using PPP vpn and the MPE encryption

I set up a PPP server using ubuntu server, the clients were windows XP and 7, the connection was ok.

Until I needed to configure a ubuntu client, in the server logs I got:

kernel: [1071485.295709] mppe_decompress[0]: osize too small! (have: 547 need: 574)
kernel: [1071514.528714] mppe_decompress[0]: osize too small! (have: 547 need: 574)
kernel: [1071558.144126] mppe_decompress[0]: osize too small! (have: 547 need: 1405)
kernel: [1071558.214600] mppe_decompress[0]: osize too small! (have: 547 need: 1405)
kernel: [1071558.858966] mppe_decompress[0]: osize too small! (have: 547 need: 674)

and more logs like that, and for the ubuntu client I had no connection.

The problem was this ubuntu client (with graphical interface) so I need to use the NetworkManager plugin to configure, after some search I got the problem was the MTU in the client, but there is no way to set it up with in the plugin.

If the client was only a ubuntu console, it will be ease, just some files in the /etc/ppp and:

#pon <connectionname>

#poff <connectionname>

but in this case is a graphical interface, so the solution is go to

# cd /etc/NetworkManager/dispatcher.d

and create a file vpn-up:

#!/bin/sh

if [ “$2” = “vpn-up” ]; then
/sbin/ifconfig “$1” mtu 540
fi

dont forget the

# chmod +x vpn-up

Now, there trick with the mtu value, in some cases there is a +4 bytes, other values, etc… in my case I got:

have: 547 need: 574

so 547 are arriving for sure, what is I put mtu to 540? it work :)

I hope I can help someone with this.

 

MySql with ssl in LAMP

Usually what most IT people do is setup a MySql server, open the port 3306, setup the firewall, setup users with rights for the databases and we have a system up and running.

I had a project similar, this MySql server doing responses to a remote web server by 3306 port, and everything was working OK.

The problem here is what level of security you need for this data (the data between the web server and the MySql server). In most of the cases you don’t need it, that’s why encryption in MySql is disabled by default.

The case: you have a remote server with ssl enabled and you want to connect by a php script. the code is like this:

in this case, we need to initiation object this way:

$conn = mysqli_init();

set the options for use MYSQLI_OPT_SSL_VERIFY_SERVER_CERT

mysqli_options($conn, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);

we need the .pem from the server

$conn->ssl_set(NULL, NULL, ‘/path/to/the/cert.pem’,NULL, NULL);

to check the connection

$link = mysqli_real_connect($conn, $host, $user, $pass, $name, $port, NULL, MYSQLI_CLIENT_SSL);

if (!$link) {
die (‘Connect error (‘ . mysqli_connect_errno() . ‘): ‘ . mysqli_connect_error() . “\n”);
}

something I always do in any connection

$conn->set_charset(“utf8”);

query time!

$result = $conn->query(‘select * from very_important_table’);

 

 

Basic docker commands

For a project I needed to run pdftk in a cronjob and for a time it work without problems, then I got some mails saying that it was a problem with some files to convert.

I investigate and I found the problem was the version of pdftk, I need to update but the linux distro (Ubuntu in that case), it was the last version. So I had two options:

  • Upgrade Ubuntu and then update the pdftk.
  • Uninstall pdftk and installed from sources.

I didn’t know that there is a third option: docker!

The idea is to create a container with the upgraded version of the Ubuntu and then install the last version of pdftk. The commands are:

Just for or download the version that I want:

# docker run ubuntu:14.04 /bin/echo ‘Hello world’

For enter in the container:

# docker run -t -i ubuntu:14.04 /bin/bash

Then inside the container:

# apt-get update
# apt-get upgrade
# apt-get install pdftk
# exit

This step is important, if I enter again to the container I will start from zero, the idea is after I did something that I want I must commit to save the state:

# docker commit -m “install pdftk” -a armandfp/ubuntu <container ID> ubuntu:pdftk

The container ID you can get from the hostname when you were in the container.

After the commit, you can do a:

# docker images

And you will see two images, one form the original status and other one that you commit.

Then in the cronjob I enable to create a docker container, use the pdftk, convert the files and close the container; it works :)