IKEv2 VPN Client Setup on Debian Squeeze

Recently my company was set up a Windows 2008 VPN server. It is configured to accept only SSTP and IKEv2 protocols.

I did not find any working clients for Linux that uses SSTP protocol, but for IKEv2 strongSwan provides a quite easily configurable and working solution.

To set up the VPN client I did the following:

1. Installed the strongswan-ikev2 package.
# apt-get install strongswan-ikev2

2. Configured the /etc/ipsec.conf file (changed the bold values):

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup

# Add connections here.
conn %default

conn companyvpn
rightid="C=XX, ST=State, L=Location, O=Organization, OU=OrgUnit, CN=CommonName, E=email"

include /var/lib/strongswan/ipsec.conf.inc

3. Set up the password for the user name in the /etc/ipsec.secrets file:
username : EAP "password"

4. Put the certificate of the Certificate Authory into the /etc/ipsec.d/cacerts/ directory to trust the certificates which was created by this CA:
# mv CA.cer /etc/ipsec.d/cacerts/

5. Restart ipsec:
# /etc/init.d/ipsec restart

6. To run the VPN connection type:
# ipsec up companyvpn

7. Use the VPN connection.
8. To stop the VPN connection type:
# ipsec down companyvpn

Emacs Setup for Python Development on Debian Squeeze

This a brief description of how to install emacs as a python development environment on a Debian Squeeze.

If emacs is not installed than install it with apt:
$ sudo apt-get install emacs

Than install the following packages using apt:
$ sudo apt-get install python-mode pymacs auto-complete-el yasnippet pyflakes

However python-rope and python-ropemacs packages are available in the debian repository they are not working perfectly, so these packages should be installed by the python way, to do this we need the python-setuptools package:
$ sudo apt-get install python-setuptools

Now we have ease_install, so use it to install rope and ropemacs:
$ sudo easy_install rope
$ sudo easy_install ropemacs

If easy_install could not find ropemacs you can download and install it manually from http://bitbucket.org/agr/ropemacs

Create a file which initializes the installed modules and name it to init-python.el and put it into your .emacs.d directory.

Add the following lines into your emacs config:

(add-to-list 'load-path "~/.emacs.d/")
(progn (cd "~/.emacs.d")

; python setup
(require 'smart-operator)
(require 'auto-complete)
(global-auto-complete-mode t)
(require 'yasnippet)
(yas/load-directory "~/.emacs.d/snippets")
(load-library "auto-complete-yasnippet")
(load-library "init-python")

Ok, everything is ready let's try it. Start your emacs type and press TAB to complete, if everything is ok a popup should be appeared with the available completion:

Check C-h m to show key bindings.

1. http://hide1713.wordpress.com/2009/01/30/setup-perfect-python-environment-in-emacs/
2. http://www.enigmacurry.com/category/emacs

Slow SSH Authenentication

I have set up an ssh server at my home from the default debian repository. Unfortunately, remote connections were quite slow, the authentication required about 30 sec. I tired to start the ssh client in verbose mode:

$ssh -v user@host
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_ACCEPT received

And after the last line it was hanging for a while. I suspected that it could be related with DNS lookups, so I added the following line into the server's sshd_config file:
UseDNS no

After this the restart of the ssh server was required.
#/etc/init.d/ssh restart

and the problem went away...

Find duplicated files in a directory subtree

Md5deep is able to recursive examine an entire directory tree. That is, compute the MD5 for every file in a directory and for every file in every subdirectory, so you can easily use it to find your duplicated files by combining with uniq.

md5deep -r * . | uniq -w 32 -D

Howto Setup Passwordless Atuhentication on GDM using PAM

Using PAM you can modify GDM authentication method not to ask for password at login. From security perspective this is not really advised, but when you share your workstation with your children or other family member it could be useful.

This howto modifies GDM and gnome-screensaver PAM modules to allow authenticate specified users without password.

Firstly, create a group whose members will be able to log on without password. My group name is home, so type the following command to make a new group and also add some members:
sudo addgroup home
sudo adduser user1 home
sudo adduser user2 home
Modify your /etc/pam.d/gdm:
auth requisite pam_nologin.so
auth required pam_env.so readenv=1
auth required pam_env.so readenv=1 envfile=/etc/default/locale
auth sufficient pam_succeed_if.so user ingroup home
@include common-auth
auth optional pam_gnome_keyring.so
@include common-account
session required pam_limits.so
@include common-session
session optional pam_gnome_keyring.so auto_start
@include common-password

Also add this line into your /etc/pam.d/gnome-screensaver (in this case the screen saver will not lock the user's screen when you switch between users, after suspend, etc...):
auth sufficient pam_succeed_if.so user ingroup home
@include common-auth
auth optional pam_gnome_keyring.so

Unpack compressed files into separate directories

Here is a little script to unpack all compressed files such as *.rar and put them into a separate directory:

for f in *.rar;do n=${f%.rar};mkdir "$n"; unrar x "$f" "$n/";done

Getting the directory where your script is located using windows command file

Getting the directory where your script is located it is not really trivial in windows command/script files, but you can get it with the following expression:
set CURRENT_DIR=%~dp0