ubuntu

You are currently browsing articles tagged ubuntu.

Below is an unfinished post as I eventually gave up as I could not get bridging (tap) to work.  Instead I resorted to going back to Windows 7 and discuss it more here

 

My latest adventure in setting up my media server is to get a VPN server going so that I can watch my movies outside of my home network without opening up my dlna ports to the world. After reading about VPN servers it was pretty clear that OpenVPN is the preferred method due to its strength over PPTP and L2TP.  However, with the issues that I ran into with installing and getting OpenVPN up and running it seems the simplicity of PPTP is attractive.  I just have to keep telling myself that this is a one time setup. Once I decided that I’d go with OpenVPN I got swirled around for a while before I discovered the http://openvpn.net/ website hosts the Open Source Project version, called the Community OpenVPN, and a commercial not-free version, called VPN Solution.  Prior to knowing this it seemed the VPN solution was the way to go.  I installed it and was working with the configurations when I noticed that I was only allowed 2 licnesnes and was required to buy more if needed.  From what I say the VPN solution had a nice web interface, but I want to use the Open Source Project version and not me limited to 2 licenses or have to make a purchase.

Installing OpenVPN

At first it seemed that this might be straight forward as there are two applications through quantal universe packages that appeared to do want I wanted: openvpn and network-manager-openvpn.  After installing these with an ‘apt-get install’ I discovered that this is for maintaining the client side of OpenVPN. It turns out that most blogs, forums, how-tos are about setting up the client and very few are about setting up a OpenVPN server (maybe this will help someone in the future) So onto the Community OpenVpn.net site about getting a OpenVPN server up and running.   Well the How-To documentations makes installing OpenVPN to be pretty easy:

  1. Download the tarball
  2. Expand the .tar.gz file:    tar xfz openvpn-[version].tar.gz
  3. cd to the top-level directory
  4. And type:
./configure
make
make install

Getting and opening the tarball is easy, but I ran into several issues with the ./configure First issue was

error: configure: error: ssl is required but missing

After several Google searches I found this forumn post which informed me to run:

apt-get install libcurl4-openssl-dev

 Second issue was

configure: error: lzo enabled but missing

A few more Google searches directed me to the LZO download page, http://www.oberhumer.com/opensource/lzo/download/,  where I downloaded latest version 2.06.  I dide the untar, configure, make, and make istall with no issues.  I don’t know if the original files are needed after the isntall so I moved the untar’d version to /sbin/lzo* just in case. The third issue was

configure: error: libpam required but missing

Again more Google searches which lead me to install a libpam version: apt-get install libpam0g-dev Well after 3 issues the ./configure worked, followed by the make and the make install.

 Installing Easy-RSA

The How-TO documentation then directs me to use the Easy-RSA for creating certificates. This site also has some good directions about using Easy-RSA.   The fun part about this as it doesn’t really go into how to get Easy-RSA.    Easy-RSA is in a git hub, so by following the directions from a nice document I started to installing Git: apt-get install git and then doing the directions for a first time install. Now it is time to get the easy-rsa files.  I went to the /usr/share directory and then typed sudo git clone https://github.com/OpenVPN/easy-rsa.git (Note after doing all of the above, I later realized that the OpenVPN installation placed Easy-RSA in the /usr/share/doc/openvpn/examples folder.)  From reading the configure.ac file it seems that a program called autoconf is needed.  So I setout to get that going with apt-get install autoconf but after more poking around I think everything is ready to go in the easy-rsa/2.0 folder.  At the command prompt I followed the directions and typed:

. ./vars

/usr/share/easy-rsa/easy-rsa/2.0$ . ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/share/easy-rsa/easy-rsa/2.0/keys

./clean-all

/usr/share/easy-rsa/easy-rsa/2.0$ ./clean-all
mkdir: cannot create directory `/usr/share/easy-rsa/easy-rsa/2.0/keys': Permission denied
/usr/share/easy-rsa/easy-rsa/2.0$ sudo ./clean-all
Please source the vars script first (i.e. "source ./vars")

It took me quite some time to figure out why I was running into this error.  I read through the vars and clean-all files and everything seemed good.  In the end the error is a pretty basic one, the permissions were wrong.  When I used the ‘git source’  the folder permissions belonged to root as 755.  With a sudo chmod 777 -R easy-rsa the permissions were fixed and the scripts worked as advertised

Server certificates and keys

./build-ca

./build-key-server server

When you run the build scripts the fields are pre-populated with the information edited from the vars file.  Simply press enter through the prompts.

Client certificates and keys

The directions then go to create client keys with the ./build-key.  I’m a fan of of password protecting the client keys so I used the ./build-key-pass script to create my keys

Other items

I’m not too sure what these do and didn’t spend the time researching it, I simply ran them. I created then Diffie Hellman parameters with:

 ./build-dh 

From the wiki site and the Hardening OpenVPN Security section I created the HMAC  with

openvpn –genkey –secret /keys/ta.key

 Configuring OpenVPN Server

The How-TO directions continue with setting up the configuration files.  The documentation does not provide any directions where all these files should go, but after poking around the openvpn.init file in the sample scripts (/usr/share/doc/openvpn/examples/sample-scripts) the script will look for the configuration files in the /etc/openvpn/ folder. I started with the sample server.conf and made changes as needed.  I changed the following:

  • For the ca, cert, key, and dh lines I added the full path name /etc/openvpn/server_keys/ as recommended in the wiki  . Additionally for these files, I did the following:
    • created a server_keys folder to keep the folders organized.
    • changed the permissions on the files so that they can be moved.moved all the keys, certs, etc files with exception to the client files and the ca.key file to this folder
      • The client files went to another location to be shared as needed
      • The ca.key file went to a different computer as recommended
  • Uncommented the client-t0-client line to allow my VPN clients
  • Uncommented the HMAC line, tls-auth, and changed the path to the server_keys folder
  • Changed the crpytographic cipher to, cipher AES-256-CBC, rather than any of the 3 listed options in the file for stronger security.  I’ve also read that this has little impact to the throughout of the VPN network too.
  • Enabled and changed the max clients to 10.  This is for a small home network and really 10 is too much too.
  • Enabled ‘user nobody’ and ‘group nogroup’ lines.  Note the example file has nogroup rather than nobody as noted in the How-to and wiki for the group option.
  • Enabled log-append.  I don’t expect too many logons so this file shouldn’t grow to a massive size.
  • TODO: write about lof file and other permission erorrs
    • created a log folder and changed the log paths to point to it as I was getting an error

:/usr/sbin$ openvpn –config /etc/openvpn/server.confTue Mar 19 14:02:02 2013 Warning: Error redirecting stdout/stderr to –log file: openvpn.log: Permission denied (errno=13)Options error: –dh fails with ‘/etc/openvpn/server_keys/dh1024.pem’: No such file or directoryOptions error: –ca fails with ‘/etc/openvpn/server_keys2/ca.crt’: No such file or directoryOptions error: –key fails with ‘/etc/openvpn/server_keys/M1730_server.key’: Permission deniedOptions error: –status fails with ‘openvpn-status.log’: Permission deniedOptions error: Please correct these errors.

Next I made copied the client.conf file from the examples and made the changes below.  The wiki seemed pretty clear for this, but once I started into it I realized that the file is specific to each client crt/key combo.  Since I made several client keys during the Easy-RSA section I had to create a client.conf file for each client key combo and then named the file appropriately.

  • created a client_keys folder to keep the folders organized.
    • note the ca.crt and ta.key files are shared and I left them in the server_keys folder
  • update the ‘remote’ line for my specific IP address and ports
  • Enable the user and group lines.  Again the group has the nogroup option rather than the nobody.
  • Enabled the ‘mute-replay-warnings’ as I plan to use the VPN for laptops and my android phone
  • Updated the ca, cert, key, and tls-auth lines to point to the files.  Again I used the full filepath /etc/openvpn/client_keys/ as suggested by the wiki
  • Changed the crpytographic cipher to, cipher AES-256-CBC

 

Other Things

My VPN server is behind a router that uses dd-wrt.  In order to expose the VPN ports to the world I went to the NAT/QoS -> Port Forwards tab and added my VPN server to the list of port forwards.  I also have the VPN server set to have a static IP address which is configured on Services -> Services tab.

 

Running and Troubleshooting

 

ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)

run to fix permission problem: sudo openvpn –config /etc/openvpn/server.conf

 

OpenVPN on Android

One thing I want to be able to do is get to my home network from my phone, Samsung Note 2, so I used OpenVPN on Android for my VPN client.  The setup is pretty straight foward.  The only catch that I found was that:

  • Select ‘Certificates’ for the type in the ‘Basic tab
  • For each file selected tap on it then tap the ‘select’ button at the bottom
  • For the Encryption cipher I had to use all lower case (my phone capitalized the first character) for ‘aes-256-cbc’.
  • Change the TLS Authentication direction to 1, rather than the default of no direction
Authenticate/Decrypt packet error: packet HMAC authentication failed
Tue Mar 19 15:53:51 2013 us=248361 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.99:63090

check to see if openvpn is running (change port # as needed)

 

Other links and tools that I was using

#netstat -ltnup | grep 1194

 

samba shares not seen.  Added IP address to interfaces line in /etc/samba/smb.conf file per http://serverfault.com/questions/137933/howto-access-samba-share-over-vpn-tunnel

https://help.ubuntu.com/10.04/serverguide/openvpn.html   OpenVPN for Andriod https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=en http://openvpn.net/index.php/open-source/documentation/howto.html#install

 

Bridge setup (Never got this to work)

get the openvpn bridge scripts from the sample-scripts folder

modify the bridge-start script

in the command prompt type ifconfig and get the information of the IP, netmask, and broadcast addresses

change the /etc/interfaces file to add

iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT

create a symboloc link to creat the bridge at startup before openvpn

/etc/rc0.d$ sudo ln -s /etc/openvpn/bridge-start K79openvpn-bridge

create a symbolic link to remove the bridge at shutdown

/etc/rc6.d$ sudo ln -s /etc/openvpn/bridge-stop K99openvpn-bridge

Tags: , , , , , , , , , ,

A while back I started converting an older laptop, Dell M1730, and had the best intentions to setup a media center with Ubuntu.  I stumbled into problems right away with the graphics card, but was able to overcome then. At least I thought.  I setup a VNC server, plex, and started into setting up a VPN account.  But no matter how little memory and processor throughput that I used the computer simply could not play a video without skipping.  After a lot of work I discovered that there where issues with the graphics card causing hardware interrupts.  After way too much time, I’ve finally tossed in the towel.

So rather than continue to eat up more time I’ve wiped the computer and loaded Windows 7.   With a fresh install I started updating all the drivers and wham, my pc started going so slow, unusable slow.  Again the culprit was the graphics card, specifically the Aegis physics processor.  Even after an uninstall the computer couldn’t recover.  Fortunately, I was able to revert back to all the defaults.  I also found out that one of my external USB hard drives had failed and was causing windows to lock up.  After some work on that I found out the drive really did fail and fortunately the drive was still under warranty and Seagate replaced it in 4 days.

Now I have a very simple pc setup as a media server with two 3TB external hard drives.  I used Plex to share my videos.  I have UltraVNC Server setup to remote into the laptop when I need to do something as I keep closed up and tucked under the entertainment center.  I use GoodSync to backup from our computers and cell phones to an external drive and mirror the content to the other external drive.  Finally, I have setup SoftEther for a VPN server so that I can get into our home network remotely.  I would have to say this setup was much much easier than Ubuntu and it is working.

 

Tags: , , , , ,

The graphics are really slow on my ubuntu setup and I posted on ubuntu for suggestions
http://ubuntuforums.org/showthread.php?t=2207461&referrerid=730740

Unfortunately, I never got any replies….so sad.

 

Tags: , ,

I posted a while back that I had a good media server setup, but since then I’ve had a lot of problems getting things up and running on my PS3.  Many of my video files are in many different formats and UMS was having issues with some, but not others.  I don’t recall if I sorted out what was causing issues, but I was tired of the problems and looked for other options.

In my searching I came across Plex Media Server.  There is some type of pay service that they offer, but after reading about this a bit I found that the local media server is free and decided to give it a try.  Short story is I think I like it now, but it took a while for me to get up and going.

Issue #1: My first issue is that if you use the apt-get blah blah blah my source list wasn’t pulling the latest version as noted on the website.  The fixes seemed to point me to updating the source file with part of the source listing the ubuntu version I was running.  Now I tend to be forward leaning when it comes to updates and I’ve stayed with the latest ubuntu versions.  Having to update my source file didn’t seem too fun.  So rather I decided to just download the file directly from the website copy the link and install directly.  At the time I wrote this 9.8.18.290 was the latest version for me

$ wget http://downloads.plexapp.com/plex-media-server/0.9.8.18.290-11b7fdd/plexmediaserver_0.9.8.18.290-11b7fdd_i386.deb .

#sudo dpkg -i plexmediaserver_0.9.8.18.290-11b7fdd_i386.deb

Issue #2:  With plex installed I ran into some issues with it detecting my movies.  Plex really likes the movies to be in a specific format (see here) and I really didn’t care to rename my files.  So rather the way I did this was to create a Home Video Library and then add the folders that I wanted it to detect.  With using the Home Video library it will pull any video format regardless of the name.

Issue #3: The other thing is that I wanted this to play through my PS3 or to my android phone using DLNA.  Initially, Plex could see all the videos and added them to the library, but when I tried to play then I always go some errors.  The post on Ant Dicken’s Blog had the answer for me.  See my files are all on a USB external drive and ubuntu was adding them to my /media/<username>/<drivename>.  When it did this plex couldn’t get to the files.  So as the post shows I modified my /etc/fstab file to directly mount the drives to /media/<drivename>and things worked.  To get the needed information to do the modificaiton I used the two commands below.

$ mount
$ sudo blkid -o full -s UUID

Note, make sure you make a backup of the fstab table before you modify it. This saved me as after my first modification I had an error that was causing problems with ubuntu.

With those three fixes I was up and running.

A quick note about playing the videos on the PS3. Fast forwarding doesn’t really work, but if you hit triangle and then in the upper left choose scene selector you can jump forward through the movie.

Tags: , , , , , , ,

This is a follow up to setting up my Dell M1730 laptop up with Ubuntu post as I configure it to be a decent media server.

VNC

The keyboard on the laptop is broken. I had to buy a cheap USB keyboard so that I could get the installation done. Now that it is installed I plan to just VNC into the computer to do everything (or SSH when command line execution is sufficient).

Since Vino comes with Ubuntu I went with that. It defaults to port 5900 and I wanted to change it to use the alternative port using dconf-editor as noted here. Also it is REALLY slow and after a bit of reading I found that checking the ‘ disable_xdamage ‘ option fixed things. I’ve read that this isn’t the most bandwidth efficient way to do things, but I’m happy with the result for now.

(Update: 12/14/2014)  I’ve upgraded to the next version of Ubunut (v???) and it wiped out my VNC settings. So instead of vino this time I used x11vnc.  In just a few minutes of using it, x11vnc appears to be much much more response.  I’m not sure x11vnc is going to keep the settings after a reboot, but for this boot I’m much happier with my VNCing experience

 

SSH

This was pretty easy to setup. I already forgot what I did here, but never-the-less it works using Putty from my windows laptop.

I was just reading about exporting displays using Xming, X-win32, or Exceed and may give that a try some other time.

Wake up on LAN (WOL)

My ethernet card supports WOL and it is easily enabled in the Power Settings. Note, the wake up only works if Ubuntu is in standby mode and not fully shutdown.

I also configured my dd-wrt router in the Administration->WOL section to enable the WOL for this computer.   Now when I put the computer into Suspend (not shutdown) I can go into the DD-WRT webpage and through the WOL section click the “Wake Up” button. The webpage shows the following (actual MAC address replaced with XXs) and the computer wakes up

Waking up XX:XX:XX:XX:XX:XX with 192.168.1.255:7...

The next thing that I wanted to setup is to be able to wake up this computer from an external IP. Right now the only way I can click the “Wake Up” button is to be on the internal LAN and I’ve blocked public access to this page. After tinkering around for a day I’ve discovered there isn’t any simple thing out there that I’m looking for. What I really want to be able to do is from any computer (i.e. no special software) turn on the media server. Since there isn’t anything good out there right now I’m going to take this up as a new project and will post about this whenever it is working.

 

SAMBA

I setup SAMBA to get to the drives over the network on my windows laptop. This is a good guide http://www.noobslab.com/2012/03/configure-samba-sharing-between-ubuntu.html. I setup access a bit different for my own network, but this helped a lot.

 

XMBC

I’ve relocated my laptop along with an external drive so that it is connected directly to the LAN.  With XMBC I plan to watch many of my movies through the PS3 since this is the normal way that we watch bluerays too.  For this I’m more interested in stability than the latest and greatest so and the setup is pretty easy once you get to the right link in XMBC.

 

sudo apt-get install python-software-properties pkg-config
sudo add-apt-repository ppa:team-xbmc
sudo apt-get update
sudo apt-get install xbmc

Then I learned this really isn’t a DLNA server and isn’t what I need.  I have it working, but I’d really like to play my videos through the PS3.

 

PS3 Media Server

I use PS3 Media Server on my windows machine and it works great so I set out to use this on Ubuntu. Here is my starting point: https://help.ubuntu.com/community/Ps3MediaServer. I did a manual install to get 1.72 since in 1.71 ,the ppa version, there is a bug. After I got it loaded I tested it on a few videos. MKVs seemed to work, but some some AVI files (like my Lord of the Rings) did not have audio. Other AVI files worked and I wasn’t too sure what the difference was between the working and non-working files. So I decided to look for another option.

Mediatomb

There was a lot of talk about Mediatomb, so I installed that. But after opening things up it looks confusing and I wasn’t really interested in figuring this out (though I’m sure it is pretty good).

Universal Media Server (UMS)

So onto option C, Universal Media Server (UMS). UMS is just a branch off of PS3 Media Server which is nice since I’m already familiar with it. I got the tarball from http://www.universalmediaserver.com/ and extracted it to /usr/sbin with the ums-2.2.0 default folder. I noticed that there was a error about mediainfo so I did an install

sudo apt-get install mediainfo

With it open on the default setting I did a few tests and all the files worked including the all important Lord of the Rings videos. I then made a few slight changes to the defaults, but am really happy that this work right out of the box, so to speak. I set UMS to start minimized, force the network to use eth0 rather than the wireless card, set the max bandwidth to 0, and added the movieinfo plugin.

With that my media server if pretty close to being in working order. I’ve discovered that there is an issue with the DVI output that looks like will take some time to get it working or perhaps will never work. But that is another post.

Tags: , , , , , , , , , , , , ,

« Older entries