Nov 01

Debian 新系统更新时,有提示:

Get:8 http://security.debian.org wheezy/updates/non-free Translation-en [14 B] 
Hit http://ftp.debian.org wheezy/contrib i386 Packages                         
Hit http://ftp.debian.org wheezy/non-free i386 Packages                   
Hit http://ftp.debian.org wheezy/contrib Translation-en
Hit http://ftp.debian.org wheezy/main Translation-en
Hit http://ftp.debian.org wheezy/non-free Translation-en
Fetched 729 kB in 2s (350 kB/s)              
Reading package lists... Done
W: There is no public key available for the following key IDs:
9D6D8F6BC857C906
W: There is no public key available for the following key IDs:
7638D0442B90D010

解决办法:

apt-get install debian-keyring debian-archive-keyring

参考资料:http://unix.stackexchange.com/questions/75807/no-public-key-available-on-apt-get-update

Oct 16

Q10貌似只支持Cisco IPSec VPN,所以不能选用PPTP协议,折腾了一天发现还是英文资料靠谱。

1.Server

racoon

raccon is an Internet Key Exchange (IKE) daemon for automatically keying IPsec connections. We’ll use this tool to establish our IPSec connection.

Since we are on Debian, we can simply use apt-get to install it:

apt-get install racoon

And set its configuration files as follows:

racoon.conf

# /etc/racoon/racoon.conf

path pre_shared_key “/etc/racoon/psk.txt”;
path certificate “/etc/racoon/certs”;

listen {
    isakmp SERVER.IP.ADDRESS [500];
    isakmp_natt SERVER.IP.ADDRESS [4500];
}

remote anonymous {
    exchange_mode aggressive, main, base;
    mode_cfg on;
    proposal_check obey;
    nat_traversal on;
    generate_policy unique;
    ike_frag on;
    passive on;
    dpd_delay 30;

    proposal {
        lifetime time 28800 sec;
        encryption_algorithm 3des;
        hash_algorithm md5;
        authentication_method xauth_psk_server;
        dh_group 2;
    }
}

sainfo anonymous {
    encryption_algorithm aes, 3des, blowfish;
    authentication_algorithm hmac_sha1, hmac_md5;
    compression_algorithm deflate;
}

mode_cfg {
    auth_source system;
    dns4 8.8.8.8;
    banner “/etc/racoon/motd”;
    save_passwd on;
    network4 10.12.0.100;
    netmask4 255.255.255.0;
    pool_size 100;
    pfs_group 2;
}

只需要修改listen的ip地址

psk.txt

Pre-shared key:

# /etc/racoon/psk.txt

# Group Name Group Secret
GROUP.NAME GROUP.SECRET

And set its permissions to 600:

chmod 600 /etc/racoon/psk.txt

我开始手贱,修改了psk.txt文件的权限,结果就是登录不上,log是个好东西,通过查看log提示权限有问题,修改权限后就可以登录了。

motd

Banner:

# /etc/racoon/motd

# Banner
Welcome to Cisco IPSec!

Accounts

To make it simple, we use system’s account system to validate our users:

useradd -MN -b /tmp -s /bin/false USER
passwd USER

iptables

Add the following rules to open relative ports and enable NAT.

iptables -A INPUT -p udp -–dport 500 -j ACCEPT
iptables -A INPUT -p udp –-dport 4500 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.12.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -s 10.12.0.0/24 -j ACCEPT

These rules may be lost after reboot. Consult this article to avoid this.

原文中第二条记录-dport前少了一条短线。

ipv4 forward

# /etc/sysctl.conf

net.ipv4.ip_forward=1

Run this command to enable this change:

sysctl -p /etc/sysctl.conf

2.Client

Linux

We can use vpnc as a client on Linux. Here is an example of its config:

# /etc/vpnc/default.conf

IPSec gateway SERVER.DOMAIN/IP
IPSec ID GROUP.NAME
IPSec secret GROUP.SECRET
IKE Authmode psk
Xauth username USER.NAME
Xauth password USER.PASSWORD
NAT Traversal Mode cisco-udp

Now we can connect or disconnect to the server using vpnc-connect or vpnc-disconnect.

3.Reference

Thanks to these articles for great help:

转自:http://diary.archangelsdy.com/blog/2012/07/29/cisco-ipsec-vpn-for-debian/

Oct 18

转载地址:

http://www.voland.com.cn/debian-lenny-upgrade-to-squeeze-from-a-common-source-and

第一步:修改更新源为debian 6.0
$sudo vi /etc/apt/sources.list
deb http://ftp.debian.org/debian/ squeeze main non-free contrib
deb http://ftp.debian.org/debian/ squeeze-proposed-updates main non-free contrib
deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main
第二步:更新源及软件包

$sudo apt-get update
$sudo apt-get install apt dpkg aptitude
$sudo apt-get dist-upgrade

第三步:重启查看
$sudo reboot
$sudo lsb_release -a
$sudo netstat -tulpn
$sudo tail -f /var/log/messages
$sudo other log files for linuxany.com
$uname -a

==================Debian 5 中常用的源====================
# sohu
deb http://mirrors.sohu.com/debian lenny main non-free contrib
deb http://mirrors.sohu.com/debian lenny-proposed-updates main contrib non-free
deb http://mirrors.sohu.com/debian-security lenny/updates main contrib non-free
#######################################
deb-src http://mirrors.sohu.com/debian lenny main non-free contrib
deb-src http://mirrors.sohu.com/debian lenny-proposed-updates main contrib non-free
deb-src http://mirrors.sohu.com/debian-security lenny/updates main contrib non-free
#美国
deb http://http.us.debian.org/debian lenny main contrib non-free
deb http://non-us.debian.org/debian-non-US lenny/non-US main contrib non-free
deb http://security.debian.org lenny/updates main contrib non-free
# 163
deb http://mirrors.163.com/debian/ lenny main contrib non-free
deb-src http://mirrors.163.com/debian lenny main contrib non-free
# 官方
#######################################
deb http://ftp.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp.debian.org/debian/ lenny main contrib non-free
#######################################
deb http://ftp.us.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp.us.debian.org/debian/ lenny main contrib non-free
# 台湾及大陆教育网高校等
deb http://ftp.tw.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp.tw.debian.org/debian lenny main contrib non-free
#######################################
deb http://mirrors.geekbone.org/debian/ lenny main contrib non-free
deb-src http://mirrors.geekbone.org/debian/ lenny main contrib non-free
#######################################
deb http://mirror.dlut.edu.cn/debian/ lenny main contrib non-free
deb-src http://mirror.dlut.edu.cn/debian/ lenny main contrib non-free
#######################################
deb http://debian.csie.ntu.edu.tw/debian/ lenny main contrib non-free
deb-src http://debian.csie.ntu.edu.tw/debian/ lenny main contrib non-free
#######################################
deb http://mirrors.kernel.org/debian lenny main contrib
deb http://packages.dotdeb.org lenny all

==================Debian 6 中常用的源====================
# 官方这个ftp的源速度很快(将http改为ftp也可)
deb http://ftp.debian.org/debian/ squeeze main non-free contrib
deb http://ftp.debian.org/debian/ squeeze-proposed-updates main non-free contrib
#######################################
deb http://ftp.us.debian.org/debian/ squeeze main non-free contrib
deb http://ftp.us.debian.org/debian/ squeeze-proposed-updates main non-free contrib
# 官方安全更新的源
deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main
# 这个台湾的源速度一直就很不错
deb http://debian.nctu.edu.tw/debian/ squeeze main non-free contrib
deb http://debian.nctu.edu.tw/debian/ squeeze-proposed-updates main non-free contrib
# 另一个台湾的源
#deb http://ftp.tw.debian.org/debian/ squeeze main non-free contrib
#deb http://ftp.tw.debian.org/debian/ squeeze-proposed-updates main non-free contrib
#deb http://ftp.tw.debian.org/debian-multimedia/ squeeze main non-free
# 上海交大的源
deb http://ftp.sjtu.edu.cn/debian/ squeeze main non-free contrib
deb http://ftp.sjtu.edu.cn/debian/ squeeze-proposed-updates main non-free contrib
deb http://ftp.sjtu.edu.cn/debian-security/ squeeze/updates main non-free contrib
# 163的源
deb http://mirrors.163.com/debian/ squeeze main non-free contrib
deb http://mirrors.163.com/debian/ squeeze-proposed-updates main non-free contrib
deb http://mirrors.163.com/debian-security/ squeeze/updates main non-free contrib