Source.

Running Wireshark I found that only about 5ish packets got transferred, and all other data to that website abruptly stopped.

I’m using ADSL (EDPnet), which has an MTU of 1492, however, I was able to access all websites from the router (using lynx, for example), but not from any other PC within the network.

# ifconfig ppp0
ppp0      Link encap:Point-to-Point Protocol
inet addr:85.234.196.57  P-t-P:85.234.196.1  Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492 Metric:1
RX packets:38804442 errors:0 dropped:0 overruns:0 frame:0
TX packets:28930886 errors:0 dropped:5020 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:45941523311 (42.7 GiB)  TX bytes:2887926670 (2.6 GiB)

Thinking it might have been a firewall issue, I flushed all my iptables rules, and started over from scratch. However, this too didn’t solve my issue.

When I VPN’ed or used my Macbook Pro directly as PPPoE device (by-passing the Gentoo router) I was able to access all the websites as well.

After being close to giving up, I found the following iptables rule:

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -t mangle

And try again.

This did solve my issue. :)

This is because the default 100mbit MTU is 1500, instead of 1492 for PPPoE.

Here are some examples:

Zero - One - Four - vm1 - Sauron

The config files:

Sauron (including Squid stats),

Zero (including fan stats).

List of files included:

• indexmaker; simple script (included with MRTG) to generate a simple index file with all the graphs
• snmp-if.sh; will show you the IDs of the interfaces on the server/pc. These IDs have to be edited in the mrtg.cfg file; e.g.:

Target[eth0]: 2:public@localhost:

Make sure 2 is indeed the ID of eth0. Be aware that virtual interfaces, like the TUN/TAP interfaces (using by openVPN for example), can change ID each time they are restarted/rebooted.

• mrtg.cfg; check the config file as an example.

Some day, I’ll write a decent howto, but for now, you’ll have to do with this.

If there’s any question, just leave a comment.

I'm using Mac OS X (Leopard) as client, and a Gentoo server as server/host.

I both tried Viscosity and Tunnelblick on my Mac as OpenVPN software, and Viscosity is probably somewhat easier to configure (using the GUI), it was shareware. So I ended up using Tunnelblick and it seems to be doing its job quite well.

First of all, make sure Gentoo is set up and working as intended. I used my home router as VPN server (having both eth0 and eth1 (= ppp0).

Using this howto, you'll be able to get the server up and running.

Besides the installation, and perhaps (config) file locations it should be pretty similar on other Linux distros.

As I have dnsmasq running on my server (taking care of DNS) I added the following to the server.conf:

push "dhcp-option DNS 10.0.0.1"
push "redirect-gateway def1"
client-config-dir ccd
route 10.20.30.0 255.255.255.252

Don’t forget to allow DNS requests over tun0 interface in dnsmasq.conf.

The first line tells the server to hand out 10.0.0.1 as DNS server to its connecting clients (10.0.0.1 being the internal eth0 IP of my server).

The 2nd line, tells all clients to route ALL of their traffic through the VPN. I used the VPN to access a website that allowed only Belgian IPs, and I was in The Netherlands at the time I had to access the site (Skynet’s Rock Werchter stream). So I connected through my server at home.

And the 3rd and 4th line are needed if the client access the VPN is on a private IP subnet (like being connected on a WiFi router, using IP 192.168.178.x).

You’ll have to add, in the client-config directory a file per username connecting to the VPN with something similar to this:

iroute 192.168.178.0 255.255.255.0

I’m not entirely sure if you can add multiple iroutes; something I’ll have to figure out when being on a different network.

This is what my client config looks like (vpn-server-name.conf, located in ~/Library/openvpn/):

client
dev tun
proto udp
remote home.tiete.be 9000
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1200
persist-key
persist-tun
ca "ca.crt"
cert "yeri.crt"
key "yeri.key"
tls-auth "ta.key" 1
comp-lzo
verb 3

Yeri being my username. Don’t forget to download and add the ca.crt, user.crt, user.key (located in /usr/share/openvpn/easy-rsa/keys/) and ta.key (located in /etc/openvpn/) you’ve created on the server.

If your client asks for “directions”, pick 1.

Start up server and client software.

Hitting connect in Tunnelblick should connect you to the VPN server, and (in my case) giving me an IP similar to 10.20.30.6. You can check this using “ifconfig” in Terminal.

Client:

tun0: flags=8851 mtu 1500
    inet 10.20.30.6 --> 10.20.30.5 netmask 0xffffffff
    open (pid 20551)

Server:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.20.30.1  P-t-P:10.20.30.2  Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
RX packets:407595 errors:0 dropped:0 overruns:0 frame:0
TX packets:574351 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:27473209 (26.2 MiB)  TX bytes:603524377 (575.5 MiB)

Don’t forget; when using “tun” as driver, your gateway/VPN server will always have the IP ending on .1 (e.g.: 10.20.30.1).

Now, if you want to route all traffic throug the VPN, like I did, you’ll have to change some stuff in iptables (as the server is also acting as my home router, I already did have a few rules in it).

Allow all traffic through tun0 interface:

iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT

Allow traffic through the external port 9000 (UDP):

iptables -A INPUT -i ppp0 -p udp -m udp --dport 9000 -j ACCEPT

Enable forwarding and NAT:

iptables -A FORWARD -s 10.20.30.0/24 -i tun0 -j ACCEPT
iptables -A FORWARD -d 10.20.30.0/24 -i ppp0 -j ACCEPT
iptables -A POSTROUTING -o ppp0 -j MASQUERADE

And lastly, as I have Squid running on my server, I want to transparently forward all port 80 requests to the Squid server running on port 8080:

iptables -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

That’s about it. You should have a running VPN from your current location to your VPN server. And you’re able to use it as a gateway.

You can always traceroute/tracepath to your VPN server (10.20.30.1). It should only find one hop.

Yesterday evening two of our linux boxes were exploited. I had to try it out for myself; and yes, it really does work. :| Booted up my Ubuntu in Parallels, installed build-essential & ran that program!

sudo apt-get install build-essential
gcc what-ever-the-file-name-is.c
./a.out

This is what it looks like:

My-oh-my… I’m pretty sure this doesn’t require any more explanations ;)

Before trying to run Vista/Bootcamp through Parallels again, I’m waiting till the end of my exams (Thursday). Don’t want to blow up my Windows install again when I’m in desperate need of it. ;)

As usual with Parallels, creating/installing a new OS isn’t easy. Wether it crashes or you get a bunch of errors, you’re always up for a day full of fun!

Here is how I managed to install Ubuntu on Parallels:

• First of all, make sure you're running the latest version of Parallels, especially if you're using Leopard.
• Step 2, download the alternate Ubuntu installer. If you do not use the alternate installer, you'll end up with 'Display server errors' before being able to install Ubuntu. You can download Ubuntu here. Select the approriate version (probably Desktop, latest version), and check "Check here if you need the alternate desktop CD. This CD does not include the Live CD, instead it uses a text-based installer".
• Step 3, create a new virtual machine, with OS Linux/Ubuntu.

• And follow the steps. I've added some more screenshots below. You can leave everything by default, that's as you wish.

• As CD-drive, select the Ubuntu (alternate) installer .iso-file.

• Click Finish and Start -- the Ubuntu installer will boot.
• You'll end up in Ubuntu's welcome screen. Select your keyboard layout (hit F3) and select (text) install
• Here too, follow the steps on the screen. It will ask for your language, country, and will propose a manual or automatic disk partition. I've selected automatic -- it creates a big ext3 root partition, and a swap partition. The installer then asks if you agree with the partition table. Select Yes or No. (I've selected No - changed my root partition from ext3 to reiserfs, as I'm a big reiserfs fan.) When selecting Yes -- the table will be created and Ubuntu will start installing.
• After it's installed, Ubuntu will reboot. This is where you'll get your first error; ACPI: Unable to locate RSDP. This is a known error; you can safey ignore it.
• Ubuntu will continue to boot, and then pop up this error: The display server has been shut down about 6 times in the last 90 seconds, and will freeze. To fix this error, shut down and restart (or reset) the VM, and hit the ESC-key. Grub's bootloader menu will pop up if everything is right.
• Select the 2nd option (recovery). Ubuntu will boot up in text-mode-only and you should be logged in as root (if you're not, add 'sudo' in front of the commands below).
• In Parallels, click (on top of your screen) "Actions" -> "Install Parallels Tools..." and type in following commands in the shell:
  • mount /media/cdrom
  • cd /media/cdrom
  • ./parallels-tools.run
  • reboot
• After Ubuntu has rebooted (in normal mode), you shouldn't receive any more errors, and you can enjoy Ubuntu on your mac!