Wednesday 29 October 2008

VPNC with certificates on asus eee 900 @ UCL

This is an exercise in frustration

Well it was for me, hopefully this will help it not be so for you.

Thanks - this is the accumulation of much distilled knowledge - these are the forums/blogs that have helped me and I have to pass on my thanks to them - they know a lot more than me about this so if you have any problems you can comment here and I'll see if I can help but these are worth a look for more information (that being said you probably found them before this)

http://linos.wordpress.com/2007/11/23/vpnc-instead-of-ciscos-vpnclient-authtype5/


http://ubuntuforums.org/showthread.php?p=5957882

http://www.spiration.co.uk/post/1335/vpnc:%20no%20response%20from%20target%20-%20ubuntu%20linux%20VPN

Note 1 : First this is what I have 'solved':
Installing and running vpnc on an asus eee 900 running ubuntu Intrepid Ibex (with a madwifi wireless wrapper). With vpnc the final hurdle was getting it to access the UCL roamNet.

Note2 : Ibex network manager does come with vpn compatibility installed - this doesn't work if your vpn needs certificate files to work. The pcf file given to you by your uni/ work etc will have the following lines in it if some form of cert is used:
AuthType=5
CertStore=1


Note 3 : as of yet I haven't got the network-manager-vpnc client to work with this (will give it another go soon and post a how-to if i succeed)

so to work:

1. Download the vpnc source files by typing in a terminal:
sudo apt-get source vpnc
This will download and unpack the vpnc source files in your current directory - I recommend you use your home dir.

2. Install openssl and openssl-dev - at the moment these are available from the synaptic package manager (or similar) search for them and they should be available (certainly in ubuntu) install them and then open up a terminal

3. Get all the other dependencies needed by vpnc, type:
sudo apt-get build-dep vpnc
in the folder that the step 1 created (called something like vpnc-0.5xxxxx)

4. Stop synaptic and update manager killing your custom version of vpnc
cd vpnc-05xxxx/debian
sudo vim control

Use which ever text editor you want but you need to change the version number - I recommened just putting a '-1' after the last digit.

5. Edit Makefile to allow use of ssl
cd ../
sudo vim Makefile

you need to uncomment the two lines that read
OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
OPENSSLLIBS = -lcrypto

you do this by removing the leading '#' characters. These two lines are the key to using certificates - due to licensing issues they can't package binaries of vpnc with openssl support but you can build them with it

6. Build still in the vpnc-05xxxx folder type the following:
sudo dpkg-buildpackage
This will create several move files and hopefully not display any errors. Once its built you may want to hide this folder and the 4 files that will now be cluttering up your home dir - you can do this by putting a '.' at the start of their file name. These are the files:
- The folder vpnc-0.5xxxxxx
- vpnc_0.5xxxxx.tar.gz -This is the original source package
- vpnc_0.5xxxxx.diff.gz -this is the latest patch
- vpnc_0.5xxxxx.deb - the debian package
- vpnc_0.5xxxx.changes - I think this is the update as to what you've done

7. Install your custom package, still in the vpnc folder type:
dpkg -i vpnc
This step actually installs the packaged (if you now go to synaptic package manager and search for vpnc you should see that its checked with a little star in the box and the version number is the one you set it to)

Thats the installation over - now the configuration (deep joy)

This part is relativly painless...

8. Download this very helpful script to the same file as the .pcf that you will have been given by your uni or work (right click and select save link as and call it pcf2vpnc.pl)
http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc

9. now make it executable
chmod u+x pcf2vpnc.pl

10. now execute it thus (still in the folder containing it and your .pcf):
./pcf2vpnc < the pcf > < the name you want to output>
The profile name should be something simple and easy to remember as you'll have to type it in every time you use the vpn - if you want use default as the output name and it will load when ever you use vpnc

The odds are that this stage will complain about not being able to crypt/ decrypt some passwords - don't worry

11. now move your config file to the vpnc folder
sudo mv default /etc/vpnc/default.conf
This should move it to where vpnc can access it

12. to run vpnc just type
sudo vpnc
if you do that at this stage most likely you'll get an error message so read on to check you've got a properly configured file

you should now want to have a default.conf file that looks something like this:

IPSec ID < foo>
IPSec obfuscated secret <234feab34b45b3446.........................>
IPSec gateway < 1.2.3.4>
Xauth username < username>
Xauth password < password>
IKE Authmode hybrid
CA-File < /etc/vpnc/rootcert.pem>
< NAT Traversal Mode cisco-udp>

if not then some things need to be changed (the bits in <> are custom to you).

First the ID should be what ever your is next to the 'group name' in the pcf file that you were given.

The obfuscated secret may just be called secret - in which case go here http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode?enc=&.submit=decode! and copy the secret into the box and you should get a long string of hexedecimal code (numbers and the letters a-f) this can be put back into your conf file and 'secret' changed to 'obfuscated secret'

The gateway can be found next to 'host' in the pcf - this is the IP to connect via

The username/password bit is optional - if you want get rid of them, you will be asked to supply them every time you run vpnc - I keep just the username as un-ecrypted passwords aren't a good idea.

The 'ca-file' is the location of the certificate that you were given - this is best put in /etc/vpnc along with the conf file for ease of location and change

the Nat traversal bit is if you see the error ' vpnc: no response from target' - I can't guarentee it will work but it did for me

****There may be other things that are included depending on your pcf file****

Sunday 19 October 2008

Serious Post: LaTeX Tomboy!

Well not really I thought I would put up a post that is actually useful to someone. Possibly.

Anyway this post is going to be the first on useful bits and pieces I've found for Linux.

so here goes: LaTeX for tomboy notes.

reasonably obscure I know, and probably only useful to the very very small number of people who use tomboy for more than just very basic notes but it is useful (and once I fully get to grips with latex it will, no doubt be even more useful).

Firstly you have to have to have version 0.12 of tomboy notes as a minimum. If you need help with this on ubuntu I suggest you look here http://ubuntu-virginia.ubuntuforums.org/showthread.php?t=928585 otherwise I suggest giving it a google if it isn't part of your package manager.

Next you need to make sure you have a latex render so go to your package manager and search for LaTeX and make sure that you have enough to get a fully working version going (for me I used texlive which needed a '-base'; '-base-bin'; '-latex-base' and '-latex-recommended' as well as '-fonts-recommended') Once this was installed another quick search for 'image-magick' and another install (just so you know the latex packages are for latex - duf and image-magick allows the text to be rendered as code).

With these installed you just need to go here http://www.reitwiessner.de/programs/tomboy-latex.html and download the .tar.gz a simple:

$ tar -zxvf tomboy-latex-0.5.tar.gz
$ sudo ./configure
$ sudo make
$ sudo make install

this should add a "LaTeX Math Addin" to Preferences>>add-ins>>Tools clicking enable will give you full access to LaTeX rendered text within your notes when enclosed between \[...\]



Interesting fact...

Pitong (as in the title of this blog) is a word I 'made' up - turns out it is the name of a place in China, part of the name of both a Philippine film (Pitong dalagita) as well as a song title (Pitong Araw) by the band Hale to top it all off there is also a Russian profile that turns up.


The joy of avoiding quantum mechanics homework and google....


wireless Eee woes.

Hmmm, well much as I love my little black box laptop (asus eee's are VERY nice) ubuntu seems to be the most annoying OS ever for setting up wireless - well thats an utter lie but it feels like it. It doesn't seem to save your settings even when you click the little save button and then it seems to refuse to reapply them hmmmm.. i think it may be that of the two networks i want to use one is WPA2 which ubuntu doens't seem to like and the other needs crazy verification (uni network using some sort of wierd client for acess) seems like im just going to have to get used to remembering my flat's wpa2 password ... ah well

secondry annoyance is that i can't run some of my simulation packages on it but thats hardy surprising and as long as SSH is available i should be ok.... ah well

Tuesday 14 October 2008

Pah I should start

Well, I've got one (rejoice you know you want to) yes I've joined the blogsphere; which no matter how many times I hear still sounds like a cult...

This is supposed to be about me but I'm too tired for the joyous rubbish that all personal statements tend to be so I'm going to be even more boring and tell you about what I've been up today.

Firstly I was inspired which is pretty cool - really good idea for a short story which I will post more on (and maybe even it) later.

Secondly I set up what has to be the most serendipitous solution ever - it in fact solves two problems (possibly three) that I've been trying to resolve to do with my computers ('lil asus eee laptop and a custom desktop). Mainly I wanted cake to eat in the form of source control for my master's project (deep sea neutrino detector arrays, modelling of) and synchronised notes etc. This is not easy I have discovered; unless you use dropbox (www.getdropbox.com) which will sync any files that are placed in its sync folder with the net - and then with any other computer that you give access to your online area. Not only does it allow this wonderful syncing it also has basic version control in that you can revert to previous saves of files and access them on any OS (well windows mac and 'nix)

hmmm anything else? slaving away over the longest install process ever - installing the highly useful (if you do high energy or particle physics) geant4 toolkit on my lil asus eee - now done after a mere 4 hours (estimate).

well it wasn't quite a personal statement but it seems to be most of one anyway... I'm off to test drop box some more. I also highly recommend to all you 'nix users a nice lil app called tasque which syncs up task lists with your desktop and rememberthemilk.com as well as allowing integration with tomboy notes