Sunday, January 29, 2012

Linux - VPN with vpnc

If you want to set up a VPN client that connect to a CISCO vpn server. The following may help you.

As I had tested, vpnc is compatible to connect to a CISCO vpn server. This is guide is assumed that the Linux machine is a CentOS text based linux client.

Installing vpnc

1. You need RPMForge repository. See Add RPMForge for CentOS for guide
2. After adding RPMForge. Type

yum install vpnc

3. After successful installation, test your install with

vpnc 

and you should see the application request for the following


Enter IPSec gateway address: 

4. Ctrl-X to terminate the program. You have successfully installed vpnc

Configuration and Usage

1. Go to vpnc folder

cd /etc/vpnc

2. You should see 2 files

vpnc.conf - sample configuration file
vpnc-script - a script that vpnc required to run

3. Set execution permission to vpnc-script

chmod +x vpnc-script

4. Set up a configuration file. The configuration file is best to store at /etc/vpnc 
Below is a sample configuration content named my-vpnc.conf

### This is the gateway configuration
IPSec gateway your.vpn.gateway.com
IPSec ID your.vpn.group.id
IPSec secret your.vpn.ground.password
### Put your username here
Xauth username your.login.id
Xauth password your.login.password

I believe those fields are self explanatory. For those information, you can obtain from your cisco pcf file.

For VPN group password, it is encoded in enc_GroupPwd field. If you "forget" your group password, you can use http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode to "recover" it.

4. After your configuration, type

vpnc my-vpnc.conf

my-vpnc.conf is set up at step 3, and by default, vpnc locate the configuration file at /etc/vpnc

5. If you connect successfully, you should see your VPN banner

Connect Banner:

"VPN Banner"

VPNC started in background (pid: 18400)...

Also, you can try to ping your vpn network as testing.

6. To Disconnect, type

vpnc-disconnect

Adding RPMForge to CentOS

Base on the link, you will get enough information to add RPMForge to CentOS machine.

http://wiki.centos.org/AdditionalResources/Repositories/RPMForge#head-c02c679d2b90b89efe3ac7f36f212c87bb1c17ab

For me, I have some trouble on this as my Linux machine is text based only

1. My VM cannot use RPM to download the those listed RPM file directly.
2. RPM parse PM-GPG-KEY.dag.txt with error.
3. My Window machine cannot download those list RPM as well (I really have no idea why???)

If you encounter the above issue, this small tips may help. And, it is so naive....

Use wget!!

1. wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
2. rpm --import RPM-GPG-KEY.dag.txt 
3. wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el4.rf.i386.rpm
4.  rpm -i rpmforge-release-0.5.2-2.el4.rf.i386.rpm or rpm -Uhv rpmforge-release-0.5.2-2.el4.rf.i386.rpm 

That all. You can test your yum by yum install vpnc


Tuesday, January 10, 2012

Perl - Debugging

Finally, I have to debug a perl script. These are some of the helpful command. I am assuming the perl debugger version 1.27


  • 1. Debugging - Adding -d will trigger a debug mode on your perl script


perl -d myscript.pl

  •  Stepping - Type s in debug console will let you step through your code line by line



  • Break Point - Type b (line number) in debug console will let you set a break point


b 100


  • Print variable - Type p (variable) in debug console will display your variable value


p $varname


  • Continue - Type c in debug console will bring you to the next break point



  • Delete a Break Point - Type B (line number) in debug console to remove a break point


B 100


  • List all break point/action - Type L in debug console to list all breakpoint and action



  • Watch - Type w (variable) in debug console to set a watch to the variable. Changes will appear on the debug console if your watch variable is altered


w $varname


  • Delete a Watch - Type W (variable) in debug console to delete a watch point
W $varname
  • Help - Type h in debug console to get help list



  • Reload - Type R in debug console to reload the program in debug mode



  • Quit - Type q in debug console to quit debugging


See the attached image for example


Thursday, January 5, 2012

Linux Command - iptables

Finally, get irritated on iptables as it keeps blocking my web server. Done some searching online and the follow helped me to unblock my port and also redirect my port internally. I am working on CentOS 5.6

1. Type the following, to open the iptables configuration file

vi /etc/sysconfig/iptables

2. Look for :RH-Firewall-1-INPUT - [0:0] and add the following before any REJECT rule. Reject rule are generally the last line of the configure file before COMMIT


-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT


3. Save the configuration file and type

service iptables restart

4. If you type "iptables -L", you should see a entry like below. You can verify your rule by accessing your webserver via port 80


ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http 

5. Now, for local redirection. You cannot add the command to the above iptables configuration file. You must type the following at run time. The following will forward port 8080 to port 80

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 80

6. You can verify your entry by 

 iptables -t nat -L -n -v

and you should see an entry like

 17   845 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 redir ports 80 

7. Now, you can try accessing your webserver via 8080.

8. Important note is that if your restart your iptables (service iptables restart), you will lose this NAT configuration. It also means that when you restart your server, your NAT configuration will be gone.

9. So, for me, I will add this redirection command at .bash_profile so that it will apply the setting on each start up. For example, I will add these 2 statement on .bash_profile

service iptables restart
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 4320 -j REDIRECT --to-port 80