Sunday, 10 July 2016

More Ubuntu Woes, back to the Future with PCLinuxOS.

I'm going to admit that I actually like the Unity desktop, there, I feel better now. I've used Ubuntu 14.04 for a while but as it gets older and you add more and more ppas to keep the apps up to date it's become slower and less stable, the latest issue has been after a load of updates I rebooted into a 1024x768 screen, easily sorted by installing the AMD drivers.

I decided once more to try and install 16.04 or one of the Mint derivatives, each one gave me the same issue, just a blank screen when trying to install. I wasn't going to give up, during install I pressed the down arrow key when the initial screen appeared, select UK then F6 and selected the nomodeset option. I could now install Ubuntu 16.04. I rebooted and got my lovely 1024x768 resolution, the fix to get this sorted was to modify the grub file to give me a 1440x900 screen with slow software video drivers. I looked up the installation of the AMD drivers, followed the instrctions, rebooted and it died in the most spectacular fashion with lots of lovely dots and so on.

I've given up, this was what Windows 3.1 was like trying to get the right resolution, it shouldn't need this much messing around. I decided to abandon Ubuntu and booted up Fedora Mate, no bottom or top bar visible on Fedora 24 although it worked on 23, the only other distro I had on my pendrive was PCLinuxOS, the latest preview version, it's pretty much a beta. I booted this, everything was there, I installed it, everything worked, it had automatically installed the right drivers for me. Even the bluetooth settings worked, on Ubuntu 14.04 you had to manually change the device name by editing a file. The most impressive thing is that the num lock worked and was turned on when I powered up, I didn't have to do this manually every time I started up the machine.

There's a few little quirks, you need to go into the Configure Your Computer option and select the Setup a network interface option to set the hostname, this requires a reboot.


You also need to go into the software centre and run the localisation utility to change your language, by default it's US, another reboot is needed, there's no sudo but this makes the machine more secure.

Installing Virtual Box is a breeze, you click on the Virtual Box Manager link, it installs the non free version so USB works, no messing round, it just works. 

The other good thing is that it's a rolling release, no need to re-install, you download the updates and you have the latest version. 

I used to use PCLinuxOS when Mandriva became to buggy, it never really let me down and it hasn't again, it uses rpm files but synaptic to manage them, if you want to get into Linux, try it.



Tuesday, 21 June 2016

OpenVPN Server on Debian Jessie

It was time to setup a way of getting secure access to my network while away and also to get a secure connection to the Interwebs while away from home, it also means that I can watch BBC Iplayer as if I'm at home.

I'm installing this on an old machine running Debian Jessie, it should work on a Raspberry Pi too, the only things I have installed during the initial setup process as the standard Debian utilities and ssh server so I can do everything remotely.

I've found lots on instructions out there but the one from this website was the easiest to follow, I've modified it slightly to make it easier to get at the keys.

I've modified a few things myself

First thing is to ensure we are up to date, lets switch to root for the install

su

then

apt-get update
apt-get upgrade


Time to start installing stuff

apt-get install openvpn easy-rsa

Then copy some example files over to make the job easier

cp -r /usr/share/easy-rsa/ /etc/openvpn
mkdir /etc/openvpn/easy-rsa/keys


Now we edit the certificate variables

nano /etc/openvpn/easy-rsa/vars


# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="changeme"
export KEY_PROVINCE="changeme"
export KEY_CITY="changeme"
export KEY_ORG="example"
export KEY_EMAIL="changeme@example.com"
export KEY_OU="changeme"

# X509 Subject Field
export KEY_NAME="server"

Time to generate some stuff and go and have a coffee, on a Pi, this may take some time

openssl dhparam -out /etc/openvpn/dh2048.pem 2048


Now we make the server certificate keys:

cd /etc/openvpn/easy-rsa
. ./vars
./clean-all
./build-ca
./build-key-server server

Let's copy them to where they belong

cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn

Now time to make some changes to the network settings:

echo 1 > /proc/sys/net/ipv4/ip_forward

And let's make the changes permanent with:

nano /etc/sysctl.conf

Look for the following bit:

# Uncomment the next line to enable packet forwarding for IPv4
# net.ipv4.ip_forward=1

Then remove the # from the second line so it looks like this:

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Now we make the server config file:

nano /etc/openvpn/server.conf

Paste this lot into the empty file, this will run the VPN server on port 1194.


port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key 
dh dh2048.pem
server 10.90.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
client-to-client
duplicate-cn
keepalive 10 120
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status logs/status.log
log-append logs/openvpn.log
verb 3


Now we make the log files:

mkdir -p /etc/openvpn/logs
touch /etc/openvpn/logs/{openvpn,status}.log


And let's do some firewall configuration:

iptables -t nat -A POSTROUTING -s 10.90.10.0/24 -o eth0 -j MASQUERADE
iptables-save

Now let's restart the server to put the changes into place:

systemctl restart openvpn@server.service

Now the original instructions came with a script file to help you create new keys for each user and device, pointless changing it.

nano /etc/openvpn/gen-client.sh

Paste this lot in:

#!/bin/bash

username=$1

# Generating key
echo "Generating key for user ${username}"
cd /etc/openvpn/easy-rsa/
source vars && ./pkitool ${username}
cp /etc/openvpn/clients/.tmp/.tmp.ovpn /etc/openvpn/clients/.tmp/${username}.ovpn
echo "Done"

# Adding ca certificate to ovpn client configuration file
echo "Adding ca certificate to ovpn client configuration file"
echo "<ca>" >> /etc/openvpn/clients/.tmp/${username}.ovpn
cat /etc/openvpn/easy-rsa/keys/ca.crt | grep -A 100 "BEGIN CERTIFICATE" | grep -B 100 "END CERTIFICATE" >> /etc/openvpn/clients/.tmp/${username}.ovpn
echo "</ca>" >> /etc/openvpn/clients/.tmp/${username}.ovpn
echo "Done"

# Adding user certificate to ovpn client configuration file
echo "Adding user certificate to ovpn client configuration file"
echo "<cert>" >> /etc/openvpn/clients/.tmp/${username}.ovpn
cat /etc/openvpn/easy-rsa/keys/${username}.crt | grep -A 100 "BEGIN CERTIFICATE" | grep -B 100 "END CERTIFICATE" >> /etc/openvpn/clients/.tmp/${username}.ovpn
echo "</cert>" >> /etc/openvpn/clients/.tmp/${username}.ovpn
echo "Done"

# Adding user key to ovpn client configuration file
echo "Adding user key to ovpn client configuration file"
echo "<key>" >> /etc/openvpn/clients/.tmp/${username}.ovpn
cat /etc/openvpn/easy-rsa/keys/${username}.key | grep -A 100 "BEGIN PRIVATE KEY" | grep -B 100 "END PRIVATE KEY" >> /etc/openvpn/clients/.tmp/${username}.ovpn
echo "</key>" >> /etc/openvpn/clients/.tmp/${username}.ovpn

mkdir -p /etc/openvpn/clients/${username}
mv /etc/openvpn/clients/.tmp/${username}.ovpn /etc/openvpn/clients/${username}/${username}.ovpn
cp /etc/openvpn/easy-rsa/keys/${username}.{crt,key} /etc/openvpn/clients/${username}
cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/clients/${username}

cd /etc/openvpn/clients; tar -jcf ${username}.tar.gz ${username}/


chmod 0777 -R /etc/openvpn/clients

echo "Done"

echo "
=========================================================================================

            Configurations are located in /etc/openvpn/clients/${username}

    ---------------------------------------------------------------------------------

                        Download friendly version with:

         'scp root@`hostname -f`:/etc/openvpn/clients/${username}.tar.gz .'

=========================================================================================
"

exit 0


Save it and then make it executable with:

chmod +x /etc/openvpn/gen-client.sh

Next we have to create the template file for this to use:

mkdir -p /etc/openvpn/clients/.tmp/

nano /etc/openvpn/clients/.tmp/.tmp.ovpn


Paste this in, change example.com for your external IP or server address

client
verb 1
dev tun
proto udp
port 1194
remote example.com 1194 udp
remote-cert-tls server
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
cipher AES-128-CBC

Now, let's make some keys:

cd /etc/openvpn/


replace username with your username, I'm going to install this onto an S5 so it will be freds5 or something.

./gen-client.sh username


To make it easy to get the files off the server and onto my device, I've decided to install Samba and setup the client keys folder as a Windows share, this is how this is done.

apt-get install samba samba-common

Once it's finished we edit the Samba config file:

nano /etc/samba/smb.conf

Change the workgroup name at the top of the file and you can also add:

netbios name = servername under it if you want.

Add the bottom add the following


[VPNKeys]
        path = /etc/openvpn/clients/
        browseable = yes
        public = yes
        writeable = no

Restart the server with:

service smbd restart

Just got to change the folder permissions to make sure we can get the files off:

chmod 0777 -R /etc/openvpn/clients

Onto my phone now, I've installed OpenVPN Connect from the play store, then I've copied the files from the Windows share into dropbox, then saved them into a folder on the phone called VPN, you could just install a file browser and do the same.

Then import the .ovpn file into OpenVPN connect and click on connect.

One last thing, make sure you give the server a static IP and forward port 1194 on the router.



Sunday, 8 May 2016

Another slice of PI

Today is not a good day, my old faithful Asus EEBox which has been running almost constantly since 2008 decided to curl up and die, it's been running as a file server all this time amongst other things. The onboard had drive was just used to boot the OS, all data is store on two external 5TB drives.

It was time to replace it and to see if a Raspberry Pi was up to the job. The Raspberry Pi I got was as part of a starter kit from PC World, it included a case, power supply, ethernet lead and micro USB lead.I downloaded Rapbian and wrote to the image to a card as shown on the website.

I plugged everything, got some lights on the Pis but nothing on the ethernet socket, it was time to move it to the TV, unplug my other Pi and see what was happening, to my surprise it booted up and it all worked, I logged in via ssh and ran sudo raspi-config, set it all up, rebooted and reconnect. I took it back to where it's going to be located and again, no ethernet lights. After much buggering round it looks like the supplied micro USB lead isn't up to the job, there's too much of a voltage drop, the PI was now alive. I connected the external drives and set up fstab to mount the drives automatically, set up some samba shares and an nfs share, rebooted and was unable to connect to the nfs shares, again some research continued and it seems that there's an issue on Raspbian which means that the rcpbind service doesn't start automatically.

I decided to get round this in a most unelegant way, I added some entries into the rc.local file with:

sudo nano /etc/rc.local

This lot got pasted in just before the "exit 0" bit at the bottom


service smbd stop


service nfs-kernel-server stop


mount -U b8828e80-d5c4-4747-a3f6-82eda807a34d /mnt/data


mount -U dc3e664f-27da-4e62-b1ba-f5a220a836a6 /mnt/backups/


rpcbind -w


service nfs-kernel-server restart

exportfs -rav
service smbd restart

Not all of it may be needed but it does work, I decided to mount my external drives here too, just in 
case one failed to mount on bootup, the pi isn't going to have a screen or keyboard connected and would hang at the boot screen.

You just need to make the file executable with:

sudo chmod +x /etc/rc.local

After that it all worked quite nicely and I'm managing to play some music stored on the pi and watch some videos at the same time.

Just in case you didn't know, you can install the required nfs files with:

sudo apt-get install nfs-common nfs-kernel-server

And Samba can be installed with:

sudo apt-get install samba samba-common-bin  


Following up on this as the external drives started to fill up I began to get problems with the little Pi running out of memory and crashing. Ok, it's not got a lot of memory but it worked well to start with so I decided to upgrade the firmware, setup the memory, remove the swapfile and move the OS to an external drive, in this case it's a 32GB USB drive.


Let's remove the swapfile first with the following:

sudo dphys-swapfile swapoff
sudo dphys-swapfile uninstall
sudo update-rc.d dphys-swapfile remove

Next up, we need to update the firmware with

sudo apt-get install rpi-update

and then

sudo rpi-update

Once it's all done, reboot and let's sort the memory, this time we run the config utility

sudo raspi-config

Select advanced options



Then the memory split option



Change this to 16 and select OK


Then Finish and reboot




And now we come to moving the OS onto an external drive, as mentioned before this is a 32GB USB drive, plug it in and run

dmesg | tail

It should show the USB device at the end, in my case it identified it as /dev/sda

Time to wipe it and sort out the filesystem with:

sudo fdisk /dev/sda (or whatever your USB device shows)

 Then it's "d" to delete the partition, "n" for a new partition, followed by "p" for primary, then select the defaults for the next three questions and finally "w" to write the partition.

Now we format it with:

sudo mkfs.ext4 /dev/sd?1

And then we mount it to a temporary folder with

sudo mkdir /mnt/temp
sudo chmod 0777 /mnt/temp
sudo mount /dev/sda? /mnt/temp

Once that's done it's time to copy all the files over but first we need to install rsync:

sudo apt-get install rsync

sudo rsync -axv / /mnt/temp

It will take some time for this to complete, so go and have a coffee.

Now we need to tell the pi to boot the OS from the stick, the micro SD card needs to stay in as it will initially start from this and then load everything from the USB stick.

Let's backup the config file first with:

sudo cp /boot/cmdline.txt /boot/cmdline.orig

Next we'll edit with

sudo nano /boot/cmdline.txt

The original looks like this:

dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait

It's all on one line, we need to change the root=/dev/... bit to read root=/dev/sda1 or whatever your USB stick shows, we also need to add a delay to the end with rootdelay=5, it should look like the one below in the end.

dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 root=/dev/sda1 rootfstype=ext4 elevator=deadline rootwait rootdelay=5

Save it and then we need to edit fstab with:

sudo nano /etc/fstab

The following entry needs to be added:

/dev/sda1    /   ext4    defaults,noatime  0       1

And the line referring to the sd card needs to be commented out, mine looks like this now



proc            /proc           proc    defaults          0       0
/dev/mmcblk0p1  /boot           vfat    defaults          0       2
# /dev/mmcblk0p2  /               ext4    defaults,noatime  0       1

/dev/sda1    /   ext4    defaults,noatime  0       1

Save it and then it's time to reboot and it should all now be running off the USB stick with a bit more memory.

It's now running quite well with those big drives plugged in, every hour the data drive is backed up to the backup drive with a cron job and data is also sent to a remote location once a week, it really is a good little machine.

Many thanks to the Raspberry Pi forums for the help in this.







Sunday, 24 April 2016

Ubuntu 16.04 Server

Having got the remnants of a machine running, I decided to put Ubuntu 16.04 server onto it and then add the lxde desktop and finally set up vncserver on it.

Once the initial install was completed, I connected to the machine via ssh and installed the lxde desktop and vncserver with:

sudo apt-get install lubuntu-desktop tightvncserver openssh-server

I had some issues with permissions on some of the files and folders, so had to resolve that with

sudo chmod 0700 -R .config
sudo chmod 0700 -R .local
sudo chmod 0700 -R .vnc

Then it was time to run vncserver with:

vncserver -depth 16 -geometry 1024x768

At this point you are asked to enter a password

We're still not finished, that has created the basic setup for connection but the config file now has to be modified, so run:

vncserver -kill :1

And then nano ~/.vnc/xstartup

All you need in that file is this:

xsetroot -solid grey
vncconfig -iconic &
startlxde &

Save and exit and then run:

vncserver -depth 16 -geometry 1024x768

You should now be able to connect to your machine remotely using 

vncviewer machinename:1


Saturday, 16 April 2016

Ubuntu, what's happened

I've used Linux for many years now. started with Mandrake, then onto PCLinuxOS on my dekstop with Ubuntu on a laptop, then along came Unity which I initially hated but now find quite good and I can even say that I may prefer it over other desktops. I've had no issues at all with any versions of Ubuntu except for an annoying keyboard one which I've sorted and Ubuntu 14.04 works quite well on my desktop. Then along came Ubuntu 16.04 which I tested when in alpha build and it worked rather well. I went back to 14.04 for my day to day use until the final beta came out.

It came out, I downloaded it, wrote the image to a USB stick and booted, selected the option to install it and I got a black screen, the activity light on the stick showed it was still doing something. I've tried this with the latest daily build and still the same issue. I can get back to in install screen by adding a line on boot but the thing is I shouldn't have to.

All other versions of Linux install take me to an installer, Debian gives me the wrong resolution but that can be sorted. Only the latest version of a supposedly stable long term release of Ubuntu gives me this problem and I'm not running any strange exotic hardware here either. I know it's an issue with the Radeon graphics card driver and I can't be the only one suffering from this, things like this will stop people in their tracks when trying to install Linux.

Just as an aside, Mint,  PCLinuxOS, Fedora, Ubuntu 15.10 all boot to a graphical installer, 16.04 doesn't.

Get it sorted.


Sunday, 3 January 2016

Ubuntu Server and Open VPN Client

I've got VPN access as part of mu newshosting package and thought it was about time I made use of it to anonymyise my online activities.

I don't want to run it on the whole network just on one machine that does downloading and indexing and so on, this machine does not have a GUI so it's all going to be setup by command line and I want it to run on startup.

If you want newsgroup access then I find NewsDemon among the best:


They give you access to SlickVPN as part of some of their packages, so lets get started on how to get this all setup.
Once you have your account activated, you're going to need to download an .ovpn file, in the case of SlickVPN you can get it here.

Save the link to your machine and then we need to install open vpn, it's quite straightforward, just ssh into the machine and type:

sudo apt-get install openvpn

Now you need to move the .ovpn file to the /etc/openvpn folder and rename it, in my case I used the following

sudo mv SV_mobile.ovpn /etc/openvpn/myvpn.conf

You then need to create a file containing the username and password for your VPN connection with:

sudo nano /etc/openvpn/details.txt

In this we need just two lines

vpnusername
vpnpassword

Save it and then we need to edit the myvpn.conf file with:

sudo nano /etc/openvpn/myvpn.conf

At the end of the line that says auth-user-pass we just add details.txt so that it looks like this:
auth-user-pass details.txt

Save the file and then there's one more to edit:

sudo nano /etc/default/openvpn

Uncomment AUTOSTART="all"

Save the changes and you should be able to start up the VPN connection with:

sudo service openvpn start

Type ifconfig and you should see an extra network adaptor called tun0

route -n should also show some extra entries, restart the machine to make sure that the VPN starts up on boot.







Monday, 23 November 2015

Sickrage & Couchpotato

I've split these instructions into their own section just to make it easier to understand. We're going to go through the installation of Sickrage and Couchpotato on Ubuntu 14.04 using command line only to reduce the resources needed on the machine.

Let's get started with the installation of  Sickrage:


sudo apt-get install git-core python python-cheetah
cd ~


sudo git clone https://github.com/SickRage/SickRage.git /opt/sickrage
sudo cp /opt/sickrage/runscripts/init.ubuntu /etc/init.d/sickrage
sudo chmod +x /etc/init.d/sickrage

sudo chown username:username -R /opt/sickrage




Time to edit a config file:

sudo nano /etc/default/sickrage

Now paste this lot in changing user to the name of the user you are installing it to



# COPY THIS FILE TO /etc/default/sickrage
SR_HOME=/opt/sickrage
SR_DATA=/opt/sickrage/
SR_USER=username

Set some permission

sudo chmod +x /etc/default/sickrage

Now time to get it running on boot

sudo update-rc.d sickrage defaults

And you can start it with the following command and then connect to http://machine:8081 to finish off setting it up.

sudo chmod 0777 /var/run/sickrage

sudo service sickrage start


And now it's time for Couchpotato:

sudo git clone https://github.com/RuudBurger/CouchPotatoServer.git /opt/CouchPotato

Set the owner of the file, replacing username with your username

sudo chown -R username:username /opt/CouchPotato

Edit a config file

sudo nano /etc/default/couchpotato

Then paste this lot in replacing username again

CP_HOME=/opt/CouchPotato
CP_USER=username
CP_PIDFILE=/home/username/.couchpotato.pid
CP_DATA=/opt/CouchPotato

Now we set permissions and get it to run on startup

sudo cp /opt/CouchPotato/init/ubuntu /etc/init.d/couchpotato
sudo chmod +x /etc/init.d/couchpotato
cd /etc/init.d/
sudo update-rc.d couchpotato defaults

And finally start it with sudo service couchpotato start

Now connect to it with a browser at http://machinename:5050 to finish the setup.