How-to | JamesCoyle.net Limited

16-Dec-2013
James Coyle
10

Script to Automatically Detect and Restart Linux PPTP Client

Category : How-to

Get Social!

Linux penguin The default PPTP client for Linux does not automatically start on boot, or restart on a failed or dropped connection. I have written a short script to ping your VPN server gateway IP address and start the PPTP client if a ping does not succeed.

See my other post if you have not yet set up your PPTP VPN client.

Create this script and make it executable:

vi /root/cron/pptp_cron.sh
chmod +x /root/cron/pptp_cron.sh

Add the below script to the file and change the following attributes for your own values:

your-vpn-host-or-ip-address
your-vpn-username
your-vpn-password

#!/bin/bash

HOST=your-vpn-host-or-ip-address
PPTPUSER=your-vpn-username
PPTPPASS=your-vpn-password

DATE=`date`
PINGRES=`ping -c 2 $HOST`
PLOSS=`echo $PINGRES : | grep -oP '\d+(?=% packet loss)'`
echo "$DATE : Loss Result : $PLOSS"

if [ "100" -eq "$PLOSS" ];
then
    echo "$DATE : Starting : $HOST"
    /usr/sbin/pptp pty file /etc/ppp/options.pptp user $PPTPUSER password $PPTPPASS
    echo "$DATE : Now running : $HOST"
else
    echo "$DATE : Already running : $HOST"
fi

Add the following entry to your cron to execute the script every minute.

crontab -e

 */1  * * * * /root/cron/pptp_cron.sh >> /var/log/pptp_pinger.log 2>&1

See my other post if you have not yet set up your PPTP VPN client.

16-Dec-2013
James Coyle
0

Linux PPTP Client Error: “pty option precludes specifying device name”

Tags : Linux PPTP VPN

Category : How-to

Get Social!

Linux penguin I was receiving this error when I was trying to start a PPTP client connection in a Linux cron. The error was reported by pptp when issuing the start command:

pon VPNname

The error was:

/usr/sbin/pppd: pty option precludes specifying device name

I changed my PPTP client start up command to the below which fixed the issue:

pptp pty file /etc/ppp/options.pptp user [USER] password [PASSWORD]

Substitute the below attributes for your own values:

[USER] – PPTP VPN account user name.
[PASSWORD] – PPTP VPN account password.

16-Dec-2013
James Coyle
9

Set up Linux PPTP Client from the Terminal

Tags : firewall iptables Linux PPTP VPN

Category : How-to

Get Social!

Linux penguin A Virtual Private Network, or VPN, allows the client computer to connect to a remote local network to use it’s resources such as printers and file shares. There are several types of VPN such as PPTP and LP2SEC with varying types of protection. PPTP is not the most secure type of VPN but its the easiest to set up.

PPTP has numerous security risks which means that the data you are transferring through your VPN can easily be unencrypted. L2TP/IPsec is becoming the standard VPN technology of choice. PPTP should not be used unless security of each end point and the data transferred is not required.

Take the quick VPN Poll to tell us what type of VPN you use.

This tutorial assumes you have a PPTP server already set up with the following details:

Hostname: pptp.jamescoyle.net
Username: pptpuser
Password: pptppassword

Open a Terminal and install the required PPTP client packages.

apt-get install pptp-linux network-manager-pptp

Create a credentials file with the username and password of the PPTP server:

vi /etc/ppp/chap-secrets

Add your entry using the below attributes

[USER] – user name to log in to the VPN server
[SERVER] – name of server to use, PPTP in our case.
[SECRET] – password of the above [USER].
[IP] – ip of the server, * means all IPs.

[USER]    [SERVER]    [SECRET]    [IP]

Example:

pptpuser    PPTP    pptppassword    *

Create a file which will be executed when the PPTP connection is started. This can contain additional commands to run when the connection is started such as adding new routes or firewall exceptions.

vi /etc/ppp/ip-up.d/route-traffic

The below examle script adds a route from the PPTP connection to any computers on the PPTP servers local network with IPs in the 10.0.0.0 or 192.0.0.0 ranges. This means that on the PPTP client, any machines on the above IP ranges will be accessible. This script may not be required for your environment and is simply used as an example. Note: a route should automatically be added to your VPN gateway.

#!/bin/bash
NET1="10.0.0.0/8"
NET2="192.0.0.0/8"
IFACE="ppp0"
route add -net ${NET1} dev ${IFACE}
route add -net ${NET2} dev ${IFACE}

Allow execution of the script:

chmod +x /etc/ppp/ip-up.d/route-traffic

Add the PPTP client connection pool and any additional settings which are required. The connection name, jamescoyle.net, can be changed to suite your connection.

vi /etc/ppp/peers/jamescoyle.net

Add the details of the PPTP server. The below are the basic options required to connect to the server using mppe-128 encryption. Edit the below attributes to match your environment:

[USER] – user name to log in to the VPN server
[HOST] – host name or IP address of the PPTP server.

pty "pptp [HOST] --nolaunchpppd"
name [USER]
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam jamescoyle.net

You must add rules to your firewall to allow connections to and from this interface as well as through your existing public interface to make the PPTP connection. The below rules open all traffic on the new pptp interface using iptables. You may need to change this once the connection has been tested to increase security.

iptables -A INPUT -i pptp -j ACCEPT
iptables -A OUTPUT -o pptp -j ACCEPT

Finally you will need to start your PPTP client connection. Use pon and poff to start and stop your PPTP client. Replace [CONNECTION] with the name you gave to the file in /etc/ppp/peers/.

pon [CONNECTON]
poff [CONNECTION]

See my script on automatically detecting a disconnect and restarting the PPTP client connection.

12-Dec-2013
James Coyle
31

Create a RAM disk in Linux

Tags : Linux RAM Disk ramfs tmpfs

Category : How-to

Get Social!

Linux penguin There are many reasons for creating a memory based file system in Linux, not least of which is to provide a near zero latency and extremely fast area to story files. A prime use of a RAM disk is for application caching directories or work areas.

There are two main types of RAM disk which can be used in Linux and each have their own benefits and weaknesses:

ramfs
tmpfs

See my other post for the differences between ramfs and tmpfs.

Check the amount of free RAM you have left on your machine before creating a RAM disk. Use the Linux command free to see the unused RAM. The below is an example of a 31GB of ram in a production server.

free -g
       total used free shared buffers cached
Mem:   31    29   2    0      0       8
-/+ buffers/cache: 20 11
Swap:  13    6    7

The free command shows the amount of RAM availale on your system in addition to the amount of memory used, free and used for caching. SWAP space is also displayed and shows if your system is writing memory to disk.

Create a folder to use as a mount point for your RAM disk.

mkdir /mnt/ramdisk

Then use the mount command to create a RAM disk.

mount -t [TYPE] -o size=[SIZE] [FSTYPE] [MOUNTPOINT]

Substitute the following attirbutes for your own values:

[TYPE] is the type of RAM disk to use; either tmpfs or ramfs.
[SIZE] is the size to use for the file system. Remember that ramfs does not have a physical limit and is specified as a starting size.
[FSTYPE] is the type of RAM disk to use; either tmpfs, ramfs, ext4, etc.

Example:

mount -t tmpfs -o size=512m tmpfs /mnt/ramdisk

You can add the mount entry into /etc/fstab to make the RAM disk persist over reboots. Remember however, that the data will disappear each time the machine is restarted.

vi /etc/fstab

tmpfs       /mnt/ramdisk tmpfs   nodev,nosuid,noexec,nodiratime,size=1024M   0 0

See my other post for the differences between ramfs and tmpfs.

10-Dec-2013
James Coyle
0

Using a Proxy Server with Java

Tags : Java JVM Proxy

Category : How-to

Get Social!

Java applications can use a proxy server for making HTTP/ HTTPS connections to the internet by adding additional arguments to the startup command. It’s the JVM which is created with additional arguments to set up the JVM with the details required to proxy requests.

The following arguments are required:

http.proxyHost – the host or IP address of the proxy server.
ptty.proxyPort – is the port used by the proxy server. If this is not used the default of port 80 is assumed.

For example, to start the application myApplication.jar with a proxy server located at myproxyserver.local on port 8080:

java -jar myApplication.jar -Dhttp.proxyHost=myproxyserver.local  -Dhttp.proxyPort=8080

You can also specify the nonProxyHosts to exclude specific domains from using the proxy server. The below will not proxy anything on mydomain.com, server.local or localhost.

-Dhttp.nonProxyHosts="*.mydomain.com|server.local|localhost"

2-Dec-2013
James Coyle
8

Reverse Proxy Proxmox with Apache

Tags : Apache mod_proxy Proxmox Reverse Proxy

Category : How-to

Get Social!

The Proxmox web GUI is accessible on port 8006 by default using SSL encryption. The web GUI is served by the built in Proxmox lightweight HTTP server however changing the config could cause issues when upgrading to future Proxmox releases. The easiest way to expose the Proxmox web GUI externally is to use Apache to reverse proxy the site. You can then add additional security or specify SSL certificates at the proxy level without interfering with the Proxmox installation.

See my blog post on the basics of using Apache to reverse proxy websites.

To setup the reverse proxy for Proxmox, create a new sites-available entry called proxmox.

vi /etc/apache2/sites-available/proxmox

Add the following to the file and substitute a few settings for your own environment:

proxmox.cer – change to your SSL certificate for Proxmox
proxmox.key – change to the SSL certificate key for Proxmox.
proxmox.host – appears in the Location tags and must be the IP address or resolvable hostname of your internal Proxmox server. The ServerAdmin attribute is an email address which will be displayed on error pages such as 404.
proxmox.jamescoyle.net – change this to the external URL which will be used to access the reverse proxy server. The server will only proxy requests which contain this URL.

  SSLEngine On
  SSLCertificateFile /etc/apache2/ssl/proxmox.cer
  SSLCertificateKeyFile /etc/apache2/ssl/proxmox.key
  SSLProxyEngine on
  SSLProxyVerify none

  ServerAdmin [email protected]
  DocumentRoot /var/www
  ServerName proxmox.jamescoyle.net

  # Possible values include: debug, info, notice, warn, error, crit,alert, emerg.
  LogLevel warn
  CustomLog ${APACHE_LOG_DIR}/proxmox-access.log combined
  ErrorLog ${APACHE_LOG_DIR}/proxmox-error.log

  ProxyRequests off
  ProxyPreserveHost on
  RequestHeader unset Accept-Encoding

  
     ProxyPass https://proxmox.host:8006/
     ProxyPassReverse https://proxmox.host:8006/
     Order allow,deny
     Allow from all

Enable the new site in Apache. In Ubuntu the command a2ensite will create the symlink, or you can create it manually.

a2ensite proxmox

Reload Apache to load the new configuration.

service apache2 reload

« Previous Page — Next Page »

JamesCoyle.net Limited

Category Archives: How-to

10

Script to Automatically Detect and Restart Linux PPTP Client

0

Linux PPTP Client Error: “pty option precludes specifying device name”

9

Set up Linux PPTP Client from the Terminal

31

Create a RAM disk in Linux

0

Using a Proxy Server with Java

8

Reverse Proxy Proxmox with Apache

Visit our advertisers

Search

Quick Poll

Recent Posts

Visit our advertisers