PPTP VPN on Ubuntu 10.04 for your iPhone / iPad

Below are the steps necessary to connect your iPhone / iPad or any other computer via a PPTP VPN.

Why would I want to do this? For various reasons such as allow you to access information and servers that are behind a firewall, or maybe you just need to route traffic through different servers.

I’ve tested this on a 256mb Rackspace Cloud instance running Ubuntu 10.04 and with an iPhone and an iPad. Thanks to Yaniv for debugging the instructions.

Disclaimer: This is for educational uses only and I take no responsibility as to what you may do with it. The PPTP VPN setup via the instructions below has no encryption and uses the simplest and lowest form of password authentication. If you require stricter encryption and authentication methods you’ll need to read more about pptpd configuration.

Assumptions:

  • The instance you are using is blank, specifically from firewall rules in iptables, otherwise, you’ll need to patch things up.
  • All commands assume you are current a root user. If you logged in as root, that’s great. If not, run:
    sudo su
  • Instead of messing a lot with iptables commands, I’m using ufw (Uncomplicated FireWall). In general, to most people, it will be easier to manage and work with.

Setting up the PPTP Server

In general we are going to create a PPTP VPN that is very basic without encryption and with basic authentication security (not fancy authentication protocols). Since Rackspace Cloud instance has an external interface (eth0) that has the instance public IP and an internal interface (eth1) with an internal IP used to communicate with your other Rackspace Cloud server (if you have them), we’ll create an alias network interface card that will have some other set of internal ips, which will be given to the devices connected via the VPN.

  1. Install the necessary software (pptpd, pptp-linux, ppp and ufw – for firewall):
    apt-get install pptpd pptp-linux ppp ufw
  2. Enable port 22 (ssh) in the firewall, so we don’t get locked out of our instance:
    ufw allow 22
  3. Enable port 1723 (pptpd) in the firewall to enable access to the pptpd dameon:
    ufw allow 1723
  4. Enable ufw:
    ufw enable
  5. Add an aliased network interface card (eth0:0): (We use the address space of 192.168.88.0/24 since its usually free for most networks for most users. You can feel free to change this address if it is already taken)
    Edit /etc/network/interfaces:

    nano /etc/network/interfaces

    Enter the following text at the end of the file:

    auto eth0:0
    iface eth0:0 inet static
    address 192.168.88.1
    netmask 255.255.255.0
    gateway (same value as listed for eth0)
    dns-nameservers (same value as listed for eth0)

    Replace the value of “gateway” with the same value you will see in this file for “eth0”, the real public network interface.
    Replace the value of “dns-nameservers” with the same value you will see in this file for “eth0”

  6. Configure the pptpd daemon:
    Edit /etc/ppp/pptpd-options:

    nano /etc/ppp/pptpd-options

    Comment out (add a “#” char at the start of the line) the following lines:
    “refuse-pap”
    “refuse-chap”
    “refuse-mschap”
    “refuse-mschap-v2”
    “require-mppe-128″replace “#ms-dns 10.0.0.1” with “ms-dns 8.8.8.8”
    replace “#ms-dns 10.0.0.2” with “ms-dns 8.8.4.4”

    The last 2 lines above sets the DNS server the devices connecting to your PPTP VPN will use. The addresses above are for the Google Public DNS server, but can be any other DNS server (including the same DNS servers as Rackspace or your hosting provider use)

    Edit /etc/pptpd.conf :

    nano /etc/pptpd.conf

    Add at the bottom of the file:

    localip 192.168.88.1
    remoteip 192.168.88.2-20

    The value of “remoteip” will be the set of IP addresses the devices connecting to the VPN will get upon successful connection. Currently, we have here 18 addresses, which is enough for 18 concurrent devices. You can make this range bigger if needed.

  7. Configure the username and password that will be used to authenticate client accessing the VPN:
    Edit /etc/ppp/chap-secrets:

    nano /etc/ppp/chap-secrets
    # client server secret IP addresses
    [UserName] pptpd [Password] *

    Replace [UserName] with the username you wish to use.
    Replace [Password] with the password you wish to use (I suggest a long random password. Try this generator)

  8. Enable IP forwarding in the kernel:
    Edit /etc/sysctl.conf :

    nano /etc/sysctl.conf

    Uncomment the line “net.ipv4.ip_forward=1”
    For IPv6, uncomment “net.ipv6.conf.all.forwarding=1”

  9. Enable IP forwarding in ufw:
    Edit /etc/default/ufw:

    nano /etc/default/ufw

    Change the value of “DEFAULT_FORWARD_POLICY” from “DROP” to “ACCEPT”

  10. Add IP masquerading rule in ufw, so that NAT will work and devices connecting to the VPN will be seen as if the traffic goes out of the VPN server:
    Edit /etc/ufw/before.rules:

    nano /etc/ufw/before.rules

    Paste the text below after the header and before the “*filter” rules:

    # nat Table rules
    *nat
    :POSTROUTING ACCEPT [0:0]

    # Allow forward traffic from eth0:0 to eth0
    -A POSTROUTING -s 192.168.88.0/24 -o eth0 -j MASQUERADE

    # don’t delete the ‘COMMIT’ line or these nat table rules won’t be processed
    COMMIT

  11. Reboot the machine, cross your fingers and hope for the best :-)

Configuring your iPhone / iPad

  1. In your iPhone / iPad go to “Settings” -> “General” -> “Network” -> “VPN”
    PPTP VPN Configuration
  2. Select “Add VPN Configuration”
  3. Select “PPTP”
  4. In “Description” enter the name of the VPN connection
  5. In “Server” enter the IP address of the server (or a server name, if you mapped the server’s IP address to a domain name)
  6. In “Account” enter the username you have entered into the “/etc/ppp/chap-secrets” file
  7. In “Password” enter the password you entered for the above username in “/etc/ppp/chap-secrets”
  8. Make sure “Send All Traffic” is turned to “ON”
  9. Set “Encryption Level” to “None” (this is how we configured the PPTP server in this post, if you setup an encryption try to keep it in “Auto”
  10. Select save

 


Ubuntu 9.10 Karmic Koala and ies4linux – Installation

Installing ies4linux on Ubuntu 9.10 Karmic Koala by just running “./ies4linux” might show some warnings such as:

IEs4Linux 2 is developed to be used with recent Wine versions (0.9.x). It seems that you are using an old version. It’s recommended that you update your wine to the latest version (Go to: winehq.com).

In my case it showed the above text, which seems to be a warning, and run the UI but then got stuck and didn’t complete anything.

To overcome this issue simply run the installation without the GTK based UI in a terminal window:

./ies4linux –no-gui

That’s it. Works like a charm.

Google AppEngine – Python – issubclass() arg 1 must be a class

If you are getting the error “”issubclass() arg 1 must be a class”” with Google App Engine SDK for Python on Linux its probably because you are running Python 2.6 (and will probably happen to you when you run Ubuntu 9.04 – 2.6 is the default there).

Just run the dev server under python 2.5 (i.e. python2.5 dev_appserver.py)

“Unable to retrieve MSN Address Book” on Pidgin on Ubuntu / Debian?

Today I got the following error on Pidgin (I’m running version 2.5.2 on Ubuntu 8.10 Intrepid Ibex) while it tried to connect to MSN:

“Unable to retrieve MSN Address Book”

After searching a bit I found this post by Gijs Nelissen which said to use a different MSN plugin for Pidgin called msn-pecan.

I’ll reiterate the instructions for those with Ubuntu / Debian:

  1. Close Pidgin (make sure the process is really down)
  2. Run “apt-get install msn-pecan”
  3. Start pidgin
  4. Change your MSN account type from MSN to WLM
  5. Reconnect

I don’t know if this error affects other libpurple based multi-headed IMs (such as Adium) (UPDATE: It appears this IS a libpurple issue – so Adium IS affected), however, the msn-pecan project has a Windows binary release as well as source release (if you care/need/want to compile it for Mac OS X or other Linux distributions).

Ubuntu 8.10, Dell D630, fan issues and screen repaints issues

On the day of Ubunut 8.10 I’ve upgraded my work laptop (Dell D630) to Ubuntu 8.10. I’ve previously ran my home desktop on the release candidates and saw that all is well so I didn’t expect any specific issues with the upgrade.

After finishing the upgrade successfully I’ve encountered 2 problems.

The first was with the computer fan. It was workin on and off in full steam in 4 seconds cycles. Really annoying. A quick search in the Ubuntu forums led to this post saying I should upgrade to the latest BIOS version (A13 – at least at the time of writing this post).

Upgrading to the latest BIOS stopped the fan from cycling to full speed and full stop but it was still running a bit too much even when the computer was rather idle.

There was another post in the forums that suggested to go back to the older Nvidia drivers (version 173) instead of using the version which ships with Ubuntu 8.10 (177).

That managed to solve the fan issues for now as well as fix some strange repaint problems I was seeing when working with TwinView and extending my screen to another external monitor.

Thought it might help others who face these problems.

Failed to run /usr/sbin/synaptic Unable to copy the user’s Xauthorisation file

If you get the following error while running Synaptic:

Failed to run /usr/sbin/synaptic
Unable to copy the user’s Xauthorisation file.

Make sure to that you have enough space in your /tmp directory.

To check if that is indeed the problem run the following command in your terminal:

df -h

This command will show you each mounted volumes you may have including the one mounted to /tmp.

/tmp usually contains temporary data for applications while they run. It sometimes may reach a point where it 100% full (might have happened to me while I upgraded to Hardy Heron 8.04).

To clear /tmp run the following commands (BE CAREFUL NOT TO RUN rm -rf ON ANYWHERE OTHER THAN /tmp):

cd /tmp

pwd # just to make sure you are really in /tmp

rm -rf *

Solution (sort of): Mic problems with Skype on Dell D630 and Ubuntu 7.10 (gutsy gibbon)

If you are using Skype on Ubuntu 7.10 (Gusty Gibbon) on a Dell D630 and have the “famous” internal microphone problems due to the HD-Intel chipset, I’ve found a simple solution, sort of. Plantronics .Audio 470

I recently bought a Plantronics .Audio 470 headset at Best Buy for $50. Its a nice headset with good sound quality and a good mic that is also fold-able for good portability.

That headset also comes with a USB adapter which allows you to basically get a USB based sound card so you can use that headset with machines without a sound card (or a problematic sound card/chipset…).

It seems that Ubuntu works well with that adapter. Ubuntu recognizes it as another sound device, as if you have another sound card attached. I attached it, run Skype and configured Skype to use that newly found sound device for incoming and outgoing voice chats and it just worked.

I managed to call people, they heard me well and everything was fine.

The only downside was that it works only in mono, for some reason, so I only heard sound on the left side (when its hooked to another Linux machine that doesn’t have a mic problem or a Windows or Mac machines the headset is working in stereo UPDATE: It seems that there were two devices, one was stereo and one was mono. When I switched to the second one I started hearing in stereo :-) ). It’s still better than nothing and if you have a headset with only one left speaker you won’t even notice it ;-)

Assembling a Linux based Home Storage Server

I’ve decided that I have enough data I want/need to store and backing it up with removable drives and/or burning DVDs is getting less useful each passing day.

I also like to have everything available all the time instead of going through backup DVDs searching for the right one and extract the information from it.

I have a friend who takes too many pictures in RAW format and have greater storage needs than I do but have little time or nerves to mess with installing and configuring something so he got a Thermaltake Muse NAS-RAID.

He is quite pleased with and it works flawlessly at his home adding yet another blue led to an ever growing group of blue led devices blinking in the darkness of his home at night ;-) .

Being me, I cannot bare the thought of using a hardware device that I can’t fully control and can’t fully expand to whatever needs I may or may not have in the future, so I’ve decide to build my own home storage server.

I wanted it to be a bit cheaper than the Thermaltake MUSE box and I actually managed to do that (cost of the drives are the same so the real difference is in the box itself).

The hardware specs I’ve settled for and eventually ordered are:

  • CPU: AMD Athlon 3800+ Dual core (AM2 socket) – It’s an over kill but it was very cheap and was the cheapest CPU in stock at my favorite high end (and high quality) hardware supplier.
  • MoBo: Gigabyte GA-M61SME-S2 – It was either that or a comparable ASUS mobo. This one won because of the price. I really like the quality of Gigabyte and ASUS mobos and have used them for years. The specs are more than fine with a gigabit ethernet card on board and a hardware RAID support of both 0,1,5 (not that I’m going to use them, it’s all software RAID for me baby!)
  • RAM: 512Mb (more than enough)
  • Case: Thermaltake Matrix – It was relatively cheap. It’s Thermaltake (need I say more?!). It’s an aluminum case that is very ventilated and eventually if I want to mount some 3.5″ drives on the 5.25″ spaces using a kit I can get to a total of 8 drives.

The sweet spot for hard drives in terms of gigabytes per buck (at least for me) was the 500Gb drives (more specifically, the Western Digital WD5000AAKS 7200 RPM with 16Mb Buffer) so I’ll grab 3 of those which should be enough for my current needs.

I haven’t decided on the configuration and drive size for the OS itself. It might even be a jump drive as a friend suggested (2 in a RAID 1 configuration). I still need to decide.

The software I’m planning on using is:

  • OS: Ubuntu Server 7.10 (I know it’s due out very soon)
  • RAID Configuration: RAID5 with LVM (I might go for EVMS if I’ll have time to mess with it)
  • File System: XFS (cause I can grow it without unmounting it!)
  • Samba – so that the rest of the machins in the house will have access.

All of this set me back ~$750 (these are Israeli prices for the hardware and some taxes applied in there as well), but I’m quite pleased with the price.

It’s going to be a fun weekend! Muhahahahahaha :-)

VmWare Server 1.0.4 on Ubuntu Server 7.04 (a.k.a Feisty Fawn)

2 days after my previous post about installing VmWare Server 1.0.3 from Canonical’s repository, VmWare released version 1.0.4.

I tried using its built-in install script on a vanilla Ubuntu Server 7.04 (a.k.a Feisty Fawn) and it worked flawlessly.

Aside from certain libraries which it needs to compile the vmmon and vmnet kernel modules (the installation script will tell you which ones are missing and you can get them from the repositories using apt-get), you’ll also need to install xinetd.

All in all, the installation script did all the job and it works fine without patching the vmmon code.

Keep up the good work VmWare Team!

Feisty Fawn – Works as advertised

Whenever a new version of Ubuntu comes out I download the CD, run it in LiveCD mode and see if my Laptop (Thinkpad T43) works with everything included (video card – ATI, sound, Wireless card the Intel a/b/g wireless thingy) and succeeds in connecting to my home wireless network (using WPA2 encryption).

Previous versions usually missed either in the wireless card or the WPA (or it was really cumbersome to configure WPA).

I tested Feisty Fawn (7.04) and surprise, surprise, it works as advertised.

Everything was correctly configured and recognized including the cool new wireless applet for Gnome which found my network and even figured that its WPA.

Good work Ubuntu team! You are on the right path!

Being the geek that I am, I always find myself trying to figure out whether I should install a Linux distribution that simply works (up until Feisty Fawn there wasn’t really something that did that without further tweaks) or should I go 100% geek/developer and run Gentoo.

After all, if I’m going to tweak thing, at least give me 100% control over what I am doing…

I guess that from now on I’ll really have a dilemma…