Archive for May, 2010

How to install Cisco VPN client on Debian / Ubuntu (jaunty and Karmic) 64 bit

May 24, 2010

Cisco module again doesn’t let us compile against the new kernel in Ubuntu 9.04 and 9.10 beta:

/home/lamnk/vpnclient/interceptor.c: In function ‘interceptor_init’:
/home/lamnk/vpnclient/interceptor.c: In function ‘remove_netdev’:
/home/lamnk/vpnclient/interceptor.c:294: error: ‘struct net_device’ has no member named ‘hard_start_xmit’
make[2]: *** [/home/lamnk/vpnclient/interceptor.o] Error 1
make[1]: *** [_module_/home/lamnk/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.31-1-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.

Before installtion I assume that you have the latest version 4.8.02.0030 and the required packages for compiling ie gcc, libstdc++6 … The kernel version should be from 2.6.30 to 2.6.32

* Download the client and extract it
* Go to vpnclient folder:

cd vpnclient

* Download patch file for 64 bit and apply it (users on 32bit systems can skip this step):

wget http://lamnk.com/download/vpnclient-linux-4.8.02-64bit.patch

patch < ./vpnclient-linux-4.8.02-64bit.patch

sed -i 's/^CFLAGS/EXTRA_CFLAGS' Makefile

* Download patch file for newer kernel (2.6.30+) and apply it:

wget http://lamnk.com/download/vpnclient-linux-2.6.31-final.diff

patch < ./vpnclient-linux-2.6.31-final.diff

* Next we must edit a kernel source file

sudo sed -i 's/const\ struct\ net_device_ops\ \*netdev_ops;/struct\ net_device_ops\ \*netdev_ops;/' `find /usr/src -name netdevice.h`

Yes, it is a one liner, you should copy & paste that command instead of typing 😉 The command's translation into English: find the string const struct net_device_ops *netdev_ops; and change it to struct net_device_ops *netdev_ops; in the file locates at

find /usr/src -name netdevice.h

* And finally, install Cisco VPN Client:

sudo ./vpn_install

Configuring grub loader to boot from second drive of RAID1

May 12, 2010

The problem is, the grub boot loader doesn’t know about the software RAID, so it only installs the boot loader on the first drive. Which is good enough, unless the first drive is the one which fails after a few years.If the first drive fail or removed, the bootloader was unable to read its configuration leaving the system in an unusable and un-bootable state. All data was mirrored and RAIDed properly, only the bootloader was affected.

So here, the GRUB boot loader will be configured in such a way that the system will still be able to boot if one of the hard drives fails (no matter which one).

Preparing GRUB (Part 1)

We must install the GRUB boot loader on the second hard drive /dev/sdb: Follow these steps

grub
root (hd1,0)
grub> root (hd1,0)
 Filesystem type is ext2fs, partition type 0xfd

grub>
setup (hd1)
grub> setup (hd1)
 Checking if “/boot/grub/stage1” exists… no
 Checking if “/grub/stage1” exists… yes
 Checking if “/grub/stage2” exists… yes
 Checking if “/grub/e2fs_stage1_5” exists… yes
 Running “embed /grub/e2fs_stage1_5 (hd1)”…  15 sectors are embedded.
succeeded
 Running “install /grub/stage1 (hd1) (hd1)1+15 p (hd1,0)/grub/stage2 /grub/menu.lst”… succeeded
Done.

grub>
quit
Now, back on the normal shell.

Preparing GRUB (Part 2)

We are almost done now. Now we must modify /boot/grub/menu.lst again. Right now it is configured to boot from /dev/sda (hd0,0). Of course, we still want the system to be able to boot in case /dev/sda fails. Therefore we copy the first kernel stanza (which contains hd0), paste it below and replace hd0 with hd1. Furthermore we comment out all other kernel stanzas so that it looks as follows:
vi /boot/grub/menu.lst
[…]
## ## End Default Options ##

title Debian GNU/Linux, kernel 2.6.18-4-486 RAID (hd0)
root (hd0,0)
kernel /vmlinuz-2.6.18-4-486 root=/dev/md0 ro
initrd /initrd.img-2.6.18-4-486
savedefault

title Debian GNU/Linux, kernel 2.6.18-4-486 RAID (hd1)
root (hd1,0)
kernel /vmlinuz-2.6.18-4-486 root=/dev/md0 ro
initrd /initrd.img-2.6.18-4-486
savedefault

In the same file, there’s a kopt line; check it have the raid device mentioned. (don’t remove the # at the beginning of the line!):
[…]
# kopt=root=/dev/md0 ro
[…]

Afterwards, update your ramdisk. Run,

update-initramfs -u

Now reboot your box!!
And finally your boot loader will looks like this – ( and try to boot from both drive ( hd0, hd1)

Changing the timezone after installation

May 6, 2010

If the timezone is not set or is wrong, the superuser can run tzconfig to configure it after the operating system is installed and with latest releases it is actually –

dpkg-reconfigure tzdata

If there are other users, it is a good idea to notify then that the system Timezone has changed.

Setting the TZ environment variable.

If you do not have root privileges or want to set for yourself a different timezone than the one the system uses, you can set the environment variable TZ. Use the command tzselect to show what value to use for TZ and place it on your .bashrc or .profile file.

If you want everyone will see the changes then export that value on /etc/profile and /etc/timezone file.

To change the computer to use UTC after installation, edit the file /etc/default/rcS, change the variable UTC to no. If you happened to install your system to use local time, just change the variable to yes to start using UTC. It is best to reboot after editing /etc/default/rcS to get the changes effective.

Syncing time, rdate/ntpdate and NTP

If you have another Unix computer which you know keeps the correct time, with root privileges you can set the time with the command rdate. For example:

rdate somehost.domain.com

Even if you do not have an accurate time source, it is still a good idea to set all your computers to the same time, so that you can compare time stamps between hosts. To keep the clocks synchronized, You can start rdate once daily from cron.

Setting time at system boot

If the hardware clock does not keep the correct time, it is possible to set the correct time when the operating system boots. For this, there must be some other host in the LAN where the time can be received. Here is an example:

1.

#!/bin/bash
case “$1” in
start)
ntpdate/rdate ntp.test.com
;;
stop)
;;
esac
exit 0

2.
chmod 751 /etc/init.d/rdate

3.
update-rc.d setdate defaults
OR Create a symbolic link to that file in directory /etc/rc2.d
ln -s /etc/init.d/rdate /etc/rc2.d/S19rdate

Setting time using NTP

If you are connected to the Internet, you can install an NTP client, for example ntp or xntp3 in Debian version 2.1 and older. This uses the Network Time Protocol RFC 1305 to synchronise clocks to a few tens of milliseconds precision.

See the excellent documentation that comes with ntp, in the Debian package ntp-doc. It is very thorough and thus long. If you think reading documents is a waste of time, just ask your Internet Service Provider or system administrator for NTP server names, or look up the nearest one in “List of Public NTP Servers” in http://www.eecis.udel.edu/~mills/ntp/servers.html . If you start using an NTP server, it is usually polite to notify the server’s administrator of the fact.

Do not configure your system to query level 1 NTP servers! If you think you need to do this, you are almost certainly wrong!

Once you know an NTP server, edit the file /etc/ntp.conf to add at least one server line. Here is an example:

# /etc/ntp.conf, configuration for xntpd

logfile /var/log/xntpd
driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

server ntp.somedomain.something
server ntp.something.else

Note, that I changed the actual server name in the above example, to prevent all Debian GNU/Linux users from blindly using that one server. Everything else except the server lines was there after xntp3 installation.

If you do not have a permanent Internet connection, then running NTP client is not a good solution. NTP client syncronizes relatively often, and needs the Internet connection to be always on. If you have a dial up Internet connection, you can run the command ntpdate (also in ntp package) to syncronize each time you connect.

Another possibility is to set cron to run ntpdate once daily, this gives good accuracy for most uses. The following is an example script that can be started from cron and runs ntpdate. This scripts assumes the /etc/ntp.conf is correctly set up, since it gets the server names from that file.

dilbert# cat /etc/cron.nightly/ntpdate
#!/bin/sh
#
# Last modification: Sat Aug 8 05:27:07 EEST 1998
# ntpdate cron nightly

NTPDATE=/usr/sbin/ntpdate
LOGFILE=/var/log/xntpd
NTPCONFFILE=/etc/ntp.conf
NTPSERVERS=
GREP=/usr/bin/grep
CUT=/usr/bin/cut

if [ -f $NTPCONFFILE ] ; then
echo “===========================” >> $LOGFILE
echo “<<> $LOGFILE
for i in `grep ^server $NTPCONFFILE | $CUT –fields 2 –delimiter \ `
do
NTPSERVERS=”$NTPSERVERS $i”
done
$NTPDATE $NTPSERVERS >> $LOGFILE
###echo $NTPDATE $NTPSERVERS $LOGFILE
echo “>>> `date` ” >> $LOGFILE
fi

exit 0
dilbert#

How to remove ^M character with VI

May 5, 2010

There is a much easier way.

In vi, execute this –

:%s/^M//g

To get the ^M hold the control key, press V then M (Both while holding the control key) and the ^M will appear. This will find all occurrences and replace them with nothing.

i.e.

:%s/[ctrlkey+v+m]//g

Hope this helps