Intrepid Ibex VPN Connection Fails

Posted on Monday, November 24th, 2008 at 1:08pm by Rob Wilkerson

At the end of last week, I performed an upgrade from Ubuntu 8.04 (Hardy Heron) to 8.10 (Intrepid Ibex). Although it’s not really part of this story, I should specify that I tried to perform an upgrade. The upgrade was so catastrophically botched somehow, that it ended up being a complete repartitioning of my work laptop. Nonetheless, over the weekend I got back to a reasonable level of stability and productivity except that I was completely unable to connect to my office VPN.

Evidently this is a pretty well-reported bug affecting a number of folks. My attempts to connect to VPN “out of the box” were greeted with a complaint that “no valid VPN secrets were found.” A number of folks reported success if they simply removed their password from the configuration dialog, but that didn’t work for me. After doing so, I got a spectacularly unhelpful message that my “Connection to [my network] failed.” Super. Thanks for playing.

I spent hours searching and trying various “solutions” before finally stumbling on a clearly articulated set of instructions that worked. They did, however, require updated network-manager packages. In case I ever have to do this again, I don’t want to spend those same hours, so I’m going to try to document the steps I took so I can reflect on them later. Maybe they’ll help someone else too.

To get those add the following source to /etc/apt/sources.list:

deb http://ppa.launchpad.net/network-manager/ubuntu intrepid main

Once done, update:

$ sudo apt-get update

Once updated, system updates should be reported and they should include network-manager and network-manager-pptp. Those need to be installed. Once everything is installed, these instructions should finish the job and provide a working VPN connection.

Ubuntu is pretty solid, but not everything “just works”. Quite.

linux, networking, howto, ubuntu, intrepid ibex 16 Comments

Renew a Mac's DHCP Lease Via Terminal

Posted on Thursday, May 8th, 2008 at 1:49pm by Rob Wilkerson

Being a long-time (and still part-time) Windows user, I’ve spent many a not-so-happy second typing the following:

> ipconfig /release
> ipconfig /renew

Today, though, I made a few changes to secure my network and needed to renew the DHCP lease of my Mac. Usually, I’m sitting in front of the laptop so I can just use the System Preferences GUI, but not today. Today I had to remote in so I only had the command line available and I realized that I had no idea how to map the Windows commands above to the Mac terminal. Mostly for the sake of posterity:

$ sudo ifconfig set en0 BOOTP
$ sudo ifconfig set en0 DHCP

In typical Unix fashion, there’s no output to indicate that succeeded or did anything at all, for that matter, but it seems to do the trick.

networking, terminal, mac, howto 4 Comments

Dynamic DNS Updates

Posted on Saturday, March 15th, 2008 at 6:40pm by Rob Wilkerson

Okay, so my OpenDNS configuration wasn’t perfect. OpenDNS liked it just fine, but DynDNS was another story. They tagged me as an abuser and blocked my host name. Oops.

When I built my script using cURL to call the DNS-O-Matic API, I didn’t build in any intelligence. I created a cron job that ran every half hour and call my script. The script simply passed my current IP address to DNS-O-Matic who, in turn, passed it to DynDNS. My approach was the obvious one and at the same time, a bit brutish. If nothing has changed, then no harm, no foul…right?

Understandably, DynDNS didn’t think so. They consider it abuse if their system is getting pinged too often without a change actually being made. By those rules, I was most definitely playing the role of abuser. Today I made a few changes to my script so that it’s a bit more intelligent, while maintaining a degree of simplicity. I also added some output so I could track what was happening if I ever need to do so.

 touch updatedns.log

 echo “”
 echo “========================= `date` =====================”
 echo “”

 # 
 # If a file named updatedns.current doesn’t exist, then retrieve
 # the current network IP address and write it to that file.  Then
 # set the $lastip value to something that we know won’t match.
 # 
 # If the file does exist, then read its contents into the value of 
 # $lastip.
 # 
 if [ ! -e “updatedns.current” ]; then
   echo “updatedns.current does not exist.”
   curl -s -m 60 http://myip.dnsomatic.com/ > updatedns.current
   echo “updatedns.current created.”

   lastip=“UNKNOWN”
 else
   lastip=`cat updatedns.current`
 fi

 # 
 # Retrieve the network IP as it exists right this moment.
 # 
 currentip=`curl -s -m 60 http://myip.dnsomatic.com/`

 echo “Last known IP was $lastip.”
 echo “Current IP verified as $currentip.”

 # 
 # If the last and current IPs are different, then tell
 # DNS-O-Matic to broadcast an update.
 # 
 if [ “$currentip” != “$lastip” ]; then
   echo “$currentip != $lastip.  Updating DNS-O-Matic.”
   curl -m 60 -k -u myusername:mycrazystrongpassword \
        https://updates.dnsomatic.com/nic/update
        ?hostname=all.dnsomatic.com&myip=$ip
        &wildcard=NOCHG&mx=NOCHG&backmx=NOCHG
   echo $currentip > updatedns.current
 else
   echo “IP address has not changed. No action was taken.”
 fi

 exit 0

Note that the URI in the curl statement must be on one line. It’s split here due to space limitations. And the cron job? It looks like this:

*/5 * * * * /usr/local/bin/updatedns.sh >> /usr/local/bin/updatedns.log

Since I’m now determining whether an update needs to be done, I’m running the script every 5 minutes instead of every half hour. Might as well have less lag time when an update is needed, right?

opendns, networking, cron, shell 0 Comments

Configuring OpenDNS for a Complex Network

Posted on Thursday, March 13th, 2008 at 4:17pm by Rob Wilkerson

For a while now, I’ve been monkeying about with using OpenDNS as my DNS service provider rather than rather than using my ISP‘s name servers in order to take advantage of some of the great additional features offered by OpenDNS. In a simple scenario, configuring OpenDNS name server support is easy – just tell your network or machine to use their name servers and go on about your day. Easy. Except that my network architecture isn’t that simple. The other night I decided to put in the time to get myself sorted out and commit to OpenDNS.

In a nutshell, here’s what my home network architecture and usage looks like:

• I connect to the internet via DSL service.
• I do not have a static IP. It would make life easier (see problem #3 below), but I’m not willing to pay the premium.
• Behind a couple of firewalls, I run a LAN.
• I have an internal name server for resolving the IP addresses of other machines on the LAN.
• I have a DHCP server that broadcasts the name servers to be used by the other machines on the LAN in addition to assigning their IP addresses.
• I have an account with DynDNS that allows me to connect to my home network by name even though it has a dynamic IP that changes with some frequency.
• I often have to connect to work through a VPN to access corporate resources.

In the course of configuring OpenDNS for use in my environment, I bumped into a number of problems that I needed to solve.

Read More »

networking, opendns, shell, cron 0 Comments