Category Archives: General

Edgerouter Configure Remote Access VPN

Assumptions:

  • Local network is eth1-eth4, using DHCP 10.0.1.0/24
  • WAN/Internet connectivity is on eth0, used DHCP

Commands:
Enter config mode using:

#> configure

Type these commands to configure VPN:

set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec nat-networks allowed-network 10.0.0.0/8
set vpn ipsec nat-traversal enable
set vpn l2tp remote-access authentication local-users username your-remote-user password your-unique-password-here
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access client-ip-pool start 10.10.10.100
set vpn l2tp remote-access client-ip-pool stop 10.10.10.150
set vpn l2tp remote-access dhcp-interface eth0
set vpn l2tp remote-access dns-servers server-1 8.8.8.8
set vpn l2tp remote-access dns-servers server-2 10.0.1.1
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret your-pre-shared-key-here
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn l2tp remote-access mtu 1420
set vpn ipsec auto-firewall-nat-exclude enable

Type these commands to configure firewall to allow VPN connections:

set firewall name WAN_LOCAL rule 3 action accept
set firewall name WAN_LOCAL rule 3 description "Allow NAT-T"
set firewall name WAN_LOCAL rule 3 destination port 4500
set firewall name WAN_LOCAL rule 3 log enable
set firewall name WAN_LOCAL rule 3 protocol udp
set firewall name WAN_LOCAL rule 4 action accept
set firewall name WAN_LOCAL rule 4 description "Allow ESP"
set firewall name WAN_LOCAL rule 4 log enable
set firewall name WAN_LOCAL rule 4 protocol 50
set firewall name WAN_LOCAL rule 5 action accept
set firewall name WAN_LOCAL rule 5 description "Allow L2TP"
set firewall name WAN_LOCAL rule 5 destination port 1701
set firewall name WAN_LOCAL rule 5 log enable
set firewall name WAN_LOCAL rule 5 protocol udp
set firewall name WAN_LOCAL rule 6 action accept
set firewall name WAN_LOCAL rule 6 description "Allow IKE"
set firewall name WAN_LOCAL rule 6 destination port 500
set firewall name WAN_LOCAL rule 6 log enable
set firewall name WAN_LOCAL rule 6 protocol udp
set firewall name WAN_LOCAL rule 7 action accept
set firewall name WAN_LOCAL rule 7 description "Allow Established"
set firewall name WAN_LOCAL rule 7 log disable
set firewall name WAN_LOCAL rule 7 protocol all
set firewall name WAN_LOCAL rule 7 state established enable
set firewall name WAN_LOCAL rule 7 state related enable

Now, commit and save:

commit
save

Making Ubuntu Server A Mac Time Capsule

Intro
This is a tutorial about how to make Ubuntu server a Mac Time Capsule. What we need is a functional PC that can install Ubuntu and a Mac machine. This server can be used as not only a file server, but also a Time Machine for Mac backup.

The systems I am using are Ubuntu Server 16.04 LTS and OS X 10.11.5.

Now let’s get it started!

Step 1. Install Ubuntu (Server) 16.04 LTS on your server machine.
Install the LAMP server, OpenSSH server, and Samba file server. Wired network required.

After the installation finished, you may login the server via your Mac machine. Below are some optional configurations.

[Optional] Add new user:

$ sudo useradd -c “King the Brave” -m -s /bin/bash King
$ sudo passwd sam # you may use this to reset root’s password
$ sudo usermod -aG sudo King
[Optional] Delete old user

$ sudo userdel -r old_king # with “-r”, we can delete the home directory for “old_king”

Step 2. Mount your backup disk on Ubuntu.
$ sudo lshw -C disk # to determine the hard drive information
$ sudo fdisk /dev/sda # and create a new partition in the fdisk program by typing “n”
$ mkdir ~/Xserve # as a mount point
$ sudo mount /dev/sda ~/Xserve # to mount the hard drive

Step 3. Configurations.

$ sudo apt-get install netatalk libc6-dev avahi-daemon libnss-mdns

$ sudo vim /etc/nsswitch.conf # to replace the hosts line as below:
hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns

$ sudo vim /etc/avahi/services/afpd.service # to edit as below:
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
    <name replace-wildcards="yes">%h</name>
    <service>
        <type>_afpovertcp._tcp</type>
        <port>548</port>
    </service>
    <service>
        <type>_device-info._tcp</type>
        <port>0</port>
        <txt-record>model=Xserve</txt-record>
    </service>
</service-group>

$ sudo vim /etc/netatalk/AppleVolumes.default # to edit as below:
# change the line ~/ to:
/home//Xserve options:tm

$ sudo vim /etc/default/netatalk # to edit as below:
# uncomment/ add the entries below:
ATALKD_RUN=no
PAPD_RUN=no
CNID_METAD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no
A2BOOT_RUN=no

Step 4. Restart the services.
$ sudo service avahi-daemon restart
$ sudo service netatalk restart

internal error: could not get interface XML description: File operation failed – Failed to read (null)

Installed virt-manager on my ubuntu server, and when trying to use it, kept getting this error:

internal error: could not get interface XML description: File operation failed - Failed to read (null)

The culprit was the virtual ethernet interface that I had created on the host (eth0:0)

Here is more info on the bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1185850

removing the virtual network interface solved the issue.

XBMC on Ubuntu 14.04 with Nvidia – DTS Audio over HDMI & Tearing Resolved

After upgrading to 14.04, I had problems getting xbmc working I had problems getting XBMC work with my nvidia card.

Problem: DTS-HD/Digital audio passthrough using my HDMI via my AVR did not work.

Fix: Remove pulseaudio … yes.. really !

apt-get remove pulseaudio

(and don’t forget to restart)

Problem: Video tearing

Fix:  To /usr/share/lightdm/lightdm.conf.d/50-xserver-command.conf, add -bs:

xserver-command=X -bs -core

Compiling OpenCV 2.4 on RHEL/CentOS 5

OpenCV (Open Source Computer Vision) is a library of programming functions for real time computer vision.

At present, prebuilt binaries/packages are not available for OpenCV on Centos/RHEL 5. Here are the notes from my attempts to get it compiled.

Please make sure you have latest cmake installed from http://www.cmake.org/files/v2.8/cmake-2.8.10.2.tar.gz

To Install OpenCV python modules, you will need python-numpy modules to be installed.

easy_install numpy

Then compile OpenCV using(assuming, your latest python is installed in /usr/local/python-2.7):

cmake -DCMAKE_BUILD_TYPE=RELEASE -DCMAKE_INSTALL_PREFIX=/usr/local -DBUILD_EXAMPLES=ON -DBUILD_NEW_PYTHON_SUPPORT=ON -DINSTALL_PYTHON_EXAMPLES=ON -DPYTHON_EXECUTABLE=/usr/local/python-2.7/bin/python -DPYTHON_INCLUDE_DIR=/usr/local/python-2.7/include -DPYTHON_LIBRARY=/usr/local/python-2.7/lib/libpython2.7.so -DPYTHON_NUMPY_INCLUDE_DIR=/usr/local/python-2.7/lib/python2.7/site-packages/numpy/core/include/ -DPYTHON_PACKAGES_PATH=/usr/local/python-2.7/lib/python2.7/site-packages/

Using BUILD_NEW_PYTHON_SUPPORT fixes the issue seen below:

CMake Warning:
   Manually-specified variables were not used by the project:

   BUILD_PYTHON_SUPPORT

If you get the following Error:

CMake Error at apps/haartraining/CMakeLists.txt:39 (set_target_properties):
set_target_properties called with incorrect number of arguments.

CMake Error at apps/traincascade/CMakeLists.txt:29 (set_target_properties):
set_target_properties called with incorrect number of arguments.

it can be fixed in both files by enclosing ${EXECUTABLE_OUTPUT_PATH} with double quotes (“${EXECUTABLE_OUTPUT_PATH}”)

Then, run make

make

Now, make will throw an error when it tries to compile freak.cpp. To get this compiled, compile it manually (without using any optimization )

cd /home/ram/OpenCV-2.4.3/modules/features2d ; 
/usr/bin/c++ -Dopencv_features2d_EXPORTS -DHAVE_CVCONFIG_H \ 
-DCVAPI_EXPORTS -W -Wall -Wformat -Wundef -Winit-self \
-Wpointer-arith -Wshadow -Wsign-promo -fdiagnostics-show-option \
-Wno-long-long -pthread -fomit-frame-pointer -msse -msse2 -msse3 \
-ffunction-sections -DNDEBUG -DNDEBUG -fPIC \
-I/home/ram/OpenCV-2.4.3/modules/features2d/perf -I/home/ram/OpenCV-2.4.3/modules/features2d/include \
-I/home/ram/OpenCV-2.4.3/modules/highgui/include -I/home/ram/OpenCV-2.4.3/modules/flann/include \
-I/home/ram/OpenCV-2.4.3/modules/imgproc/include -I/home/ram/OpenCV-2.4.3/modules/core/include \
-I/home/ram/OpenCV-2.4.3/modules/ts/include -I/home/ram/OpenCV-2.4.3/modules/features2d \
-I/home/ram/OpenCV-2.4.3/modules/features2d/src -I/home/ram/OpenCV-2.4.3/modules/features2d/test \
-I/home/ram/OpenCV-2.4.3 -o CMakeFiles/opencv_features2d.dir/src/freak.cpp.o \
-c /home/ram/OpenCV-2.4.3/modules/features2d/src/freak.cpp

This should build freak manually, so make will not bother recompiling it anymore. Continue build:

cd /home/ram/OpenCV-2.4.3/
make
make install

This completes OpenCV installation. To build the samples:

export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
cd /home/ram/OpenCV-2.4.3/samples/c
chmod +x build_all.sh
./build_all.sh

Can’t configure Google Analytics Reports – “Invalid Token” message

When behind a proxy, Google Analytics Reports module in apache throws a “invalid token” message.

Solution:

The drupal_http_request does not handle corporate proxies well. Here is the custom function that I wrote to fix this exact issue:

 

function curl_http_request($url, $headers, $method, $data)
{
$result = new stdClass();
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL,$url);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_COOKIEJAR, $gacookie);
curl_setopt ($ch, CURLOPT_COOKIEFILE, $gacookie);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt ($ch, CURLOPT_PROXY, "myproxyserver.mydomain.com");
curl_setopt ($ch, CURLOPT_PROXYPORT, 80);
curl_setopt ($ch, CURLOPT_CUSTOMREQUEST, $method);
$fetched = curl_exec ($ch);
$result->code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$result->data = $fetched;
$result->error = curl_errno($ch);
curl_close($ch);
return($result);
}

Replace drupal_http_request in GA.lib.inc, with this function curl_http_request. It works for me. YMMV

Note: This can be used in place of drupal_http_request