1. Install the necessary software (pptpd, pptp-linux, ppp and ufw – for firewall):
    apt-get install pptpd pptp-linux ppp ufw
  2. Enable port 22 (ssh) in the firewall, so we don’t get locked out of our instance:
    ufw allow 22
  3. Enable port 1723 (pptpd) in the firewall to enable access to the pptpd dameon:
    ufw allow 1723
  4. Enable ufw:
    ufw enable
  5. Add an aliased network interface card (eth0:0): (We use the address space of 192.168.88.0/24 since its usually free for most networks for most users. You can feel free to change this address if it is already taken)
    Edit /etc/network/interfaces:

    nano /etc/network/interfaces

    Enter the following text at the end of the file:

    auto eth0:0
    iface eth0:0 inet static
    address 192.168.88.1
    netmask 255.255.255.0
    gateway (same value as listed for eth0)
    dns-nameservers (same value as listed for eth0)

    Replace the value of “gateway” with the same value you will see in this file for “eth0″, the real public network interface.
    Replace the value of “dns-nameservers” with the same value you will see in this file for “eth0″

  6. Configure the pptpd daemon:
    Edit /etc/ppp/pptpd-options:

    nano /etc/ppp/pptpd-options

    Comment out (add a “#” char at the start of the line) the following lines:
    “refuse-pap”
    “refuse-chap”
    “refuse-mschap”
    “refuse-mschap-v2″
    “require-mppe-128″

    replace “#ms-dns 10.0.0.1″ with “ms-dns 8.8.8.8″
    replace “#ms-dns 10.0.0.2″ with “ms-dns 4.4.4.4″

    The last 2 lines above sets the DNS server the devices connecting to your PPTP VPN will use. The addresses above are for the Google Public DNS server, but can be any other DNS server (including the same DNS servers as Rackspace or your hosting provider use)

    Edit /etc/pptpd.conf :

    nano /etc/pptpd.conf

    Add at the bottom of the file:

    localip 192.168.88.1
    remoteip 192.168.88.2-20

    The value of “remoteip” will be the set of IP addresses the devices connecting to the VPN will get upon successful connection. Currently, we have here 18 addresses, which is enough for 18 concurrent devices. You can make this range bigger if needed.

  7. Configure the username and password that will be used to authenticate client accessing the VPN:
    Edit /etc/ppp/chap-secrets:

    nano /etc/ppp/chap-secrets
    # client server secret IP addresses
    [UserName] pptpd [Password] *

    Replace [UserName] with the username you wish to use.
    Replace [Password] with the password you wish to use (I suggest a long random password. Try this generator)

  8. Enable IP forwarding in the kernel:
    Edit /etc/sysctl.conf :

    nano /etc/sysctl.conf

    Uncomment the line “net.ipv4.ip_forward=1″
    For IPv6, uncomment “net.ipv6.conf.all.forwarding=1″

  9. Enable IP forwarding in ufw:
    Edit /etc/default/ufw:

    nano /etc/default/ufw

    Change the value of “DEFAULT_FORWARD_POLICY” from “DROP” to “ACCEPT”

  10. Add IP masquerading rule in ufw, so that NAT will work and devices connecting to the VPN will be seen as if the traffic goes out of the VPN server:
    Edit /etc/ufw/before.rules:

    nano /etc/ufw/before.rules

    Paste the text below after the header and before the “*filter” rules:

    # nat Table rules
    *nat
    :POSTROUTING ACCEPT [0:0]# Allow forward traffic from eth0:0 to eth0
    -A POSTROUTING -s 192.168.88.0/24 -o eth0 -j MASQUERADE# don’t delete the ‘COMMIT’ line or these nat table rules won’t be processed
    COMMIT

  11. Reboot the machine, cross your fingers and hope for the best :-)

Configuring your iPhone / iPad

  1. In your iPhone / iPad go to “Settings” -> “General” -> “Network” -> “VPN”
  2. Select “Add VPN Configuration”
  3. Select “PPTP”
  4. In “Description” enter the name of the VPN connection
  5. In “Server” enter the IP address of the server (or a server name, if you mapped the server’s IP address to a domain name)
  6. In “Account” enter the username you have entered into the “/etc/ppp/chap-secrets” file
  7. In “Password” enter the password you entered for the above username in “/etc/ppp/chap-secrets”
  8. Make sure “Send All Traffic” is turned to “ON”
  9. Set “Encryption Level” to “None” (this is how we configured the PPTP server in this post, if you setup an encryption try to keep it in “Auto”
  10. Select save

http://eran.sandler.co.il/2010/08/30/pptp-vpn-on-ubuntu-10-04-for-your-iphone-ipad/

 

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
http://www.ubuntugeek.com/howto-pptp-vpn-server-with-ubuntu-10-04-lucid-lynx.html

$ /sbin/iptables -P FORWARD ACCEPT
$ /sbin/iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE
http://www.larmeir.com/2010/03/setting-up-a-pptp-vpn-server-on-debian-and-ubuntu/

Largest Corporate Quarterly Earnings of All Time, Rank #4 Apple

 

# Company Industry Country Year Fiscal Quarter Report Date Earnings (bn) USD Inflation to June 2011 USD Real Earnings (bn)
1 Gazprom Oil and gas  Russia 2011 1Q 30 August 2011 $16.24
2 Royal Dutch Shell Oil and gas  Netherlands 2008 2Q 30 June 2008 $15.68 3.16% $16.18
3 ExxonMobil Oil and gas  United States 2008 3Q 30 September 2008 $14.8 3.17% $15.27
4 Apple Consumer electronics  United States 2012 1Q 24 January 2012 $13.06 0% $13.06

 

screen20shot202012-01-2420at202-23

http://en.wikipedia.org/wiki/List_of_largest_corporate_profits_and_losses#Largest_Corporate_Quarterly_Earnings_of_All_Time

mini-Howto: Cisco Router Debugging

Virtual Terminal Logging

In order to enable logging on your virtual terminal connection via telnet, type:

terminal monitor

Enable Debugging on Virtual Terminal

In order to enable debugging messages on your virtutal terminal, type:

undebug all
conf t
logging monitor debugging
logging on
exit

Debug

Cisco routers can debug a whole lot of things. Let’s try a simple example:

debug isdn events

How do I turn this off again?

Yeah, right. You’re sick of all those messages and want to get rid of them without logging out and all this. Here you go:

undebug all
terminal no monitor
conf t
no logging monitor
exit

 

http://www.kostis.net/hints/cisco/cisco-debug.htm

Trying to setup a server with 2 public network connections. i first started reading this link

That one looked a little confusing then I found this link


 

4.2.1. Split access

The first is how to route answers to packets coming in over a particular provider, say Provider 1, back out again over that same provider.

Let us first set some symbolical names. Let $IF1 be the name of the first interface (if1 in the picture above) and $IF2 the name of the second interface. Then let $IP1 be the IP address associated with $IF1 and $IP2 the IP address associated with $IF2. Next, let $P1 be the IP address of the gateway at Provider 1, and $P2 the IP address of the gateway at provider 2. Finally, let $P1_NET be the IP network $P1 is in, and $P2_NET the IP network $P2 is in.

One creates two additional routing tables, say T1 and T2. These are added in /etc/iproute2/rt_tables. Then you set up routing in these tables as follows:

 ip route add $P1_NET dev $IF1 src $IP1 table T1 ip route add default via $P1 table T1 ip route add $P2_NET dev $IF2 src $IP2 table T2 ip route add default via $P2 table T2

Nothing spectacular, just build a route to the gateway and build a default route via that gateway, as you would do in the case of a single upstream provider, but put the routes in a separate table per provider. Note that the network route suffices, as it tells you how to find any host in that network, which includes the gateway, as specified above.

Next you set up the main routing table. It is a good idea to route things to the direct neighbour through the interface connected to that neighbour. Note the `src’ arguments, they make sure the right outgoing IP address is chosen.

	    ip route add $P1_NET dev $IF1 src $IP1
	    ip route add $P2_NET dev $IF2 src $IP2

Then, your preference for default route:

	    ip route add default via $P1

Next, you set up the routing rules. These actually choose what routing table to route with. You want to make sure that you route out a given interface if you already have the corresponding source address:

	    ip rule add from $IP1 table T1
	    ip rule add from $IP2 table T2

This set of commands makes sure all answers to traffic coming in on a particular interface get answered from that interface.

 

Warning: Reader Rod Roark notes: ‘If $P0_NET is the local network and $IF0 is its interface, the following additional entries are desirable:

ip route add $P0_NET     dev $IF0 table T1
ip route add $P2_NET     dev $IF2 table T1
ip route add 127.0.0.0/8 dev lo   table T1
ip route add $P0_NET     dev $IF0 table T2
ip route add $P1_NET     dev $IF1 table T2
ip route add 127.0.0.0/8 dev lo   table T2

Now, this is just the very basic setup. It will work for all processes running on the router itself, and for the local network, if it is masqueraded. If it is not, then you either have IP space from both providers or you are going to want to masquerade to one of the two providers. In both cases you will want to add rules selecting which provider to route out from based on the IP address of the machine in the local network.

I was having problems uploading files to vCloud Director. I knew this was some kind of NAT problem because our service is running behind a firewall, but we had all the necessary ports open. Then I found this link:

You try to upload your files (.iso and .ovf images for either a vApp or media and receive an error message like:

Error: Transferring files

On page 98 of the vdc_15_admin_guide.pdf you will find a paragraph pointing out that you need to fill in the API field for uploads to work.

During the initial configuration of each cloud cell, you specified an HTTP service IP address. By default, vCloud Director uses that address in the XML responses from the REST API and as the upload target for the transfer service (for uploading vApp templates and media). To use a different address, specify a public REST API base URL.

I missed this step in my setup. I entered https://<ip>/ and now it works :)

 

Had a client the other day that required sound in his virtual desktop

Found the answer here: link1

Windows 2003 Server allows disabling certain resources in Remote Desktop sessions, and guess what? The sound is by default disabled for Windows Terminal Services sessions…

So, here is how to re-enable audio in TS sessions on Win2003:
– Launch “Control Panel” (Start Menu / Settings / Control Panel)
– In “Administrative Tools”, launch “Terminal Services Configuration”
– In the mmc applet, select the Connections node, select the RDP-Tcp session settings in the right pane, right click it and open the Properties page.
– Click the “Client Settings” tab
– In the bottom of this dialog where the “Disable the following:” section is, uncheck the “Audio mapping” which is checked by default.
– Ok the Properties dialog.

If you are connected already to a TS session, you’ll have to LogOut first (no, Disconnect won’t be enough!), then LogIn again to the server, and voila! Now your audio files should play fine.