gelus, -ūs, m
Route of Joy
Happy Semester
027 days
It is really a happy happy semester!
Today I just took a look at class Operating System. The lecturer is so good. I really like the way he teaches, energetic. Now everybody just said another class I take “Computer Architecture” has a good lecturer too. What’s more, I think Computer Vision could be fun…So all three classes I take this semester would be a great of fun!~
Kinect new SDK would be released on Feb 1st, it seems that everything fun come all together. Let me try to build muscle and survive!
Road to Tofu
0121 days
by IndarKness
in Route of Joy
I was always missing the tofu, especially the super super soft tofu in China. Now I can make by my own! Next time I’ll try to make a super soft one for breakfast.
IPV6 Ready Home Network
0207 days
by IndarKness
in Route of Joy
The ipv6 era has come. Now it seems that Facebook and all the services in Google have implemented IPV6 connectivity. I know China Tel always trying to block users from IPV6. Microsoft Teredo server seems down here. To integrate my home network with IPV6, A tunnel broker is a good choice.
First, make sure all the devices you own are IPV6 capable. An openwrt Router is preferred. Linux desktops is recommended (Only Linux can update the DNS record from radvd RDNSS). Windows 7/Vista is acceptable.(They only accept DHCPv6 for DNS update). Windows XP or earlier version is unacceptable. Mac OS X 10.6.8 or higher is recommended.
The whole article aims to provide IPV6 through Router using tunnel broker.
1. As a Hurricane Electric Certified Sage, I recommend tunnel broker provided by HE. Register your account and create a regular tunnel here.
2.Install the essential modules on Openwrt Router. I installed: ip, kmod-ipv6, kmod-sit, radvd, dibbler, curl. Here I use radvd for Router Advertisement and dibbler for DHCPv6. dibbler is somewhat big. If you prefer ISC DHCPv6 or wide DHCPv6, that is OK. curl is for update my tunnel Endpoint IP address cuz my Router is under Dynamic Address Allocation over PPPoE.
3.Bring the router to the IPV6 network.
This is a shell script for me to add my router to IPV6 Network.
username=xxxxxx
password=xxxxxx
tunnelid=xxxxxx
curl --insecure https://$username:$password@ipv4.tunnelbroker.net/ipv4_end.php?tid=$tunnelID
# Here I use --insecure for not verifying the server certification. or you can use --cacert to specify the CA file
myip=$(ifconfig|grep -A2 'pppoe-wan'|grep 'inet addr:'|cut -d: -f2 |awk '{ print $1}')
myv6ip=2001:470:c:1376::2/64
server=66.220.18.42
ip tunnel add he-ipv6 mode sit remote $server local $myip ttl 255
ip link set he-ipv6 up
ip addr add $myv6ip dev he-ipv6
ip route add ::/0 dev he-ipv6
If everything is fine you can ping ipv6.google.com on your router now.
4.Because my Allocated Routed /64 is 2001:470:d:1376::/64 (be aware, the prefix is different from the address your router get, here is a d, not a c). This /64 block is for my home network, so I route it to the lan.
ip -6 route add 2001:470:d:1376::/64 dev br-lan
5.Configure /etc/config/radvd and /etc/dibbler/server.conf for Router Advertisement and DHCPv6. The configuration I am using is:
/etc/config/radvd:
config interface option interface 'lan' option AdvSendAdvert 1 option AdvManagedFlag 1 option AdvOtherConfigFlag 0 option ignore 0 config prefix option interface 'lan' # If not specified, a non-link-local prefix of the interface is used option prefix '2001:470:d:1376::/64' option AdvOnLink 1 option AdvAutonomous 1 option AdvRouterAddr 0 option ignore 1 config rdnss option interface 'lan' # If not specified, the link-local address of the interface is used option addr '2001:470:20::2' option ignore 1
/etc/dibbler/server.conf:
log-level 8
log-mode short
preference 0
iface "br-lan" {
// also ranges can be defines, instead of exact values t1 1800-2000 t2 2700-3000
prefered-lifetime 86400
valid-lifetime 172800
class {
pool 2001:470:d:1376::/64
}
option dns-server 2001:470:20::2
}
6.Enable ipv6 forwarding in /etc/sysctl.conf
net.ipv6.conf.all.forwarding=1
7.After everything finished, just enjoy the IPV6 in your home network.
P.S. If you disable IPV4 on your laptop, it will lead your laptop to IPV6 only network. At least in IPV6 only network Facebook and all services Google providing are accessible.
Run Debian inside Alpine
0317 days
It seems good that Alpine really saves plenty of RAM. After my server boot, only 50+ MB is used. At last the shortage of RAM does never belong to my server.
Everything has pros and cons. Alpine is a distribution to make every package as small and light as possible. It uses uClibc, not glibc used by other linux server distros, which leads incompatible with binary packages compiled with glibc(most binary packages are not compiled as static release). Here raises a question, how can I run these closed-source binaries in alpine?
“debootstarp” is a package running Debian inside Alpine. It can solve all the problems with chroot. By default, the kernel is compiled with grsec, which forbids chroot. The config of grsec should be changed before running debootstrap.
#apk add debootstrap
#echo 0 > /proc/sys/kernel/grsecurity/chroot_deny_mount
#echo 0 > /proc/sys/kernel/grsecurity/chroot_deny_chmod
#mkdir /mnt/debian
#debootstrap –arch=amd64 stable /mnt/debian
#chroot /mnt/debian /bin/bash
Wow, Debian inside Alpine!
Setup PPP with Freeradius
6332 days
by IndarKness
in Route of Joy
This article shows how to setup VPNs with freeradius and daloradius web UI.
Step 1: setup connection between daloradius and mysql
Daloradius is an open source web UI for radius. Its project webpage is:
http://sourceforge.net/projects/daloradius/
The INSTALL guide could be found in the root folder of daloradius. In a brief, you should setup a new database uses the schema in contrib/db/ and provides database information to library/daloradius.conf.php. If you uses freeradius 2.X versions, make sure you set the radius version as ’2′ in daloradius.conf.php. The usergroup table name was misconfigured as “usergroup”. Make sure you change it to “radusergroup” in daloradius.conf.php.
After setup, you can login daloradius as administrator.
Notice:
The latest version in SVN is highly recommend. The stable version 0.9.8 is not compatible with Freeradius 2.X versions.
Now the 0.9.9 is highly recommended. It is compatible with Freeradius 2.X versions.
The daloradius needs php pear db module. Make sure the module is installed in your php environment and the path to the module is included in the php.ini configuration file.
Step 2: setup connect between freeradius and mysql
Almost all the configuration file now is provided in daloradius SVN contrib/configs/. Replace the configuration file in freeradius with ones in daloradius, counter.conf, sql.conf, radiusd.conf and the default site configuration in site-enabled folder.
Then setup the database access in sql.conf.
Step 3: Setup first user and test
If you uses the configuration file provided by daloradius, the NAS information is set to find in database, not file.
Therefore first, add a new NAS in daloradius NAS section, the IP address could be 127.0.0.1 Then add a new user in daloradius.
Start freeradius, it could be “freeradius -X”
Test the user connectivity in daloradius. If everything is OK, it should return “Accepted”.
Notice:
If you want to use simultaneous session count only by database, by the default site file in daloradius config schema, the session is counted both in radutmp and database. In the session section of the site file, I commented radutmp. In the sql.conf, I enabled the simultaneous count. This would make the radius only count the simultaneous session in database, without file written.
Step 4: Setup PPP radius plugin
Usually ppp radius plugin is not included in Debian, or other distributions. To get ppp radius plugin, you can download pppd source and run “./configure” and “make”. radattr.so and radius.so are the two plugin I use, which can be found in /pppd/plugins/radius/. On my server, the IP pool is handled by file, not database.
Copy radiusclient folder out from pppd source, to someplace, such as /etc/, and configure the server and shared secrets in radiusclient/servers, if the radius server is the same server where PPP runs, the IP should be 127.0.0.1
Step 5: Setup PPTP/L2TP with radius authorization
setup PPTP/L2TP as normal, add plugin and radiusclient path in the pptpd options file. On my server, it is
plugin /etc/radiusclient/radius.so
plugin /etc/radiusclient/radattr.so
radius-config-file /etc/radiusclient/radiusclient.conf
Till now, everything is fine.
I am not very good at writing instructions, if you have any questions, feel free to contact me.
L2TP over IPV6 Router
0513 days
by IndarKness
in Route of Joy
I posted l2tp over ipv6 before. It is a patch file for xl2tpd from Cheng Li, which enable xl2tpd working under ipv6 network for Windows Vista/7 VPN Clients.
And this is the openwrt firmware for buffalo whr-hp-g54 from Cheng Li which includes the hacked xl2tpd. After flashed the hacked firmware, buffalo whr-hp-g54 can connect l2tp server under IPV6.
I just bought Linksys WRT54GS v3. Hope it works.
These are the links you may concern:
Blog Post: L2tp over IPV6 in Linux
Hacked buffalo firmware
P.S. It is really easy to compile your own openwrt firmware. Just put the patch file into the patch folder of xl2tpd in the openwrt source code, change its file name and make sure it would be patched at last. The makefile should be modified cuz the patch file is only for xl2tpd 1.2.4.
Fail on Hackitosh
0515 days
by IndarKness
in Route of Joy
Kane’s Talent Show Opening Movie is so amazing that I want to install a Mac on my laptop. I thought it would be easier cuz I have installed Mac OS 10.5.7 successfully on my last laptop. The success was really lucky cuz all the devices were almost as same as apple’s. But it turned out this time would be much more difficult.
I flashed my BIOS to a leak version which turn on Hardware DEP by default. And then VMware is installed and I tried to get Mac setup in Virtual Machine. It was not a success. Due to hatred of low speed, I didn’t tried workaround.
I wrote Snow Leopard Retail DVD (MBR modified) into my HDD, then used grub4dos to start iBoot. It worked well until I rebooted. Mac installer made Windows Partition inactive, OK, set it active. No Graphic card, sound card and Wired Network installed, OK find the driver. After I tried Multibeast to patch kernel, my laptop froze at BIOS logo!
Maybe the script did some operation on EFI or something. Eject my SSD, insert it into another computer as slave, delete Mac Volume…OK everything works fine again, everything come back to start again.
I’ll try again when I am free.
PPP Using Freeradius and Mysql, Controled in Daloradius
3585 days
by IndarKness
in Route of Joy
There exists PPP VPN on my server. I used auth-file to manage user account before, but it was not efficient. Now, after radius established, almost everything can be done in WEB!!!
PPP can be used as a NAS of Radius, but it is not fully functioned. I cannot send packet of disconnection to PPP from Radius and terminate a user’s connection. But other functions work fine.
I am using ppp, freeradius, mysql and daloradius. It took me a long time on debug. And now it works fine.
Let me pick some pics.
Here is the sql.conf I am using. Hope it helps.
The stable version was for freeradius 1.x, which means you have to edit the sql.conf and PHP files in daloradius to make it work well.
The daloradius in SVN supports Freeradius 1.x and 2.x very well. I recommend you visit the newer guide HERE.
May Brother Chun Shines on You
0619 days
by IndarKness
in Route of Joy
I tried to equip dd-wrt or open-wrt with static router list and PPTP tunnel. I failed due to limited knowledge. Today I surprisedly found a new google code project: autoddvpn was established, which is an auto shell script designed for dd-wrt. It is really a great project. You can find the project by searching its name on google code. I am afraid I cannot provide the link due to the well-known reason.
I have an advertisement for my equipped router: The package is guided, the privacy is guarded, and the speed is guaranteed, by the holy lord of God, Brother Chun. May Brother Chun Shines on You.
Disk Duet
2628 days
by IndarKness
in Route of Joy
It was really exciting to change my DVD-ROM to 320 GB HDD. After I used Intel SSD, it was great but brought me a new problem. Where should I put my download directory? As it is known SSD has limited write life. I tried to use a USB-HDD but it was annoying. So, I brought a DVD-ROM sized HDD groove and put my 320GB HDD in!
My laptop is unscathed after this surgery. And I really enjoy the disk duet.
P.S. I download Assassin’s Creed II and let it run on my laptop. Almost all the effect can be turned on! It is amazing.
