Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 11 October 2004
Date: Sun, 10 Oct 2004 22:25:54
Message-Id: 20041011002235.27dd5e7c.plate@gentoo.org
1 ---------------------------------------------------------------------------
2 Gentoo Weekly Newsletter
3 http://www.gentoo.org/news/en/gwn/current.xml
4 This is the Gentoo Weekly Newsletter for the week of 11 October 2004.
5 ---------------------------------------------------------------------------
6
7 ==============
8 1. Gentoo News
9 ==============
10
11 Portage breaks through the 100,000 files ceiling
12 ------------------------------------------------
13
14 In early 2002, synchronizing the Portage tree was usually done in a few
15 seconds. At less than 10,000 files, there wasn't much to wait for, and
16 certainly no real need for today's option in /etc/make.conf that limits
17 syncs to certain parts of the Portage tree. If they want to do the same
18 thing today, Gentoo users must allow for significantly more time: Since
19 Friday last week, the Portage tree contains more than 100,000 files,
20 leaving little to desire in terms of ebuilds for popular and lesser-known
21 applications. Thousands of enhancements, security or Gentoo-specific
22 patches to merge with the original sources, even for different versions of
23 applications available via Portage are included in the tree. Counting
24 toward the total sum are also an increasing number of genuine Gentoo
25 developments, like catalyst or tenshi. Congratulations to all who
26 contributed to this impressive record!
27
28 Ten PegasosPPC desktops on their way to Gentoo developers
29 ---------------------------------------------------------
30
31 Freescale Semiconductor, Inc.[1], a Motorola company that took over
32 production of the PowerPC chips from the mother recently, is donating a
33 large number of computers to various open-source projects, in order to
34 evaluate if there is a market for Linux on PowerPC desktops. Ten of the
35 machines, PegasosPPC desktops with 1 GHz G4 CPUs, are being sent to Gentoo
36 developers in the U.S. and in Europe over the next two weeks. The machines
37 will go to the base system, security and hardened herds, one each to
38 Gentoo's X11 and Gnome maintainers, three more to test accessibility, web
39 applications and media/video, and the rest go to the embedded and PPC
40 projects. The Gentoo developers are excited and would like to express
41 their gratitude for this generous donation to Freescale Inc.
42
43 1. http://www.freescale.com
44
45 Figure 1.1: Inside the PegasosPPC: G4 CPU, Radeon 9200 graphics
46 /images/gwn/20041011-pegasos.jpg
47
48 The producers of the donated PegasosPPCs, the Luxemburg-based company
49 Genesi S.a.r.l.[2], is unique in openly and actively supporting Linux for
50 desktop PowerPCs, regardless of its own operating system, MorphOS, shipped
51 pre-installed, too. 3D acceleration isn't available yet, but CPU upgrades
52 will be easier than usual in the PowerPC world: Both 7447A 1.3 GHz
53 processors that do not require active cooling, and a dual-CPU card will be
54 available in a couple of months. Since the G3/G4-series from both IBM and
55 Freescale are pin-compatible, CPU upgrades can be done as soon as the new
56 processors hit the shelves. Freescale will be releasing 2 GHz CPUs soon
57 and is also working on a series of dual-core CPUs.
58
59 2. http://www.genesi.lu
60
61 Turkish GWN translation reanimated
62 ----------------------------------
63
64 After more than a year of inactivity, a Turkish translation of the GWN is
65 available again since last week. Thanks to Bahadir Kandemir[3], the
66 Turkish users of Gentoo join the Japanese, Italian and German readers of
67 the GWN who receive regular service in their own languages. Several other
68 languages still need additional help. Volunteers can contact
69 gwn-feedback[4].
70
71 3. kandemir@×××××.com
72 4. gwn-feedback@g.o
73
74 ==================
75 2. Gentoo security
76 ==================
77
78 Netpbm: Multiple temporary file issues
79 --------------------------------------
80
81 Utilities included in old Netpbm versions are vulnerable to multiple
82 temporary files issues, potentially allowing a local attacker to overwrite
83 files with the rights of the user running the utility.
84
85 For more information, please see the GLSA Announcement[5]
86
87 5. http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml
88
89 NetKit-telnetd: buffer overflows in telnet and telnetd
90 ------------------------------------------------------
91
92 Buffer overflows exist in the telnet client and daemon provided by
93 netkit-telnetd, which could possibly allow a remote attacker to gain root
94 privileges and compromise the system.
95
96 For more information, please see the GLSA Announcement[6]
97
98 6. http://www.gentoo.org/security/en/glsa/glsa-200410-03.xml
99
100 PHP: Memory disclosure and arbitrary location file upload
101 ---------------------------------------------------------
102
103 Two bugs in PHP may allow the disclosure of portions of memory and allow
104 remote attackers to upload files to arbitrary locations.
105
106 For more information, please see the GLSA Announcement[7]
107
108 7. http://www.gentoo.org/security/en/glsa/glsa-200410-04.xml
109
110 Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities
111 ---------------------------------------------------------
112
113 Cyrus-SASL contains two vulnerabilities that might allow an attacker to
114 completely compromise the vulnerable system.
115
116 For more information, please see the GLSA Announcement[8]
117
118 8. http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml
119
120 CUPS: Leakage of sensitive information
121 --------------------------------------
122
123 CUPS leaks information about user names and passwords when using remote
124 printing to SMB-shared printers which require authentication.
125
126 For more information, please see the GLSA Announcement[9]
127
128 9. http://www.gentoo.org/security/en/glsa/glsa-200410-06.xml
129
130 ed: Insecure temporary file handling
131 ------------------------------------
132
133 The ed utility is vulnerable to symlink attacks, potentially allowing a
134 local user to overwrite or change rights on arbitrary files with the
135 rights of the user running ed, which could be the root user.
136
137 For more information, please see the GLSA Announcement[10]
138
139 10. http://www.gentoo.org/security/en/glsa/glsa-200410-07.xml
140
141 ncompress: Buffer overflow
142 --------------------------
143
144 compress and uncompress, which could be used by daemon programs, contain a
145 buffer overflow that could lead to remote execution of arbitrary code with
146 the rights of the daemon process.
147
148 For more information, please see the GLSA Announcement[11]
149
150 11. http://www.gentoo.org/security/en/glsa/glsa-200410-08.xml
151
152 =========================
153 3. Heard in the community
154 =========================
155
156 gentoo-user
157 -----------
158
159 Groupware products
160
161 Looking for recommendations for groupware products? Several different
162 packages are listed for consideration in this thread:
163
164 * Groupware solution[12]
165 12. http://thread.gmane.org/gmane.linux.gentoo.user/102447
166
167
168 Local.start errors
169
170 Setting up an interrupt at boot time for a low latency test kernel, Mark
171 Knecht added a local.start script that doesn't work as expected. A quick
172 resolution is offered in this thread:
173
174 * setup commands in local.start[13]
175 13. http://thread.gmane.org/gmane.linux.gentoo.user/102473
176
177
178 Last emerge sync
179
180 How does one determine when the last emerge sync was run? Several
181 suggestions went into this thread:
182
183 * when was last sync?[14]
184 14. http://thread.gmane.org/gmane.linux.gentoo.user/102058
185
186
187 Athcool risk
188
189 Athcool is a powersaving utility for Athlon CPUs, but the ebuild claims it
190 may cause instability. Here's what users have really experienced:
191
192 * athcool - how safe is it?[15]
193 15. http://thread.gmane.org/gmane.linux.gentoo.user/102476
194
195
196 gentoo-dev
197 ----------
198
199 A new cron herd
200
201 The base-system herd has many extra packages that don't really belong into
202 base-system but lacks other maintainers. To reduce the workload, all cron
203 daemons will be outsourced to the new cron herd. Other package groups may
204 follow in the near future.
205
206 * A new cron herd[16]
207 16. http://thread.gmane.org/gmane.linux.gentoo.devel/21840
208
209
210 Portage subcategories
211
212 This thread discussed the advantages and disadvantages of extending the
213 package categories from category/package to
214 category/subcategory/.../package. At the moment, portage is unable to
215 handle it, and the usefulness of such a change is not obvious.
216
217 * Portage subcategories[17]
218 17. http://thread.gmane.org/gmane.linux.gentoo.devel/21818
219
220
221 Portage in embedded systems?
222
223 How big is portage, and how do embedded systems with low memory handle it?
224
225 * Portage in embedded systems?[18]
226 18. http://thread.gmane.org/gmane.linux.gentoo.devel/21850
227
228
229 Moving passwd from /usr/bin to /bin
230
231 This small change will help in system recovery. For example, fsck wants
232 the root password but might fail if /usr/bin is not mounted (which might
233 not be the case during bootup/recovery).
234
235 * Moving passwd from /usr/bin to /bin[19]
236 19. http://thread.gmane.org/gmane.linux.gentoo.devel/21865
237
238
239 =======================
240 4. Gentoo International
241 =======================
242
243 Antarctica: First Gentoo penguin webcam online
244
245 No, the German GARS-O'Higgins Station[20] on the tip of the Antarctic
246 Peninsula was not built for watching Gentoo penguins breed - but since
247 last week it does have a webcam that serves this exact purpose. The
248 station's mission, financed and run by German federal research
249 organizations, is to receive and store vast amounts of geodetic data
250 beaming down on its 9m antenna from various European Space Agency
251 satellites in orbit, forwarding them for number-crunching at data centers
252 in Germany. On 29 September 2004, the GARS team installed its fourth web
253 camera, this one donated by elementary school schildren and other private
254 sponsors back home, and pointed it to a spot where a Gentoo penguin colony
255 takes shelter from the wind during the Antarctic summer, between
256 mid-October and April. The first Gentoos started coming here years ago,
257 right after the antenna and its concrete foundation were built, and have
258 been growing in numbers ever since. Whether they like the place because
259 it's warm and cuddly, or because of the average Gentoo's affinity to
260 technology, is clearly beside the point. At the time of this writing there
261 isn't much to see besides rocks and snow, but the birds should waddle in
262 within the month, says Martin Grund[21], the penguin fan who had the idea
263 for the Gentoo webcam and organised its setup. The camera (a Mobotix[22]
264 M10 Secure Dual) has a StrongARM CPU and runs Linux, by the way.
265
266 20. http://vlbi.leipzig.ifag.de/ohiggins/
267 21. http://www.martingrund.de
268 22. http://www.mobotix.de
269
270 Figure 4.1: Gentoo penguins and their favorite iceberg
271 /images/gwn/20041011-gentoo.jpg
272
273 Note: Photo courtesy of Reiner Wojdziak, BKG Leizpig
274
275 ======================
276 5. Gentoo in the press
277 ======================
278
279 IEEE Computing in Science and Engineering (Volume 6 Issue 5,
280 September/October 2004)
281 -----------------------
282
283 The IEEE's journal of Computing in Science and Engineering has published a
284 paper by George K. Thiruvathukal titled Gentoo Linux: The Next Generation
285 of Linux[23]. Thiruvathukal is an associate professor at Loyola University
286 in Chicago, and an affluent Gentoo activist, who recommends using it in
287 his advanced Linux classes at the university. His article for the IEEE
288 describes why Gentoo "is a good choice for scientists, and how its
289 structure gives us the flexibility and ease of management we need." Only
290 the abstract is accessible free of charge on the IEEE website, if you want
291 to read the full article, you need to purchase the document (35 USD), or
292 go to a library that subscribes to the journal.
293
294 23. http://ieeexplore.ieee.org/xpl/abs_free.jsp?arNumber=1324553
295
296 AnandTech (4 October 2004)
297 --------------------------
298
299 A report by Kristopher Kubicki at AnandTech is really about Linux 3D AGP
300 GPU Roundup: More Cutting Edge Penguin Performance[24] and just mentions
301 Gentoo en passant, but in nice enough words to point it out here: "It may
302 be due to the circles that we run in, but the sheer interest for Linux
303 among our peers seems to have peaked 100-fold what it was last year.
304 Simple, clean distros like SuSE, Fedora Core and Mandrake have done
305 wonders to the Windows migration crowd - and then there is the whole
306 Gentoo sensation as well," writes Kubicki in his introduction to
307 AnandTech's hardware benchmarking report for high performance 3D graphics
308 cards.
309
310 24. http://anandtech.com/linux/showdoc.aspx?i=2229
311
312 ZDNet Tech Update (7 October 2004)
313 ----------------------------------
314
315 David Berlind writes under the headline "Microsoft Surrounded?" that Linux
316 shows promise for the desktop, but must adopt the ease of use seen in Mac
317 OS X, for example, especially with regard to network, management and
318 resource sharing: "Leading the way on that front (according to ZDNet's
319 readers) is the Gentoo distribution."
320
321 Dallas Morning News (7 October 2004)
322 ------------------------------------
323
324 Titled "Love that Linux - Programmer finds happiness in moving Microsoft
325 out of his life", an article by Doug Bedell draws a portrait of Gentoo
326 Linux user Mike Owens, CIO at a real estate company and busy migrating
327 proprietary Windows environments to Linux. Registration is compulsory to
328 be able to read this article[25].
329
330 25.
331 http://www.dallasnews.com/sharedcontent/ptech/generalstories2/100604ccjrpte
332 chgeeklife.95181.html
333
334 The Triangle (1 October 2004)
335 -----------------------------
336
337 The student newspaper of Drexel University carries an article by Kevin
338 Lynch[26] about Linux distribution choices, comparing the "almost
339 idiot-proof configurations" of RPM-based distributions to "the sporty
340 young Gentoo" and others. The article's message is borrowed from Indiana
341 Jones and the Holy Grail: "Choose wisely."
342
343 26.
344 http://www.thetriangle.org/news/2004/10/01/SciTech/Versatility.Of.Linux.Dis
345 tribution.Allows.Choice-738620.shtml
346
347 The Triangle (8 October 2004)
348 -----------------------------
349
350 The same Kevin Lynch writes about the Linux Standard Base (LSB) just one
351 week later[27]: "Most of the controversy surrounding the LSB is over the
352 chosen installation package method, the Red Hat's Package Manager format.
353 [...] Gentoo Linux must redesign its entire package system to conform to
354 the LSB standards."
355
356 27.
357 http://www.thetriangle.org/news/2004/10/08/SciTech/Linuxs.Future.Lies.In.It
358 s.Communitys.Hands-747249.shtml
359
360 Maximum PC (October 2004 issue)
361 -------------------------------
362
363 On page 36 of this print-only magazine[28], editor Will Smith writes in an
364 article on must-have features for Longhorn, the next version of Windows:
365 "Finding and installing new applications is ludicrously easy on most Linux
366 distros these days. Microsoft needs to make finding new apps and loading
367 them on a PC as easy as emerge does on Gentoo or apt-get does on Debian.
368 I'm sick of the Installshield installer."
369
370 28. http://www.maximumpc.com
371
372 ===========
373 6. Bugzilla
374 ===========
375
376 Summary
377 -------
378
379 * Statistics
380 * Closed bug ranking
381 * New bug rankings
382
383 Statistics
384 ----------
385
386 The Gentoo community uses Bugzilla (bugs.gentoo.org[29]) to record and
387 track bugs, notifications, suggestions and other interactions with the
388 development team. Between 03 October 2004 and 09 October 2004, activity on
389 the site has resulted in:
390
391 29. http://bugs.gentoo.org
392
393 * 655 new bugs during this period
394 * 402 bugs closed or resolved during this period
395 * 20 previously closed bugs were reopened this period
396
397 Of the 7116 currently open bugs: 134 are labeled 'blocker', 237 are
398 labeled 'critical', and 530 are labeled 'major'.
399
400 Closed bug rankings
401 -------------------
402
403 The developers and teams who have closed the most bugs during this period
404 are:
405
406 * Gentoo's Team for Core System packages[30], with 66 closed bugs[31]
407 * media-video herd[32], with 20 closed bugs[33]
408 * Jeremy Huddleston[34], with 19 closed bugs[35]
409 * Java team[36], with 14 closed bugs[37]
410 * AMD64 Porting Team[38], with 13 closed bugs[39]
411 * Gentoo Security[40], with 12 closed bugs[41]
412 * Gentoo Games[42], with 12 closed bugs[43]
413 * Net-Mail Packages[44], with 10 closed bugs[45]
414 30. base-system@g.o
415 31.
416 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
417 field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
418 ED&assigned_to=base-system@g.o
419 32. media-video@g.o
420 33.
421 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
422 field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
423 ED&assigned_to=media-video@g.o
424 34. eradicator@g.o
425 35.
426 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
427 field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
428 ED&assigned_to=eradicator@g.o
429 36. java@g.o
430 37.
431 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
432 field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
433 ED&assigned_to=java@g.o
434 38. amd64@g.o
435 39.
436 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
437 field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
438 ED&assigned_to=amd64@g.o
439 40. security@g.o
440 41.
441 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
442 field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
443 ED&assigned_to=security@g.o
444 42. games@g.o
445 43.
446 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
447 field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
448 ED&assigned_to=games@g.o
449 44. net-mail@g.o
450 45.
451 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
452 field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
453 ED&assigned_to=net-mail@g.o
454
455
456 New bug rankings
457 ----------------
458
459 The developers and teams who have been assigned the most new bugs during
460 this period are:
461
462 * Gentoo's Team for Core System packages[46], with 31 new bugs[47]
463 * AMD64 Porting Team[48], with 15 new bugs[49]
464 * Gentoo Games[50], with 13 new bugs[51]
465 * Gentoo Toolchain Maintainers[52], with 11 new bugs[53]
466 * osx porters[54], with 9 new bugs[55]
467 * media-video herd[56], with 9 new bugs[57]
468 * Gnustep herd[58], with 9 new bugs[59]
469 * Gentoo Linux Gnome Desktop Team[60], with 9 new bugs[61]
470 46. base-system@g.o
471 47.
472 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
473 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
474 -09&assigned_to=base-system@g.o
475 48. amd64@g.o
476 49.
477 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
478 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
479 -09&assigned_to=amd64@g.o
480 50. games@g.o
481 51.
482 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
483 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
484 -09&assigned_to=games@g.o
485 52. toolchain@g.o
486 53.
487 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
488 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
489 -09&assigned_to=toolchain@g.o
490 54. osx@g.o
491 55.
492 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
493 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
494 -09&assigned_to=osx@g.o
495 56. media-video@g.o
496 57.
497 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
498 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
499 -09&assigned_to=media-video@g.o
500 58. gnustep@g.o
501 59.
502 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
503 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
504 -09&assigned_to=gnustep@g.o
505 60. gnome@g.o
506 61.
507 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
508 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
509 -09&assigned_to=gnome@g.o
510
511
512 ==================
513 7. Tips and Tricks
514 ==================
515
516 OpenVPN primer
517 --------------
518
519 There are as many advantages to VPN tunnels as there are different VPN
520 scenarios. One easy implementation is the "OpenVPN via tun-device"
521 solution. An example: you'd like to connect your laptop to your LAN at
522 home so that you can use your mail client without reconfiguring it anytime
523 you switch from home to internet and back. Let's say your mail-server is
524 192.168.1.10 in your LAN (192.168.1.0/24) at home, and you have got a
525 router/firewall providing access to the Internet. You connect from work or
526 school and want to read mail. OpenVPN can create two virtual devices for
527 you when connecting two computers through an encrypted tunnel. Naturally
528 you then have the possibility of forwarding traffic into the networks
529 behind them, and thus would be "virtually connected" to your LAN behind
530 the firewall. To enable this, either your firewall or a server behind it
531 should run OpenVPN (if you choose a server in your LAN, you'll have to
532 forward the destination port to the OpenVPN server).
533
534 Here's what you need to do:
535
536 ---------------------------------------------------------------------------
537 | Code Listing 7.1: |
538 |Enable the tun module in your kernel: Kernel config - tun |
539 module---------------------------------------------------------------------
540 ----
541 | |
542 | [*] Networking support |
543 | Networking options ---> |
544 | [ ] Amateur Radio support ---> |
545 | < > IrDA (infrared) subsystem support ---> |
546 | < > Bluetooth subsystem support ---> |
547 | [*] Network device support |
548 | < > Dummy net driver support |
549 | < > Bonding driver support |
550 | < > EQL (serial line load balancing) support |
551 | <M> Universal TUN/TAP device driver support This option must |
552 be enabled
553 ---------------------------------------------------------------------------
554
555 Make sure this module exists and can be loaded. Next, install OpenVPN and
556 it dependencies.
557
558 ---------------------------------------------------------------------------
559 | Code Listing 7.2: |
560 |Install |
561 OpenVPN--------------------------------------------------------------------
562 -----
563 |emerge openvpn |
564 ---------------------------------------------------------------------------
565
566 Now on both server and client, create a directory for your configuration:
567
568 ---------------------------------------------------------------------------
569 | Code Listing 7.3: |
570 |Make |
571 directory------------------------------------------------------------------
572 -------
573 |mkdir /etc/openvpn |
574 |mkdir /etc/openvpn/myhomelan |
575 ---------------------------------------------------------------------------
576
577 Inside that directory, create a shared key for your VPN session and copy
578 that key to the client's directory, /etc/openvpn/myhomelan.
579
580 ---------------------------------------------------------------------------
581 | Code Listing 7.4: |
582 |Generate shared |
583 key------------------------------------------------------------------------
584 ---------------------------------------------------------------------------
585 |cd /etc/openvpn/myhomelan |
586 |openvpn --genkey --secret myhomelan-key.txt |
587 ---------------------------------------------------------------------------
588
589 Now for the tricky part, the routing. It is important that the two tun
590 devices on the client and server use IP addresses from the same subnet.
591 The configuration files shown below list the type of device, the two
592 end-points of the tunnel, the compression method and the UDP-port on which
593 the tunnel is established. Finally privileges are dropped to user and
594 group as listed:
595
596 ---------------------------------------------------------------------------
597 | Code Listing 7.5: |
598 |Server-side configuration file |
599 /etc/openvpn/myhomelan/local.conf------------------------------------------
600 -------------------------------
601 |dev tun |
602 |ifconfig 172.16.1.1 172.16.1.20 IP of the local tun device and its peer |
603 |secret /etc/openvpn/myhomelan/myhomelan-key.txt |
604 |comp-lzo |
605 |port 5000 |
606 |user nobody |
607 |group nobody |
608 ---------------------------------------------------------------------------
609
610 The client's configuration needs the tunnel's destination address. This is
611 often a dynamic DNS address, sometimes a fixed IP, depending on your ISP.
612 You also need to route to your home LAN (192.168.1.0 in our example). You
613 can call a shell script from the configuration file that accordingly sets
614 a route.
615
616 ---------------------------------------------------------------------------
617 | Code Listing 7.6: |
618 |Client-side configuration file |
619 /etc/openvpn/myhomelan/local.conf------------------------------------------
620 -------------------------------
621 |remote <servers.dynamic.dns.address> or your VPN server's external IP |
622 if you have a fixed one
623 |dev tun |
624 |ifconfig 172.16.1.20 172.16.1.1 IP of the local tun device and its |
625 peer
626 |secret /etc/openvpn/myhomelan/myhomelan-key.txt |
627 |comp-lzo |
628 |port 5000 |
629 |user nobody |
630 |group nobody |
631 |up /etc/openvpn/myhomelan/route.sh sets up the route to the network |
632 behind the VPN server
633 ---------------------------------------------------------------------------
634
635 The route command would need to set the client's gateway for the network
636 192.168.1.0 to its peer's address (172.16.1.1 in our setup).
637
638 ---------------------------------------------------------------------------
639 | Code Listing 7.7: |
640 |/etc/openvpn/myhomelan/route.sh-------------------------------------------|
641 ------------------------------
642 |#!/bin/bash |
643 |route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.1.1 |
644 ---------------------------------------------------------------------------
645
646 That's it. Start OpenVPN on the server and the client, and check the
647 devices with ifconfig and the routes with route -n. Success!
648
649 ===========================
650 8. Moves, adds, and changes
651 ===========================
652
653 Moves
654 -----
655
656 The following developers recently left the Gentoo team:
657
658 * None this week
659
660 Adds
661 ----
662
663 The following developers recently joined the Gentoo Linux team:
664
665 * None this week
666
667 Changes
668 -------
669
670 The following developers recently changed roles within the Gentoo Linux
671 project:
672
673 * None this week
674
675 ====================
676 9. Contribute to GWN
677 ====================
678
679 Interested in contributing to the Gentoo Weekly Newsletter? Send us an
680 email[62].
681
682 62. gwn-feedback@g.o
683
684 ================
685 10. GWN feedback
686 ================
687
688 Please send us your feedback[63] and help make the GWN better.
689
690 63. gwn-feedback@g.o
691
692 ================================
693 11. GWN subscription information
694 ================================
695
696 To subscribe to the Gentoo Weekly Newsletter, send a blank email to
697 gentoo-gwn-subscribe@g.o.
698
699 To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
700 gentoo-gwn-unsubscribe@g.o from the email address you are
701 subscribed under.
702
703 ===================
704 12. Other languages
705 ===================
706
707 The Gentoo Weekly Newsletter is also available in the following languages:
708
709 * Danish[64]
710 * Dutch[65]
711 * English[66]
712 * German[67]
713 * French[68]
714 * Japanese[69]
715 * Italian[70]
716 * Polish[71]
717 * Portuguese (Brazil)[72]
718 * Portuguese (Portugal)[73]
719 * Russian[74]
720 * Spanish[75]
721 * Turkish[76]
722 64. http://www.gentoo.org/news/da/gwn/gwn.xml
723 65. http://www.gentoo.org/news/be/gwn/gwn.xml
724 66. http://www.gentoo.org/news/en/gwn/gwn.xml
725 67. http://www.gentoo.org/news/de/gwn/gwn.xml
726 68. http://www.gentoo.org/news/fr/gwn/gwn.xml
727 69. http://www.gentoo.org/news/ja/gwn/gwn.xml
728 70. http://www.gentoo.org/news/it/gwn/gwn.xml
729 71. http://www.gentoo.org/news/pl/gwn/gwn.xml
730 72. http://www.gentoo.org/news/br/gwn/gwn.xml
731 73. http://www.gentoo.org/news/pt/gwn/gwn.xml
732 74. http://www.gentoo.org/news/ru/gwn/gwn.xml
733 75. http://www.gentoo.org/news/es/gwn/gwn.xml
734 76. http://www.gentoo.org/news/tr/gwn/gwn.xml
735
736
737 Ulrich Plate <plate@g.o> - Editor
738 Brian Downey <bdowney@×××××××××××.net> - Author
739 Marc Hildebrand <zypher@g.o> - Author
740 Patrick Lauer <patrick@g.o> - Author
741 Emmet Wagle <ewagle@×××××.com> - Author
742
743
744 --
745 gentoo-gwn@g.o mailing list
Report Message
Find on MARC Find on Google Groups