Test
-
Recent Posts
Recent Comments
Archives
Categories
Meta
Getting ready for IPv6
I want to make sure the Slackware Linux edge servers are ready for IPv6 when eventually the ISPs catch up.
We signed up for a free tunnel endpoint with http://www.gogo6.com/freenet6/tunnelbroker/ to try a few things out. Building the gogoc client from source was easy. The edge server was set up as a host, not a router, as my desktops are all IP4 with a black hole gateway route to the outside world and the server is a proxy. It was great seeing this come back:
# ping6 www.kame.net PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) 56 data bytes 64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=1 ttl=49 time=328 ms 64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=2 ttl=49 time=329 ms
It’s turns out to be fine to use squid proxy 3.1.20 with IP4 clients on the internal network proxied out through an IPv6 address. My IP4 desktops can see the “Dancing Turtle” at http://www.kame.net (proof that they are accessing an IPv6 specific page).
We’ll look at ip6tables another day.
Patching recent Linux kernels ( > 2.6.32 ) for MPPE and MPPC VPN
There is an excellent introduction here http://www.phparchitecture.com/howto_show.php?id=3&showall
The part that is missing for kernels (I am told up to 2.6.32) is the link to this: http://code.google.com/p/setvps/downloads/detail?name=Linux-2.6.18-mppe-mppc-1.4.patch&can=2&q=
Don’t forget to do a global search and replace of the linux version before patching,
If vi is your favorite editor then:
<esc>
:%s/linux-2.6.18/linux-2.<your>.<version>/g
Later version 2.6 kernels and onwards require even later patches because of changes in the crypto API.
I couldn’t find one myself, so I made my own: a patch that works with kernel 3.2.21 that I have created is available here:
linux-3.2.21-mppe-mppc-1.5.patch.bz2
All original credits of course for the MPPC conversion go to Jan Dubiec of http://mppe-mppc.alphacron.de/ . All I’ve done is ported it to the new Crypto API (and mixed some of the ppp_mppe.c code in)!
If you try to apply this patch to a very late 2.6 kernel you should take note that the ppp files have moved into their own subfolder of the net directory with the advent of 3 series kernels. You will need to change the the folder paths to fix this.
Upgrading SSH
This is really just a note to myself:
Instructions for older versions of Slackware
First, make sure your OpenSSL is up to date:
(CAUTION – if you have Red Hat then read this: http://www.openssl.org/support/faq.html#BUILD8 )
http://www.openssl.org/source/
wget http://www.openssl.org/source/openssl-1.0.0d.tar.gz (or later when available)
untar
./config –prefix=/usr shared
make
make test
make install
get openssh http://www.openssh.com/portable.html
You might need to upgrade zlib: http://www.zlib.net/
wget http://ftp.plig.net/pub/OpenBSD/OpenSSH/portable/openssh-5.8p2.tar.gz
./configure –prefix=/ –exec-prefix=/usr
make
See http://www.digitalpeer.com/id/upgrade
1. Rename the old sshd binary
2. Modify the old sshd config to have it run on a non-standard port, and reload
3. Rename the old sshd config (so it doesn’t conflict with the new one…)
4. Connect to the old sshd on the non-standard port
5. Install the new sshd via whatever method is appropriate
6. Start the new sshd on the proper port
7. Connect to the new sshd to verify that it works
8. Close the connection to the old sshd, then stop it
—
options for building bind: ./configure –prefix=/ –exec-prefix=/usr
Posted in Uncategorized
Comments Off