검색결과 리스트
우분투에 해당되는 글 3건
- 2008/11/23 우분투 환경에서 openvpn 설정 (3)
- 2008/11/23 MySQL 5.0 에서 에러 상황 극복?
- 2006/07/09 우분투 대퍼 사용소감!!!
글
우분투 환경에서 openvpn 설정
상대적으로 openvpn 서버를 이용하지 않고, 윈도우에서 사용하는 pptp 프로토콜을 사용하려고 하는 경우 poptop의 우분투 패키지인 pptpd 를 설치하고 간단한 설정을 통해서 바로 접속이 가능했다. 문제는 우리 회사의 경우 pptpd 를 정책상 막아 놓은건지 서버로 접속은 가능했지만, 서버에서 외부 접속에서 사용하는 ppp를 생성하는 중에 아래와 같은 메시지를 뿜으면서 커넥션을 잃어버리더라...
pptpd 설정
...
Nov 23 16:28:21 zeropage pptpd[7279]: CTRL: Client 203.244.218.56 control connection started
Nov 23 16:28:21 zeropage pptpd[7279]: CTRL: Starting call (launching pppd, opening GRE)
Nov 23 16:28:21 zeropage pppd[7280]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Nov 23 16:28:21 zeropage pppd[7280]: pppd 2.4.4 started by root, uid 0
Nov 23 16:28:21 zeropage pppd[7280]: Using interface ppp0
Nov 23 16:28:21 zeropage pppd[7280]: Connect: ppp0 <--> /dev/pts/2
Nov 23 16:28:21 zeropage pptpd[7279]: GRE: Bad checksum from pppd.
Nov 23 16:28:51 zeropage pppd[7280]: LCP: timeout sending Config-Requests
Nov 23 16:28:51 zeropage pppd[7280]: Connection terminated.
Nov 23 16:28:51 zeropage pppd[7280]: Modem hangup
Nov 23 16:28:51 zeropage pppd[7280]: Exit.
Nov 23 16:28:51 zeropage pptpd[7279]: GRE: read(fd=6,buffer=8058660,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Nov 23 16:28:51 zeropage pptpd[7279]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Nov 23 16:28:51 zeropage pptpd[7279]: CTRL: Reaping child PPP[7280]
Nov 23 16:28:51 zeropage pptpd[7279]: CTRL: Client 203.244.218.56 control connection finished
어쨋든 그래서 openvpn 을 다시 한번 시도를 해보았지만, 기존에 존재하는 국내 문서중에는 openvpn을 우분투 패키지를 이용해서 설정한 내용이 없어서, 설정을 시도하면서 문서로 남겨볼겸 이렇게 글을 적고 있다.
참고문서) http://www.ventanazul.com/webzine/articles/openvpn-ubuntu-and-hulu
더보기
우선, 패키지 관리자를 이용해서 openvpn 패키지를 설치한다. apt-get, aptitude, synaptic 무엇을 패키지 설치에 이용해도 무방할 것이다. 개인적 기호에 의해서 aptitude 를 이용해서 설치했다.
설치를 한뒤 아래의 명령어로 기본 설정파일 위치를 지정한다.
해당 파일을 열고 이전에 존재하는 모든 내용을 comment 처리 한뒤, AUTOSTART="openvpn" 을 마지막에 추가한다.
이렇게 설정해주면 openvpn 은 구동시 /etc/openvpn/openvpn.conf 설정을 찾는데, 현재는 존재하지 않기 때문에 따로 작성을 할 것이다.
다음 작업할 내용은 키와 인증서를 만드는 일이다.
rsa 설정을 위해서 예제 설정 파일을 복사해온다.
root@zeropage:/etc/openvpn#vi easy-rsa/vars
위의 파일이 존재하지 않는 상황이라면 아래의 위치에서 설정 파일을 찾아보자.
root@zeropage:/etc/openvpn#vi easy-rsa/2.0/vars
export KEY_PROVINCE=LI
export KEY_CITY=Lima
export KEY_ORG="Nombre-OpenVPN"
export KEY_EMAIL="tu-nombre@example.com"
그리고 아래의 명령어를 이용해서 환경 설정을 현재 터미널에 반영한다.
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
Generating a 1024 bit RSA private key
..............++++++
........................................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [PE]:
State or Province Name (full name) [LI]:
Locality Name (eg, city) [Lima]:
Organization Name (eg, company) [Nombre-OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [Nombre-OpenVPN CA]:
Email Address [tu-nombre@example.com]:
서버키를 작성한다. (서버키 작성 마지막에 certification 을 반드시 작성하도록 y를 선택해야한다)
Generating a 1024 bit RSA private key
...++++++
.................++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [PE]:
State or Province Name (full name) [LI]:
Locality Name (eg, city) [Lima]:
Organization Name (eg, company) [Nombre-OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [server]:
Email Address [tu-nombre@example.com]:
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'PE'
stateOrProvinceName :PRINTABLE:'LI'
localityName :PRINTABLE:'Lima'
organizationName :PRINTABLE:'Nombre-OpenVPN'
commonName :PRINTABLE:'server'
emailAddress :IA5STRING:'tu-nombre@example.com'
Certificate is to be certified until Nov 21 08:03:49 2018 GMT (3650 days)
Sign the certificate? [y/n]:
CERTIFICATE WILL NOT BE CERTIFIED
클라이언트 키를 작성한다.
Generating a 1024 bit RSA private key
..................++++++
............++++++
writing new private key to 'client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [PE]:
State or Province Name (full name) [LI]:
Locality Name (eg, city) [Lima]:
Organization Name (eg, company) [Nombre-OpenVPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [client]:
Email Address [tu-nombre@example.com]:
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'PE'
stateOrProvinceName :PRINTABLE:'LI'
localityName :PRINTABLE:'Lima'
organizationName :PRINTABLE:'Nombre-OpenVPN'
commonName :PRINTABLE:'client'
emailAddress :IA5STRING:'tu-nombre@example.com'
Certificate is to be certified until Nov 21 08:06:02 2018 GMT (3650 days)
Sign the certificate? [y/n]:
CERTIFICATE WILL NOT BE CERTIFIED
Diffie Hellman 파라메터를 생성한다.
root@zeropage:/etc/openvpn/easy-rsa/2.0# ./build-dh
root@zeropage:/etc/openvpn/easy-rsa/2.0# ./build-dh
This is going to take a long time
.........+....................................+................+.........................................+.............................................................................+...................+.............................................+....+........................+..........................................................................................+...........................................+............................+.............................................................................++*++*++*
이제 기본적인 키 작성 작업이 끝났다. 클라이언트 측에서 서버로의 접속을 위해서는 /etc/openvpn/easy-rsa/keys 디렉토리내에 3개의 파일이 필요하니 잘 보관한다.
client1.crt
client1.key
openvpn 환경 설정 파일을 만들어야한다.
dev tun
proto tcp
port 1194
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
#status openvpn-status.log
#verb 3
client-to-client
push "redirect-gateway def1"
#log-append /var/log/openvpn
comp-lzo
그리고 IP라우팅을 위해서 아래의 커맨드를 한번씩 날려준다.
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
sudo iptables -L -t nat
(차후 방화벽 정책 삭제를 위해서는 sudo iptables -F -t nat)
서버쪽 설정은 완료 되었음을 알 수 있다.
eth0 Link encap:Ethernet HWaddr 00:17:31:f3:11:1e
inet addr:165.194.17.160 Bcast:165.194.17.255 Mask:255.255.255.0
inet6 addr: fe80::217:31ff:fef3:111e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34354629 errors:0 dropped:0 overruns:0 frame:0
TX packets:14478158 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:355495487 (339.0 MB) TX bytes:744316533 (709.8 MB)
Interrupt:217 Base address:0x8000
eth1 Link encap:Ethernet HWaddr 00:48:54:4a:e0:c7
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:20 Base address:0xac00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:348697 errors:0 dropped:0 overruns:0 frame:0
TX packets:348697 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:185131767 (176.5 MB) TX bytes:185131767 (176.5 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
자 이제 오늘의 핵심 클라이언트에서 이제 VPN 서버로 한번 붙여보자. ㅋㅋ
VPN서버로 붙일 윈도우에서 http://openvpn.org 에서 제공하는 윈도우용 클라이언트를 받고 설치하자!!!
프로그램 메뉴의 OpenVPN configuration file directory 를 열고 서버에서 생성된 키중 ca.crt, client.crt, client.key 를 복사하고, client.ovpn 파일을 열고 remote 항목을 수정하면 종료!!!
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# will be pulling certain config file directives
# from the server.
client
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# You can have multiple remote entries
# to load balance between the servers.
remote 165.194.17.160 1194
;remote my-server-2 1194
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# a specific local port number.
nobind
;user nobody
;group nobody
persist-key
persist-tun
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cert client.crt
key client.key
# 위의 3개의 값을 절대경로를 함께 넣어서 "c:\\program files\\openvpn\\config\\key\...." 형태로 지정해야함.
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
;ns-cert-type server
# then every client must also have the key.
;tls-auth ta.key 1
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
verb 3
;mute 20
오케이 이렇게 하고 접속하면 VPN 성공... ㅋㅋㅋ
ps. 근데 또 안붙네... ㅡㅡ;; 덜덜 역시 외부망으로는 못붙는건가... 영 이상한디 ㅜ.ㅜ
글
MySQL 5.0 에서 에러 상황 극복?
error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists!
어쨋든 다시 올리면 아래와 같은 냄새나는 메시지를 뿜으면서 전혀 응답을 하지 않는다.
* Checking for corrupt, not cleanly closed and upgrade needing tables.
체크하면서 lock 을 거는것 같은데 자세한 건 모르겠고... 아무리 기다려도 웹에서 응답할 생각을 안하길래... 어떻게 해결했는고 하니...
그냥 루트로 권한 변경해서 mysql 데이터가 저장되는 장소에서 isam 체크를 한번씩 돌려보았다. -0-
root@daphne:/var/lib/mysql# myisamchk */*.MYI
...
Checking MyISAM file: mysql/columns_priv.MYI
Data records: 0 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
---------
Checking MyISAM file: mysql/db.MYI
Data records: 9 Deleted blocks: 1
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
- check data record references index: 2
---------
Checking MyISAM file: mysql/func.MYI
Data records: 0 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
---------
Checking MyISAM file: mysql/help_category.MYI
Data records: 36 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
- check data record references index: 2
---------
Checking MyISAM file: mysql/help_keyword.MYI
Data records: 401 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
- check data record references index: 2
---------
Checking MyISAM file: mysql/help_relation.MYI
Data records: 825 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
---------
Checking MyISAM file: mysql/help_topic.MYI
Data records: 475 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
- check data record references index: 2
- check record links
---------
Checking MyISAM file: mysql/host.MYI
Data records: 0 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
---------
Checking MyISAM file: mysql/proc.MYI
Data records: 0 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
- check record links
---------
Checking MyISAM file: mysql/procs_priv.MYI
Data records: 0 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
- check data record references index: 2
---------
Checking MyISAM file: mysql/tables_priv.MYI
Data records: 0 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
- check data record references index: 2
---------
Checking MyISAM file: mysql/time_zone.MYI
Data records: 0 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
---------
Checking MyISAM file: mysql/time_zone_leap_second.MYI
Data records: 0 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
---------
Checking MyISAM file: mysql/time_zone_name.MYI
Data records: 0 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
---------
Checking MyISAM file: mysql/time_zone_transition.MYI
Data records: 0 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
---------
Checking MyISAM file: mysql/time_zone_transition_type.MYI
Data records: 0 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
---------
Checking MyISAM file: mysql/user.MYI
Data records: 16 Deleted blocks: 0
- check file-size
- check record delete-chain
- check key delete-chain
- check index reference
- check data record references index: 1
- check record links
---------
...
(현업에서 이렇게 처리하면 난리나겟지만.. ㅋㅋㅋ)
글
우분투 대퍼 사용소감!!!
워낙에 소문이 자자했지만 뭐 그러려니하다가 간만에 리눅스를 다시 설치해봅니다. (한 일년만인가 ㅡㅡ;;) 윈도우가 2번째 하드에 설치되있어서 GRUB 설정이 바로 안되더군요. -_- 귀찮게 스리...
정말로 많이 좋아졌더군요. 좋아졌다는 것은 시스템적인 측면이 아니라.. 최초 사용자의 접근성 측면에서 대폭 향상이 이루어진 듯합니다. 내공 높으신 분들은 그때나 지금이나 잘들 이용하시 겠지만 저 같은 하수인 경우에는 정말 엄청나게 힘들었던 설정들이 이제는 그냥 되네요. 헐;;;
대표적인게 바로 윈도우 글꼴... 예전에는 볼드체가 않나와서 pango 패치까지 해가면서 설정했던 것 같은데 이제는 fc-cache 만하면 바로 넘어가네요 -_-;;;
무엇보다도 SCIM 이란 놈이 생겼네요. 아마 입력기의 통합형 인터페이스 비슷한놈이라고 생각되는데 맞는지 모르겠습니다. (윈도우의 IME 처럼...)
단지 이제 아쉬운건 오픈 오피스네요. -_-; PPT의 문서 인식률은 거의 100%더군요. 단지 속도가 MS의 그것보다 반응이 상당히 느리고 애니메이션에 대한 인식이 불완전한 것 같습니다. (얼추보아서....) 아마 오픈 오피스 전용 포맷을 이용하면 해결이 되겠지만...
ODF 를 MS에서도 공식적으로 지원한다고 발표했던데... 나중에 오픈 오피스와 MS 오피스 사이에 이런식의 문제가 발생하는게 아닐까 불안하네요.
WORD 파일은 예전에 해봤을때 거의 인식이 잘 안되던데-_-; 지금은 어떤지 모르겠습니다.
(요즘은 워드보다 PPT 사용률이 높아서;;)
