Enable L2TP/IPSec VPN on Ubuntu

October 5, 2011 at 9:20 pm · Filed under android, cloud, linux

I use China Unicom 3G on my Android phone in China. To get rid of #GFW in China, with Richard guidance, I set up L2TP/IPSec VPN on Ubuntu, hosted @ http://Linode.com. Simply document the steps.

IPSec

sudo apt-get install openswan

Use Pre- Shared Key. Change /etc/ipsec.conf

version 2.0
 config setup
     nat_traversal=yes
     virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
     oe=off
     protostack=netkey
conn L2TP-PSK-NAT
     rightsubnet=vhost:%priv
     also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
     authby=secret
     pfs=no
     auto=add
     keyingtries=3
     rekey=no
     ikelifetime=8h
     keylife=1h
     type=transport
     left=YOUR.SERVER.IP.ADDRESS
     leftprotoport=17/1701
     right=%any
     rightprotoport=17/%any

and change /etc/ipsec.secrets to

YOUR.SERVER.IP.ADDRESS %any: PSK "YourSharedSecret"

Apply the following change

for each in /proc/sys/net/ipv4/conf/*
 do
     echo 0 > $each/accept_redirects
     echo 0 > $each/send_redirects
 done

Verify IPSec configuration, then restart the daemon

sudo ipsec verify
sudo /etc/init.d/ipsec restart

L2TP

Install xl2tpd

sudo apt-get install xl2tpd

Change /etc/xl2tpd/xl2tpd.conf

[global]
 ipsec saref = yes
[lns default]
 ip range = 10.1.2.2-10.1.2.255
 local ip = 10.1.2.1
 refuse chap = yes
 refuse pap = yes
 require authentication = yes
 ppp debug = yes
 pppoptfile = /etc/ppp/options.xl2tpd
 length bit = yes

PPP

sudo apt-get install ppp

Change /etc/ppp/options.xl2tpd

require-mschap-v2
 ms-dns 8.8.8.8
 ms-dns 8.8.4.4
 asyncmap 0
 auth
 crtscts
 lock
 hide-password
 modem
 debug
 name l2tpd
 proxyarp
 lcp-echo-interval 30
 lcp-echo-failure 4

Add a test user in /etc/ppp/chap-secrets

# user      server      password            ip
 test        l2tpd       testpassword        *

Restart xl2tpd

sudo /etc/init.d/xl2tpd restart

Apply iptables firewall rules

iptables --table nat --append POSTROUTING --jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

Automate ipsec and xl2tpd daemons when system boots

chkconfig ipsec on
chkconfig xl2tpd on

And add the following into /etc/rc.local

iptables --table nat --append POSTROUTING --jump MASQUERADE
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
/etc/init.d/ipsec restart

Comments off

Apply VirtIO for KVM over KVM (Day 2)

January 31, 2011 at 7:07 pm · Filed under cloud, hypervisor, kvm, linux, opensource, virtualization

I talked w/ David Ke Zhu @ dev team and confirmed that VirtIO is a mandatory plugin driver to apply in order to improve the IO performance of disk + network. HSLT depends on this driver. (Thanks to David).

Good > the install step is simple on host OS. Bad > all Windows VM need patched as well! (not Linux VM)
Apply the latest kernel on host OS. Supposed >= 2.6.31 and latest KVM associating to such level of kernel

Download virtio-win.iso package from supplemental disc
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/…Installing_the_KVM_Windows_para_virtualized_drivers

Install package onto Windows VM @ step: Procedure 12.1. Using virt-manager to mount a CD-ROM image for a Windows guest -> this step should update VM xml conf with appropriate param needed before VM system boot.

I can bet this would fix the issue as The virtio-win package contains the para-virtualized block and network drivers for all supported Windows guests.

Comments off

Apply VirtIO for KVM over KVM (Day 1)

January 31, 2011 at 6:45 pm · Filed under cloud, linux, opensource, virtualization

We received a complaint regarding KVM performance issue today. Customer reports the performance is poor when copying files from native bare- metal Windows box to Windows 2003 VM created over KVM on CentOS 5.5 host box.

Searching @ RHEL KVM doc >
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Virtualization/chap-Virtualization-KVM_restrictions_and_support.html

It reads Windows 2003 32 or 64bit is supported as fully virtualized guest on RHEL5, but requires “optimized with para- virtualized drivers”

To install para- virtualized driver is detailed @

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Virtualization/chap-Virtualization-KVM_Para_virtualized_Drivers.html#sect-Virtualization-KVM_Para_virtualized_Drivers-Installing_the_KVM_Windows_para_virtualized_drivers

Additional info on KVM limitation
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Virtualization/sect-Virtualization-Virtualization_limitations-KVM_limitations.html

We’d consider to apply this. It should fix the performance issue.

If CentOS5.5 is installed, the similar solution > http://www.centos.org/modules/newbb/viewtopic.php?topic_id=23513&forum=37
mkinitrd –with virtio_pci –with virtio_blk —with virtio -f /boot/initrd-$(uname -r) $(uname -r )

Comments off

IBM Service Delivery Manager (ISDM) Download from eXtremeLeverage

October 3, 2010 at 6:33 pm · Filed under cloud

ALL file downloaded from eXtremeLeverage are good. The files naming reference + md5 checksum for verification:

ISDM_for_System_x_6of12_V721.tar CZK1BML > icbtivsam_part01.tar 278b95932fdb8405acbb1d6c11ea019a
ISDM_for_System_x_7of12_V721.tar CZK1CML > icbtivsam_part02.tar f665c8b7dd5a6ea8b2b78fc5b07b341f
ISDM_for_System_x_8of12_V721.tar CZK1DML > icbtivsam_part03.tar f68225a101fdf9a529870c5f4120b075
ISDM_for_System_x_9of12_V721.tar CZK1EML > icbtivsam_part04.tar d2a0222f7422ca9b1b3ac2005132e565
ISDM_for_System_x_10of12_V721.tar CZK1FML > icbtivsam_part05.tar d40cdf1c1d497180cba5b358fde7684e
ISDM_for_System_x_11of12_V721.tar CZK1GML > icbtivsam_part06.tar 8b2b0eb70d8ba5e9a4a57e976812db95
ISDM_for_System_x_12of12_V721.tar CZK1HML > icbtivsam_part07.tar ea6eb6d14c52de4fcdfc665cf1be9dc3

Cat all above 7 files overall tar, after merging the pieces:  f511d9e075eb953ea962db7f720dea2b

Comments off

Twitter buys analytics company

July 10, 2010 at 1:56 am · Filed under cloud, innovation, social network, twitter, web2.0

Twitter, which recently announced its Promoted Tweets advertising program, has acquired the maker of a cloud-hosted Web analytics application, Twitter said Thursday.Smallthought Systems’ Trendly lets Web site owners dig deeper into the usage and traffic data that Google Analytics collects about their sites.

The Smallthought staff has become part of Twitter’s analytics team, where they will integrate Trendly features and technology into Twitter’s existing systems, as well as help develop new products.

In April, Twitter launched with a limited number of partners like Starbucks and Best Buy the Promoted Tweets program, which is designed to let companies market their products and services on the popular microblogging and social-networking site.

As with all advertising services, a key to the success of Promoted Tweets will be Twitter’s capacity to analyze the popularity and effectiveness of these ads so that campaigns can be evaluated and optimized.

The analytics for Promoted Tweets may be more challenging than for other online advertising programs for a few reasons, including the fact that the ad format for Promoted Tweets will be the same as the format for regular “tweets” and that Twitter’s usage is going through the roof, with 2 billion “tweets” posted in May, according to Web monitoring company Pingdom.

“Every day millions of people use Twitter to create, share and discover information, and as we grow, analytics becomes an increasingly crucial part of improving our service,” reads Twitter’s announcement of its Smallthought acquisition.

Credit & Resource: http://www.networkworld.com/news/2010/061010-twitter-buys-analytics.html

=-=-

How Trendly helps your web marketing

Google Analytics does a great job of collecting your data, but it does a bad job of helping you understand it. For example, at Dabble DB, we are very interested in how many people come to us after searching for online database. Here’s what that keyword’s traffic looks like for the first few months of 2009:

Google Analytics keyword traffic example

It’s definitely going up and down a lot, but we don’t really care about daily fluctuation, we care about the trend. On average, how many people should we expect each day? And is that changing?

Trendly uses a statistical model to answer that question for us. It assumes that our traffic is going to stay the same for days, weeks, or even months at a time, but every once in a while something is going to change — like our ranking for “online database” improving, sending more people our way. The red line shows how Trendly sees this keyword over the same time period:

Trendly interpretation of keyword traffic

According to Trendly, our daily visitors from “online database” went up from 24 to 40 in early January, and then again up to 50 in early February. It reports these changes as items in a news feed:

Items in a news feed

By boiling several months of data down to a couple of items in a news feed, Trendly helps us keep on top of many different things at once. For example, this same feed actually tracks all of our search keywords:

Tracking all search keywords

You can see that our traffic from searches for co-founder Avi Bryant had a bump at the end of January (around the time he gave a talk at CUSEC), but went back down again. The sparklines beside each news item show those patterns concisely.

The news feed is continuous, and shows up to three years of history. If we want to see the earlier change to “online database”, we just scroll down a few weeks:

Scroll to see changes

The news feed does a great job of showing what’s changed, but it’s nice to put those individual keywords into a wider context. A chart running down the left provides the big picture:

A big chart for the big picture

The chart is locked to the same timescale as the news feed — and so, unlike most charts, time runs vertically. Each colored layer in the chart represents a single keyword. For example, the big green layer represents visits from “online database”. If I click on either the chart or the news item, the layer will pop out:

Pop-out layers

You can see how the green layer gets wider at the same time as the news item appears. The wider the layer, the more visits we get each day. The wider the chart as a whole — the sum of all the layers — the more visits we get in total from search. You can also see that Trendly tries to make things more meaningful by clustering similar keyword phrases together: The popup for “online database” shows that, while most (86%) of the searches in this cluster are for exactly “online database”, there are less frequent similar phrases that are also being included here, like “make an online database”.

Trendly isn’t just for tracking keywords. It has feeds for many of the reports you’re used to from Google Analytics: referrals, content, ad campaigns, and more. If you use goal tracking or ecommerce, Trendly also helps you track those:

Comments off

Windows Azure versus Amazon EC2

July 3, 2010 at 6:24 pm · Filed under cloud, innovation, virtualization

http://news.techworld.com/data-centre/3228389/windows-azure-versus-amazon-ec2/

Windows Azure versus Amazon EC2

Microsoft cloud official says infrastructure and platform cloud lines will blur

By Jon Brodkin | Network World US | Published: 10:36 GMT, 28 June 10

Microsoft’s Windows Azure and Amazon’s Elastic Compute Cloud tackle two very different cloud computing technology problems today, but are destined to emulate each other over time, Microsoft cloud official Tim O’Brien says.

Whereas Windows Azure is a platform-as-a-service cloud, giving developers the tools they need to build and deploy web applications, Amazon EC2 is primarily an infrastructure-as-a-service cloud, offering on-demand access to customisable virtual machine instances.

Azure simplifies the building of web applications in a way that Amazon does not, but Amazon’s cloud-based virtual machines have the benefit of working with multiple programming models, O’Brien says, predicting that over time Microsoft will move more into infrastructure-as-a-service and Amazon will cross over into platform-as-a-service (PaaS).

O’Brien, senior director of Microsoft’s Platform Strategy Group, discussed his take on the cloud market in an interview with Network World, as well as a public presentation at the recent Cloud Leadership Forum, hosted by IDC and IDG Enterprise.

“It’s a double-edged sword,” O’Brien said in the interview. “The reason people like infrastructure-as-a-service is because it’s programming model agnostic. The bare metal VM doesn’t care what language you wrote the application in, it doesn’t matter what tools you use and what run times you’ve targeted. If it runs on Windows or Linux, give it a virtual machine and it will run just fine. The problem is it’s a lot of extra work. You’re responsible for that virtual machine the same way you’re responsible for a server sitting under your desk. You’re responsible for turning it on. You’re responsible for turning it off. You’re responsible for applying a patch or an update. If Red Hat applies a Linux patch, and you have a Linux VM running on Amazon, you have to apply that patch yourself. They won’t do that for you.”

But there are shortcomings in the platform-as-a-service model as well, O’Brien acknowledges. The biggest problem with PaaS may be difficulty migrating existing applications from the internal data centre to the cloud.

“Platform-as-a-service has a different set of trade-offs,” O’Brien says. “All of that stuff is completely abstracted away, it’s a friction-free development, you basically code up an application, you hit deploy and it’ll go run on the platform that’s supplied by those run times. So in our case its PHP, C Sharp, in the case of Google App Engine it’s Python and Java.” While building new applications is easy, and removes the need for owning internal hardware and software, other than a Web browser, “part of the challenge there is it’s not necessarily optimal for migrating existing applications.”

Microsoft has already announced that “at some point [in the next 12 months] we will be offering the ability to provision a bare-metal VM, and run your application on that,” O’Brien says. While Amazon provides a variety of Windows and Linux virtual machine images through EC2, the company’s Web Services business offers a variety of other tools that might be useful to developers, including databases, storage services and load balancing.

O’Brien predicts that just as Microsoft moves into IaaS, Amazon will build a PaaS offering that more closely resembles Azure than anything Amazon offers today. Amazon’s public relations department could not be reached for comment Friday.

“It’s not a matter of one is better than the other; they accomplish different things,” O’Brien says. “But I think what you’ll see happen in the marketplace is a convergence of those two, where infrastructure-as-a-service providers like Amazon will move up the stack toward platform-as-a-service. You’ll also see PaaS providers like Microsoft provide some of that infrastructure-like capability, just so we can handle those migration scenarios much easier, and the lines will get blurred.”

In his speech at the Cloud Leadership Forum, O’Brien said public cloud services are generally not providing as much customization as customers want, but the cloud model is gaining popularity both among users who want to sidestep their companies’ IT departments, and from small businesses that want to get out of the IT business.

Many small businesses “don’t want to be in the IT business,” O’Brien said. “Private cloud is not in their vocabulary. They want to run their businesses on PCs and mobile phones and get out of the IT business entirely.”

Private clouds simply don’t offer the same economies of scale as public clouds do, he said, claiming that per-server TCO in a 100,000-server data centre is less than half the per-server TCO in a 1,000-server data centre.

Microsoft’s goal in the cloud is to offer customers the same functionality they would expect if they install the software themselves, he said. “If you can write an app for Windows Server you should be able to write an app for Windows Azure,” O’Brien said.

Comments off

Hypervisor Brief Intro

June 21, 2010 at 10:21 pm · Filed under cloud, linux, opensource, virtualization

View of Avi Kivity By Irfan Habib, http://www.linuxjournal.com/article/9764?page=0,1

In many ways, VMware is a ground-breaking technology. VMware manages to fully virtualize the notoriously complex x86 architecture using software techniques only, and to achieve very good performance and stability. As a result, VMware is a very large and complex piece of software. KVM, on the other hand, relies on the new hardware virtualization technologies that have appeared recently. As such, it is very small (about 10,000 lines) and relatively simple. Another big difference is that VMware is proprietary, while KVM is open source.

Xen is a fairly large project, providing both paravirtualization and full virtualization. It is designed as a standalone kernel, which only requires Linux to perform I/O. This makes it rather large, as it has its own scheduler, memory manager, timer handling and machine initialization.

KVM, in contrast, uses the standard Linux scheduler, memory management and other services. This allows the KVM developers to concentrate on virtualization, building on the core kernel instead of replacing it.

QEMU is a user-space emulator. It is a fairly amazing project, emulating a variety of guest processors on several host processors, with fairly decent performance. However, the user-space architecture does not allow it to approach native speeds without a kernel accelerator. KVM recognizes the utility of QEMU by using it for I/O hardware emulation. Although KVM is not tied to any particular user space, the QEMU code was too good not to use—so we used it.

Comments off

« Previous entries Next Page » Next Page »