Axel

axel is another download tool on unix besides wget and fetch, etc. On freebsd, default downloader tool is using fetch. i’m very frustating when updating ports/installing package from ports using default downloader from freebsd. I want some tools like internet download manager like in windows. And then i found tools on UNIX who works like IDM, axel 🙂

installing axel quite simple in linux/BSD variant. on this documentation, i using FreeBSD.

installing axel :

#cd /usr/ports/ftp/axel

#make install clean

axel already installed on your BSD, but you must editing /etc/make.conf if you wanna use axel as your default downloader program when you installing program via ports. open /etc/make.conf and then add these lines  :

FETCH_CMD=axel
FETCH_BEFORE_ARGS = -n 4 -a
FETCH_AFTER_ARGS=
DISABLE_SIZE=yes

Try to installing packages via ports, and see the difference 😀

Advertisements

Directory Aliasing on nginx

last few day, i migrated web server from apache to nginx. Not a big problem when i configuring php with nginx, but the main problem is, how to configuring alias directory in nginx ?.

on apache, configuring alias directory is quite simple, like this :


Alias /wiki "/usr/local/www/mediawiki"
<Directory /usr/local/www/mediawiki>
Options FollowSymLinks
AllowOverride None
order deny,allow
deny from all
allow from xxxxxxx/y
</Directory>

but, in nginx ?  harder than using apache :D. Here’s example how to enabling alias directory in nginx

location /wiki {
alias //usr/local/www/mediawiki;
index index.php;
}
location ~ /wiki/.*\.php$ {
if ($fastcgi_script_name ~ /wiki(/.*\.php)$) {
set $valid_fastcgi_script_name $1;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/www/mediawiki$valid_fastcgi_script_name;
include fastcgi_params;
}

save nginx.conf and restart nginx.

done! :p

Knowing your own FreeBSD temperature

Hello readers, finally back in here. It’s very long time, i did not update my own blog, i just forget it for almost 1.5 years. Hahahaha, but, it’s okay, in 2011, i hope i can update my blog frequently.

Back to the topic, i publishing this topic, because at the afternoon, my friend told me, that he has a project in SISFO in my ex campus, building like temperature monitoring on my campus datacenter. wow, thats sounds great. on the night, i think, i can build that project in easier way, without using SNMP and Java (my friend told me that in his project, he was using java).

okay, let’s start the configuration.

first, i load the coretemp module on freebsd.

kldload coretemp

after you load coretemp module, you can run this command :
sysctl -a |grep tempera
and the output will be look like this :
hw.acpi.thermal.tz0.temperature: 40.0C

output of sysctl command depends on your server hardware. I test it using AMD Athlon(tm) 64 X2 Dual Core Processor 5600+, 2GB memory,  Gigabyte NF-M2PV motherboad.

So easy huh ? 😀

 

 


tunnel tunnel and tunnel :p

The main reason I doing this, because i want to relocating my server to my own lab. Form almost 1 years, I put my server on IARD laboratory. Why? Hahhahaha, because it one network with my router/server. Fyuuuuuuuh. Why so stupid I am T_T. I just realized last day. Thinking about tunnel tunnel and tunnel in bathroom with Marlboro Lights cigarettes.
This is my first network diagram schema, simple, putting my proxy behind my router (read my last tutorial). I using FreeBSD for my own proxy and Internet Router.:

And this is the normal route from my proxy trough internet (as I plan):

and I want my proxy is placed virtually behind my Internet router like this :

Main problem is, how I placed virtually my proxy behind Internet Router with network schema like that? Easy. Tunneling! With tunneling, you can placed a host just like it connecting to the same network. And this is the network diagram I want :

Now lets start our configuration how to create a tunnel between 2 host. I started on Internal Router. Here’s the config :


#ifconfig gif0 create
#ifconfig fig0 tunnel 10.14.200.231 10.14.2.252
#ifconfig gif0 10.10.10.1 10.10.10.2 netmask 255.255.255.252

And this is the config from My own Proxy :

#ifconfig gif0 create
#ifconfig gif0 tunnel 10.14.2.252 10.14.200.231
#ifconfig gif0 10.10.10.2 10.10.10.1 netmask 255.255.255.252

And ofcourse I set default gateway on My own proxy to reach Internet network :

#route add default 10.10.10.1

From Internal router, you should of course NAT-ing ip from My own proxy. You can use PF for NAT-ing IP from tunnel network. Read my last article about vpn server using poptop

My OSPF Network Diagram Lab.

before i start my ospf lab experience, first, i will give you my network diagram. here is the network diagram :

From the picture, the network consist of 8 routers. OSPF area devided into 2 areas, Area 0 (Backbone Area) and then Area 10. And also, there’s consist 4 clients (of course, you can add more client if you have lot of RAM :D). For simulating client, i’m using cisco router.In this simulation lab, i’m using GNS3 with cisco 3640 (C3640-Ix-Mz_20122-15_20T2.bin).and of course, here’s IP address config for each router :
R1 :

interface Serial0/0
description KONEK_R2
ip address 131.108.1.1 255.255.255.0
serial restart_delay 0
!
interface Serial0/1
ip address 131.108.255.1 255.255.255.252
serial restart_delay 0

R2 :

interface Serial0/0
description KONEK_R1
ip address 131.108.1.2 255.255.255.0
serial restart_delay 0
!
interface Serial0/1
ip address 131.108.255.5 255.255.255.252
serial restart_delay 0

R3 :

interface Serial0/0
ip address 131.108.255.2 255.255.255.252
serial restart_delay 0
!
interface Serial0/1
ip address 131.108.36.3 255.255.255.0
serial restart_delay 0
!
interface Serial0/2
ip address 131.108.255.9 255.255.255.252
serial restart_delay 0
!
interface Serial0/3
ip address 131.108.255.13 255.255.255.252
serial restart_delay 0
!

R4 :

interface Serial0/0
ip address 131.108.255.6 255.255.255.252
serial restart_delay 0
no fair-queue
!
interface Serial0/1
ip address 131.108.36.4 255.255.255.0
serial restart_delay 0
!

R5 :

interface Serial0/0
ip address 131.108.255.10 255.255.255.252
serial restart_delay 0
!
interface Serial0/1
ip address 131.108.128.1 255.255.255.0
serial restart_delay 0
!

R7 :

interface Serial0/0
ip address 131.108.255.14 255.255.255.252
serial restart_delay 0
!
interface Serial0/1
ip address 131.108.129.1 255.255.255.0
serial restart_delay 0
!

Client R5 :

interface Serial0/0
ip address 131.108.128.2 255.255.255.0
serial restart_delay 0
!
!
!
ip route 0.0.0.0 0.0.0.0 131.108.128.1

R4, R6, R8 IP, and another client IP address configuration will be posted tonight. My computer hang because of running lot of router simulation…….hihihihi 😀

just wait tonight for my OSPF simulation lab….. OK?? 🙂

ciaoooooooooo……………..

VPN Server Using PPTP Protocol and FreeRadius as AAA Implementation

hmmmmm….. in this documentation, i will explain how to build VPN server using PPTP protocol. In my last documentation about VPN server, there’s a lot of problem (my friend told me), so i will revisied my last documentation in this documentation. Okay… I’m using FreeBSD 6.2-RELEASE as my PPTP server, but you can using higher version of FreeBSD. In Linux??……… long time i’m not using it. this documentation contains 3 step : 1. configuring the router, 2. configuring PPTP server itself, and 3. configuring client (Windows XP). lets start it. heres the network diagram :

1. Configuring Router :
For the router, i’m using FreeBSD, but you can also using other operating systems. of course you should change your IP forwarding to 1. I think you already know what’s that mean.
/etc/sysctl.conf

security.bsd.see_other_uids=0
net.inet.ip.fastforwarding=1
net.inet.tcp.blackhole=1
net.inet.udp.blackhole=2

Then, config NAT. I’m using PF firewall for NAT-ing my PPTP Server. here’s some output of my pf.conf (located in /etc/pf.conf) :

table const {10.14.200.252}
x
x
x
nat on bce1 proto {tcp,udp,icmp} from to any -> 222.124.204.236
x
x
x

x means line of PF rule. You should read PF manual documentation first!
Last section, is configuring IP address. IP address config located in /etc/rc.conf. Here’s some output :

defaultrouter="222.124.x.y"
hostname="bokep.mania.com"
ifconfig_bce0="inet 10.14.200.231 netmask 255.255.255.0"
ifconfig_bce1="inet 222.124.x.x netmask 255.255.255.224"
static_routes="internal"
route_internal="-net 10.14.0.0/16 10.14.200.1"
pf_enable="YES"
pf_rules="/etc/pf.conf"

that’s all the router configuration. Now, go to step 2, configuring PPTP Server.

2. Configuring PPTP Server.
a. IP Address Configuration. ip address config located in /etc/pf.conf. here’s some output :

defaultrouter="10.14.200.231"
hostname="end-pointA.ittelkom.ac.id"
ifconfig_rl0="inet 10.14.200.252 netmask 255.255.255.0"
ifconfig_rl0_alias0="inet 172.16.1.1 netmask 255.255.255.0"
gateway_enable="YES"

b. installing pptp server and radius server.
PPTP Server :

root@end-pointA# cd /usr/ports/net/poptop/
root@end-pointA# make install clean # wait until installation process are finished.

all poptop configuration, located in /usr/local/etc/pptpd.conf and /etc/ppp/ directory. here’s the ‘ls’ output of /etc/ppp/ directory :

root@end-pointA# ls /etc/ppp/
ppp.conf ppp.conf.ngakakak ppp.secure secure
ppp.conf.backup ppp.secret radius.conf

/usr/local/etc/pptpd.conf config file :

debug
nobsdcomp
proxyarp
localip 10.14.15.36
remoteip 172.16.1.2-254
pidfile /var/run/pptpd.pid
+chapms-v2
mppe-40
mppe-128
mppe-stateless
noipparam
mppc
#added
+chap
ipcp-accept-local
ipcp-accept-remote
deflate 0

/etc/ppp/ppp.conf config file :

loop:
set timeout 0
set log phase chat connect lcp ipcp command
set device localhost:pptp
set dial
set login
# Server (local) IP address, Range for Clients, and Netmask
# if you want to use NAT use private IP addresses
#set ifaddr 10.14.15.7 10.14.15.10-10.14.15.20 255.255.255.255
set ifaddr 172.16.1.1 172.16.2-172.16.1.254 255.255.255.255
add default HISADDR
set server /tmp/loop "" 0177
loop-in:
#set ifaddr 10.14.15.7 10.14.15.10-10.14.15.20 255.255.255.255
set timeout 0
set log phase lcp ipcp command
allow mode direct
pptp:
load loop
disable pap
# Authenticate against /etc/passwd
#enable passwdauth
disable ipv6cp
enable proxy
accept dns
enable MSChapV2
enable mppe
set mppe * stateless
#enable mppc
disable deflate pred1
deny deflate pred1
set dns 10.14.203.7
set device !/etc/ppp/secure
set radius /etc/ppp/radius.conf

/etc/ppp/secure config file :

#!/bin/sh
exec /usr/sbin/ppp -direct loop-in

/etc/ppp/radius.conf config file :

auth 127.0.0.1 your-password-here
acct 127.0.0.1 your-password-here

last but not least, add pptpd_enable on /etc/rc.conf file :

pptpd_enable="YES"

finishh……….. configuring PPTP Server. next, configuring radius server

c. Radius server :
As AAA implementation, i’m using FreeRadius. I think, it’s the hardest part of configuring my PPTP Server. okay.. let’s start it.
installing freeradius :

root@end-pointA# cd /usr/ports/net/freeradius/
root@end-pointA# make config #choose MYSQL With MySQL user database
root@end-pointA# make install clean

All Freeradius config, located in /usr/local/etc/raddb. okay, i will give you my config one-by-one.
/usr/local/etc/raddb/clients.conf :

client 127.0.0.1 {
secret = your-password-here
shortname = localhost
}
client 172.16.0.0/16 {
secret = your-password-here
shortname = vpn-billing
}

/usr/local/etc/raddb/clients

localhost your-password-here

okay………. and then, create freeradius database structure. here’s step by step :
1. create database radius;
2. give user mysql-user to access or modify database radius with password mysql-password (grant insert, select, delete…………….)
3. on bash shell execute : mysql -u mysql-user -p radius < /usr/local/share/examples/freeradius/db_mysql.sql
and then, edit /usr/local/etc/raddb/sql.conf file. here’s some output :

sql {
server = "localhost"
login = "mysql-user"
password = "mysql-password"
radius_db = "radius"
x
x
}

x means another config lines. there’s lot of line, so i won’t post in here.
Because lot of line in freeradius config file, i will give you a link to download my own freeradius configuration
Of course, i also creating web based aplication to maintain vpn user account. thanks to adjiexx a.k.a AllDelta for creating VPN user management web based application. here’s sample code to insert new user on freeradius database (on PHP of course) :

$iq="insert into radcheck(username,attribute,value) values ('$nama','Password','$password')";
$iq2="insert into radreply(username,attribute,op,value) values ('$nama','Framed-IP-Address',':=','$ip')";
$iq3="insert into radreply(username,attribute,op,value) values ('$nama','Framed-IP-Netmask',':=','255.255.255.255')";
$iq4="insert into radreply(username,attribute,op,value) values ('$nama','Framed-Protocol',':=','PPP')";
$iq6="insert into radcheck(username,attribute,op,value) values ('$nama','Max-Monthly-Session',':=','$quota')";

of course you must add “radiusd_enable” on /etc/rc.conf :

radiusd_enable="YES"

last, installing squid. here’s step by step :

root@end-pointA# cd /usr/ports/www/squid
root@end-pointA# make install clean

and the sample config like this (squid.conf):

http_port 172.16.1.1:8080
cache_mem 512MB
cache_dir diskd /usr/local/squid/cache 15360 16 256 Q1=72 Q2=64
cache_access_log /dev/null
cache_store_log none
cache_log /dev/null
cache_replacement_policy GDSF
pipeline_prefetch on
refresh_pattern /.gif 4320 50% 43200
refresh_pattern /.jpg 4320 50% 43200
refresh_pattern /.jpeg 4320 50% 43200
refresh_pattern /.png 4320 50% 43200
refresh_pattern ^http://www.friendster.com/.* 720 100% 10080
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 10080
refresh_pattern ^http://*.yahoo.*/.* 720 100% 7200
refresh_pattern ^http://*.google.com/.* 720 100% 10080
refresh_pattern ^http://www.telkomspeedy.com/.* 720 100% 28800
refresh_pattern ^http://*.blogsome.com/.* 720 80% 10080
refresh_pattern ^http://*.wordpress.com/.* 720 80% 10080
refresh_pattern ^http://detik.com/.* 720 90% 2880
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl outgoing src 192.168.10.2/255.255.255.255
acl student src 192.168.0.0/255.255.255.0
acl admin src 172.16.0.0/255.255.0.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl xx snmp_community tuah
http_access allow manager
http_access allow localhost
http_access allow outgoing
http_access allow student
http_access allow admin
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
icp_access allow localhost
icp_access allow student
icp_access allow admin
icp_access deny all

http_port 172.16.1.1:8080 means : squid will only listen to physical interface alias that we created on /etc/rc.conf file.
add “squid_enable” on /etc/rc.conf :

squid_enable="YES"

3. Client Configuration
I’m using windows XP. for connect to vpn server, make sure vpn server is located in 10.14.200.252.

finish

sorry for my bad english

selecting best path route BGP using weight parameters

In this tutorial, i will demonstrate how we can selecting best path using weight atributes on BGP. I’ve create a network topology consist 4 routers. here is the network topology :

In this scenario, i’m using GNS3 and dynagen. I’m using CISCO 3640. here is the IP address of each router :
R1 :

interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial0/0
description KONEK_R2
ip address 12.12.12.1 255.255.255.0
serial restart_delay 0
!
interface Serial0/1
description KONEK_R3
ip address 13.13.13.1 255.255.255.0
serial restart_delay 0

R2 :

interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Serial0/0
description KONEK_R1
ip address 12.12.12.2 255.255.255.0
serial restart_delay 0
!
interface Serial0/1
description KONEK_R4
ip address 24.24.24.2 255.255.255.0
serial restart_delay 0

R3 :

interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Serial0/0
description KONEK_R1
ip address 13.13.13.3 255.255.255.0
serial restart_delay 0
!
interface Serial0/1
description KONEK_R4
ip address 34.34.34.3 255.255.255.0
serial restart_delay 0
!

R4 :

interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Serial0/0
description KONEK_R3
ip address 34.34.34.4 255.255.255.0
serial restart_delay 0
!
interface Serial0/1
description KONEK_R2
ip address 24.24.24.4 255.255.255.0
serial restart_delay 0

On each router, you can see loopback interface is activated. it used for BGP router ID. Now, lets start our scenario, R1 advertise their network (including loopback address) to all router. Destination IP is R1’s ip address, and the path selection from R3 is R3-R4-R2-R1 not R3-R1 and R4 path is R4-R2-R1. okey, now lets start our main configuration. i will start on R1 until R4.

R1 :

router ospf 1
log-adjacency-changes
network 12.12.12.1 0.0.0.0 area 0
network 13.13.13.1 0.0.0.0 area 0
!
router bgp 1
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 12.12.12.2 remote-as 2
neighbor 13.13.13.3 remote-as 34
no auto-summary

R2 :

router ospf 1
log-adjacency-changes
network 12.12.12.2 0.0.0.0 area 0
network 24.24.24.2 0.0.0.0 area 0
!
router bgp 2
no synchronization
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 12.12.12.1 remote-as 1
neighbor 24.24.24.4 remote-as 34
no auto-summary

R3 :

router ospf 1
log-adjacency-changes
network 13.13.13.3 0.0.0.0 area 0
network 34.34.34.3 0.0.0.0 area 0
!
router bgp 34
no synchronization
bgp router-id 3.3.3.3
bgp log-neighbor-changes
neighbor 13.13.13.1 remote-as 1
neighbor 34.34.34.4 remote-as 34
no auto-summary

R4 :

router ospf 1
log-adjacency-changes
network 24.24.24.4 0.0.0.0 area 0
network 34.34.34.4 0.0.0.0 area 0
!
router bgp 34
no synchronization
bgp router-id 4.4.4.4
bgp log-neighbor-changes
neighbor 24.24.24.2 remote-as 2
neighbor 34.34.34.3 remote-as 34
no auto-summary

Okey, now let us verify the BGP conectivity. I’ll verify just on R3 and R4. here’s the output on R3

R3#sh ip bgp
BGP table version is 2, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
... Network    Next Hop   Metric LocPrf Weight Path
*> 1.1.1.1/32 13.13.13.1   0              0  1 i

and the traceroute from R3 to R1 (loopback) is :

R3#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 13.13.13.1 88 msec 76 msec *

and the output of R4 is :

R4#sh ip bgp
BGP table version is 3, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
...   Network    Next Hop   Metric LocPrf Weight Path
*> 1.1.1.1/32 13.13.13.1   0        100      0  1 i
*             24.24.24.2                     0  2  1  i

and the traceroute output from R4 to R1 (loopback) is :

R4#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 34.34.34.3 112 msec 76 msec 156 msec
2 13.13.13.1 328 msec 288 msec *

As you can see from R3 and R4 sh ip bgp output, from R3 to reach R1 (1.1.1.1) via 13.13.13.1 and from R4 to reach R1 via 13.13.13.1. (default bgp, they choose the smallest AS path). And then, how we could change the default Path on R3 and R4? follow these steps :
R3 :

R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router bgp 34
R3(config-router)#neighbor 34.34.34.4 weight 100

(MUST!!!)restart R3 bgp peering connection to apply the changes.
and the output will look like this :

R3#sh ip bgp
BGP table version is 6, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network          Next Hop            Metric LocPrf Weight Path
*  1.1.1.1/32       13.13.13.1           0             0   1 i
*>i                 24.24.24.2           0    100    100   2 1 i

and the traceroute output from R3 to R1 (loopback address) is :

R3#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 34.34.34.4 96 msec 52 msec 24 msec
2 24.24.24.2 148 msec 236 msec 196 msec
3 12.12.12.1 260 msec 264 msec *

R4 :

R4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router bgp 34
R4(config-router)#neighbor 24.24.24.2 weight 100

(MUST!!!)restart R3 bgp peering connection to apply the changes.
and the output will look like this :

R3#sh ip bgp
BGP table version is 8, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network          Next Hop            Metric LocPrf Weight Path
*>i1.1.1.1/32       24.24.24.2           0    100    100   2 1 i
*                   13.13.13.1           0             0   1 i

and the traceroute output from R4 to R1 (loopback address) is :

R4#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 24.24.24.2 64 msec 116 msec 104 msec
2 12.12.12.1 240 msec 104 msec *

HOHOHOHO………..pass the first scenario 🙂

next scenario ?? wait……………..