On FreeBSD ntpd , ntpdc , ntpdate , ntpq doesn't need to be installed via a specific package like on GNU/Linux as they're part of the FreeBSD world (binary standardly shipped with FreeBSD basis system).
No need for any modifications if you don't want to apply some specific restrictions on whom can access the ntpd server. If you update regularly the FreeBSD system with freebsd-update or directly by rebuilding the FreeBSD kernel / world adding restrictions might be not necessery..
If you check /usr/src/etc/ntp.conf you will notice freebsd project people are running their own ntp servers , by default ntpd will use this servers to fetch timing information. The exact server hosts which as of time of writting are used can be seen in ntp.conf and are:
server 0.freebsd.pool.ntp.org iburst maxpoll 9
server 1.freebsd.pool.ntp.org iburst maxpoll 9
server 2.freebsd.pool.ntp.org iburst maxpoll 9
2. Add ntpd daemon to load on system boot via /etc/rc.conf
By default ntpd is disabled on FreeBSD, you can see if it is disabled or enabled by invoking:
Now as the 3 rc.conf vars are set to "YES", the ntpd can be started. Without having this variables in /etc/rc.conf , "/etc/rc.d/ntpd start" will refuse to start ntpd.
3. Start the ntpd service
freebsd# /etc/rc.d/ntpd start
...
One interesting note to make is ntpd can also operate without specifying any config file (/etc/ntp.conf), the only requirement for the server to start is to have a properly set ntpdate server, like lets say (ntpdate_flags="europe.pool.ntp.org")
4. Permit only certain host or localhost to "talk" to the ntpd server
If you want to imply some ntp server restrictions, the configuration directives are same like on Linux:
To allow only a a host inside a local network with IP 192.168.0.2 as well as localhost, to be able to fetch time information via ntpd server put inside /etc/ntp.conf:
If you want to prohibit ntpd to serve as a Network Time Server, to any other host except localhost, add in /etc/ntp.conf :
restrict default ignore
Allowing and denying certain hosts can be also done on pf (packet filter) or ipfw firewall level, and in my view is easier (and less confusing), than adding restrictions through ntp.conf. Besides that using directly the server firewall to apply restrictions is more secure. If for instance a remote exploit vulnerability is discovered affecting your ntpd server. this will not affect you externally as access to the UDP port 123 will be disabled on a firewall level. Something good to mention is NTP servers communicate between each other using the UDP source/destination (port 123). Hence if the NTPD server has to be publicly accessible and there is a firewall already implemented, access to source/dest port 123 should be included in the configured firewall …
5. Check if the ntp server is running properly / ntp server query operations
To query the now running ntpd server as well as set various configuration options "on the fly" (e.g. without need for ntp.conf edits and init script restart), a tool called ntpdc exists. ntpdc tool could be used to connect to localhost running ntpd as well as to connect and manage remotely a ntpd server. The most basic use of ntpdc is to check (server peers).: freebsd# ntpdc localhost
ntpdc> peers
remote local st poll reach delay offset disp
===================================================
ntpdc has also a non-interactive interface, handy if there is a need for requests to a ntpd to be scripted. To check ntpd server peers non-interactively:
ntpdc is an advanced query tool for ntpd , servers. Another tool exists called ntpq which syntax is almost identical to ntpdc . The main difference between the two is ntpq is a monitoring tool mostly used just for monitoring purposes, where ntpdc can also change plenty of things in the server configuration.
For people who want to learn more on ntpd the man page is a great reading , containing chapters describing thoroughfully exactly how NTPD time servers operate, etc.
In above graphics you see development of GNU/Linux through the years startingfrom 1992 to 2010. You see for the past 18 years the number of kernel developers has rasised from 100 to 1000 (10 times). The number of super computers based on GNU / Linux operating system was only 1, while in 2011 they were already 413. Just for information Top 10 Super computers in terms of CPU power are running on top of some Linux + GNU environment based operating system.
You see the number of Patented software increased approximate 3 times for 16 years … PC shipped with Linux all oer the world increased almost 10 times.
A survey was run among the biggest Linux convention LinuxCon aiming to find out the share difference between users using different distros, as well as a survey to answer the question where is Linux mostly used. Obviously even though the Ubuntu desktop boom this years Linux is still mostly used in work location, home desktop / notebook users are almost 3 times less. The survey show the sad results, the Linux in school and academic communities is less used than for professional purposes. On the desktop things has slightly changed, for the last 5-7 years. From the position of being a Linux Desktop leading OS, Fedora went into the shadows in favour of the "less free" (in terms of Freedom) Ubuntu.
All system administrators knows well Linux is a very common choice for building small or middle enterprise business information systems. Hugest platforms which are the web backbone today like Google, Facebook, Twitter, Stock Exchanges, Mail services, various technical equipment etc. runs on top of Linux. Even though the huge number of adoption Linux and free software is though to not be legally assured this is well known among free software and open source evangelist under the term FUD.
Android found its way also in Samsung Galaxy and a number of tablet devices running Linux based kernel OS was shipped in 2011.
With the raise of Android which (base is mostly Linux kernel and less GNU tools based). The spread of Linux has seen a huge raise on the mobile (smart phones) market as well. You see in above chart as of 2011 Android sells had the highest market share with 37%. The year 2011 was not among the best Linux users anywas, as Unity does turned away many users to become Linux converts. The big GNOME 3 mess, which was called by Linus Toravlds a "holy mess" , along with the kernel.org's security break in does also contributed that year 2011 ended up as a bad one for free software.
As of August 2011, the global Linux market approximate market share is about 3% of all the installed OSes currently existing in the world. And compared to 5 years ago there is a little decline in the share. I believe the 2012 will be a better year for both development and adoption of free software and Linux.
I was looking for a way to convert some Video and Sound files, downloaded from Youtube (mostly things dedicated to free software) and as far as I looked online unfortunately these pieces of nice music and tutorials are not available for download anywhere else or at least not available for download in some of the Open / Free Format (OGG Vorbis or OGV (OGG / Theora Video).
When it comes to convertion between different formats, always the first things that I think of is ffmpeg or mencoder , however I was not sure if some of this tools are doing the trick so I did a quick research online if there is some specialised console or GUI program that can do the convertions between MP4, FLV etc. to OGV.
In less than 10 minutes I found a threat mentioning about ffmpeg2theora – A Simple Convertor to create Ogg Theora files
As I’m running Debian GNU / Linux, I installed ffmpeg2theora straight via apt, according to some reports online ffmpeg2theora cmd convertion tool is also available straight from repositories on Ubuntu as well. On FreeBSD there is a port /usr/ports/multimedia/ffmpeg2theora available for install. Of course FFmpeg2Theora can be installed from source on other Linux distributions that might be missing a pre-built binary.
Using ffmpeg2theora to convert some kind of non-free video format is very simple, though the tool provides quite a numerous options for all those who want to have some customization for the video to be converted. To convert the flash file “The Gnu Song.flv” for example to The Gnu Song.flv , I invoked ffmpeg2theora like this:
debian:~# ffmpeg2theora "The Gnu Song.flv"
...
The conversion took few minutes of time, as my machine is not ultra powerful and apparently the conversion to OGV format is not too quick but the good news is it works. After the conversion was completed I used ogginfo to check the information about the recent converted file The Gnu Song.flv , below you see the file info ogginfo returns
debian:~# ogginfo The Gnu Song.ogv
Processing file "The Gnu Song.ogv"...
New logical stream (#1, serial: 5d65413f): type skeleton New logical stream (#2, serial: 0570412d): type theora New logical stream (#3, serial: 7e679651): type vorbis Theora headers parsed for stream 2, information follows… Version: 3.2.1 Vendor: Xiph.Org libtheora 1.1 20090822 (Thusnelda) Width: 320 Height: 240 Total image: 320 by 240, crop offset (0, 0) Framerate 25/1 (25.00 fps) Aspect ratio undefined Colourspace: Rec. ITU-R BT.470-6 Systems B and G (PAL) Pixel format 4:2:0 Target bitrate: 0 kbps Nominal quality setting (0-63): 32 User comments section follows… ENCODER=ffmpeg2theora-0.24 Vorbis headers parsed for stream 3, information follows… Version: 0 Vendor: Xiph.Org libVorbis I 20101101 (Schaufenugget) Channels: 1 Rate: 22050 Nominal bitrate: 30.444000 kb/s Upper bitrate not set Lower bitrate not set User comments section follows… ENCODER=ffmpeg2theora-0.24 Logical stream 1 ended Theora stream 2: Total data length: 1525324 bytes Playback length: 2m:41.360s Average bitrate: 75.623401 kb/s Logical stream 2 ended Vorbis stream 3: Total data length: 646729 bytes Playback length: 2m:41.384s Average bitrate: 32.059041 kb/s
ogginfo is a part of a package installed under the name vorbis-tools, vorbis tools also contains a few other helpful tools, whether operations with OGV or OGG file formats are at hand, the complete binaries vorbis-tools contains on Debian as of time of writting this post is:
ogg123 is a player for ogg files, however as far as I’ve tested it it doesn’t work too well. And just to compare ogg audio files were played just nice using the play command. oggenc is used to encode ogg audio file, based on a stream haneded to it from other audio encoded stream (let’s say mp3). Hence oggenc can be used to convert mp3 files to ogg audio files , like so:
oggdec is used to convert to wav files or raw PCM audio, whether; vcut is used to cut ogg video file on parts. vorbiscomment and vorbistagedit is used to edit information on already existing ogg audio files
There is also a GUI programmer for people who doesn’t want to bother with writting on the command line called oggconvert . OggConvert is written for GNOME and uses GTK gnome library, here is how the program looks like:
Yesterday night, one more Computer Genius – John McCarthy has passed away at the age of 84. John McCarthy is mostly famous for the creation of Lisp Programming language, which was probably the most used programming language in the short past. There are plenty of corporate old iron hardwares which still run programs written in Lisp. Lisp is the language in which Richard Stallman has created his so famous EMACS text editor for GNU.
Computer Technology students, should have studied certainly Lisp in the form of Lisp Scheme. Lisp is the the second oldest high level programming language only to be predeceded by Fortran . Lisp gave birth to the so called Macro programming languages and was invented by McCarthy in 1958, while he was in Massachusetts MIT university. What is so important about Lisp is that it is de-facto the first language in the world which was written to be suitable for AI (Artificial Intelligence) researches. There is plenty of interesting information about Lisp as well as a number of forks and variations circulating for almost all the existing major operating systems nowdays.
Besides LISP creation McCarthy was in the first team who did a the first Remote Computer Chess game. The game played was among USSR and US scientists, where the moves were transferred by telegraph. In 1972 MCCarthy was awarded with the Turing Award – (Today probably the most prestigious award for incredible technology achievements in the world). McCarth’s home website had a lot of great papers on programming languages, mathematical theory of computation and most importantly philosophical words and notes on Artificial Intelligence His site has a lot of his essays as well as his personal views on the world and predictions (foreseen probabilities by him) on the world future. McCarthy had even written a short Sci-Fi story (The Robot and The Baby), the story aim was to explore the question, whether robots should have simulated emotions.
John McCarthy is among the brightest computer genius who ever live on this planet as well as a true “icon” for a computer hacker. The news for his death is quite shocking especially after the sudden death of the creator of C programming Language and UNIX Denis Ritchie , and a week earlier the pass of Steve Jobs It seems like no coincidence, that the brightest computer minds are departuring this life, probably God is taking them one by one just like he gave them the gifts to invent and revolutionize the technology we use today. Surely McCarthy has left a huge landmark on technology and his name will be in the books for the generations to come.
I just read the lwn.net – Linux Weekly news ‘s website the very sad news that one of the greatest modern day computer heroes Dennis MacAlistair Ritchie after a long illness has passed away in his home.
The original notification for this grieving news are on Rob Pike’s Google Plus wall , this is the original message:
Rob Pike - 1:02 AM - Public
I just heard that, after a long illness, Dennis Ritchie (dmr) died at home this weekend. I have no more information.
I trust there are people here who will appreciate the reach of his contributions and mourn his passing appropriately.
He was a quiet and mostly private man, but he was also my friend, colleague, and collaborator, and the world has lost a truly great mind.
For all those who haven’t heard about Dennis Ritchie , he was a computer scientist who developed the C Programming language and had an immeasurable influence on all kind of Modern programming.
Dennis worked on the development of Unix’s predecessor Multics as well as with Ken Thompson worked together in Bell Labs and are practically the fathers of UNIX. Unix the Seventh Edition source code has later become the basis for the early UNIX BSD distributions. Among the most important technical contributions Dennis has done is the introduction of a Streams mechanism – pipes – (as called today in GNU/Linux and BSD and other unices). Ritchie’s C Language creation on top of Ken Thompson’s B Programming language has been standartized and become the de-facto standard for almost every modern existing OS around. Moreover dmr has been among the co-creators of Plan 9 Operating system (which is currently open-source distributed) as well as coded a few bits for the Inferno OS which today is known under the code name Vita Nuova
dmr (the hacker nickname of Dennis) lines up across the most notable computer hackers of all times. He received U.S. national Medal of Technology in 1999 from president Bill Clinton for his contributions to co-inventing the UNIX operating system and the creation of C Language
To sum it up DMR is just an “icon” in the computer geek world and his memory will surely live forever in the hacker undeground and computer geek culture.
A few quotes dmr is so famous with:
"I am not now, nor have I ever been, a member of the demigodic party."
"Usenet is a strange place."
"UNIX is very simple, it just needs a genius to understand its simplicity."
"C is quirky, flawed, and an enormous success."
"We really didn't buy it thinking we'd have this enormous investment."
Here is also a short video telling a few words of UNIX history and showing Dennis Ritchie in his UNIX development years:
Just run across across a super nice top like, program for system administrators, its called nethogs and is definitely entering my “l337” admin outfit next to tools like iftop, nettop, ettercap, darkstat htop, iotop etc.
nethogs is ultra easy to use, to get immediately in console statistics about running processes UPLOAD and DOWNLOAD bandwidth consumption just run it:
linux:~# nethogs
Nethogs running on Debian GNU/Linux serving static web content with Nginx
If you need to check what program is using what amount of network bandwidth, you will definitely love this tool. Having information of bandwidth consumption is also viewable partially with iftop, however iftop is unable to track the bandwidth consumption to each process using the network thus it seems nethogs is unique at what it does.
Nethogs supports IPv4 and IPv6 as well as supports network traffic over ppp. The tool is available via package repositories for Debian GNU/Lenny 5 and Debian Squeeze 6.
To install Nethogs on CentOS and Fedora distributions, you will have to install it from source. On CentOS 5.7, latest nethogs which as of time of writting this article is 0.8.0 compiles and installs fine with make && make install commands.
In the manner of thoughts of network bandwidth monitoring, another very handy tool to add extra understanding on what kind of traffic is crossing over a Linux server is jnettop jnettop shows which hosts/ports is taking up the most network traffic. It is available for install via apt in Debian 5/6).
Here is a screenshot on jnettop in action:
To install jnettop on latest Fedoras / CentOS / Slackware Linux it has to be download and compiled from source via jnettop’s official wiki page I’ve tested jnettop install from source on CentOS release 5.7 and it seems to compile just fine using the usual compile commands:
[root@prizebg jnettop-0.13.0]# ./configure
...
[root@prizebg jnettop-0.13.0]# make
...
[root@prizebg jnettop-0.13.0]# make install
If you need to have an idea on the network traffic passing by your Linux server distringuished by tcp/udp/icmp network protocols and services like ssh / ftp / apache, then you will definitely want to take a look at nettop (if of course not familiar with it yet). Nettop is not provided as a deb package in Debian and Ubuntu, where it is included as rpm for CentOS and presumably Fedora? Here is a screenshot on nettop network utility in action:
FreeBSD users should be happy to find out that jnettop and nettop are part of the ports tree and the two can be installed straight, however nethogs would not work on FreeBSD, I searched for a utility capable of what Nethogs can, but couldn’t find such. It seems the only way on FreeBSD to track bandwidth back and from originating process is using a combination of iftop and sockstat utilities. Probably there are other tools which people use to track network traffic to the processes running on a hos and do general network monitoringt, if anyone knows some good tools, please share with me.
Sjecas li se dolly is a piece of classic in the well known Kosturica genre, the movie is from the distant 1981. The movie action takes place in communistic Yugoslavia. It clearly contains anti-communistic nuances. I’m really amazed that this movie see the light of the day in the early ’90s while still communism had strong influence on information media in Yugoslavia.
As I’ve lived until the age of 7 in communism and post-communism (and experienced myself communism), the movie was especially interesting to see. In the family in the movie I can see many things I’ve seen and suffered many of the anti-human communistic bull-shit in my own family in my boy years. Communism has cripppled us the Bulgarians as a nation and destroyed any society which it was in (clearly observable in all post-communistic countries).
Interesting thing to notice among the communistic Marxist ideas in the plot is the growing influence of the Western World (seen in the anti social behavior of the actors),the enthusiasm to look for occult of the main actor the teenager boy – (Dino), the desire to look follow Italian western culture etc. The movie also keeps the mark of the negativism and crazyness which is so distinct about all Kosturica movies I’ve seen. Anyways from an art point of view the movie is a real master piece.
The movie plot takes place in the so conflict area of Sarajevo, a place predominated by Muslims. What is shocking about the movie considering its time of make, is the explicit erotic and sexually related scenes. The censorship in communistic times was quite severe so it’s amazing, how this anti-communistic movie containing society unacceptable scenes ever came to existence. Do you remember Dolly Bell? is a drama movie, presenting a sad reality, we still partially continue to live in the Balkans. Though 20 years has passed since the fall of communism pitily not much has changed here…
Near the movie end there are some religious scenes as well obviously attempting to fill in the material emptiness of communism with something spiritual. The religious scene,is a muslim local tradition of a funeral preparations. The relation between the movie and Islam is understandable as Kosturica had some Bosnian Muslim roots from the line of his father. This kind of muslim influence is also observable on the other Kosturica movies as well. Nowdays since 2005, Kosturica is officially Orthodox Christian baptized in Savina Monastery which makes me happy as myself am Orthodox Christian 😉
I needed to use another computer (IPad 2)to add one guy as a future business contact. I was suprised by a message which you see in the screenshot. Facebook your account is temporary locked
obviously Facebook are becoming more and more impudent, so now apart from tracking all my activity in facebook and having the copyright rights over all my pictures uploaded, they now want to bind me to use their shitty service only from a single computer.
“We don’t recognize the device you’re using.” is scary to me personally and it shows a very bad direction, we have taken. Now its supposed that any normal member of society is using his personal personal computer equipment (notebook, desktop, mobile tablet etc.), where the direction is that unification of devices is happening with development of handheld devices, so suddenly, we might soon be forced to only use only one personal device for all kind of activities phone calls, entertainment, checking online … etc. you name it Then imagine, we might little by little be forced by mass adoption to only use this devices for all kind of communication. Let me explain a bit thoroughflly what I mean. With the invention of the radio, people part of modern society has little by little started adopting the TVs as a device to retrieve information from various types from a centralized sources.
A time came, where everybody in the developed countries were using the radio, then came the TV and the television as a mass media, people who previously used the radio has comparatively quickly migrated to TVs and little by little, the radios use from the masses died. Then came the more advanced kind of technologies the computers, first they were used by only choosen “elite” people who were beneficial to live in the developed society where first mainframe computers were invented, the technology was advanced and when the personal computers went out, the decrease of computer price allowed practically almost everyone from the developing or the development world to buy and start using it. The increased use of computers and the emerge of Internet in the end of ’80s has suddenly shifted the mass use of TV to computer use. People were crazy about computers, now most of the young and mid aged people from developed societies has almost completely abandoned the TV as a mean to get informed as the computer is doing the same. The emerge of pagers and mobile phones little by little and the development of the mobile phones has lead many people who actively was using a PC to switch to use of mobile or handheld devices and therefore forget compeltely about old desktop computers. These days even laptops use is getting threatened by tables like IPAD or Samsung’s Android tabloid. The trend therefore is that people who actively use their computers switch to tabloids and mobile phones in the next 10 years at worst. It’s more and more rarely now that people use a random computer device to access the internet or in there daily lives this creates a very severe possible short-coming future issue as its possible we reach the time that most services available online might only be accessible via only certain devices which has “a hardware” (hard or unchangeble way to identify us). This might sound a bit like a scenario for a sci-fi movie but unfortunately I see it as one very possible scenario. If the idea of online provided resources and services social networks like twitter,facebook, xing etc. is originally to provide easy access to piece of information from anywhere in the world they shouldn’t definitely try to restrict us on how we use their services (especially if this is not illegal or in contradtion in country’s law.
I really feel my privacy violated by facebook and I’ll probably delete my account there or always access it via a proxy further, I don’t like the idea that facebook is able to detect based on my IP change from country to country, the cookie shit it stores int he browser and browser and OS version of my computer what exactly is my computer and that I’m the only one to use this computer. What would it be if I was in a poorer country where the computer is used by many people, or I have borrowed my sister to travel abroad and use my notebook to access the internet and surrounding daily services she uses. She might for example used the desktop at home and when travelling outside with my notebook access facebook, its a perfectly possible scenario. I don’t like the idea that I’m currently associated with a single computer really this is too much.The idea of linking my credentials for a shitty website like facebook to my personality is something I really don’t think is right. If the Cloud Computing and online services should continue, there at least should be a government law to enforce, monopolists in online services to encrypt the user data in order to prevent, some facebook sysadmin or programmer or even the facebook Management board or CEO to have immediate access to privat information one puts in.
Same goes also for google, yahoo msn etc. Having an email account at any of the services and searching online reveals a lot of sensitive personal data, i’m quite sure that google/msn’s information stored for all the mail user accounts using the search engine services contains very sensitive information about a person’s personal private life and likings. I’m quite sure google and the most of the big elephant companies are spying on their users and do create a thorough personal records for their users. Scroogle instead of Google, improving browser security to secure, browser leaked personal identity data, Anonymizing ICQ and MSN to route traffic via tor , anonymizing Skype to hide your IP with Tor , Install torbutton to route Firefox browser traffic via Tor or use a combination of all to try to increase the level of anonimity online. Also with the mass production and deloment of GPS integrated with most modern mobile phones, notebooks, cars etc. its pretty easy for one to be found nomatter where he is. Its getting almost impossible for us to keep privacy and anoimty. While looking in the future and the latest technology development it appears situation will be getting worser. Maybe the only way in future times for a man to be free will be completely abandon technology, as every piece of technology nowdays is doing some kind of tracking and leaking information about its user. The increase of public security on airports, bus stations e.g. in airplanes, buses stregthens general society security, however it does this on account of decrease of personal privacy and makes us humans more and more dependent on “the system”.
All this induces a serious threat especially with the increase of unification of local countries and country adhering societies as a direct cause of globalization. The globalization also leads to unification and merging of laws in countries around the world. The result from all this is also absollute necesity of internationalion of banking and financing system which is currently happening in front of our eyes. They say it’s security measure but is it reall, just imagine if Gail, Yahoo or any otherBut let’s be optimistic, maybe I’m over-exaggerating, maybe things will go for good in short future and the “Doom scenario” will not happen 😉
While I was deploying a new Nagios install to Monitor some Windows hosts I’ve came across the following error in Nagios’s web interface:
Sorry, but Nagios is currently not checking for external commands, so your command will not be committed!
Read the documentation for information on how to enable external commands...
This error is caused by an option configuration for /etc/nagios/nrpe.cfg (part of the nrpe-nagios-server Debian package.
The config variable in nrpe.cfg causing the error is check_external_command=0 , the fix comes to changing the variable to:
check_external_command=1
As well as restart the /etc/init.d/nagios-nrpe-server and /etc/init.d/nagios3 services:
This changes has work out the error Sorry, but Nagios is currently not checking for external commands, so your command will not be committed! , however immediately after another kind of error appared in Nagios web interface when I tried to use the send Nagios commands button. The error was:
Error: Could not stat() command file '/var/lib/nagios3/rw/nagios.cmd'!
This error is due to a deb package, which seems to be affecting the current deb versions of Nagios shipped with Debian 6 Squeeze stable, as well as the Latest Ubuntu release 11.04.
Thanksfully there is a work around to the problem I found online, to fix it up I had to execute the commands:
If you have used KVM, before you certainly have faced the requirement asked by many Dedicated Server Provider, for establishment of a PPTP (mppe / mppoe) or the so called Microsoft VPN tunnel to be able to later access via the tunnel through a Private IP address the web based Java Applet giving control to the Physical screen, monitor and mouse on the server.
This is pretty handy as sometimes the server is not booting and one needs a further direct access to the server physical Monitor. Establishing the Microsoft VPN connection on Windows is a pretty trivial task and is easily achieved by navigating to:
However achiving the same task on Linux seemed to be not such a trivial, task and it seems I cannot find anywhere information or precise procedure how to establish the necessery VPN (ptpt) ms encrypted tunnel.
Thanksfully I was able to find a way to do the same tunnel on my Debian Linux, after a bunch of experimentation with the ppp linux command.
To be able to establish the IPMI VPN tunnel, first I had to install a couple of software packages, e.g.:
I’ve also enabled the modules to be loading up during my next Linux boot with /etc/modules to not be bother to load up the same modules after reboot manually:
This command, brings up the ppp interface and makes the tunnel between my IP and the remote VPN target host.
Info about the tunnel could be observed with command:
ifconfig -a ppp
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.20.254.32 P-t-P:10.20.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:70 (70.0 B) TX bytes:672 (672.0 B)
One more thing before I could finally access the IPMI’s web interface via the private IP was to add routing to the private IP address via the tunnel other side IP address:
# 10.20.0.1 P-t-P IP address
ip route add 10.20.1.124/32 dev ppp0
Now logically one would thing the Web interface to login and use the Java Applet to connect to the server would be accessible but no IT wasn’t !
It took me a while to figure out what is the problem and if not the guys in irc.freenode.net ##networking helped me I would never really find out why http://10.20.1.124/ and https://10.20.1.124/ were inaccessible.
Strangely enough both ports 80 and 443 were opened on 10.20.1.124 and it seems like working, however though I can ping both 10.20.1.124 and 10.20.0.1 there was no possible way to access 10.20.1.124 with TCP traffic.
Routing to the Microsoft Tunnel was fine as I’ve double checked all was fine except whether I tried accessing the IPMI web interface the browser was trying to open the URL and keeps opening like forever.
Thanksfully after a long time of futile try outs, a tip was suggested by a good guy in freenode nick named ne2k
To make the TCP connection in the Microsoft Tunnel work and consequently be able to access the webserver on the remote IPMI host, one needs to change the default MTU set for the ppp0 tunnel interface. Here is how:
ip link set ppp0 mtu 1438
And tadam! It’s done now IPKVM is accessible via http://10.20.1.124 or https://10.20.1.124 web interface. Horay ! 🙂
