Setup L2TP/IPsec VPN server on Ubuntu

1. Installing OpenSWAN

There is a couple of IPSEC protocol in Linux: FreeSWAN, OpenSWAN, StrongSWAN. Here we are going to deal with OpenSWAN.

The current version of OpenSWAN in Ubuntu Lucid is 2.6.23. Unfortunately it is coming with a bug in this version, make it doesn't work well with L2TP server, we have at least upgrade it to version 2.6.24. 

1.1. Add this 3rd party apt source of OpenSWAN:

sudo apt-get install python-software-properties
sudo add-apt-repository ppa:openswan/ppa
sudo apt-get update

1.2. Here we check the version, should be at least 2.6.24

# apt-cache policy openswan
openswan:
  Installed: (none)
  Candidate: 1:2.6.28-1xelerance3
  Version table:
     1:2.6.28-1xelerance3 0
        500 http://ppa.launchpad.net/openswan/ppa/ubuntu/ lucid/main Packages

1.3. Install

sudo apt-get install openswan

If you are asked for "Use an X.509 certificate for this host", just say NO.

2. Configuring OpenSWAN

2.0. Set bash variables

You may have to set your own variables, I'm here just going to use random values as examples:

L2TP Server IP: 192.168.1.1, VPN subnet prefix: 10.1.1.0/24, username: user, password: 1234. 

export SERVER=192.168.1.1
export NET=10.1.1
export USER1=user
export PASS1=1234

2.1. Setup sysctl

sudo mv /etc/sysctl.conf /etc/sysctl.conf.bak
 
sudo bash -c "cat > /etc/sysctl.conf <

2.2. Refresh sysctl

sudo sysctl -p
 
sudo bash -c 'for each in /proc/sys/net/ipv4/conf/*
do
    echo 0 > $each/accept_redirects
    echo 0 > $each/send_redirects
done
'

2.3. Setup up iptables

sudo mv /etc/rc.local /etc/rc.local.bak
 
sudo bash -c "cat > /etc/rc.local <$NET.0/24 -o eth0 -j MASQUERADE
exit 0
EOF
"

  sudo chmod +x /etc/rc.local

2.4. Refresh iptables

sudo /etc/rc.local

2.5. Setup ipsec.secrets

sudo mv /etc/ipsec.secrets /etc/ipsec.secrets.bak
sudo bash -c "cat > /etc/ipsec.secrets <$SERVER %any: PSK \"$PASS1\"
EOF
"

2.6. Setup ipsec.conf

sudo mv /etc/ipsec.conf /etc/ipsec.conf.bak
sudo bash -c "cat > /etc/ipsec.conf <$SERVER
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
EOF
"

2.7. Make ipsec service started by default

运行下面的命令, 让ipsec服务可以开机自动启动:

sudo update-rc.d ipsec defaults

3. Installing xl2tpd

We all know how to do this:

sudo apt-get install xl2tpd

4. Configuring xl2tpd

4.1. Setup xl2tpd.conf

sudo mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.bak
sudo bash -c "cat > /etc/xl2tpd/xl2tpd.conf <$NET.2-$NET.255
local ip = $NET.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
EOF
"

4.2. Setup options.xl2tpd

sudo mv /etc/ppp/options.xl2tpd /etc/ppp/options.xl2tpd.bak
sudo bash -c "cat > /etc/ppp/options.xl2tpd <

4.3. Setup chap-secrets

sudo mv /etc/ppp/chap-secrets /etc/ppp/chap-secrets.bak
sudo bash -c "cat > /etc/ppp/chap-secrets <$USER1       l2tpd       $PASS1       *
EOF
"

5. Start L2TP server

Till here, we have done configuring L2TP/IPsec server. We will could use it after the server is stared:

sudo invoke-rc.d xl2tpd restart
sudo invoke-rc.d ipsec restart

Check the IPsec server status by this command: "ipsec verify", and it should be like this:

# sudo ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                              [OK]
Linux Openswan U2.6.28/K2.6.32.16-linode28 (netkey)
Checking for IPsec support in kernel                         [OK]
NETKEY detected, testing for disabled ICMP send_redirects    [OK]
NETKEY detected, testing for disabled ICMP accept_redirects  [OK]
Checking that pluto is running                               [OK]
Pluto listening for IKE on udp 500                           [OK]
Pluto listening for NAT-T on udp 4500                        [OK]
Two or more interfaces found, checking IP forwarding         [OK]
Checking NAT and MASQUERADEing                              
Checking for 'ip' command                                    [OK]
Checking for 'iptables' command                              [OK]
Opportunistic Encryption Support                             [DISABLED]

6. Testing L2TP server

Just grab a device that support connecting to a L2TP server, Android/iPhone could done this well. If you are doing it with all the variables just like mine, the server IP address should be 192.168.1.1, username is user, and L2TP password and the IPsec pre-shared key are both 1234.

Setup text mate environment with ruby on rails

Get to preferences page of textmate, click advanced - shell variables,
set the following in order to get most of your textmate bundle work:

PATH -> paths with your git & mysql & ruby
DYLD_LIBRARY_PATH -> path of your mysql lib
ARCHFLAGS -> -arch x86_64
RUBYOPT -> rubygems

set timezone on Ubuntu

Ubuntu server uses UTC for the default timezone, this blog will guide
you if you wanna change the default timezone

first select your timezone interactively by using 'tzselect', you may
need 'sudo'
after that, we wanna make the change permanently

sudo cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

finally we change 'UTC=yes' into 'UTC=no' in the file located at
'/etc/default/rcS'

now you have it done! do a 'date' for sure

Rails 3 issue: 'Content-Length' field not exist in HTTP head when using 'send_data' method

I found this issue in one of my Rails 3 app, here is a simple demo:

class AnyController < ApplicationController
  def any_action
    send_data [SOME-BINARY-DATA]
  end
end

when browser make any request to this controller, Rails 3 app will
REMOVE your 'Content-Length' field of the HTTP response header, even
you add content-length in the logic code explicitly

To fix this, we could add a Rack middleware and plug it in to the app,
in your #{Rails.root}/config/application.rb file, find code like below:

module XX
    class Application < Rails::Application
        config.middleware.use "HttpHeaderFix" # add this line

then create a file named 'http_header_fix.rb' at #{Rails.root}/middleware

class HttpHeaderFix
  def initialize(app)
    @app = app
  end

  def call(env)
    status, headers, response = @app.call(env)
    if headers["Content-Type"] == "application/octet-stream"
      if headers["Content-Length"].blank?
        if response.respond_to? :length
          length = response.length
        elsif response.respond_to? :count
          length = response.count
        elsif response.respond_to? :size
          length = response.size
        elsif response.respond_to? :body
          length = response.body.length
        else
          raise "unknown response: #{response.class}"
        end
        headers["Content-Length"] = length.to_s
      end
    end
    [status, headers, response]
  end
end

OK, there you go!!

Setup ssh proxy under linux

First setup OpenSSH
check your /etc/shells file if it contains a line '/sbin/nologin'

Then you want just add your SSH account like this:

useradd -M -s /sbin/nologin -n username

some version of Linux may like this:

useradd -s /sbin/nologin username

and even the 'nologin' shell is located at '/usr/sbin/nologin' in some
Linux version

Now, you have a SSH server & account setup

Recommended web browser plugins for SSH proxy:
Firefox users checkout autoproxy:
https://addons.mozilla.org/en-US/firefox/addon/autoproxy/
Chrome users checkout Switchy!:
https://chrome.google.com/webstore/detail/caehdcpeofiiigpdhbabniblemipncjj

Setup RVM on Mac OS X

First of all, install Xcode in anyway.
Installing rvm itself is pretty easy. The rvm homepage gives a quick
install command:

bash < <(curl -s
https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)

and then add this to your shell profile:

[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"
CC=/usr/bin/gcc-4.2

For ruby 1.9.3, we need libksba installed, using Homebrew, just run

'brew install libksba'

installing Homebrew is quite easy too:

/usr/bin/ruby -e "$(curl -fsSL https://raw.github.com/gist/323731)"

now try install ruby 1.9.3:

rvm install 1.9.3 --reconfigure --debug -C --enable-pthread --with-gcc=clang

NOTE: in case of any compilation issues
* downgrade to Xcode 4.1
* or install osx-gcc-installer
and reinstall your rubies.

Setup Git on Mac OS X

1. Check this out http://code.google.com/p/git-osx-installer/ *Don't worry if it's a Snow Leopard version, it works on Lion!
   
2. Double click to mount it.
3. Run the git-1.x.x.x-x.pkg (A basic installer. Note: You'll need administrative privileges.)
4. Complete the Installation
5. Open up a terminal
   1. Change directories to the mounted image
      bash$ cd /Volumes/Git\ 1.x.x.x\ xx/
      
   2. Run the shell script (bash$ ./setup\ git\ PATH\ for\ non-terminal\ programs.sh)

Re-open your terminal (reset your session) and you'll be good to go. Up and running with Git in no time!

[转] 最大化Dropbox的免费空间

Dropbox免费的2G空间虽然已经可以存不少东西了，但是对于同步控而言，显然还是太少，但是花钱的话，只有50G和100GB两个选择，又太贵了点儿。本文介绍了一些方式，可以将Dropbox的免费空间直接提升到4G以上，并且最多可以有20G+，有兴趣的同学千万别错过。

1. 使用别人的邀请链接注册，这样就是2.25G，否则只有2G。我的Referer链接： http://db.tt/MQB4KVy

2. 安装Dropbox客户端，然后完成Get Started教程里的五六步，获得256M免费空间 https://www.dropbox.com/gs

3. 获得额外的5×128M免费空间 https://www.dropbox.com/free
(1) 绑定Twitter帐户 - 128MB
(2) 绑定Facebook帐户 - 128MB
(3) 在twitter上Follow @Dropbox - 128MB
(4) 写出一句话说明为什么你喜欢Dropbox - 128MB
(5) 把那句话Tweet出去（就是发到twitter上） - 128MB

4. 邀请其他人，每个人可以给你增加256MB空间。

5. 如果你有.edu、.edu.cn等邮箱（学生或者老师，比如武大的@mail.whu.edu.cn就行），访问https://www.dropbox.com/edu 绑定edu邮箱，就可以将每次邀请的量增加，由256增加到512，邀请能获得的最大空间也会翻倍到16G。步骤1的256也会变成512。