Todd Smith Org

December 31, 2009

Howto Compile an upstream Kernel the Debian / Ubuntu way

Filed under: Server Technology,Unix Administration,Web Hosting — admin @ 12:30 pm

Compile vanilla kernel on debian / ubuntu

I realize that there is more than one way to do this, but this is the way that I have most recently done it, and it works providing you with packages that you can redistribute to your other Debian / Ubuntu machines or friends.

Grab the dependencies you’ll need to build the kernel

apt-get install fakeroot kernel-wedge build-essential makedumpfile \
        linux ncurses-dev git-core linux linux-source ncurses-dev kernel-package

Grab the kernel that you want

cd /usr/src
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.32.2.tar.gz
tar zxf linux-2.6.32.2.tar.gz
cd /usr/src/linux-2.6.32.2

Configure the kernel, I use the config from the stock Ubuntu server kernel, then run “make oldconfig” (hold down enter until all the questions are answered and it gives you back a prompt). Then, run “make menuconfig” and add or remove whatever feature has caused you to want to build your own kernel. Save the config.

cp /boot/config-2.6.31-16-server /usr/src/linux-2.6.32.2/.config
make oldconfig
make menuconfig

Now, we’re ready to compile, set the concurrency level to however many processors (including hyperthreads) you have plus 1 or 2. I’m building on a Core i7 860, so I use 9. (Quad core, which hyperthreading, plus) 1 = 9.

Pick a version number for your kernel. It could be anything you want a-z, A-Z, 0-9, +, or . (no underscores “_”). Thi s will go after append-to-version= below

export CONCURRENCY_LEVEL=9
time fakeroot make-kpkg --append-to-version=.31338 kernel_image --initrd binary

This took about 30 minutes on my system, and leaves me with the following files:

real    30m27.995s
user    79m17.300s
sys     10m38.560s

root@replay02:/usr/src/linux-2.6.32.2# ls /usr/src/*31338*
/usr/src/linux-doc-2.6.32.2.31338_2.6.32.2.31338-10.00.Custom_all.deb
/usr/src/linux-headers-2.6.32.2.31338_2.6.32.2.31338-10.00.Custom_amd64.deb
/usr/src/linux-image-2.6.32.2.31338_2.6.32.2.31338-10.00.Custom_amd64.deb
/usr/src/linux-manual-2.6.32.2.31338_2.6.32.2.31338-10.00.Custom_all.deb
/usr/src/linux-source-2.6.32.2.31338_2.6.32.2.31338-10.00.Custom_all.deb
root@replay02:/usr/src/linux-2.6.32.2#

Now it’s as simple as installing!

dpkg -i /usr/src/linux-headers-2.6.32.2.31338_2.6.32.2.31338-10.00.Custom_amd64.deb
dpkg -i /usr/src/linux-image-2.6.32.2.31338_2.6.32.2.31338-10.00.Custom_amd64.deb

Grub2 should automatically have updated and found the new kernel!

I hope this worked out for you.

December 28, 2009

IPSec between OpenBSD and Mac OS X Howto

Filed under: Uncategorized — admin @ 4:54 am

IPSec between OpenBSD and Mac OS X Howto

This Howto will give some basics about how to setup a roadwarrior style IPSec VPN between your OpenBSD gateway, and your road-warrior Mac OS X machine.

What is road warrior? – This means your IP is changing all the time. It doesn’t necessarily mean that you carry bazookas to a knife fight on the road.

Configuring OpenBSD

Edit your /etc/rc.conf to contain the following:

isakmpd_flags=”-K4dv”

Create the file /etc/ipsec.conf . Here’s what mine looks like… Kinda.

ike passive from any to any \
main auth hmac-sha1 enc aes group modp1024 \
quick auth hmac-sha1 enc aes psk YOURSHAREDKEYHERE

Run the following command to get the ipsecctl command to configure your ISAKMPD using the /etc/ipsec.conf file we just created

ipsecctl -f /etc/ipsec.conf

Configuring Mac OS X

First download IPSecuritas from Lobotomo Software

Import the following config file, and be sure to change the line: sainfo subnet 172.16.175.4/32 any subnet 10.20.30.0/23 any to your local IP, and remote Subnet you want access to.

log notify;
path pre_shared_key "/Library/Application Support/Lobotomo Software/IPSecuritas/psk.txt";
path certificate "/Library/Application Support/Lobotomo Software/IPSecuritas/certs";

padding
{
        maximum_length 20;
        randomize on;
        strict_check off;
        exclusive_tail on;
}

timer
{
        counter 5;
        interval 5 seconds;
        persend 1;
        phase1 15 seconds;
        phase2 15 seconds;
}

# Connection "OpenBSD Gateway"
remote 192.149.131.95
{
        verify_cert off;
        verify_identifier off;
        initial_contact on;
        passive off;
        support_proxy off;
        generate_policy off;
        verify_cert off;
        send_cert on;
        send_cr on;
        mode_cfg off;
        ike_frag on;
        doi ipsec_doi;
        situation identity_only;
        nat_traversal off;
        exchange_mode main;
        proposal_check obey;
        nonce_size 16;
        my_identifier address;
        peers_identifier address;
        proposal
        {
                lifetime time 1800 seconds;
                encryption_algorithm aes 256;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group modp1024;
        }
}

sainfo subnet 172.16.175.4/32 any subnet 10.20.30.0/23 any
{
        lifetime time 1800 seconds;
        pfs_group modp1024;
        encryption_algorithm des, 3des, aes 256, aes 192, aes 128;
        authentication_algorithm hmac_md5, hmac_sha256;
        compression_algorithm deflate;
}

listen
{
        isakmp 172.16.175.4 [500];
        isakmp_natt 172.16.175.4 [4500];
        adminsock "/Library/Application Support/Lobotomo Software/IPSecuritas/admin.sock";

}

You should be in really good shape from this point.

Powered by WordPress