Konqueror: nfs, "The file or folder ... does not exist"

I really like konqueror because I can browse alot of sources with one application: mobile phone, ftp, files, nfs, ...

I use a FreeBSD host as nfs-server. And a gentoo box as a client.

After starting konqueror and typing the address of my nfs server in the location bar:

nfs://location

I see the different shares (as defined in /etc/exports).
However, when I click on one of the shared directories, I get an error:

The file or folder ... does not exist

.

This is strange as I am sure the permissions are correct. I mounted the share as root earlier, so an "Access Denied" message would be more appropriate then if faulty permissions where the cause.

When I tried it running Konqueror as the root user everything worked as expected. So I went digging in the Konqueror settings and stuff. I couldn't find anything.

So I decided to look on the nfs server. In /var/log/messages I found messages like this:

Feb xx 16:10:15 nfs-server mountd[53679]: mount request from 172.16.1.5 from unprivileged port

I did some research on the internet and found out why this message is displayed (however it is at first sight unclear if it is a warning, info or error message; if you have no access then you get "permission denied").
nfs sees connections from unprivileged ports (ports higher then 1024) as insecure. As konqueror is running as a normal user, it can't use privileged ports.

Now we know the cause, we still need to know what the solution for this is.
On a linux nfs server it is the "insecure" option in /etc/exports which also allows requests from unprivileged ports.
So I thought I put it in on my FreeBSD /etc/exports file.
However, when I restarted the nfs server I got this in /var/log/messages on the server (I also tried some other options that work in linux):

Feb xx 14:02:25 nfs-server mountd[52665]: bad exports list line /myvolume/filestorage 172.16.1.5(ro,insecure,all_squash,anon_uid=65534,anon_gid=65534)

It took me a while to find out that FreeBSD NFS and Linux NFS configs are not compatible:
Linux: http://linux.die.net/man/5/exports
FreeBSD: http://www.freebsd.org/cgi/man.cgi?query=exports&sektion=5
As you can see, FreeBSD has no such option in /etc/exports.

I looked again at the message in /var/log/messages and noted a very important detail: mountd.
Mountd is the process which is complaining. So I should be looking into the mountd manual.
So I did and found the -n option.

-n Allow non-root mount requests to be served. This should only be

specified if there are clients such as PC's, that require it. It
will automatically clear the vfs.nfsrv.nfs_privport sysctl flag,
which controls if the kernel will accept NFS requests from
reserved ports only.

This seems exactly what I want to accomplish. So I killed mountd and restarted it with the -n option:

killall mountd
mountd -r -n

It works!

To make this change permanent put one of the following two in /etc/rc.conf:

mountd_flags="-r -n"

or

weak_mountd_authentication="YES"

The last one I found in /etc/defaults/rc.conf (which is a very important file to see what defaults are used(and it is the proper way of doing this).

It took me a long time to solve this so I hope this helps somebody!

HOWTO: MacBook (since february 2008) with Sabayon Linux 3.5 (Compiz Fusion, sound, belgian french keyboard)

Hi all,

I have my macbook since a few months and I like it alot.

But even Mac OS X can't give me the pleasure Linux or BSD gives me. (personally I hate the window manager)

That's why I tried installing Sabayon Linux.

I have experience with Gentoo, Debian, CentOS, ArchLinux, ...
However, the reasons why I installed Sabayon Linux (which is based on Gentoo) are the following:
- I like Gentoo alot, but am sometimes tired of all the compiling (Sabayon Linux provides a binary package manager which works together with portage (Gentoo package manager)
- Gentoo is more error prone
- Sabayon Linux has all the "bling bling" right out of the box (well... almost all:D )
- Sabayon is optimized to boot as fast as possible and shutdown as fast as possible (believe me, shutdown is really fast). This makes the other distros less good for this.
- ...

The following steps need to be done:
====================================
-Prepare the environment (partitioning)
-Install Sabayon Linux
-Install the bootloader (rEFIt)
-Configure Xorg to work with Compiz Fusion
-Configure Xorg to support the keyboard layout
-Configure ALSA for audio support
-Things still to fix

Partitioning
------------
There are different ways to do this, however I got alot of problems doing it.

I first tried with BootCamp (google for it ;) )
In a graphical interface you can slide a bar which splits a volume in 2 parts.
For me this failed. I booted with the Mac OS X Leopard CD and went to the diskutility.
There I repaired the drive and the permissions.
Still the same error (something about not being enough space; I even removed 2 large files which were 18GB in total, still the same result). I tried to first resize the first partition using diskutil, but with no succes either.
When I typed df -h to see the usage of the partitions I saw there was something wrong, so again I booted from CD and repaired it.
After alot of trying I gave up this method.

I disabled the journaling in Mac OS X:(should be re-enabled after resizing the partition)
sudo diskutil disableJournal disk0s2

I downloaded the Sabayon Linux iso file (x86_64) and burned it to a DVD.
Restart Mac OS X and be shure the DVD is in the drive. While booting up press "c" (without the quotes) after the chimes sound. (try to press it multiple times or for a long time if it fails to boot).
"Start Sabayon Linux 3.5" seemed a good start.
However I got a grey X server, and the Desktop Manager(window manager) would not start.
I went to the console by pressing "fn"+"ctrl"+"alt" (no shift for the alt button) and stopped xdm by issueing /etc/init.d/xdm stop
I just want X running with an easy window manager just so I could start gparted.
With nano I created a .xinit file in the root home directory.
nano .xinit
This was the content:
startfluxbox

Make .xinit executable by doing:
chmod +x .xinit
Now issue:
startx

This started fvwm (which is a very minimal window manager but it is more than enough for this purpose). X seemed to ignored my .xinit because fluxbox did not get started. Maybe I did something wrong, but the important is I have Xorg and a shell.

It is time to start gparted:
On a shell I typed "gparted" (without the quotes)
Then I selected where I wanted the application to be placed on the screen.

Then I resized the Mac OS X partition and Applied the changes.

To my surprise this went without any problems.

What I forgot the first time was making a linux partition and making it bootable.
So I rebooted after the install of Sabayon Linux (created the partition tool in the installer) and did it using the command line.
Again boot with the Sabayon Linux CD and this time choose Console only
parted
list
set 3 boot on
Where 3 is the number of the partition where linux is going to be (or in my case: already is)
If you don't make it bootable you get a black screen with a message that the device is not bootable.

Installation
------------
I used the text mode installer
After the installation boot into Mac OS X again (you will not be able to boot into linux anyway at this time).

Install boot manager
--------------------
Download rEFIt from sourceforge. Copy the efi directory to the root directory (not the root home directory). Go into the folder and run enable_always.sh (or something similar).

Now reboot again.
This time you should be presented with a menu which gives you the choice to boot Mac OS X or Linux (maybe also CD/DVD).
Just trying to boot Linux at this point will possibly still fail.
If it does, reboot and select the rEFIt shell in the menu.
It will automatically tell you something is wrong with the MBR and that it should be fixed.
Let rEFIt fix it.

Now reboot and select Linux.
Taaadaaaaaa :D

Configure Xorg for Compiz Fusion
--------------------------------
Go to the start menu and type "Compiz" in the search text field.
Start Compiz Fusion Icon.
When I the started applications I had only blank windows :s

I had a portable before with an Intel chipset so I knew where to search.
Open a terminal and edit /etc/X11/xorg.conf
Change your xorg Device section (Driver i810) until it looks like this: (you only have to uncomment 2 or 3 lines, if not, you are doing something wrong or another chipset is used. This method will help for you then)
IMPORTANT! BE SURE TO TAKE A BACKUP OF THIS FILE
Section "Device"
Identifier "VESA"
Driver "i810"
Option "RenderAccel" "on"
Option "XAANoOffscreenPixmaps"
#Option "BusType" "PCI"
#Option "ColorTiling" "on"
#Option "EnablePageFlip" "on"
Option "AccelMethod" "XAA"
EndSection

Now restart Xorg by issueing ctrl+alt+backspace (no shift for the alt key)
After starting Compiz Fusion Icon it should work great:)

Configure Xorg keyboard layout
------------------------------
Go to the start menu and search for "Control Center.
Start it and go to "Regional & accessibility", then "Keyboard layout".
Select France keyboard and add it to the list on the right.
Keep the layout variant as "Default" and for keyboard model select "MacBook/MacBook Pro (Intl)".

Apply and it should work correctly.
IMPORTANT! For square brackets or curly brackets (or braces), you need to use the LEFT alt key (with or without shift for curly or square brackets).

After logging out I get back to a qwerty keyboard layout. This is probably because I have to log in as root to change the keyboard layout system-wide.

Configure ALSA for audio support
--------------------------------
It took me some time to get this solved altough I found out quickly that it was the snd-intel-hda module(which was also in my Dell Latitude D630:) )

I searched for a few minutes and saw about the model that can be supplied as an option to the snd-intel-hda kernel module.

I was pretty sure this was the answer to my problem.
I tried with macbook, intel-mac-v1, ....
This url pointed me in the good direction:
http://wiki.sabayonlinux.org/index.php?title=HOWTO:_Resolve_Problems_with_HDA-Intel_Sound_Cards

None of these worked so after a lot of searching I decided to try with mbp3 (which is for the MacBook Pro 3rd generation; while mine isn't).

IMPORTANT: To see what model you have you could check the list in the introduction on this link:
http://gentoo-wiki.com/HARDWARE_Apple_MacBook

Edit /etc/modules.d/options (or create it if it does not exist yet)
and put the following in it:
options snd-hda-intel model=mbp3

(if it still fails also try to add this:
options snd-hda-intel position_fix=1
)

IMPORTANT: Be sure to do this after each change you make to /etc/modules.d/*
update-modules force
This will regenerate the /etc/modprobe.conf and /etc/modules.conf files.
And then:
/etc/init.d/alsasound start.

If still no succes, retry with doing
alsaconf

Also check that your volumes aren't muted.
00 means NOT muted. For me it is always confusing.
Master, PCI and Front should be enabled if I am correct.

Things still to fix
-------------------
-When I use the arrow keys, they just don't move the cursor, but instead do another action
-Right click is not possible :s
-The touchpad is so sensitive that when I type I accidentaly move the cursor.

MySQL on FreeBSD don't want to start

I installed mysql5 server on my FreeBSD machine.
After adding the following to rc.conf:
mysql_enable="yes"
I notice that mysql is not really running:
netstat -an | grep 3306
did not give any output.

So I started digging.
The log file is by default:
/var/db/mysql/your-FQDN.err

The contest where:
080413 21:10:41 mysqld started
InnoDB: The first specified data file ./ibdata1 did not exist:
InnoDB: a new database to be created!
080413 21:10:42 InnoDB: Setting file ./ibdata1 size to 10 MB
InnoDB: Database physically writes the file full: wait...
080413 21:10:43 InnoDB: Log file ./ib_logfile0 did not exist: new to be created
InnoDB: Setting log file ./ib_logfile0 size to 5 MB
InnoDB: Database physically writes the file full: wait...
080413 21:10:43 InnoDB: Log file ./ib_logfile1 did not exist: new to be created
InnoDB: Setting log file ./ib_logfile1 size to 5 MB
InnoDB: Database physically writes the file full: wait...
InnoDB: Doublewrite buffer not found: creating new
InnoDB: Doublewrite buffer created
InnoDB: Creating foreign key constraint system tables
InnoDB: Foreign key constraint system tables created
080413 21:10:44 InnoDB: Started; log sequence number 0 0
080413 21:10:44 [ERROR] Can't start server : Bind on unix socket: Permission den
ied
080413 21:10:44 [ERROR] Do you already have another mysqld server running on soc
ket: /tmp/mysql.sock ?
080413 21:10:44 [ERROR] Aborting

080413 21:10:44 InnoDB: Starting shutdown...

So the bind of the unix socket is the problem. And it seems to be a permissions problem.

I started googling for this, and some info about /var/local/lib/mysql should be entirely owned by mysql (also group mysql)
I did that, but still without any luck.
There was not already a mysql server running or a file /tmp/mysql.sock

After some time I found out that the /tmp should be chmod 1777 for this to work.
The /var/tmp was like this, but the /tmp was not.
So I did this:
chmod 1777 /tmp
And mysql started just fine.

I have to say that this is probably not the good way of fixing this, probably I have to create an my.cnf file and specify there where the socket should be created.
Linux install by default a my.cnf file, but FreeBSD doesn't seem to be doing this.

If you fixed it you will get this at the bottom of your logfile:
080414 9:21:27 [Note] /usr/local/libexec/mysqld: ready for connections.

Compiz Fusion on Sabayon Linux 3.5 Loop 1 for Dell Latitude D630 (Intel 965GM X3100 chipset)

When I first tried Sabayon Linux (version 3.4f) Compiz Fusion was able to start, but when move a window it locked up.

A few days ago I installed the 3.5 version and noticed that the machine did not lock up anymore while using Compiz Fusion which is great.
BUT when I maximized and minimized the window or turned the cube it was not fluently.
Even If I only had one terminal open it still wasn't performing very well.

For daily use I use Debian and Compiz Fusion does work great there.
So I went to my config and compared them (another possibility was different versions of drivers, ...).
The only difference I see there is:

Code:

 Option "AccelMethod" "EXA"

I commented this out and restarted Xorg.
Now everything goes great:)
There is only one downside: graphics quality seems lower (sharpness in the animations).

Although I normally do a minimal install of a distro and install the packages I really need, I do like Sabayon Linux because of it's real ease of use. (and of course because it's Gentoo based :D )
I only had to change this one line and my system works perfect (and this even for a beta version).
This made me very happy about Sabayon!

Parallel Printer (lpt) on FreeBSD with CUPS

---Temporary---


For making the printer installable through SMB shares (drivers have still to be installed on the client?)
http://www.freebsddiary.org/cups.php

http://lfs.aliensoft.org/lfs/downloads/6.3/LFS-BOOK-6.3.pdf

Basic setup
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/printing-intro-setup.html

Powered by ScribeFire.

Setting up an OpenVPN server behind a router (nat) and ALL client traffic pass through server

Introduction

In some countries webpages get blocked because they do not suffice to the rules (moral, ethical, religious) of that country.

But sometimes other sites who shouldn't be blocked are not available.

This is possible to circumvent (all traffic will pass through your home OpenVPN server) and all traffic will be encrypted (until it arrives home).
So no possibility of local evesdropping.

This also comes in handy to transfer files safely between computers or secure any insecure UPD/TCP protocol.
You also DONT NEED ANY EXTRA HARDWARE:) isn't that cool?

This howto shows how you do it.


Network Setup


OpenVPN can work in bridged mode or in tun mode. In this setup I use tun.
If you want to know the difference read these:
http://openvpn.net/faq.html#tunnel-principal
http://openvpn.net/faq.html#bridge
http://openvpn.net/faq.html#bridge1
http://openvpn.net/faq.html#bridge2
http://openvpn.net/faq.html#bridge3
http://openvpn.net/howto.html#vpntype

As you see on the image my setup is probably almost identically to yours.

The OpenVPN server is connected to the router as like all other hosts.
NAT is applied to outgoing packets.
Incoming connections are not allowed by the standard firewall configuration.

The OpenVPN server has FreeBSD 6.2 installed and the client Debian Lenny.



What to do

1. Configure static IP for OpenVPN server
2. Configure OpenVPN server and client (and generate authentication keys and certificates)
   
3. Open firewall and forward port on router
   
4. Test the basic VPN
5. Configure NAT on the OpenVPN server

Configure static IP for OpenVPN server (FreeBSD)

First we have to configure the range of IP addresses given to hosts.
I configered from 192.168.33.10 to 192.168.33.20.
Look in the manual of your router where you can configure this.


Edit /etc/rc.conf and add a line like this:

Code:

 ifconfig_re0="inet 192.168.33.3 netmask 255.255.255.0"
 defaultrouter="192.168.33.1"

Do correct the "re0" to whatever the name is for your network interface.
For example interface vr0 would be ifconfig_vr0.

To point to what DNS should be used execute the following:

Code:

 echo "nameserver 192.168.33.1" > /etc/resolv.conf

This will only be applied after rebooting(or restart your network service). I hate rebooting... so lets do it manually :p

Code:

 ifconfig re0 192.168.33.3 netmask 255.255.255.0
 route add default gateway 192.168.33.1

Configure OpenVPN server and client

Add to the /etc/rc.conf file to start the openvpn server automatically when booting the server:

Code:

 openvpn_enable="YES"

Place this config(/usr/local/etc/openvpn/server.conf) at the server
(NOTE: ONLY try root and wheel group for testing if you are expecting permissions to be the problem! Normally you can use nobody as user and group):

Code:

# This is OpenVPN server, over UDP(better performance because of less overhead) with a tun device(routing).
proto udp
dev tun
mode server

# Authentication with OpenSSL
tls-server
tls-auth keys/ta.key 0
dh keys/dh1024.pem
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
duplicate-cn

# Configure the IP range of the VPN clients
server 192.168.100.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1" # this will make all traffic go through the VPN (web requests for example do not go directly to the internet, but the OpenVPN server sends them outside.)

user root
group wheel

ping 15
verb 5
log-append /var/log/openvpn/openvpn.log
status /var/log/openvpn/status.log


#comp-lzo # Compression to get better performance
#persist-key
#persist-tun

Create the log directory:

Code:

 mkdir /var/log/openvpn

The config for the client(/etc/openvpn/client.conf) is almost the same:

Code:

proto udp
dev tun
remote 213.219.138.69 # host to connect to

tls-client
tls-auth keys/ta.key 1
ca keys/ca.crt
cert keys/client1.crt
key keys/client1.key

pull # this will execute the "push" options shown in the server config. 

port 1194
user root
group root

ping 15
verb 5
log-append /var/log/openvpn/openvpn.log
status /var/log/openvpn/status.log

#persist-key
#persist-tun
#comp-lzo

Also create the log directory:

Code:

 mkdir /var/log/openvpn

OpenVPN is delivered with a nice tool to create the necessary keys and certificates called easy-rsa.

Code:

 cd /usr/local/share/doc/openvpn/easy-rsa/

Be sure you have openssl installed.

First edit the settings in the "vars" file to your likings (I recommend you keep the standard setting, or only highten the Diffie Hellman key size to 2048)

Execute:

Code:

 . vars
 ./clean-all
 ./build-ca
 ./build-key-server server
 ./build-key client1
 ./build-dh

First the settings get read. Then clean-all creates the key dir, the serial file and the index.txt file.
Build-ca creates a Certificate Authority.
Build-key-server creates a key for the server. For one OpenVPN server you have to do this only once.
After this for each client you have, you execute build-key client1, buildkey client2, ...
Be sure that the Common Name is unique.
Build-dh does create Diffie Hellman parameters.

Copy the files dh1024.pem, ca.crt, server.crt and server.key to the /usr/local/etc/openvpn/keys directory on the server (create it).
Copy ca.crt, client1.crt and client1.key to the /etc/openvpn/keys directory on the client side.


Open firewall and forward port on router

I have a Linux based router (US Robotics). I configured the firewall using SSH login.(you can enable this in the graphical interface)

First allow packets that are arriving from the internet on the router to be forwarded to your OpenVPN server.

Code:

 iptables -I FORWARD 1 -d 192.168.33.3 -p tcp --dport 1194 -j ACCEPT

Forward the packets that have as destination port 1194 to your OpenVPN server:

Code:

 iptables -t nat -A PREROUTING -p udp --dport 1194 -j DNAT --to 192.168.33.3:1194

Enable packet forwarding in the kernel:

Code:

 echo 1 > /proc/sys/net/ipv4/ip_forward

Test the basic VPN


After all this configuration, let's check if it works.

Start openvpn on the server:

Code:

 cd /usr/local/etc/openvpn
 openvpn/openvpn server.conf

Start openvpn on the client:

Code:

 cd /etc/openvpn/
openvpn client.conf

Normally you should see scrolling text on the logs of both, with at the end ... "Completed".
(It may be easier to remove the lines about logging in the configuration file: log-append, status. Then the output will be printed in the terminal)
This is my log-file after starting the server:

Code:

 
Thu Dec 20 07:59:01 2007 us=619831 Current Parameter Settings:
Thu Dec 20 07:59:01 2007 us=621081   config = 'server.conf'
Thu Dec 20 07:59:01 2007 us=621192   mode = 1
Thu Dec 20 07:59:01 2007 us=621255   show_ciphers = DISABLED
Thu Dec 20 07:59:01 2007 us=621314   show_digests = DISABLED
Thu Dec 20 07:59:01 2007 us=621373   show_engines = DISABLED
Thu Dec 20 07:59:01 2007 us=621431   genkey = DISABLED
Thu Dec 20 07:59:01 2007 us=621488   key_pass_file = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=621547   show_tls_ciphers = DISABLED
Thu Dec 20 07:59:01 2007 us=621605   proto = 0
Thu Dec 20 07:59:01 2007 us=621663   local = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=621721   remote_list = NULL
Thu Dec 20 07:59:01 2007 us=621782   remote_random = DISABLED
Thu Dec 20 07:59:01 2007 us=621840   local_port = 1194
Thu Dec 20 07:59:01 2007 us=621900   remote_port = 1194
Thu Dec 20 07:59:01 2007 us=621958   remote_float = DISABLED
Thu Dec 20 07:59:01 2007 us=622017   ipchange = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=622075   bind_local = ENABLED
Thu Dec 20 07:59:01 2007 us=622134   dev = 'tun'
Thu Dec 20 07:59:01 2007 us=622204   dev_type = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=622264   dev_node = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=622322   tun_ipv6 = DISABLED
Thu Dec 20 07:59:01 2007 us=622381   ifconfig_local = '192.168.100.1'
Thu Dec 20 07:59:01 2007 us=622441   ifconfig_remote_netmask = '192.168.100.2'
Thu Dec 20 07:59:01 2007 us=622499   ifconfig_noexec = DISABLED
Thu Dec 20 07:59:01 2007 us=622558   ifconfig_nowarn = DISABLED
Thu Dec 20 07:59:01 2007 us=622616   shaper = 0
Thu Dec 20 07:59:01 2007 us=622675   tun_mtu = 1500
Thu Dec 20 07:59:01 2007 us=622732   tun_mtu_defined = ENABLED
Thu Dec 20 07:59:01 2007 us=622791   link_mtu = 1500
Thu Dec 20 07:59:01 2007 us=622849   link_mtu_defined = DISABLED
Thu Dec 20 07:59:01 2007 us=622908   tun_mtu_extra = 0
Thu Dec 20 07:59:01 2007 us=622967   tun_mtu_extra_defined = DISABLED
Thu Dec 20 07:59:01 2007 us=623026   fragment = 0
Thu Dec 20 07:59:01 2007 us=623084   mtu_discover_type = -1
Thu Dec 20 07:59:01 2007 us=623262   mtu_test = 0
Thu Dec 20 07:59:01 2007 us=623331   mlock = DISABLED
Thu Dec 20 07:59:01 2007 us=623390   keepalive_ping = 0
Thu Dec 20 07:59:01 2007 us=623449   keepalive_timeout = 0
Thu Dec 20 07:59:01 2007 us=623508   inactivity_timeout = 0
Thu Dec 20 07:59:01 2007 us=623568   ping_send_timeout = 15
Thu Dec 20 07:59:01 2007 us=623627   ping_rec_timeout = 0
Thu Dec 20 07:59:01 2007 us=623686   ping_rec_timeout_action = 0
Thu Dec 20 07:59:01 2007 us=623745   ping_timer_remote = DISABLED
Thu Dec 20 07:59:01 2007 us=623804   remap_sigusr1 = 0
Thu Dec 20 07:59:01 2007 us=623863   explicit_exit_notification = 0
Thu Dec 20 07:59:01 2007 us=623921   persist_tun = DISABLED
Thu Dec 20 07:59:01 2007 us=623980   persist_local_ip = DISABLED
Thu Dec 20 07:59:01 2007 us=624039   persist_remote_ip = DISABLED
Thu Dec 20 07:59:01 2007 us=624097   persist_key = DISABLED
Thu Dec 20 07:59:01 2007 us=624156   mssfix = 1450
Thu Dec 20 07:59:01 2007 us=624229   passtos = DISABLED
Thu Dec 20 07:59:01 2007 us=624289   resolve_retry_seconds = 1000000000
Thu Dec 20 07:59:01 2007 us=624348   connect_retry_seconds = 5
Thu Dec 20 07:59:01 2007 us=624407   username = 'root'
Thu Dec 20 07:59:01 2007 us=624466   groupname = 'wheel'
Thu Dec 20 07:59:01 2007 us=624525   chroot_dir = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=624584   cd_dir = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=624670   writepid = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=624730   up_script = './server.up'
Thu Dec 20 07:59:01 2007 us=624789   down_script = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=624848   down_pre = DISABLED
Thu Dec 20 07:59:01 2007 us=624906   up_restart = DISABLED
Thu Dec 20 07:59:01 2007 us=624965   up_delay = DISABLED
Thu Dec 20 07:59:01 2007 us=625023   daemon = DISABLED
Thu Dec 20 07:59:01 2007 us=625082   inetd = 0
Thu Dec 20 07:59:01 2007 us=625140   log = ENABLED
Thu Dec 20 07:59:01 2007 us=625211   suppress_timestamps = DISABLED
Thu Dec 20 07:59:01 2007 us=625271   nice = 0
Thu Dec 20 07:59:01 2007 us=625331   verbosity = 5
Thu Dec 20 07:59:01 2007 us=625443   mute = 0
Thu Dec 20 07:59:01 2007 us=625512   gremlin = 0
Thu Dec 20 07:59:01 2007 us=625572   status_file = '/var/log/openvpn/status.log'
Thu Dec 20 07:59:01 2007 us=625632   status_file_version = 1
Thu Dec 20 07:59:01 2007 us=625691   status_file_update_freq = 60
Thu Dec 20 07:59:01 2007 us=625751   occ = ENABLED
Thu Dec 20 07:59:01 2007 us=625812   rcvbuf = 65536
Thu Dec 20 07:59:01 2007 us=625873   sndbuf = 65536
Thu Dec 20 07:59:01 2007 us=625934   socks_proxy_server = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=625996   socks_proxy_port = 0
Thu Dec 20 07:59:01 2007 us=626056   socks_proxy_retry = DISABLED
Thu Dec 20 07:59:01 2007 us=626116   fast_io = DISABLED
Thu Dec 20 07:59:01 2007 us=626226   comp_lzo = ENABLED
Thu Dec 20 07:59:01 2007 us=626294   comp_lzo_adaptive = ENABLED
Thu Dec 20 07:59:01 2007 us=626356   route_script = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=626416   route_default_gateway = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=626476   route_noexec = DISABLED
Thu Dec 20 07:59:01 2007 us=626536   route_delay = 0
Thu Dec 20 07:59:01 2007 us=626596   route_delay_window = 30
Thu Dec 20 07:59:01 2007 us=626656   route_delay_defined = DISABLED
Thu Dec 20 07:59:01 2007 us=626721   route 192.168.100.0/255.255.255.0/nil/nil
Thu Dec 20 07:59:01 2007 us=626783   management_addr = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=626845   management_port = 0
Thu Dec 20 07:59:01 2007 us=626904   management_user_pass = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=626967   management_log_history_cache = 250
Thu Dec 20 07:59:01 2007 us=627028   management_echo_buffer_size = 100
Thu Dec 20 07:59:01 2007 us=627089   management_query_passwords = DISABLED
Thu Dec 20 07:59:01 2007 us=627150   management_hold = DISABLED
Thu Dec 20 07:59:01 2007 us=627226   shared_secret_file = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=627287   key_direction = 1
Thu Dec 20 07:59:01 2007 us=627348   ciphername_defined = ENABLED
Thu Dec 20 07:59:01 2007 us=627409   ciphername = 'BF-CBC'
Thu Dec 20 07:59:01 2007 us=627469   authname_defined = ENABLED
Thu Dec 20 07:59:01 2007 us=627580   authname = 'SHA1'
Thu Dec 20 07:59:01 2007 us=627649   keysize = 0
Thu Dec 20 07:59:01 2007 us=627710   engine = DISABLED
Thu Dec 20 07:59:01 2007 us=627769   replay = ENABLED
Thu Dec 20 07:59:01 2007 us=627830   mute_replay_warnings = DISABLED
Thu Dec 20 07:59:01 2007 us=627890   replay_window = 64
Thu Dec 20 07:59:01 2007 us=627950   replay_time = 15
Thu Dec 20 07:59:01 2007 us=628011   packet_id_file = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=628071   use_iv = ENABLED
Thu Dec 20 07:59:01 2007 us=628132   test_crypto = DISABLED
Thu Dec 20 07:59:01 2007 us=628209   tls_server = ENABLED
Thu Dec 20 07:59:01 2007 us=628271   tls_client = DISABLED
Thu Dec 20 07:59:01 2007 us=628333   key_method = 2
Thu Dec 20 07:59:01 2007 us=628394   ca_file = 'keys/ca.crt'
Thu Dec 20 07:59:01 2007 us=628456   dh_file = 'keys/dh1024.pem'
Thu Dec 20 07:59:01 2007 us=628517   cert_file = 'keys/server.crt'
Thu Dec 20 07:59:01 2007 us=628578   priv_key_file = 'keys/server.key'
Thu Dec 20 07:59:01 2007 us=628640   pkcs12_file = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=628700   cipher_list = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=628761   tls_verify = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=628822   tls_remote = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=628884   crl_file = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=628945   ns_cert_type = 0
Thu Dec 20 07:59:01 2007 us=629006   tls_timeout = 2
Thu Dec 20 07:59:01 2007 us=629068   renegotiate_bytes = 0
Thu Dec 20 07:59:01 2007 us=629130   renegotiate_packets = 0
Thu Dec 20 07:59:01 2007 us=629206   renegotiate_seconds = 3600
Thu Dec 20 07:59:01 2007 us=629269   handshake_window = 60
Thu Dec 20 07:59:01 2007 us=629331   transition_window = 3600
Thu Dec 20 07:59:01 2007 us=629391   single_session = DISABLED
Thu Dec 20 07:59:01 2007 us=629453   tls_exit = DISABLED
Thu Dec 20 07:59:01 2007 us=629514   tls_auth_file = 'keys/ta.key'
Thu Dec 20 07:59:01 2007 us=629594   server_network = 192.168.100.0
Thu Dec 20 07:59:01 2007 us=629666   server_netmask = 255.255.255.0
Thu Dec 20 07:59:01 2007 us=629796   server_bridge_ip = 0.0.0.0
Thu Dec 20 07:59:01 2007 us=629876   server_bridge_netmask = 0.0.0.0
Thu Dec 20 07:59:01 2007 us=629947   server_bridge_pool_start = 0.0.0.0
Thu Dec 20 07:59:01 2007 us=630019   server_bridge_pool_end = 0.0.0.0
Thu Dec 20 07:59:01 2007 us=630083   push_list = 'redirect-gateway def1,route 192.168.100.1'
Thu Dec 20 07:59:01 2007 us=630144   ifconfig_pool_defined = ENABLED
Thu Dec 20 07:59:01 2007 us=630233   ifconfig_pool_start = 192.168.100.4
Thu Dec 20 07:59:01 2007 us=630306   ifconfig_pool_end = 192.168.100.251
Thu Dec 20 07:59:01 2007 us=630376   ifconfig_pool_netmask = 0.0.0.0
Thu Dec 20 07:59:01 2007 us=630439   ifconfig_pool_persist_filename = 'ipp.txt'
Thu Dec 20 07:59:01 2007 us=630502   ifconfig_pool_persist_refresh_freq = 600
Thu Dec 20 07:59:01 2007 us=630564   ifconfig_pool_linear = DISABLED
Thu Dec 20 07:59:01 2007 us=630625   n_bcast_buf = 256
Thu Dec 20 07:59:01 2007 us=630685   tcp_queue_limit = 64
Thu Dec 20 07:59:01 2007 us=630747   real_hash_size = 256
Thu Dec 20 07:59:01 2007 us=630807   virtual_hash_size = 256
Thu Dec 20 07:59:01 2007 us=630868   client_connect_script = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=630929   learn_address_script = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=630990   client_disconnect_script = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=631051   client_config_dir = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=631112   ccd_exclusive = DISABLED
Thu Dec 20 07:59:01 2007 us=631185   tmp_dir = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=631248   push_ifconfig_defined = DISABLED
Thu Dec 20 07:59:01 2007 us=631318   push_ifconfig_local = 0.0.0.0
Thu Dec 20 07:59:01 2007 us=631387   push_ifconfig_remote_netmask = 0.0.0.0
Thu Dec 20 07:59:01 2007 us=631449   enable_c2c = DISABLED
Thu Dec 20 07:59:01 2007 us=631508   duplicate_cn = ENABLED
Thu Dec 20 07:59:01 2007 us=631569   cf_max = 0
Thu Dec 20 07:59:01 2007 us=631628   cf_per = 0
Thu Dec 20 07:59:01 2007 us=631689   max_clients = 1024
Thu Dec 20 07:59:01 2007 us=631750   max_routes_per_client = 256
Thu Dec 20 07:59:01 2007 us=631858   client_cert_not_required = DISABLED
Thu Dec 20 07:59:01 2007 us=631925   username_as_common_name = DISABLED
Thu Dec 20 07:59:01 2007 us=631986   auth_user_pass_verify_script = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=632048   auth_user_pass_verify_script_via_file = DISABLED
Thu Dec 20 07:59:01 2007 us=632110   client = DISABLED
Thu Dec 20 07:59:01 2007 us=632183   pull = DISABLED
Thu Dec 20 07:59:01 2007 us=632247   auth_user_pass_file = '[UNDEF]'
Thu Dec 20 07:59:01 2007 us=632314 OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Oct 15 2006
Thu Dec 20 07:59:01 2007 us=632618 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Dec 20 07:59:01 2007 us=632700 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Thu Dec 20 07:59:01 2007 us=632754 WARNING: you are using user/group/chroot without persist-key/persist-tun -- this may cause restarts to fail
Thu Dec 20 07:59:01 2007 us=632807 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Thu Dec 20 07:59:01 2007 us=632858 WARNING: --keepalive option is missing from server config
Thu Dec 20 07:59:01 2007 us=682193 Diffie-Hellman initialized with 1024 bit key
Thu Dec 20 07:59:01 2007 us=698533 Control Channel Authentication: using 'keys/ta.key' as a OpenVPN static key file
Thu Dec 20 07:59:01 2007 us=698745 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 20 07:59:01 2007 us=698844 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 20 07:59:01 2007 us=698937 TLS-Auth MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Dec 20 07:59:01 2007 us=699549 gw 192.168.1.1
Thu Dec 20 07:59:01 2007 us=700008 TUN/TAP device /dev/tun0 opened
Thu Dec 20 07:59:01 2007 us=700181 /sbin/ifconfig tun0 192.168.100.1 192.168.100.2 mtu 1500 netmask 255.255.255.255 up
Thu Dec 20 07:59:01 2007 us=720889 ./server.up tun0 1500 1542 192.168.100.1 192.168.100.2 init
Thu Dec 20 07:59:01 2007 us=742528 /sbin/route add -net 192.168.100.0 192.168.100.2 255.255.255.0
add net 192.168.100.0: gateway 192.168.100.2
Thu Dec 20 07:59:01 2007 us=759919 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Dec 20 07:59:01 2007 us=763642 GID set to wheel
Thu Dec 20 07:59:01 2007 us=763810 UID set to root
Thu Dec 20 07:59:01 2007 us=763942 Socket Buffers: R=[42080->65536] S=[9216->65536]
Thu Dec 20 07:59:01 2007 us=764033 UDPv4 link local (bound): [undef]:1194
Thu Dec 20 07:59:01 2007 us=764098 UDPv4 link remote: [undef]
Thu Dec 20 07:59:01 2007 us=764210 MULTI: multi_init called, r=256 v=256
Thu Dec 20 07:59:01 2007 us=764382 IFCONFIG POOL: base=192.168.100.4 size=62
Thu Dec 20 07:59:01 2007 us=764487 IFCONFIG POOL LIST
Thu Dec 20 07:59:01 2007 us=764683 Initialization Sequence Completed

And this gets added to it when I stop openvpn:

Code:

 
Thu Dec 20 07:59:36 2007 us=859158 event_wait : Interrupted system call (code=4)
Thu Dec 20 07:59:36 2007 us=860092 TCP/UDP: Closing socket
Thu Dec 20 07:59:36 2007 us=860316 /sbin/route delete -net 192.168.100.0 192.168.100.2 255.255.255.0
delete net 192.168.100.0: gateway 192.168.100.2
Thu Dec 20 07:59:36 2007 us=880020 Closing TUN/TAP interface
Thu Dec 20 07:59:36 2007 us=880585 SIGINT[hard,] received, process exiting

Look at the output of ifconfig if there are extra interfaces:

Code:

 ifconfig

Code:

 tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.100.1  P-t-P:192.168.100.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

This should be what you see on the server (The number in tun0 could be different).
Notice the IP address: 192.168.100.1
The 192.168.100.2 is not of any use for you.

On the client you will see almost the same.
For example 192.168.100.6 as IP (always the first one)

Now we can ping to see if transmission is possible:
From the client:

Code:

 ping 192.168.100.1

From the server:

Code:

 ping 192.168.100.6

Both should give you a reply. (If not, be sure your firewalls do not block ICMP echo requests)

Reply == You did it:D


Do mind, that on Debian, OpenVPN gets automatically restarted if you boot. So if you can't go online anymore if the OpenVPN is not available then first try to shutdown the service:

Code:

 /etc/init.d/openvpn stop

You still can't go online through your VPN. See the next step how to do this last step.



Troubleshooting the OpenVPN tunnel

If you want more detailed information about your tunnel, you can change "verb 3" to "verb 5" in the config file.


Configure NAT on the OpenVPN server

Because the router is in the 192.168.33.1/24 range and the OpenVPN client is 192.168.100.6, the OpenVPN server(192.168.33.3) is not able to receive responses because the 192.168.100.6 can't be routed in the local network(network where OpenVPN server is). This means you need NAT for this.
So every packet coming from 192.168.100.6 will look as if it comes from the OpenVPN server (192.168.33.3). After the response it received on the OpenVPN server, NAT will correct the IP address and the port number of the packet and will send it to the OpenVPN client.

Because there is also NAT on the router this seems confusing. But in the end it is very logical. I also wondered if my OpenVPN traffic would be NATed. The solution for this is to only NAT the traffic coming from 192.168.100.6.


Setting up NAT in this case is very easy:

Code:

kldload ipl

Put those NAT rules into /etc/ipnat.rules

Code:

 map re0 192.168.100.0/24 -> 0/32 portmap tcp/udp 30001:40000 map re0 192.168.100.0/24 -> 0/32

re0 is your interface where the packets leave to the internal network (192.168.1.0/24) or the internet.
Correct the range (192.168.100/24)
NOTE: I only used one physical NIC to do this. The OpenVPN creates it's own virtual device: tun0. As long as the NAT rules are correct this shouldn't give you any problem.
NOTE: packets that have 192.168.100.1 (server end in the OpenVPN) will not be NATted because they are not destined for another host.

Now start ipnat:

Code:

 /etc/rc.d/ipnat start ipnat -f /etc/ipnat.rules

The last thing is allowing packets to be forwarded by the host:

Code:

 sysctl net.inet.ip.forwarding=1

! Important: you need the following in the OpenVPN server config:

Code:

 push "redirect-gateway def1"

Try to ping google for example


Troubleshooting you can do with tcpdump:

Code:

 tcpdump -tt -i re0

(you can do this on all hosts and interfaces(physical and virtual: re0 and tun0 in this example) to understand how the traffic is flowing)
or

Code:

 ipnat -l

for looking at the ipnat mappings and nat rules.


Now lets automate it:
Add the following to /etc/rc.conf

Code:

 gateway_enable="YES"

 firewall_enable="YES"
 firewall_type="open"

 ipnat_enable="YES" # Set to YES to enable ipnat functionality
 ipnat_program="/sbin/ipnat"     # where the ipnat program lives
 ipnat_rules="/etc/ipnat.rules"  # rules definition file for ipnat

Install Xorg on Dell Latitude D630 with Intel GM965 (X3100) graphics chipset (CentOS 5.1)

Important

DISCLAIMER: You cannot held me responsible for any loss or data or inoperability of your system. You do this on your own responsibility.
NOTE: - I will place synonyms in brackets to help people find this topic and fix there graphics problems.
- If you are not an experienced user, please let someone who knows more about it do it for you. (feel free to ask for help to me if you want)


Introduction and explanation

I installed CentOS and the graphics worked out of the box. BUT !!! It looked like, even the resolution was set correctly (checked with xrandr) I still got blurry (vaporous, not sharp) graphics. It seemed like there was an ancient chipset in the notebook although it was pretty new.

During tests in different distros (distributions: Gentoo, Debian, ArchLinux) I have noticed that the standard installed (stable) drivers were not working like they should.
On ALL distros I got it fixed by installing the correct version of some packages:

X.org (xorg): >= v1.3.0 (cat /var/log/Xorg.0.log | grep Window)
i810: >= v2.0.0 (cat /var/log/Xorg.0.log | grep intel)
or (cat /var/log/Xorg.0.log | grep i810)
libdrm: >= v2.3.0 (ls /usr/lib | grep libdrm)
or (ls /usr/lib64 | grep libdrm)

Software, minimum version, Command to show version


You might think, ok, just update these packages and it is done. In Gentoo, Fedora 7, Debian and ArchLinux this is true.
But CentOS introduces a problem: these versions are not in the repos.
Because CentOS is based on RedHat/Fedora I had the idea to install the RPM for the Fedora distribution. This was a success.
Let's see


How I did it

I visited rpm.pbone.net. It is a search engine for RPM packages.
I searched for the Xorg package with version 1.3 or higher for Fedora (Fedora 7; I took 7 because it are testing drivers, in 8 there are development drivers).
I downloaded it and tried to install it:

rpm --install xorg-x11-server-Xorg-*

This gives alot of messages about conflicts. This is very normal because the old version is still there.
Removing it will make it possible to install the new version (maybe there is a nicer way of doing this, let me know if so)

rpm remove xorg-x11-server-Xorg

This asked me if it is OK to remove some other packages as well (total of 32). Confirm.

Lets retry installing it

rpm --install xorg-x11-server-Xorg-*

This time I get a warning about some unsolved dependencies.
Go download the packages for the same Fedora version that are mentioned by the output.
Now lets install them:

rpm --install xorg-x11-server-Xorg-1.3.0.0-9.fc7.x86_64.rpm xorg-x11-drv-evdev-1.1.2-3.fc7.x86_64.rpm xorg-x11-drv-keyboard-1.1.0-3.fc7.x86_64.rpm xorg-x11-drv-mouse-1.2.1-2.fc7.x86_64.rpm xorg-x11-drv-vesa-1.3.0-6.fc7.x86_64.rpm xorg-x11-drv-void-1.1.0-4.fc7.x86_64.rpm libdrm-2.3.0-5.fc7.x86_64.rpm

At last we have to install the new intel(xorg-x11-drv-i810 package) driver. Be the version is above 2.0.0.

rpm --install xorg-x11-drv-i810-2.0.0-4.fc7.x86_64.rpm

(Be sure you have printed this out or on another screen.) Now press CTRL-ALT-BACKSPACE. Xorg will not be able to start anymore. Type CTRL-ALT-F1.
Log in as the root user.

Let Xorg generate the basic config file:

X -configure

Only one thing to do :D: Copying the config to the correct place.

cp /root/xorg.conf.new /etc/X11/xorg.conf

Testing
Go to runlevel 2 and back to runlevel 5 (or restart by typing shutdown -r now or by CTRL-ALT-DELETE)

init 2; init 5

If this gives problems, type them in seperately.


I noticed after the next login (and also when removing the xorg server) that KDE was not installed anymore on the system.
Just reinstall it:

yum install kdebase

Have fun!