Pages

Thursday, July 7, 2011

modifications to up scripts for vpn


http://www.linuxselfhelp.com/howtos/PPP/PPP-HOWTO-23.html
In the scripts in etc/ppp/ip-up.d you can use




When the ppp link comes up, this script is called with the following
parameters
$1 the interface name used by pppd (e.g. ppp3)
$2 the tty device name
$3 the tty device speed
$4 the local IP address for the interface
$5 the remote IP address
$6 the parameter specified by the 'ipparam' option to pppd






Silly I missed that.


--
My Emacs Files At GitHub

Wednesday, July 6, 2011

Bash script to sync a number of machines from the current one


pass "all" to do the lot from one major node. edit as appropriate.
set SYNCHOSTS if you like or set the defaults as appropriate.





#!/bin/bash

COMMAND=$1

hosts=${SYNCHOSTS};
if [ -z ${hosts} ]; then
hosts=(asus x30 dev t60)
fi

for myhost in "${hosts[@]}";
do
ping -c 1 "$myhost" > /dev/null
if [ "$?" -eq 0 ] ; then
echo "${myhost} up"
if [ "${COMMAND}" = "all" ]; then
rsync -avz --force --exclude ".emacs.d/agent" --exclude ".emacs.d/url" --delete --exclude "auto-save-list" --exclude ".gnuskillfiled" --exclude "*~" --ignore-errors ~/common-files $USER@$myhost:
else
rsync -avz ~/Mail $USER@$myhost:
rsync -avz ~/.org-files $USER@$myhost:
rsync -avz ~/bin $USER@$myhost:
fi
else
echo "$myhost down"
fi
done





--
My Emacs Files At GitHub

script to return ip address of an interface

#!/bin/bash
sudo ifconfig ${1-eth1} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'




--
My Emacs Files At GitHub

Going Anonymous - the Linux way : iPlayer, VPNs and PPTP

Somewhat naughtily I have a hankering to watch UK TV on my PC at times. There's only so much Dieter Bohlen and the Bavarian Brass Quartet one can take. Alas, in a fit of stupiditiy and bureaucracy English online TV is not allowed - they filter youby your country's IP address. The IP address is the "unique" address of yourinternet connection - its how hackers and "groomers" are caught! So the "easy"way is to use whats called a "proxy". A proxy routes some or all of yourinternet traffic through a "proxy" and the site you are visiting sees the IP address of the proxy and not your own country/location specific IP. As a resultof this the BBC and ITV or any site that limits its viewers gladly give uptheir goodies in this victim-less crime.



There is a problem however. Good proxies are hard to find. And when you do find them many wont stream video -only static web content. Where there is a need there is a supplier however! Andsure enough you can purchase a "proxy" from companies in the UK. This led me to consider a VPN after a friend mentioned them. A VPN, or Virtual Private Network,allows you to route traffic to a remote end point. And that remote end point hasits own localised IP address. So how to do this in Linux?The first option is the simply atrocious Network-Manager. It provides a GUI foryou to set up a VPN. When it doesnt crash. It also, and bizarrely, ignores and/or clashes with the standard Linux network stack configuration files. All that AND it only allows one VPN to be enabled.The second option was to read up on and manage manually the horrifically complexLinux network config files. My loathing for Network-Manager made me role up my sleeves and take this approach.So, this small blog doesnt wax lrical on the hurdles but merely explains the results! Hopefully it can be used to help you get a vpn working.So, off we go.



First step is the /etc/network/interfaces file




auto lo
iface lo inet loopback

auto eth1
iface eth1 inet dhcp

iface uk1 inet ppp
provider uk1




Here we have defined a device, uk1, for the vpn. Note the "ppp". This tells th enetworking infrastructure that its a peer to peer connect. We need more info to establish the connection : the "provider" clause points to /etc/ppp/peer/uk1which is as follows:-




pty "pptp VPN_SERVER-ADDRESS --nolaunchpppd"
name user@gmail.com
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam uk1




The personalised parts are obvious enough. But what about authentication? The "name" clause in the previous file is mapped to to an auth file : in this case/etc/ppp/chap-secrets where the contents are simply




# Secrets for authentication using CHAP
# client server secret IP addresses
user@mail.com PPTP PASSWORD-FOR-VPN-SERVER *




How do we fire this up? Two ways




sudo pon uk1




or




sudo ifup uk1




If success you will see a new route in your routing table! But this route is currently not used since we havent yet told the system WHAT data must travel onthis new route.Before we bring "up" the interface :




[5107]shamrock@development:/etc/ppp$ sudo route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
87.117.198.127 192.168.0.1 255.255.255.255 UGH 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth1
[5108]shamrock@development:/etc/ppp$




After:




[5109]shamrock@development:/etc/ppp$ sudo ifup uk1
[5110]shamrock@development:/etc/ppp$ sudo route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.10.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
87.117.198.127 192.168.0.1 255.255.255.255 UGH 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth1




In this example the ip address "87.117.198.127" is that of us that will appear to the sites we visit, the new interface ppp0 is there too. A quick look in our/var/log/syslog shows what happened in more detail:-




Jul  6 20:49:12 dev pppd[1]: pppd 2.4.5 started by root, uid 0
Jul 6 20:49:12 dev pppd[1]: Using interface ppp0
Jul 6 20:49:12 dev pppd[1]: Connect: ppp0 <--> /dev/pts/3
Jul 6 20:49:12 dev pptp[2]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jul 6 20:49:12 dev pptp[3]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Jul 6 20:49:13 dev pptp[3]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Jul 6 20:49:13 dev pptp[3]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Jul 6 20:49:13 dev pptp[3]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Jul 6 20:49:14 dev pptp[3]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Jul 6 20:49:14 dev pptp[3]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 33920).
Jul 6 20:49:14 dev pptp[2]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 5 (expecting 4, lost or reordered)
Jul 6 20:49:14 dev pppd[1]: CHAP authentication succeeded
Jul 6 20:49:14 dev pppd[1]: MPPE 128-bit stateless compression enabled
Jul 6 20:49:14 dev pppd[1]: local IP address 192.168.10.24
Jul 6 20:49:14 dev pppd[1]: remote IP address 192.168.10.1




So we have this vpn enabled now but how do we use it?One way to make us totally anonymous would be to simply set our local gateway default to ppp0 as opposed to eth1 e.g




sudo route add default gw GATEWAY-IP




But how can we dynamically get the GATEWAY IP assigned by our pptp connection? A little bit of awk and sed:-




sudo route add default gw `sudo ifconfig ${IFACE} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'`




At this point ALL traffic from this PC would be routed via our VPN and ALL sitesand servers visitied would see the ip 87.117.198.127 as your address andtherefore consider you "located" at the place where the IP was issued. The UK for the BBC, US for Fox News etc - depending on what VPN package you purchased.Up to this point you would be totally anaonymous. Well, anonymous enough! Dont think for a minute you can then go breaking laws and not get caught. The VPN companies WILL keep logs no matter what they claim. They will be able toassociate your real IP address with your "anonymous" one and therefore YOU ifpressed by the authorities!So how would we go about only routine certain traffic? e.g ONLY the traffic for the BBC web site iPlayer? Here comes the wonderful "route" command. e.g consider this "uktv" script:-




#!/bin/bash
IFACE=${2-ppp0}
sudo ifup ${3-uk1} >/dev/null 2>&1
sudo route ${1-add} -host www.bbc.co.uk gw `sudo ifconfig ${IFACE} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` ${IFACE}>/dev/null 2>&1
sudo route ${1-add} -host www.itv.com gw `sudo ifconfig ${IFACE} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` ${IFACE}>/dev/null 2>&1




This adds our new VPN as the gateway for all traffic for the two sites bbc.co.uk and itv.com. Be aware of the laws of your country!It can be used to add and remove the gateway for these sites simply enough:




%uktv




turns them on. Our routing table now looks like this:-




[5114]shamrock@development:/etc/ppp$ uktv
[5115]shamrock@development:/etc/ppp$ sudo route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
77.67.28.81 192.168.10.24 255.255.255.255 UGH 0 0 0 ppp0
192.168.10.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
87.117.198.127 192.168.0.1 255.255.255.255 UGH 0 0 0 eth1
212.58.246.93 192.168.10.24 255.255.255.255 UGH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth1




I wont go into the details but its pretty obvious if you made it this far. "manroute". Or google is your friend!Notice the parameter substituion in bash to provide a default for argumen 1($1). We can close off the TV routes by simply typing "uktv del". So




%uktv del




removes the our new routes! Easy! But what about automatically turning them onwhen the interface ppp0 is turned on? Here we have the ip-up directories onDebian at least. Simply create the scripts you want running in/etc/ppp/ip-up.d. Here are some of mine:-




[5112]shamrock@development:/etc/ppp$ ls -l ip-up.d/
total 20
-rwxr-xr-x 1 shamrock shamrock 902 Jul 5 05:09 0000usepeerdns
-rwxr-xr-x 1 shamrock shamrock 293 Jul 5 05:09 00-exim4
-rwxr-xr-x 1 shamrock shamrock 53 Jul 6 19:05 01-vpnsetup
-rwxr-xr-x 1 shamrock shamrock 284 Jul 6 19:04 02-news
-rwxr-xr-x 1 shamrock shamrock 259 Jul 6 19:15 03-uktv




where 02-news, for another example, is :-




#!/bin/bash
IFACE="ppp0"
route add -host news.eternal-september.org gw `ifconfig ${IFACE} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` ${IFACE}
route add -host kornbluth.freenode.net gw `ifconfig ${IFACE} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` ${IFACE}




The 03-uktv script would be a symbolic link to my ~/bin/uktv script outlinedabove!And that pretty much wraps that up. Oh! No it doesnt … one thing that took me AGES to sort out was the MTU. You can google what that is. The MTU is veryfinicky for pptp it seems. I had to dial mine back to 1400 in order for the vpn connection to my vpn supplier worked. How did I do that? Easy : modify the MTUwhen you bring the interface up. Thats the 01-vpn-setup script above:-




#!/bin/bash
IFACE="ppp0"
ifconfig ${IFACE} mtu 1400




tada! Happy hiding!




--
My Emacs Files At GitHub

Go anonymous and back again ...


IFACE=${2-ppp0}
sudo ifup ${3-uk1} >/dev/null 2>&1
sudo route ${1-add} default gw `sudo ifconfig ${IFACE} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` 2>&1


--
My Emacs Files At GitHub

Script to add remove uk proxy routes


IFACE=${2-ppp0}
sudo ifup ${3-uk1} >/dev/null 2>&1
sudo route ${1-add} -host www.bbc.co.uk gw `sudo ifconfig ${IFACE} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` ${IFACE}>/dev/null 2>&1
sudo route ${1-add} -host www.itv.com gw `sudo ifconfig ${IFACE} | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` ${IFACE}>/dev/null 2>&1

--
My Emacs Files At GitHub

peer provider for vpn


pty "pptp uk1.hideipvpn.com –nolaunchpppd"
name user@mail.com
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam uk1


--
My Emacs Files At GitHub