我竟然今天才发现这个cool 极了的东西!!!
http://code.google.com/p/gource/
项目主页在这里,里面有视频。
读取版本管理的日志,然后通过很炫的动画,将版本的变动表现出来,cool 啊!!支持多种版本管理软件,包括我熟悉的svn 和不算太熟悉的git 。
homebrew 下很方便,brew install gource ,安装完成后,在代码的根目录,直接运行 gource 就行了!!
然后,就欣赏很炫的动画吧!!
September 2011
HOWTO Configure L2TP VPN server on Linode Gentoo VPS
Linode announced a new facility in Tokyo, Japan at September 20, 2011. It’s a big good news for us inside the wall. The download speed, and latency, is pretty awesome!!
I migrated my linode(actually it belongs to my boss) from USA to Tokyo with no doubt. And rebuild it from Ubuntu to Gentoo. As a desktop, Ubuntu plays so good so far.But as a server, Ubuntu sucks !!
OK, everything is ready, all we need is a L2TP VPN server.
Here is my L2TP VPN configuration.
First of all, choose a faster mirror server, this is my selection: gentoo.channelx.biz, chosen from mirrorselect (emerge mirrorselect). And add it to /etc/make.conf, replace the original one.
U can run this command if u don’t have an original GENTOO_MIRRORS config in /etc/make.conf.
echo 'GENTOO_MIRRORS="http://gentoo.channelx.biz/" ' >> /etc/make.conf
The software we need: openswan , xl2tpd , ppp. We can install them all with the ‘emerge’ command, but I found there’s something wrong with the openswan (v2.4.15-r2), we must upgrade openswan to version 2.6.31, even though this version is masked.
Solve the masked problem:
echo 'EMERGE_DEFAULT_OPTS="--autounmask=n" ' >> /etc/make.conf echo '=net-misc/openswan-2.6.31 ' >> /etc/portage/package.accept_keywords
OK, install it:
emerge =net-misc/openswan-2.6.31
Let’s do some copy and paste.
Configure the ipsec.
copy the content of /etc/ipsec.d/examples/sysctl.conf to /etc/sysctl.conf ,and make sure the rp_filter options are commented.
# Enables source route verification #net.ipv4.conf.default.rp_filter = 1 # Enable reverse path #net.ipv4.conf.all.rp_filter = 1
u can run this command:
cat /etc/ipsec.d/examples/sysctl.conf >> /etc/sysctl.conf
and active the sysctl.conf:
sysctl -pEdit the /etc/ipsec.conf :
echo 'include /etc/ipsec.d/examples/l2tp-psk.conf' >> /etc/ipsec.conf
when ignore the commented line:
#cat /etc/ipsec.conf | egrep -v "^[[:space:]]*#" | grep -v "^$" conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=YourPublicIP leftprotoport=17/1701 right=%any rightprotoport=17/0 conn passthrough-for-non-l2tp type=passthrough left=YourPublicIP leftnexthop=YourGatewayIP right=0.0.0.0 rightsubnet=0.0.0.0/0 auto=route
and remember to replace the “YourPublicIP” , “YourGatewayIP” to the correct value.
edit /etc/ipsec.secrets :
YourIPAddress %any: PSK "sharedsecret"
do the same replacement.
Configure the iptables.
iptables -t nat -A POSTROUTING -j MASQUERADE /etc/init.d/iptables save rc-updat add iptables default
Configure xl2tpd :
# cat /etc/xl2tpd/xl2tpd.conf [global] ipsec saref = yes [lns default] ip range = 172.16.80.128-172.16.80.254 local ip = 172.16.80.1 require chap = yes refuse pap = yes require authentication = yes name = xl2tpd ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
Configure PPP :
# cat /etc/ppp/options.xl2tpd ipcp-accept-local ipcp-accept-remote ms-dns 8.8.8.8 ms-dns 8.8.4.4 noccp auth crtscts idle 1800 mtu 1410 mru 1410 nodefaultroute debug lock proxyarp connect-delay 5000
# cat /etc/ppp/chap-secrets Username xl2tpd Password *
do some replacement here.
start the services:
/etc/init.d/ipsec start /etc/init.d/xl2tpd start
Have fun .
PS: ipsec verify failed ?
Pluto listening for IKE on udp 500 [FAILED] Cannot execute command "lsof -i UDP:500": No such file or directory Pluto listening for NAT-T on udp 4500 [FAILED] Cannot execute command "lsof -i UDP:4500": No such file or directory
it’s all right, because the command ‘lsof‘ is missing, just ‘emerge lsof‘
Reference:
http://riobard.com/blog/2010-04-30-l2tp-over-ipsec-ubuntu/
http://apple4.us/2010/05/setting-up-l2tp-vpn-on-debian-ubuntu.html
http://forums.gentoo.org/viewtopic-t-324500-highlight-openswan.html (the ppp configuration part, it’s different between gentoo and ubuntu)
——————————
update: 2011-09-26
If u can connect successfully at the first time, but failed at the second. Here’s the solution.
Add the following lines to your L2TP-PSK-noNAT connection and restart ipsec (/etc/init.d/ipsec restart )
dpddelay=40 dpdtimeout=130 dpdaction=clear
Reference:
http://lists.openswan.org/pipermail/users/2011-January/019945.html
小折腾几天dd-wrt
这几天晚上回来都在折腾我家的路由,写下我的折腾小结。
刷DD-WRT 当然要看看固件支不支持啦,看下这个:http://www.dd-wrt.com/wiki/index.php/Supported_Devices
之前我还刷过一个baffulo 的,才4m 闪存,32m 内存,最大的好处是,官方提供DD-WRT firmware standard 版,不怕刷坏。
我自己淘了一个二手 belkin F7D4302 ,强大的地方是,64m 内存,8m 闪存,而且支持2.4GHz 5Ghz 双频,有usb 接口,硬件配置超爽!!缺点无自己的天线,信号不是那么好,发热量据说很大,我初用,感觉还不深。
刷的过程就不说了,反正我是参考google 一搜就出来的那篇文章刷的。说说中间的折腾吧。
belkin 的路由在supported devices 里,会有以下warning:
WARNING: Always use TFTP to flash Belkin routers if at all possible! Upgrading dd-wrt from the web interface can lead to a bricked (nonfunctional) unit!
不过我的那个有一个note: use CFE mini Web Server for first flash. 第一次貌似可以用web gui 来刷,于是我就刷了一个专门为 F7D4302 定制的( http://www.dd-wrt.com/dd-wrtv2/downloads/others/eko/BrainSlayer-V24-preSP2/2011/06-14-11-r17201/broadcom_K26/dd-wrt.v24-17201_NEWD-2_K2.6_mini_f7d4302.bin) 固件。
貌似一定要用ie 来刷,反正mac 下的safari , chrome , firefox 都不行,不知道linux 下的firefox chrome 行不行。
这个是mini 版,如果真的想把路由用起来,mini 是远远不够的,mini standard mega 之间的区别看这里:http://en.wikipedia.org/wiki/DD-WRT#Features
mega 的固件可以在这里下载:http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Fothers%2Feko%2FV24_TNG%2Fsvn17084/
我就在mini 的web gui 下刷的mega ,貌似也没有变砖,只是有时候不那么灵光了。
配置好openvpn 后,这里的vpn 不要push gateway ,就是路由的配置了。一般来说,有两种方式,
1,国内ip 走默认路由,国外ip 即使没有被认证,也走vpn 。这里需要维护一份国内ip 的列表,不过ipv4 都分完了,这个估计变动不大了。
2,只有被认证的ip 走vpn ,其它都走默认路由。这里需要维护一份被认证的ip 列表,这里的ip ,其实可以从gfwlist 里把那些ip 都抽取出来。
然后,使用以下两个命令,自己写个脚本吧。
ip route add $gfwip via $vpntunip table 163
ip rule add from 192.168.1.0/24 table 163
前者是加路由,并把规则写入 163 号表,后者是将所有 192.168.1.0/24 的ip 都应用163 号表的规则。(kernel 必须支持 CONFIG_IP_MULTIPLE_TABLES ,这里的DD-WRT 当然是带的,不过gentoo 的livecd 的kernel 是没有的!!)
DD-WRT 的包管理系统ipkg 弱爆了,建议安装ipkg-opt 。看这里:http://www.dd-wrt.com/wiki/index.php/Optware , 或者简单一句话:
wget http://www.3iii.dk/linux/optware/optware-install-ddwrt.sh -O – | tr -d ‘\r’ > /tmp/optware-install.sh
sh /tmp/optware-install.sh
本人初玩DD-WRT ,或许这些都有问题,日后遇到问题再修正了。
——————————–
update: 2011-09-24
对于我这个型号的路由。。。不能使用其自带的openvpn client ,貌似会有各种问题,例如不能保存配置,重启就回复了之前的配置,没有了5G 网络之类的。用ipkg-opt 装一个screen ,然后自己跑openvpn client 吧。
update: 2012-05-01
今天又玩了一下 DD-WRT ,就更新一下吧。其实后来我都把外国的 ip 都走 VPN 了,如果只把认证的 IP 走 VPN 还是很不方便的。
ubuntu 下的lvs tunnel real server 配置注意
来个速记。
以前就因为一次内网调整,使用了一次lvs 的tunnel 模式,后来都没有配置过了,今天因为要配置外网的lvs ,再次弄了一下,才发现要注意一下了。
DR 模式下的rs 配置一般如下:
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
echo “1″ >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo “2″ >/proc/sys/net/ipv4/conf/lo/arp_announce
echo “1″ >/proc/sys/net/ipv4/conf/all/arp_ignore
echo “2″ >/proc/sys/net/ipv4/conf/all/arp_announce
tunnel 的话,可以改成这样:
/sbin/ifconfig tunl0 $VIP broadcast $VIP netmask 255.255.255.255 up
echo “1″ >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo “2″ >/proc/sys/net/ipv4/conf/lo/arp_announce
echo “1″ >/proc/sys/net/ipv4/conf/all/arp_ignore
echo “2″ >/proc/sys/net/ipv4/conf/all/arp_announce
直接执行的话,可能会出现以下错误(反正那个死人坑爹的ubuntu 出现了!!!还是得找机会换了它。。。)
SIOCSIFADDR: No such device
tunl0: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
竟然不能建立tun 设备!!
好吧,tun 设备作为module 了,没有编译进去内核@@
modprobe ipip 即可。