Vyatta (Openswan) versus SonicWALL IPSec

After some hair pulling, I found out how to set up a Vyatta <-> SonicWALL IPSec site-to-site tunnel.

Vyatta 4.1.4 uses Openswan 2.4.2, which can interoperate with SonicWALL. turns out it needs some specific configurations though, and some of those options were not available on the configuration setup.
Thankfully, being linux I could just vim/etc/ipsec.conf and tweak the Openswan settings.


#ipsec.conf
#these are the options which should be in your tunnel:
esp=3des-md5 # instead of esp=3des-md5-modp1024
pfs=yes # this is changeable by the configuration commands I believe
keyexchange=ike #didnt exist


Vyatta, network setup.

VICTORY! or almost...

I managed to set up the internet, NAT, firewall, poke the holes I needed. Now all that's there to it is the VPN tunnel.

I have also set up a separate machine running Dnsmasq as a DNS cache/DHCP server, and a HTTP(S) reverse proxy. Which is nice, because I have a single fixed IP and I want different machines to serve separate subdomains. like using Zimbra to serve webmail.mydomain.com, my database web interface from db.mydomain.com, and the plain websites from www.mydomain.com.

Word of advice: use the Apache Header module to make sure you are telling the browser to NOT cache your pages. at least while you are setting it up. Would have saved me a few headaches if I had done it prior to trying to set up the reverse proxy.

Rename VMWare Server 2.0 bridges

After my brilliant eth* renaming merry-go-round, I had another simple, but annoyingly hard-to-find-info about mission: change bridge names (just the labels) in VMWare.

After hastily running through the settings wizard on running vmware-config.pl, I realized that I had 4 bridges:
Bridge
Bridge(2)
Bridge(3)
Bridge(4)
Which are not very helpful names. Sure, I could have given the right names from the start, but I am just human. Everyone looks back and say ' I could hve done that one better' right?
After NOT finding any info on how to do it, I just tried the shotgun approach and got to dig on the vmware-config.pl command options.

Turns out I am a lucky guy. When i got to the network reconfiguration section, I told I wanted to change network settings, but instead of using the wizard ( as I always do - many people might do it too) I used the editor option. there we can change the network setting of all configured bridges, NATs and host-only networks. So I renamed all my bridges to "Bridge eth*" and it was all set.

Changing ethernet names in Ubuntu 8.04

So, I was trying my stuff around Vyatta, and realized I didn't have enough NICs to virtualize everything I had. Our company's basic routing landscape involves two modems, one device acting as router + DHCP + DNS cache+access point (802.11g), another AP (802.11n 5.0Ghz), and the VPN router (RIP). The server only had 2 gigabit NICs though. If I moved the DHCP, DNS cache and VPN routing to VMs, I'd have to plug the 2 modems and the 2 wireless routers on it. Tha put me on a deficit of 2 network cards.

Thankfully, I had some extra hardware lying around, I picked up 2 spare realtek-based NICs and plugged them on the server. 100Mbit/s is plenty for our current ADSL speeds.

That was when I hit a small problem: ifconfig -a only showed eth0, eth1 and eth2. One of the NICs was dead.

Oh, well. It would be a matter of switchingthe cards. It was not top-prority, so I went to grokking the software configuration. After some time I remembered I had some more cards lying on another machine, which was not in use. And those were some good 3com cards. I went on and picked out both of my realtek cards and plopped the 3com in.

Then I noticed something: ifconfig showed eth0 and eth1 (onboard gigabit), then eth3 and eth4.

Being a nitpicky guy I wanted eth2 back! Well, remembering which card held which eth* alias between boots is actually a good thing, but in this case i wanted to use eth2. Just for the fun of it.

Using the same eth* alias can also save reconfiguration trouble for people who had a NIC die on them. Replace the hardware, make the system poin to the new card with the old name, everything works again.

At least to me it was a bit hard to dig out the information on where it was, but I found it.

Ubuntu (udev) has this little file where it registers the eth* name given to each NIC to make naming persstent between boots. If you want to change some ethernet number, just go there and change it to your liking:

run via the command line:
sudo vim /etc/udev/rules.d/70-persistent-net.rules
(or use your editor of choice)

Vyatta inside VMWare

A bit about my job:

I am the IT jack-of-all-trades on my company's office. We have a few offices acattered around the blue marble, connected by VPN.

My VPN router died on monday, and we scrambled for a solution. Living in Brazil, a device which costs U$ 499 in the U.S. magically soars up to U$ 1,600.00 inside our country... Given the global economic downturn (and me liking open source), I looked for something baed on open source, but which is not a 'hobby job'. I had to feel confident about the product.

Also, having most of our infrastructure virtualized on VMWare Server 2.0, a virtualized router would come in handy, as long as virtualization does not impact performance.

I ended up finding Vyatta (http://www.vyatta.com), which looks like an interesting solution so far. I have been experimenting with it, and have managed the most basic stuff (NAT masquerading, set up pppoe, remote SSH admin). I will post more about it later (after I figure it out :) ).

jQuery UUID extension

This is a conversion of a few functions I make use of to a jQuery plugin.

This stems out from my need to be sure to have unique IDs, but I dont want to waste time reviewing code to make sure it is really unique, so as to not collide with other IDs on my page. I can have a random amount of forms at the same time in an inordinate amount of tabs, and each form has several form elements, and making sure they are all unique can be painstaking.

So I track my forms by registering the id of each form in an object array.

Naturally, other people may have other uses for the UUIDs.

UUIDs are generated in the format: 00000000-0000-0000-0000-000000000000 , with an optional prefix.

Usage 1: define the default prefix by using an object with the property prefix as a parameter which contains a string value;

jQuery.uuid({prefix: 'id'}); //returns nothing, sets default prefix to string 'id'

Usage 2: call the function jQuery.uuid() with a string parameter p to be used as a prefix to generate a random uuid;

jQuery.uuid('foo-'); // returns 'foo-<uuid>'

Usage 3: call the function jQuery.uuid() with no parameters to generate a uuid with the default prefix; The default prefix is '' (empty string)

jQuery.uuid(); //returns '<prefix><uuid>'

Get it at http://plugins.jquery.com/project/uuid

Ressurectum

After having registered this blog with my nick of choice on the 'web, I figured I could actually use it for anything other than gather bit-dust.

Such as posting some of my codes...