IPv6 local endpoint for first tunnel (1.2)

Now we can start to configure our local part of the tunnel. I want to keep each service as much as possible seperated from the underlying hardware. So I will use a virtual machine to handle my part of the tunnel. Thus I can easily control all traffic through the tunnel and get a dedicated firewall for free.
There are lots of information available in the net, so I don’t explain how to create a new Xen guest domain. The new instance is a Debian Wheezy system
with just 128MB RAM and 4GB disk space.

Afterwards you just need to install the Debian package \it aiccu, enter SixXS-Userid and Password and choose the default tunnel you want to use. In case of problems please have a look in the SixXS FAQ. Most likely your firewall has to be configured accordingly. More aiccu configuration can be done via /etc/aiccu.conf

After starting aiccu, the tunnel will be active and hopefully never terminate.

IPv6 tunnel from SixXS (1.1)

It is very easy to create a SixXS tunnel. First you have to register on the SixXS website. After having done so, you will get some credits. Depending on the number of credits you have, you can apply for tunnels, further subnets routed to your tunnel, DNS server entries and so on.

You can obtain new credits by keeping your tunnel active for some time. Every two weeks you will be given five credits. So all you need to work with SixXS is patience.

The first step after registration is to apply for a tunnel. SixXS won’t manage tunnels by itself but delegates this task to one PoP. You should choose the nearest one (network wise) for you tunnel and give a short explanation about how you want to use it. After some time you will get an email that everything is configured.

IPv6

After playing around with IPv6 just for fun, I think it is time to really reconfigure the whole network now.

1) As I don’t have native IPv6 access yet, I need a tunnel broker to connect my hosts to the IPv6 network.
According to Wikipedia there are only two of them who have PoPs in Europe:

  • SixXS
  • Hurricane Electric

In order to make things a bit more complicated, I want to connect two sites together with some external servers.
Further all IPv4 stuff needs to work as well, so I need a dual stack solution.

The following is a list of problems that I am trying to solve step by step.

1.1) tunnel one from SixXS
1.2) local tunnel endpoint one
1.3) routable subnet one from SixXS
1.4) tunnel two from SixXS
1.5) local tunnel endpoint two
1.6) routable subnet two from SixXS

1.11) tunnel one from Huricane Electric
1.12) local tunnel endpoint one
1.13) routable subnet one from Hurricane Electric
1.14) tunnel two from Huricane Electric
1.15) local tunnel endpoint two
1.16) routable subnet two from Hurricane Electric

1.20) check IPv6 availability for external server at Hetzner
1.21) check IPv6 availability for external server at Strato
1.22) check IPv6 availability for external server at Server4You

2) configure external server
2.1) configure connectivity for external server at Hetzner
2.2) configure connectivity for external server at Strato
2.3) configure connectivity for external server at Server4You

3) configure services
3.1) bind
3.2) DNS resolving
3.3) apache
3.4) exim4
3.3) inn2
3.6) ssh
3.7) nagios
3.8) nfs
3.9) openafs
3.10) xen
3.11) ftp
3.11) openvpn

4) configure home network
4.1) automatic configuration for all hosts
4.2) dynamic default route
4.3) manually routing of special networks
4.4) configure services from list in 3)

Let’s start the journey …

DTPOM: lots of stuff for Debian Med

April has been the month of new packages. I had a look at the task list of Debian Med and tried to finish some (older) packages or created some new ones.

Finally the following packages made it first to “unstable” and after the release of Wheezy, they migrated to “testing” as well:
uc-echo – error correction algorithm designed for short-reads from NGS
python-clips – Python module to interface the CLIPS expert system shell library
visionegg – Python library for 2D/3D visual stimulus generation
qrisk2 – cardiovascular disease risk calculator

Further there are still some packages waiting in the NEW-queue
treeview – Java re-implementation of Michael Eisen’s TreeView
proalign – Probabilistic multiple alignment program

The month of May will be under the banner of bug fixing and new upstream releases. But in case any other package shall be part of Debian, just send an email to blog@alteholz.eu.

DTPOM: libkeepalive – enable tcp keepalive support in programs using shared libraries

In one of my projects I needed to activate TCP keepalive for some sockets. Unfortunately those sockets were handled by a library and I didn’t want to compile everything just to get this feature.
Searching the web I found this small piece of code and here is the Debian package now. Maybe someone else might find it useful as well.

BOM: openAFS

February and March have been the months of openAFS bug squashing. I sent in patches for #660622 and #639475, helped on an issue with building modules for amd64 kernels on an i386 architecture and opened bug #702018 in package dkms which is the reason for openafs bug #620014.

This has been great fun.

DOPOM: scheme48 – A simple, modular, and lightweight Scheme implementation

Some years ago I heard about Scheme and was fascinated by the (at that time at least for me) strange syntax. As this was not yet the time of WWW, I even bought a book to learn more about it.
Unfortunately priorities changed and I needed to spend my time on other things. As I now found that orphaned package I would like to give it a second try and at least keep it rolling.

bind configuration

Today I had to do some bind9 configuration and here are the results for my future self.

Nowadays the Debian bind package is prepared to use IPv6. In case your server has no IPv6 connectivity yet, lots of errors appear in the logs. Most of them can be ignored, but at least they look ugly. So if you know that you do not need IPv6 add ‘-4’ to the OPTIONS-line in /etc/default/bind9.

If you get an error like “refused notify from non-master” and the IP of non-master is your own host, you need to accept notifies from yourself. Just add something like ‘allow-notfy { n.m.o.p; };’ to the options{}-section (n.m.o.p should be your own IP). On Debian systems this is in /etc/bind/named.conf.options.

UUCP sys file

This is just another reminder for my future self:

Do not forget /usr/sbin/rsmtp in /etc/uucp/sys:commands line in case you activate rsmtp in exim4 config.

HowTo build a kernel

I write this article mainly to be able to remember all steps in a few months.

– Get kernel: git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
This is the main kernel repository. Other repositories can be found at http://git.kernel.org/
For example the development of /dev/random takes place in git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random.git

– As I don’t want to manually handle entries in grub, I want to use make-kpkg to build Debian packages.

– The package needs to be built as root, ‘–rootcmd fakeroot’ does not always work. Maybe there is some time to check this issue.

– Working with original sources instead of the Debian source package results in a plus sign added to the kernel version. This is done by one of the kernel scripts (scripts/setlocalversion)
For more info see comment at end of that script. I avoid this ‘+’ by doing something like: ‘export LOCALVERSION=”-ta-1″

– As /tmp nowadays is a bit small, you need to do somehting like ‘export TEMPDIR=/home/tmp’ or whatever suits your system

– Target ‘buildpackage’ calls ‘clean’ + ‘binary’
‘binary’ -> ‘binary-indep’ + ‘binary-arch’
‘binary-indep’ -> ‘kernel_source’, ‘kernel_manual’, ‘kernel_doc’
‘binary-arch’ -> ‘kernel_headers’, ‘kernel_image’

So for a normal builds, call ‘make-kpkg –initrd binary-arch’ or at least ‘make-kpkg –initrd kernel_image’

– In case of several cores call ‘make-kpkg -j 4 –initrd binary-arch’
(the blank between ‘j’ and ‘4’ is important)
The best results will be obtained if the given number equals the number of cores

– The old Laptop needs the following times to build the package:
make-kpkg –initrd binary-arch 91 minutes
make-kpkg -j 3 –initrd binary-arch 78 minutes
make-kpkg -j 4 –initrd binary-arch 59 minutes
make-kpkg -j 4 –initrd binary-arch &> log 57 minutes

– Check version of package in automatically build debian/changelog
The debian-directory can be rebuild by ‘make-kpkg debian’

– Move kernel package to Xen VM (grub-legacy should be installed, otherwise pygrub on wheezy dom0 is not able to start domU)
– dpkg -i
– edit /boot/grub/menu.lst (again a pygrub issue with some entries)