System Admin’s Weblog

That’s me…got to work today, had 2 full cigarette packs…but no lighter. After searching every closet in the IT department, i called someone who came after 1 hour with 3 lighters…maybe next time I’ll have one in my pocket and won’t be in the same situation like today…

I just discovered bullshit happens on mobile.de. Everything started from this website: http://home.mobile.de/FILCOMEX . They sell cars at half price and if you try to email them you get an auto reply with something like this:

Hello,
The vehicle is in good condition, has no technical damage at all, no scratches or dents, no hidden defects.
I have worked in Germany for the last year and I’ve purchased the car there.The car have German documents and will come with full service history. My company wanted me back home, so currently I’m in England (UK). I’ve brought the car home with me and it’s now located in England.
I’m trying to sell it at this price because I don’t use it anymore (the steering wheel is on left side and it’ very difficult for me to drive it), it’s a pity to keep such a car and not to use it.
I tried to sell the car in UK, but nobody wants to buy a left side steering wheel car.
My car is already at the "http://tb-transport.co.uk/" at their local representant.(i paid this company to take care about transaction).
We can have a deal if you are really interested to buy it.
The price is correct and it’s not negotiable and it also includes the transport.
Please write me back to discuss only if you are interested because I am tired of people that ask questions and are not interested at all.
Regards

I’m sorry, but I’m having troubles trying to believe this bullshit. Company in Brussels, guy from UK, German papers, UK shipping company. And on every picture they say to contact a Gmail account. Automatic reply comes from a msn account.

Just like i had problems believing the last girl i fucked. It’s official, we broke up yesterday. Nothing to loose actually. If, by mistake we had more than we already had, it would be a mess each time i feel like she was lying. I’m not worrying anymore. She’s past tense. And another good thing is that i never liked relationships at work, so it’s a good thing it’s over. I had 1000 reasons to end, 1-2 reasons to continue. Balance said it’s over. And this time I’ll do anything to refuse pussy…including not seeing her.

Anyway, i still have 3 more exams to pass till graduation. I’ll start those in 1 week, so now i have to concentrate on important things now…

The requirements were to find a way to make secure VPN tunnel with the workplace, and dial-up VPN being not so secured, we opted for IPsec with L2TP, the built-in VPN client in Windows distributions – including my newly Windows Mobile 6.1, which i actually tested and works great with the VPN.

Basically, we’ll start with a fresh clean installation of Ubuntu Server, in my case, the lastest one 9.04. You start to apt-get everything you need:

apt-get update

apt-get install openswan xl2tpd

PPP is already installed so you won’t have any problems with it. This scenario will be a “road warrior”, because we want to be able to connect from every kind of internet connection to the company’s network – including home internet, 3G modem connected to the laptop, GPRS connection on the mobile phone, ..whatever.

Ok, so you’ll need to configure some files first. Let’s start with ipsec:

ipsec.conf

conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
left=99.99.99.99                  #your external IP address for the clients to enter in their VPN wizzard
leftnexthop=99.99.99.1    #your gateway
leftprotoport=17/1701
right=%any
rightprotoport=17/0

This is the default ipsec.conf configuration file that is installed together with openswan. Next, you’ll have to configure a secret for IPsec, and you’ll do that by configuring /etc/ipsec.secrets file:

99.99.99.99 %any : PSK “yourfavouritepresharedkey”

That should be all for IPsec to work. You just have to put it on startup with:

update-rc.d ipsec defaults

Ok, next, you’ll have to configure xl2tp to work. For that, there is a file called /etc/xl2tpd/xl2tpd.conf that needs to be edited:

[global]                                                                ; Global parameters:
ipsec saref = yes
listen-addr = 99.99.99.99
port = 1701                                                     ; * Bind to port 1701
auth file = /etc/ppp/chap-secrets       ; * Where our challenge secrets are
rand source = dev                     ; Source for entropy for random
[lns default]                                                   ; Our fallthrough LNS definition
exclusive = no                                          ; * Only permit one tunnel per host
ip range = 88.88.88.50-88.88.88.150     ; * Allocate from this IP range
local ip = 88.88.88.1                           ; * Our local IP to use
length bit = yes                                                ; * Use length bit in payload?
refuse pap = yes                                                ; * Refuse PAP authentication
refuse chap = yes                                               ; * Refuse CHAP authentication
require authentication = yes                    ; * Require peer to authenticate
name = vpn-srv                                        ; * Report this as our hostname
ppp debug = yes                                         ; * Turn on PPP debugging
pppoptfile = /etc/ppp/options.l2tpd                     ; * ppp options file

I guess this is almost self explanatory, ..but if you need some help on this, just put a comment. 2 files to go. First is the pppoptfile – /etc/ppp/options.l2tpd

/etc/ppp/options.l2tpd

asyncmap 0
auth
crtscts
lock
hide-password
modem
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
noipx

After configuring ppp to work with xl2tp, there is one more step for things to work – authentication. You accomplish that by editing the auth file /etc/ppp/chap-secrets

/etc/ppp/chap-secrets

user1      l2tpd     user1password    88.88.88.5

#specify an IP from the range or out of it; whenever user1 is logging in, it will get the same IP

user2      l2tpd     user2password *

# user2 will always get an IP from the range specified in the range from xl2tpd.conf file.

That’s about it. When I’ll feel like doing print screens, I’ll show you how you add your VPN connection in a Windows XP, but i guess you can already find that out with google search.

[update]: i tried the configuration i posted on my blog, but vista client behind NAT didn’t work at all. There are 2 things you should do:

1. registry modification on windows xp/vista:

for windows xp:
in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPsec create a DWORDcalled AssumeUDPEncapsulationContextOnSendRule and assign the hex value of “2″. This should allow both client and server behind NAT.

for windows vista:

in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent create a 32-bit DWORD called AssumeUDPEncapsulationContextOnSendRule and assign the same value of “2″ for the same reasons.

2. you should define private networks in ipsec.conf by adding this into ipsec.conf in config setup section:

virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12

It should work after all this.

[update2]: here is the latest configuration that worked, with computers behind NAT or not, with Vista or XP..works with all combinations – of course, with the registry key inserted where it has to be.

conn ROADW-NAT
rightsubnet=vhost:%priv
authby=secret
pfs=no
rekey=no
keyingtries=3
left=80.80.80.80
leftnexthop=80.80.80.1
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=15
dpdtimeout=60
dpdaction=clear
type=transport
auto=add

conn ROADW
authby=secret
pfs=no
rekey=no
keyingtries=3
left=80.80.80.80
leftnexthop=80.80.80.1
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=15
dpdtimeout=60
dpdaction=clear
type=transport
auto=add

and of course, insert this line in ipsec.conf:

virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12

This should work in every type of road warrior. Have fun!! The rest of the configuration files are exactly the ones from above..

Basically, i was just around just for her to fuck someone till she waited some other dude to end up his relationship with some other girl. After he was done with that girl, called this girl i was with, ..ended up together. I’m not buying this either. But I don’t want anymore lies from her…

It’s going to be very soon, sooner than expected. Mostly because i don’t know what happened, and mostly because I hate being lied to. In both cases, it’s enough for me to end this. But first, I wanna know what happened, and then see how I can end all this crap..

[update]: the end!! – she was lying, i was lying…not a very good start..

It’s not about human cloning, ok?

It’s about VMware cloning. VMware, which is the new project i have to finish in few months – virtualizing almost every server we have. So, there are 2 ways to clone a physical machine:

- cold cloning – you boot the machine into a VMware converter ISO, operating system is off, no activity on the hard drive, and you get to clone everything just the way it was just before you shut down the machine. Configured IP address on the VMware converter that boots up has to have access to the VCenter or ESX machine in order for things to work.

- hot cloning – the physical machine is booted into the operating system it currently has. You start VMware converter on another machine. This machine has to have access to both physical machine that you want to virtualize and the VCenter / ESX machines, and they have to be visible to each other too. Bad part about this method is that the machine is not turned off, i mean, the operating system is not turned off, then hard drive might change during cloning, and data loss occurs.

Unfortunately, cold cloning is not working for me at all. It gives all kinds of errors. Yesterday i tried cold cloning again…made some changes and tried again..and so on, till i finally decided to close all services on the server and then do a hot cloning. I looked the error on VMware KB and they said it’s something related to network problems – something like the NICs are not configured with automatic negociation, ..or something like that. I made sure every NIC from ESX or the physical machine i wanted to virtualize were both auto-negociating speed and duplex and tried again. But i had the same problem. After closing every service on the machine, so no hard drive changes during cloning, and my computer at work coordinating the conversion from the VMware converter standalone, everything work great. Started everything at around 10pm. At 6:30 am i had almost 400GB of virtual machines (2 of them) converted from physical to virtual. All i had to do was changing IP addresses for the new VMware adapter on the host, and installing VMware tools. That was all. BTW, physical machines were Windows 2000.

Anyway, after a good night sleep, when i woke up in the morning at 7am, both machines were converted. No errors, too.

So let’s say ..a boy meets a girl. Boy likes girl, girl likes boy. Boy fucks girl, girl fucks boy. Boy goes to work, girl goes to work…and…silence.

[update]: how cute…she “accidentally” forgot the phone at home… I always hated the “believe what you wish” thing. I guess people say that only when they’re tired of lying..

Well, i have this server on my hands, built from scratch, and used mostly for hosting websites and email. So, i had to make postfix use virtual tables with mysql, dovecot too..and so on. Anyway, after following some tuturial i made everything running except for smtp authentication using SASLAUTHD. So, on my CentOS 5.3 to make smtp authentication running, i had to create a smtpd.conf file in /usr/lib/sasl2/ with the following content:

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

And /etc/sysconfing/saslauthd should have the following content:

START=yes
PIDFILE=”/var/spool/postfix/var/run/${NAME}/saslauthd.pid”
SOCKETDIR=/var/run/saslauthd

MECH=pam

FLAGS==”-m /var/spool/postfix/var/run/saslauthd -r”

Usually, default saslauthd file doesn’t have any flags nor pidfile. After that, you should see saslauthd finally authenticating people. Bad part is that i spent almost whole day yesterday trying to figure this shit out. Hopefully, i’ll remember my post next time i’m in this kind of trouble.