VPN options
by Keith Lofstrom
I am planning on running a Virtual Private Network from my Fedora
firewall out to a UML virtual colo (running RH9) at another site.
That site will be the place I present services to the world;
httpd, ssh, sftp, smtp. This is to comply with the "no servers"
and dynamic ip restrictions on my Comcast connection to the net;
if my firewall always drives an outbound connection to the
colocation site, I am not worried about changes of ip address,
and I am not opening any inbound ports.
There are a number of options for the VPN - the most attractive
are cipe ( http://sites.inka.de/sites/bigred/devel/cipe.html )
and FreeSwan ( http://www.freeswan.org/ ), though I am told that
one can do all this through an ssh tunnel. I would rather have
simple and secure than super-duper; I have plenty of bandwidth,
and will send outbound http and smtp from the firewall, so the
main bandwidth user will be incoming spam/b/b/b/b mail.
Anyone have some experiences to share about setting up VPN? Is
there anything about either cipe or FreeSwan that is likely to
break with FC1 or FC2?
Keith
--
Keith Lofstrom keithl(a)ieee.org Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
3 months, 2 weeks
Scriptlet errors during manual installation of Fedora 23
by Andrej Podzimek
Hi,
Because Anaconda doesn't support my usual partitioning scheme (root on Btrfs in LVM in LUKS in LVM in GPT, /boot on Btrfs, etc.), I created the entire layout manually and tried to install Fedora using dnf. The same layout works perfectly fine in ArchLinux.
I basically followed this howto, with adjustments for s/yum/dnf/ and for EFI/GPT: http://dustymabe.com/2014/05/29/manual-linux-installs-with-funky-storage-...
The initial filesystem installation (dnf install -y --releasever=23 --installroot=/mnt/sysimage filesystem) already got a few glitches of this form:
Non-fatal POSTIN scriptlet failure in rpm package filesystem
This^^^ happened to roughly half of the installed packages. I tried to proceed with the rest (i.e., to install @core @standard kernel grub2 grub2-efi sihm grub2-tools), but it failed with scriptlet errors that prevented a few key packages from getting installed at all:
error: %prein(selinux-policy-targeted-3.13.1-157.fc23.noarch) scriptlet failed, exit status 126
Error in PREIN scriptlet in rpm package selinux-policy-targeted
Packages with those errors are reported as failed after the verify step. What I tried next:
* setenforce 0
* upgrading the installation environment and/or the sysimage with dnf and rpm from rawhide
* --releasever=22 instead of 23
* ...and checking for a few other common points with this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1270663
* a plain sysimage directory with no predefined Btrfs subvolumes in it
* unmounting, remounting, checking that everything has seclabel on, no weirdness in dmesg, etc.
Well, nothing of the above helped; the error is still the same.
How can I diagnose this? Where can I dig out the exact reason why the scriptlets are failing?
Provided that Anaconda actually does some steps that I'm missing and can carry out the installation correctly, is there a way to *force* it to just accept whatever is mounted into /mnt/sysimage at the moment, without trying to make sense of it? I'm pretty sure dracut can handle my partition layout just fine, so the entire issue here is about getting the basic installation done somehow.
Theoretically I could create a simple-and-stupid layout that Anaconda can handle, proceed with the installation and reshuffle the partitions afterwards, but that's sooo cumbersome that I thought I'd first ask whether someone knows a workaround to the scriptlet problems.
Cheers,
Andrej
2 years, 8 months
ATA2:00: link is slow to respond....
by Angelo Moreschini
Hi,
my computer boot only in emergency mode ...
Looking the journalctl (command journalctl -xb), I found (in thejournalctl
) these lines in red color :
ATA2:00: link is slow to respond....
(and after..)
ATA200: SRST failed (erro 16)
That seem indicate that it is a problem to access the HDs..
I found a possible solution to the problem in this post:
http://codeverge.com/opensuse.org.help.install/-solved-ata1-srst-failed-e...
There is wrote that :...the problem can depend by the physic set up of the
HD (as "master", "slave", "single drive", ...): this set up can be done by
changing the position of a jumper on the HD...
I know that, in the past time, the HDs had to be set physically in this
way.., but recently I never heart anymore that the modern HD need this
operation..
So actually I don't care anymore of the configuration of the HDs
(my HD is Toshiba 1 TB that I bought few mounts ago).
I would like to have a confirmation that what I read in the post is only an
obsolete information and, in any case, I would like to know also what I can
do to go around in my problem..
>From the command line: ls /dev/sd* I get:
give me this input :
/dev/sda /dev/sda1 /dev/sda2 /dev/sda5 /dev/sdb /dev/sdb1
/dev/sdb2
Thank you
regards
Angelo
3 years
nc missing option -z
by Suvayu Ali
Hi,
I used to use netcat to check if a particular host is up or if I have
internet connection before I run a few scripts. I would use the -z
option in particular. But now I see that has been removed:
$ nc -z imap.gmail.com 993 && sync-my-email.sh
ncat: invalid option -- 'z'
Here is the excerpt from the old manual page:
-z Specifies that nc should just scan for listening daemons, without
sending any data to them. It is an error to use this option in
conjunction with the -l option.
Any ideas what happened to it? What can I use as replacement?
Thanks for any ideas.
--
Suvayu
Open source is the future. It sets us free.
3 years, 3 months
compile XV?
by dirt bag
I know its not been updated in years, but this is still a must have for me. I just upgraded to fedora 24 (64bit)
and Im trying to compile it from source because the rpms Ive found are either broke or dont work right.
Im following these instructions..
wget ftp://ftp.cis.upenn.edu/pub/xv/xv-3.10a.tar.gz
wget http://prdownloads.sourceforge.net/png-mng/xv-3.10a-jumbo-patches-2005050...
wget http://www.ulich.org/hints/resources/xv-3.10a-jumbo20050501-1.diff.gz
tar xvzf xv-3.10a.tar.gz
tar xvzf xv-3.10a-jumbo-patches-20050501.tar.gz
gzip -d xv-3.10a-jumbo20050501-1.diff.gz
cd xv-3.10a
patch -p1 < ../xv-3.10a-jumbo-fix-patch-20050410.txt
patch -p1 < ../xv-3.10a-jumbo-enh-patch-20050501.txt
patch -p1 < ../xv-3.10a-jumbo20050501-1.diff
make
and Ive gotten as far as ...
[jason@badman xv-3.10a]$ make
gcc -O3 -Wall -DDOPNG -I/usr/include -I/usr/include -DDOJPEG -I/usr/include -DDOTIFF -DUSE_TILED_TIFF_BOTLEFT_FIX -I/usr/include -DDOPDS -DUSLEEP -DLINUX -L/usr/X11R6/lib -DMGCSFXDIR=\"/usr/X11R6//lib/\" -DSYSCONFDIR=\"/etc\" -DXVEXECPATH=\"/usr/X11R6//lib/\" -c xvpng.c
xvpng.c: In function ‘CreatePNGW’:
xvpng.c:97:56: error: ‘Z_NO_COMPRESSION’ undeclared (first use in this function)
DCreate(&cDial, pngW, 12, 25, DWIDE, DHIGH, (double)Z_NO_COMPRESSION,
^~~~~~~~~~~~~~~~
xvpng.c:97:56: note: each undeclared identifier is reported only once for each function it appears in
xvpng.c:98:19: error: ‘Z_BEST_COMPRESSION’ undeclared (first use in this function)
(double)Z_BEST_COMPRESSION, COMPRESSION, 1.0, 3.0,
^~~~~~~~~~~~~~~~~~
In file included from /usr/include/pngconf.h:50:0,
from /usr/include/png.h:371,
from xvpng.c:31:
xvpng.c: In function ‘WritePNG’:
xvpng.c:427:21: error: dereferencing pointer to incomplete type ‘png_struct {aka struct png_struct_def}’
if (setjmp(png_ptr->jmpbuf)) {
^
xvpng.c:453:11: error: dereferencing pointer to incomplete type ‘png_info {aka struct png_info_def}’
info_ptr->width = w;
^~
xvpng.c: In function ‘png_xv_error’:
xvpng.c:1054:18: error: dereferencing pointer to incomplete type ‘png_struct {aka struct png_struct_def}’
longjmp(png_ptr->jmpbuf, 1);
^~
xvpng.c: In function ‘VersionInfoPNG’:
xvpng.c:1078:5: error: ‘ZLIB_VERSION’ undeclared (first use in this function)
ZLIB_VERSION, zlib_version);
^~~~~~~~~~~~
xvpng.c:1078:19: error: ‘zlib_version’ undeclared (first use in this function)
ZLIB_VERSION, zlib_version);
^~~~~~~~~~~~
Makefile:319: recipe for target 'xvpng.o' failed
make: *** [xvpng.o] Error 1
[jason@badman xv-3.10a]$
I have all the zlibs I can find installed..
[jason@badman xv-3.10a]$ rpm -qa | grep zlib
zlib-1.2.8-10.fc24.i686
zlib-devel-1.2.8-10.fc24.x86_64
zlib-1.2.8-10.fc24.x86_64
any ideas?
-db
3 years, 3 months
Alternatives to Theme Font size changer Firefox plugin?
by Sam Varshavchik
The popular theme font size changer Firefox plugin,
https://addons.mozilla.org/en-US/firefox/addon/theme-font-size-changer/, no
longer supports Linux.
The default Firefox font size is too small for people with poor eyesight. As
far as I can tell, the only thing that official "Firefox themes" do is set a
background image for the UI. As Benny Hill would say, biiiiiiiiiiiiig …deal.
The top-ranked comment on that extension page suggests hacking "userChrome-
example.css" in ~/.mozilla/firefox.
$ find ~/.mozilla/firefox -name userChrome-example.css -print
$
There goes that idea.
Googling around the only other suggestion I found was to hack
layout.css.devPixelsPerPx setting in about:config. All that did, apparently,
was making the Firefox UI elements themselves bigger, but their font size –
the menu and the URL bar – remained exactly the same.
Anyone has other suggestions?
3 years, 3 months
Taskbar Panel in Plasma Won't Autohide
by Stephen Morris
Hi,
I am trying to get the Taskbar Panel to autohide, but when I click on
the options button in the panel, the left, right and center options are
permanently highlighted but seem to function in terms of moving the
indicator that reflects which option is active. Also the 'Always
Visible', 'Auto Hide', 'Windows can Cover' and 'Windows go Below'
options are also permanently highlighted but selecting the 2nd or 3rd
option does nothing. It appears these options are highlighted because
the colour scheme I am using, which is forget-me-not thinks they are
push buttons.
Does anyone know why these don't work anymore in Fedora 23? I am using
Breeze for the Windows Style and Windows Decorations themes.
regards,
Steve
3 years, 4 months
F21: Thunderbird insists on calling Fedora list messages junk!
by William Mattison
Good afternoon,
Most messages received from this fedora list are labelled junk by
Thunderbird. This is even though I whitelisted "From" =
"users-request(a)lists.fedoraproject.org". Actually, I have this problem
both in my Fedora-21 and my windows-7 systems. Any ideas? Surely
messages from this list are not junk!
thanks,
Bill.
3 years, 7 months
Chrome blocks hibernation
by Patrick O'Callaghan
This is weird. A few days ago I found that my desktop system (F23 fully
updated) would no longer hibernate. A glance at "journal -xe" showed a
bunch of lines like:
Jun 14 00:50:51 bree audit[12591]: SECCOMP auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12591 comm="chrome" exe="/opt/google/chrome/chrome" sig=0 arch=c000003e syscall=273 compat=0 ip=0
Jun 14 00:50:51 bree kernel: audit: type=1326 audit(1465861851.266:7800): auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12591 comm="chrome" exe="/opt/google/chrome/chrome" sig=0 arch=c00
Jun 14 00:50:59 bree audit[12599]: SECCOMP auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12599 comm="chrome" exe="/opt/google/chrome/chrome" sig=0 arch=c000003e syscall=273 compat=0 ip=0
Jun 14 00:50:59 bree kernel: audit: type=1326 audit(1465861859.424:7801): auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12599 comm="chrome" exe="/opt/google/chrome/chrome" sig=0 arch=c00
Jun 14 00:51:07 bree audit[12603]: SECCOMP auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12603 comm="chrome" exe="/opt/google/chrome/chrome" sig=0 arch=c000003e syscall=273 compat=0 ip=0
Jun 14 00:51:07 bree kernel: audit: type=1326 audit(1465861867.128:7802): auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12603 comm="chrome" exe="/opt/google/chrome/chrome" sig=0 arch=c00
Jun 14 00:51:20 bree audit[12608]: SECCOMP auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12608 comm="chrome" exe="/opt/google/chrome/chrome" sig=0 arch=c000003e syscall=273 compat=0 ip=0
Jun 14 00:51:20 bree kernel: audit: type=1326 audit(1465861880.130:7803): auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12608 comm="chrome" exe="/opt/google/chrome/chrome" sig=0 arch=c00
Jun 14 00:52:09 bree audit[12646]: SECCOMP auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12646 comm="chrome" exe="/opt/google/chrome/chrome" sig=0 arch=c000003e syscall=273 compat=0 ip=0
Jun 14 00:52:09 bree kernel: audit: type=1326 audit(1465861929.397:7804): auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12646 comm="chrome" exe="/opt/google/chrome/chrome" sig=0 arch=c00
Jun 14 00:52:25 bree audit[12662]: SECCOMP auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12662 comm="chrome" exe="/opt/google/chrome/chrome" sig=0 arch=c000003e syscall=273 compat=0 ip=0
Jun 14 00:52:25 bree kernel: audit: type=1326 audit(1465861945.701:7805): auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12662 comm="chrome" exe="/opt/google/chrome/chrome" sig=0 arch=c00
Jun 14 00:52:25 bree audit[12667]: SECCOMP auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12667 comm="chrome" exe="/opt/google/chrome/chrome" sig=0 arch=c000003e syscall=273 compat=0 ip=0
Jun 14 00:52:25 bree kernel: audit: type=1326 audit(1465861945.768:7806): auid=1000 uid=1000 gid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12667 comm="chrome" exe="/opt/google/chrome/chrome" sig=0 arch=c00
and when I killed Chrome then hibernation worked again.
So one question is: what is the magic incantation to stop these alarms
from Chrome?
However another question is how is this even possible? A process with
normal user privileges can prevent the system from hibernating? Is this
right?
poc
3 years, 7 months
enp0s8 not configured notification popups every few minutes (annoying)
by Kenneth Wolcott
Hi;
enp0s8 not configured notification popups every few minutes (annoying)
I just installed Fedora Live 64-bit KDE as a VirtualBox Guest OS.
I want to have two VirtualBox ethernet interfaces:
One for the vm to "see" outwards (NAT Network) and
Two for me to ssh into it (Host-only) so that I'm not forced to use
the console.
Every few minutes (it seems like every few seconds), I get a
notification popup that states that enp0s8 is not configured and then
a notification popup that it is being disabled.
How do I configure my outgoing ethernet interface?
I used to edit a file called something like /etc/network*/interface
and then I could change the default DHCP setting to be static and the
default disabled (off) setting to be enabled (on).
How does one do that kind of stuff now?
Is that a systemd thing?
Thanks,
Ken Wolcott
3 years, 7 months
