Todd Smith Org

December 31, 2009

Howto Compile an upstream Kernel the Debian / Ubuntu way

Filed under: Server Technology,Unix Administration,Web Hosting — admin @ 12:30 pm

Compile vanilla kernel on debian / ubuntu

I realize that there is more than one way to do this, but this is the way that I have most recently done it, and it works providing you with packages that you can redistribute to your other Debian / Ubuntu machines or friends.

Grab the dependencies you’ll need to build the kernel

apt-get install fakeroot kernel-wedge build-essential makedumpfile \
        linux ncurses-dev git-core linux linux-source ncurses-dev kernel-package

Grab the kernel that you want

cd /usr/src
tar zxf linux-
cd /usr/src/linux-

Configure the kernel, I use the config from the stock Ubuntu server kernel, then run “make oldconfig” (hold down enter until all the questions are answered and it gives you back a prompt). Then, run “make menuconfig” and add or remove whatever feature has caused you to want to build your own kernel. Save the config.

cp /boot/config-2.6.31-16-server /usr/src/linux-
make oldconfig
make menuconfig

Now, we’re ready to compile, set the concurrency level to however many processors (including hyperthreads) you have plus 1 or 2. I’m building on a Core i7 860, so I use 9. (Quad core, which hyperthreading, plus) 1 = 9.

Pick a version number for your kernel. It could be anything you want a-z, A-Z, 0-9, +, or . (no underscores “_”). Thi s will go after append-to-version= below

time fakeroot make-kpkg --append-to-version=.31338 kernel_image --initrd binary

This took about 30 minutes on my system, and leaves me with the following files:

real    30m27.995s
user    79m17.300s
sys     10m38.560s
root@replay02:/usr/src/linux- ls /usr/src/*31338*

Now it’s as simple as installing!

dpkg -i /usr/src/linux-headers-
dpkg -i /usr/src/linux-image-

Grub2 should automatically have updated and found the new kernel!

I hope this worked out for you.

December 28, 2009

IPSec between OpenBSD and Mac OS X Howto

Filed under: Uncategorized — admin @ 4:54 am

IPSec between OpenBSD and Mac OS X Howto

This Howto will give some basics about how to setup a roadwarrior style IPSec VPN between your OpenBSD gateway, and your road-warrior Mac OS X machine.

What is road warrior? – This means your IP is changing all the time. It doesn’t necessarily mean that you carry bazookas to a knife fight on the road.

Configuring OpenBSD

Edit your /etc/rc.conf to contain the following:


Create the file /etc/ipsec.conf . Here’s what mine looks like… Kinda.

ike passive from any to any \
main auth hmac-sha1 enc aes group modp1024 \
quick auth hmac-sha1 enc aes psk YOURSHAREDKEYHERE

Run the following command to get the ipsecctl command to configure your ISAKMPD using the /etc/ipsec.conf file we just created

ipsecctl -f /etc/ipsec.conf

Configuring Mac OS X

First download IPSecuritas from Lobotomo Software

Import the following config file, and be sure to change the line: sainfo subnet any subnet any to your local IP, and remote Subnet you want access to.

log notify;
path pre_shared_key "/Library/Application Support/Lobotomo Software/IPSecuritas/psk.txt";
path certificate "/Library/Application Support/Lobotomo Software/IPSecuritas/certs";

        maximum_length 20;
        randomize on;
        strict_check off;
        exclusive_tail on;

        counter 5;
        interval 5 seconds;
        persend 1;
        phase1 15 seconds;
        phase2 15 seconds;

# Connection "OpenBSD Gateway"
        verify_cert off;
        verify_identifier off;
        initial_contact on;
        passive off;
        support_proxy off;
        generate_policy off;
        verify_cert off;
        send_cert on;
        send_cr on;
        mode_cfg off;
        ike_frag on;
        doi ipsec_doi;
        situation identity_only;
        nat_traversal off;
        exchange_mode main;
        proposal_check obey;
        nonce_size 16;
        my_identifier address;
        peers_identifier address;
                lifetime time 1800 seconds;
                encryption_algorithm aes 256;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group modp1024;

sainfo subnet any subnet any
        lifetime time 1800 seconds;
        pfs_group modp1024;
        encryption_algorithm des, 3des, aes 256, aes 192, aes 128;
        authentication_algorithm hmac_md5, hmac_sha256;
        compression_algorithm deflate;

        isakmp [500];
        isakmp_natt [4500];
        adminsock "/Library/Application Support/Lobotomo Software/IPSecuritas/admin.sock";


You should be in really good shape from this point.

Powered by WordPress