Create a Linux VPN for a Nokia E61 with Openswan
Listing 11. Punching a little hole in the firewall. Note that the e61 is set in /etc/hosts to 192.168.6.252.
iptables -X REMOTEVPN_INPUT 2>/dev/null iptables -X REMOTEVPN_OUTPUT 2>/dev/null iptables -N REMOTEVPN_INPUT iptables -N REMOTEVPN_OUTPUT iptables -I INPUT -j REMOTEVPN_INPUT iptables -I OUTPUT -j REMOTEVPN_OUTPUT iptables -A REMOTEVPN_INPUT -p esp -j ACCEPT iptables -A REMOTEVPN_INPUT -m udp -p udp \ --dport isakmp -j LOG \ --log-prefix "incoming-ipsec-key " iptables -A REMOTEVPN_INPUT --src e61 \ -p tcp --dport imaps -j LOG \ --log-prefix "incoming-imaps " iptables -A REMOTEVPN_INPUT -m udp -p udp \ --dport isakmp -j ACCEPT iptables -A REMOTEVPN_INPUT --src e61 -p tcp \ --dport imaps -j ACCEPT iptables -A REMOTEVPN_INPUT --src e61 -p tcp \ --dport smtp -j ACCEPT iptables -A REMOTEVPN_INPUT --src e61 -p tcp \ --dport squid -j ACCEPT iptables -A REMOTEVPN_INPUT --src e61 \ -j LOG --log-prefix "e61-strange " iptables -A REMOTEVPN_OUTPUT -p esp -j ACCEPT iptables -A REMOTEVPN_OUTPUT -m udp -p udp \ --sport isakmp -j LOG \ --log-prefix "outgoing-ipsec-key " iptables -A REMOTEVPN_OUTPUT -m udp -p udp \ --sport isakmp -j ACCEPT
Listing 12. Remove the e61 access.
iptables -D INPUT -j REMOTEVPN_INPUT iptables -D OUTPUT -j REMOTEVPN_OUTPUT
One more complication exists for using some of the publicly available Wi-Fi hotspots. Depending on where on the globe you are, many of these hotspots follow the pattern that when you try to open a Web site, they redirect you to their Wi-Fi login page, you authenticate to them, and then you can use the Internet. If you simply open up a VPN access point on the e61 that is set to use the EasyWLAN as its Internet access point, things will not work. The e61 will start the Wi-Fi connection and immediately try to send data to set up a VPN connection. As you have to authenticate with the Wi-Fi hotspot before this, it will let traffic through, but then things will come crashing down.
A way to get around this is to open the Web browser and directly connect just using EasyWLAN without any VPN whatsoever. Once you have authenticated to the hotspot, leave the browser running and use the menu key to get back to the main menu, and then open the e-mail client. For the access point this time, use the VPN that has EasyWLAN set as its Internet access point. The existing Wi-Fi connection is reused, and the VPN is layered on top. To get secure Web browsing, you can then leave the e-mail program by holding the menu key and going back to the browser. Exit the browser, and the still-running e-mail program holds the VPN open. Start the browser again, and select the VPN as your access point.
Of course, if the Wi-Fi network you are connecting to allows connections without this preamble, opening any application that wants a data connection should allow you to select the new VPN as your access point. Also, if the Wi-Fi hotspot remembers your MAC address and allows reconnection without explicitly having to log in each time, you can start the VPN directly on subsequent connections.
Once the VPN has connected to vserv, the e61 prompts you for the user name and password to use for XAUTH verification (Figure 8).
After XAUTH verification, you should be able to use the VPN without noticing it. In this case, I can browse the Internet using my LANs proxy server to fetch the data (Figure 9).
Being able to use a DNS name in the e61 VPN policy would be wonderful for folks who don't have cheap access to static IP addresses. I'm still investigating how to connect using public key cryptography instead of the preshared key as shown in this article. For connecting a single e61 to the network, using a large enough preshared key should still be quite secure.
The information in the article comes with no guarantee of being correct, secure or suitable for anything; use it at your own risk and discretion.
Practical Task Scheduling Deployment
One of the best things about the UNIX environment (aside from being stable and efficient) is the vast array of software tools available to help you do your job. Traditionally, a UNIX tool does only one thing, but does that one thing very well. For example, grep is very easy to use and can search vast amounts of data quickly. The find tool can find a particular file or files based on all kinds of criteria. It's pretty easy to string these tools together to build even more powerful tools, such as a tool that finds all of the .log files in the /home directory and searches each one for a particular entry. This erector-set mentality allows UNIX system administrators to seem to always have the right tool for the job.
Cron traditionally has been considered another such a tool for job scheduling, but is it enough? This webinar considers that very question. The first part builds on a previous Geek Guide, Beyond Cron, and briefly describes how to know when it might be time to consider upgrading your job scheduling infrastructure. The second part presents an actual planning and implementation framework.
Join Linux Journal's Mike Diehl and Pat Cameron of Help Systems.
Free to Linux Journal readers.View Now!
|The Firebird Project's Firebird Relational Database||Jul 29, 2016|
|Stunnel Security for Oracle||Jul 28, 2016|
|SUSE LLC's SUSE Manager||Jul 21, 2016|
|My +1 Sword of Productivity||Jul 20, 2016|
|Non-Linux FOSS: Caffeine!||Jul 19, 2016|
|Murat Yener and Onur Dundar's Expert Android Studio (Wrox)||Jul 18, 2016|
- The Firebird Project's Firebird Relational Database
- Stunnel Security for Oracle
- My +1 Sword of Productivity
- Non-Linux FOSS: Caffeine!
- SUSE LLC's SUSE Manager
- Managing Linux Using Puppet
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- Parsing an RSS News Feed with a Bash Script
- Doing for User Space What We Did for Kernel Space
- Google's SwiftShader Released
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide