my workplace
Virtual Private Network connection
Enter your connection name
Do not dial the initial connection
Enter the IP of your server

Then run the connection with the username and password you entered into /etc/ppp/chap-secrets

By default this will route all your traffic (including normal web browsing) through the tunnel. If you don’t want this, go to the connection properties, then the networking tab. Choose TCP/IP properties, and click ‘Advanced’, then finally untick the ‘Use default gateway on remote network’ tickbox.

That should be all you need.

Soon, I’ll give OpenVPN a try, and try to write up a nice guide here.

Most of the information above came from other sites, and by googling. If anyone knows of a better or more secure way of using PPTP then please post comments below.

Installing bittorrent for linux is pretty easy, and it enables you to download torrents from the command line. This works for Debian Etch.

I’ll also give instructions for using screen to keep downloads going when you logout of the machine.

1, Install the dependancies and other useful packages:

# sudo apt-get install python-wxgtk2.6 python-twisted python-crypto python-psyco python-zopeinterface screen

2, Get the bittorrent .deb file

# wget http://download.bittorrent.com/dl/bittorrent_5.0.8_python2.4.deb
# dpkg -i bittorrent_5.0.8_python2.4.deb

3, Download torrents!

You’ve now got a command line, and curses interface for bittorrent installed. To download a file, run:

# bittorrent-curses http://path/to/file.torrent
(you can also use local paths for torrent files).

To use the command line interface:

# bittorrent-console http://path/to/file.torrent

If you want to leave a file downloading while you’re logged out, use screen. Simply type screen before your preferred command above, ie:

# screen bittorrent-curses http://path/to/file.torrent

To detach from the screen, press “Ctrl+A”, then “D”, and you will be returned to the shell. To re-attach to the screen, run “screen -r”

Bittorrent downloads will be stored in “~/Bittorrent Downloads” when they are complete. While they are being downloaded, they will be in “~/.bittorrent/incomplete/”

Packages for different distributions can be found here, along with source code.

There are plenty of guides for doing this, but here’s my way, which I’ve done on loads of different hardware.

Personally, I prefer to use the stock debian kernel because it supports most hardware and makes upgrading through apt easier. Occasionally though, I like to test the newest kernel releases, and here’s how I do it.

1, Install necessary tools:

# apt-get install kernel-package ncurses-dev bzip2 module-init-tools initrd-tools procps fakeroot

2, Download the latest kernel source:

# cd /usr/src
# wget http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.1.tar.bz2
# tar -xjvf linux-2.6.22.1.tar.bz2
# cd linux-2.6.22.1

3, Unzip any extra patches and apply them:

# bzip2 -dc patch-xxx.bz2 | patch -p1

5, Configure the kernel.

a, Using the current config as a base:

# cp /boot/config-x.x.x /usr/src/linux-2.6.22.1/.config
# make oldconfig
[ answer all the questions]

b, Using the menu interface (you can do the cp line above to use the old config as a base but make changes):

# make menuconfig

If you have multiple processors/cores, you can speed up the compile by utilising them all (this is similar to the -j flag when compiling the non debian way). To find out the number of cores you have, run:

# grep -c ‘^processor’ /proc/cpuinfo

Then to make sure all cores are used:

# export CONCURRENCY_LEVEL=4
replace 4 with the number of processors.

6, Compile and install:

# make-kpkg clean
# time fakeroot make-kpkg –initrd –revision=1 –append-to-version=.kris kernel-image

This will usually take between 5 minutes and over an hour, depending on how many modules there are to compile, and how fast your hardware is.

Once this has finished, you will be left with a .deb file which you can install using dpkg:

# dpkg -i linux-image*.deb

Because of the –initrd flag earlier, the initrd image will be created when you install the kernel. This command will also update grub, so all you need to do to use your new kernel is reboot.

Using the following steps, it’s possible to set up a chrooted debian DNS master server in under 5 minutes. It’s assumed that you have an understanding of BIND and zone files.

Parts of this guide (the chroot mainly) are taken from a longer guide at howtoforge.

Lines in italic are to be entered into the shell.

apt-get update
apt-get install bind9
/etc/init.d/bind9 stop
vim /etc/default/bind9

Change:
OPTIONS=”-u bind”
To:
OPTIONS=”-u bind -t /var/lib/named”

vim /etc/bind/named.conf.options

Change the ‘forwarders’ line to the DNS of your ISP
forwarders { x.x.x.x; };

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
mv /etc/bind /var/lib/named/etc
ln -s /var/lib/named/etc/bind /etc/bind
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/*
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
vim /etc/init.d/syslogd

Change:
SYSLOGD=”"
To:
SYSLOGD=”-a /var/lib/named/dev/log”

echo “nameserver 127.0.0.1 > /etc/resolv.conf

/etc/init.d/sysklogd restart
/etc/init.d/bind9 start

ping www.google.com

If that works, then you’ve got a running BIND master server!