linux

OpenVPN keeps disconnecting with an inactivity timeout

I’ve used openvpn on Mac (using Tunnelblick) for a few years for a home->work VPN connection with no issues, and suddenly today, it would disconnect me every two minutes.

This seems a very accurate timing problem, so can’t be ISP related surely? But I could not find the issue anywhere. Rebooted Mac and the router, still the same.

So, I just managed to get the same VPN working recently on a Debian based Linux box using the command line version of openvpn – and that outputs all the logs to the terminal. I thought I’ll give that a go in case it yields any helpful information.

Anyway, the error that stuck out was this one:

Wed May 25 19:32:30 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Wed May 25 19:32:30 2016 Initialization Sequence Completed
Wed May 25 19:34:30 2016 [chris] Inactivity timeout (--ping-restart), restarting
Wed May 25 19:34:30 2016 SIGUSR1[soft,ping-restart] received, process restarting

And a quick search on Google took me to this chap : http://www.drmaciver.com/2012/05/openvpn-repeatedly-losing-connections-with-inactivity-timeout/ which said he had an inactive openvpn connection.

Perhaps my Linux box has got it stuck open? It wasn’t connected until just now, but lets reboot the machine anyway (it never gets rebooted as its a media server)

Lo and behold, it sorts out the issue, so the Debian based machine had been connected to the VPN, even though all the terminal windows had been closed. Naughty…

Backup all SVN repos

If you need to backup your SVN repositories, then you can use this bash script to do so:

#!/bin/bash
DATE=`date +"%Y-%m-%d"`
BACKUP_DIR=/home/user/svn/backup/${DATE}
mkdir -p $BACKUP_DIR
for dir in `ls /var/svn/`; do
    RES_DIR=/var/svn/$dir;
    svnadmin dump $RES_DIR | gzip > "${BACKUP_DIR}/${dir}.dump.gz";
done

This basically dumps every revision from each repository in your server, and gzip’s them and then puts them in /home/user/svn/backup under the current date

Find a file containing a text string on Linux

There is a very useful command in Linux, called grep. It is a utility for searching plain text files using regular expressions. You can either search files and folders as a parameter, or pipe command outputs to it, such as grep’ing a tail.

For looking for a file:

grep -r "string to find" /folder/to/look/in/

Thats the simple answer.

If you want to pipe the grep to monitor say a tail

tail -f /var/log/maillog | grep "chris@tatedavies.com"

 

Saving username and password OpenVPN config

I use the openvpn command line to connect to a certain VPN site, and I get annoyed at having to find the password everytime

So, in the .ovpn file, there is a setting:

auth-user-pass

So, I create a file (lets call it new-file.txt) in the same folder as the config, and it only contains 2 lines, first line username, second password

Change the auth-user-pass line to be

auth-user-pass new-file.txt

And now it connects without prompting me for password. Super.

Obviously this is a slight security issue, but this is on a pretty secure VM on a secure machine. So its quite safe. Just think about it if you are implementing the same workaround.

Log in to SSH with no password

So you want to have your password remembered by a remote SSH connection?

Easy, following these steps

On your local machine, create a new SSH key:

ssh-keygen

It will ask you for a file location and a keyphrase, but I always just hit enter three times.

This will create a file in the default folder (or whichever folder you chose in the first step)

/home/user/.ssh/id_rsa.pub

The contents of this file want to go into a file on the remote server: If the file doesn’t exist, you’ll have to create it.

/root/.ssh/authorized_keys, or
/home/user/.ssh/authorized_keys

That’s it. There are some cases where you have to change the permissions of the authorized_keys file but I’ve not had to do that. I think the suggested chmods are 640 and 700, but don’t hold me to that

From now on, you won’t be prompted for your password when SSH’ing in from the local machine. In order to revoke access, delete the right line from the authorized_keys file.

Mounting HTML folder in Centos VirtualBox

I have a particular Linux set up I need to test something on, but I use a Mac, so I use VirtualBox with a Linux VM for the testing.

So, to do this normally, you either install an IDE on the VM and code on there. Installing Java, Netbeans, Subversion, Git, etc, etc, etc, or, you just checkout the code on the VM and make code changes on the Mac…

Neither of these options are really that great, so a friend recommended I mount the code folder from the Mac on the Linux VM. Great idea. So I install a new copy of CentOS and keep it minimal, no window managers, nothing like that. Just Apache, and the database connectors I require.

Now, I would not class myself as a Linux expert in any shape or form. I can set up a server and manage it, ut if you delve too deeply, I start to struggle. I used the VirtualBox automatic mounting for my code folder (using Guest Additions) – this just would not work. I tried checking out the code into a local folder and that worked fine. Must be a problem with the share/permissions or something.

After wasting an hour or so checking permissions and groups, I gave up and tried the internet. Came across a really helpful post, which I sort of followed. I had to alter it for CentOS as it was Ubuntu orientated.

You have to install Guest Additions first!

Add a virtual box shared folder

Create a Transient folder in the shared folders section and take note of the name, I used ‘sites’ – do not select any of the checkboxes when creating the share. This is what causes the problem as VirtualBox creates the share with permissions that Apache cannot use.

mkdir /var/www/sites
mount -t vboxsf -o rw,uid=0,gid=0 sites /var/www/sites

I used the UID and GID of 0 as I was only installing this VM as root. There were no other users installed, but you do need to change the UID and GID of the Apache process (www-data?)

Test that and make sure it works, if it does, lets make it permanent:

nano /etc/fstab
sites /var/www/sites vboxsf defaults 0 0

Hey presto, the folder is mounted on boot and you should be able to serve the docs from there.

Obviously you need to update the vhosts to point at the shared folder. But you know how to do that, right?

Setting up CentOS with no X Window Manager

For a nice VM I needed a Linux server, but no need for a GUI, so went for CentOS.

Installed fine, but no networking. How do I install that? Turns out, it is installed, just disabled by default:

vi /etc/sysconfig/network-scripts/ifcfg-eth0

Find the line ONBOOT and change to yes:

DEVICE=eth0
HWADDR=00:00:00:00:00:00:00 TYPE=ETHERNET
UUID=some guid string
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=dhcp

Then just restart networking at you should be up and running:

service network restart

Test by entering ifconfig and you should see the loopback address.

If you need to install Guest Additions on VirtualBox:

yum update
yum install gcc make kernel-devel
mkdir /media/cdrom
mount /dev/scd0 /media/cdrom
sh /media/cdrom/VBoxLinuxAdditions.run

PHP exec() not returning output

I found that a script I was running was calling some linux functions using exec() but they weren’t always successful and I couldn’t tell why.

exec('command to run');

This would fail silently

$result = exec('command to run 2>&1', $output);

This would correctly send me back the result (in $result) and then I could do whatever with the error(s)

OpenVPN on Linux – save password

My Linux box is secure, so why do I need to remember the extremely difficult to remember password for one of my OpenVPN connections? I don’t.

On Linux, I create a new file, with two lines in it, the first – username, the second – password:

admin
mysecret

Then, in the ovpn file used for the connection, I add this to the bottom:

auth-user-pass new_filename

Now when I connect, it logs me in automatically