Posts Tagged ‘Gentoo’

Gentoo VPN connection to Windows Server as Network Interface

Thursday, May 14th, 2009

This article will explain how to setup a ppp network interface on Gentoo for a Windows Server Routing and Remote Access VPN connection.

This article assumes that you have open PPTP ports on the windows server, which are setup by default.

/etc/conf.d/net

This first step is to define your ppp interface in /etc/conf.d/net.  This will involve a few lines:

config_ppp0=( "ppp" )
link_ppp0="pty 'pptp vpn.yourdomain.com --nolaunchpppd'"
username_ppp0='DOMAIN\username'
pppd_ppp0=(
"updetach"
"debug"
"remotename your-vpn-profile"
"file /etc/ppp/options.pptp"
)
routes_ppp0=( "192.168.1.0/24" );

The first change, vpn.yourdomain.com, needs to point to either the IP or FQDN of the Windows Server running the VPN you want to connect to.

The second change, DOMAIN\username, is the standard windows login notation for the user that you wish to dial in with.  It’s important to note that in the conf.d/net file, this field does NOT require special characters escaped with a\.  The chap_secrets file WILL require this.

The third change, your-vpn-profile, is a label that must match the chap_secrets file.

The forth change, 192.168.1.0/24, is the static route to the network that is behind the VPN.  If you’re not the network admin for the windows server that you are connecting too this may be a little confusing.  You can check out this post for instructions on how to figure that out.

/etc/ppp/options.pptp

Add the following lines:

require-mppe-128
lcp-echo-interval 15
lcp-echo-failure 3

/etc/ppp/chap-secrets

This is the place where we will define the passwords for our VPN connection.

# Secrets for authentication using CHAP
# client  server  secret      IP addresses
DOMAIN\\username your-vpn-profile Pa\$\$word1 *

DOMAIN\\username will be changed to the same as you defined in /etc/conf.d/net with one important difference, ALL control characters MUST BE ESCAPED with \.  In this example it requires two \’s between the domain and username.

your-vpn-profile must match the label you setup in /etc/conf.d/net.

Pa\$\$word1 is where you define the password for the VPN connection.  Again, ALL control characters MUST BE ESCAPED.  This string sends an actual password of Pa$$word1.

/etc/init.d/net.ppp0

Finally we’ll symlink net.lo to net.ppp0 to give us an init script to work with.

ln -s net.lo net.ppp0

Now if you wanted you can do:

rc-update add net.ppp0 default

To have the connection start on bootup.

Tags: , , , ,
Posted in Uncategorized | 2 Comments »

FreePBX on Gentoo

Wednesday, March 4th, 2009

FreePBX on Gentoo, Why?

As the community of Gentoo users are very dedicated and love to understand far more than is necessary, how does FreePBX blend into that school of thought?  FreePBX is a “simple” way to configure asterisk.  It seems that the users in the gentoo community are more apt to learn the dial plan for themselves and call it a day.  I think that is why a few years ago when I started the asterisk adventure I couldn’t find a nice document that outlines the install process.  I’m also going to attribute this to a much less popular FreePBX in those days.  The question here is, “Why would someone want to install FreePBX on Gentoo, when in a matter of an hour, instead of a few, you could be up and running with TrixBox or some other RPM based distro that uses RedHat conventions?”  The answer, usually, is that you just can’t live outside of Gentoo again.  I know, after learning Gentoo, I find it nearly impossible to be satisfied with a binary based distro anymore.  I love the fact that I have to know and work with every package on my system.  It forces my attention to detail and ultimately makes a very secure box!  I end up with a very complete understanding of the workings of all the software on my system.  The most important points about Gentoo are SECURITY and RELABILITY!  I’ve had Gentoo installs running for over a year without a reboot.  They “just work.”  With very minimal extra effort I can prevent almost all hacking on my public Internet facing boxes!

Gentoo Lovers, Read ON!

Can I sum up my religious following of Gentoo as my only preferred Linux platform in one word?  Yes, ELEGANT!  The more I use the platform the more I feel that the Gentoo community solves the problems of the Linux platform world with well thought out, well designed, and very elegant solutions.

To eBuild or not to eBuild

In the world of Gentoo either there is a nice and easy eBuild or one doesn’t exist yet.  It is not too often that I run across packages that don’t provide an eBuild but, in the case of FreePBX, I did.  As I mentioned earlier, I wasn’t too surprised.  With no eBuild, you have an already running, fully functional, environment to compile whatever you find.  You do, however, have to zero in a few things to make sure you’re environment is going to support your installation correctly.  We need to check our make flags and also emerge any dependant programs and libraries.

Asterisk eBuild … A Little Dated

The first step in a sold FreePBX installation is the asterisk install that powers it.  Unfortunately the eBuild for asterisk is a little dated.  It’s at version 1.2.27.  For my installation I’m going to go with version 1.4.18.1.  I’m sticking with that version because of a DTMF duplicate digit bug that seems to pop up after that version.  I’m afraid I don’t have a reference to the url but I got my info from voicepulse support.  I have to say that I’m not sure if it has been fixed by now but I know from use that this version seems to work well.

Before We Get There, It’s Dependency Time!

Since we’re compiling our own asterisk we’re going to need to do some of our own dependency compiles.  We’ll also be able to get away with adding some extra make flags and using a few eBuilds.  I’m writing my tutorial from the point of view of a strictly sip user.  I’m not making use of any hardware or iax, just sip.  Bearing our goals in mind the only dependency we’re going to need to compile is the zaptel driver.  Strictly speaking, we don’t need zaptel for sip to function but, if we want music on hold or conference calling, we’re going to need the ztdummy module.  Ztdummy is a software based timing driver.  I’m going to leave the explanation at that for this article.

Zaptel Install

For my own compiles I tend to use /usr/src for my work.

cd /usr/src
wget http://downloads.digium.com/pub/zaptel/zaptel-1.4.12.1.tar.gz
tar xzf zaptel-1.4.12.1.tar.gz
./configure
make menuconfig

Configure as desired then

make

Before we continue on we need to make sure that we have gentoo-sources installed (or any other flavor of kernel sources you’ve used for your system). If you’re a genkernel user you may need to take a few extra steps here.

emerge gentoo-sources

Another side note … you must have CRC-CCITT functions enabled in your kernel for this to work.  It’s in the last sub menu of the kernel config menu.  In your .config file it will look like this:

CONFIG_CRC_CCITT=y

You’ll know that you missed this if you see this when you try a make install:

WARNING: "crc_ccitt_table" [/usr/src/zaptel-1.4.11/kernel/zaptel.ko] undefined!

Time to run the zaptel install.

make install

Almost there but we need to make sure Gentoo auto loads the ztdummy module.

echo ztdummy >> /etc/modules.autoload.d/kernel-2.6

Let’s get the init script for zaptel setup

make config

This is “almost” Gentoo drop in.  We have to make a small change on line 40:

functions needs to be changed to functions.sh

If you miss this step you’ll end up with:

init.d/zaptel: line 40: /etc/init.d/functions: No such file or directory

Lookn’ good!  Let’s get some other Asterisk pre-reques installed.

Some eBuilds With A Touch of Make.conf

In order to have access to all the functions of asterisk we’re going to need to install some eBuilds.  It looks like I’m not going to have enough time to just pull out the make variables that just pertain to asterisk so I’m going to give you a picture of all you’re going to need for your make.conf for both asterisk and FreePBX in this step.  Here’s what you need:

alsa mmx mysql uclibc vmdbmysql speex resperl apache2 cli pcre xml zlib posix session simplexml soap sockets spl ssl tokenizer truetype unicode xml xmlreader xmlwriter xsl zlib ncurses curl perl php rtc -X sse ctype tetex libwww

You’ll notice I left off the zaptel and libpri use flags.  This is becuase we’re using our own compiled version of zaptel and I don’t want emerge to pick up the dated eBuild as a dependency.

The next set of installs is going to support using the ogg/vorbis file format inside of asterisk.  You can abbreviate this list by just an emerge vorbis-tools with the set of make flags I have listed about this.  Here’s the full package list that will be installed:

media-sound/alsa-headers
media-libs/libogg
media-libs/libvorbis
media-libs/alsa-lib
media-libs/libao
media-sound/vorbis-tools

media-libs/speex

With all of these installed we should be able to continue our journey on to the Asterisk compile.

Asterisk Install

Finally on to the good stuff.  Let’s get our feet wet with our Asterisk install.  For my own compiles I tend to use /usr/src for my work.

cd /usr/src
wget http://downloads.digium.com/pub/asterisk/releases/asterisk-1.4.18.tar.gz
tar xzf asterisk-1.4.18.tar.gz
cd asterisk-1.4.18
./configure
make menuconfig

Configure as desired then

make
make install

One Small Step For This Tutorial, One Giant Step Toward FreePBX

Now that we’ve got the most complicated compiling part of this setup working we can pat ourselves on the back and move onto easier jobs!

FreePBX Required eBuilds

Before emerging be sure to read the earlier section on my make.conf flags!

We’re going to need:

dev-db/mysql

dev-lang/perl
dev-perl/DBD-mysql
dev-perl/DBI
dev-perl/libxml-perl

media-sound/lame
media-sound/mpg123
media-sound/sox

net-misc/curl
net-misc/openssh

www-servers/apache

Emerge away, nothing here should present any problems.

Asterisk Addons Install

FreePBX makes use of several features from the asterisk-addons package.  Since we don’t have an up to date ebuild for this we’re going to have to go back to a compile.

cd /usr/src
wget http://downloads.digium.com/pub/asterisk/releases/asterisk-addons-1.4.7.tar.gz
tar xzf asterisk-addons-1.4.7.tar.gz
cd asterisk-addons-1.4.7
make menuconfig

Configure as desired then

make
make install

Gentoo Config Updates

Now that we have all of our software in place its time to make some configuration changes to our environment to support FreePBX.  I’m coming from the point of a fresh Gentoo install.  If your system has been “lived in” these changes may be more subjective.

Apache

This change is a bit dated now as this is asked in the FreePBX install script but it will at least let us take the default for it.  A stock apache install of Gentoo puts the document root at /var/www/localhost/htdocs whereas RedHat conventions place it at /var/www/html.  FreePBX is expecting this convention so we’re going to use a symlink to minimize config changes.

ln -s /var/www/localhost/htdocs/ /var/www/html

Next step is to make apache run itself as the user and group of asterisk.  Unfortunately I don’t think FreePBX has eliminated this shortcoming yet.

In /etc/apache2/httpd.conf: The owning user and group of the running apache server needs to be changed to asterisk – (around line 136)

"User apache" needs to be changed to "User asterisk"
"Group apache" needs to be changed to "Group asterisk"

PHP

We need to make a few changes to /etc/php/apache2-php5/php.ini:

around line 445: "magic_quotes_gpc = On" needs to be changed to "magic_quotes_gpc = Off"

around line 552: "upload_max_filesize = 2M" needs to be changed to "upload_max_filesize = 20M"

around line 560: "allow_url_fopen = Off" needs to be changed to "allow_url_fopen = On"

FreePBX, We’re There!

With all of our prep work done the rest should go smoothly.

Download and extract FreePBX:

cd /usr/src
wget http://internap.dl.sourceforge.net/sourceforge/amportal/freepbx-2.5.1.tar.gz
tar xzf freepbx-2.5.1.tar.gz

Just a Few More Steps

Next we have to setup MySQL.  If this is a fresh install of Gentoo you need to run:

/usr/bin/mysql_install_db

This will initialize the database for the first time.

Start MySQL
/etc/init.d/mysql start

Add CDR tables
mysqladmin -u root password 'db_root_pwd'
mysqladmin create asteriskcdrdb -p
mysql --user=root --password=db_root_pwd asteriskcdrdb < /usr/src/freepbx<version>/SQL/cdr_mysql_table.sql

Add freepbx tables
mysqladmin create asterisk -p
mysql --user root -p asterisk < /usr/src/freepbx<version>/SQL/newinstall.sql

Grant access to these two databases you just created

Note the default mysql username/password is asteriskuser/amp109.
If you change either of these, you will be prompted for them while running ./install below

mysql --user root -p
mysql> GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asteriskuser@localhost IDENTIFIED BY 'amp109';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON asterisk.* TO asteriskuser@localhost IDENTIFIED BY 'amp109';
Query OK, 0 rows affected (0.00 sec)
mysql> quit

Now that we have mysql setup we can get asterisk running and ready for the FreePBX install script.  Execute these commands:

cd /usr/src/freepbx<version>
asterisk
./start_asterisk start
killall asterisk
./start_asterisk start

We have to start and stop a few times because of lack of configuration files I believe.  This was a little trial and error for me.  Going through this on a system where a ./start_asterisk start just works won’t hurt anything.

FreePBX Anyone?

Finally ready to run the install script.  Let ‘em rip:

./install_amp

The questions in the installer script should be clearly answered in the rest of this article.

Start up Apache:

/etc/init.d/apache start [or restart if you had it running]

Point your browser to the IP of the box you set this up on and you should have FreePBX!!

Boot Proof The Setup

If you want everything to come up when the system boots you’ll have to run a few commands:

rc-update add apache default
rc-update add mysql default

echo “/usr/local/sbin/amportal start” >> /etc/conf.d/local.start

Conclusions

I enjoyed writing this article. I hope this article will help to deploy Asterisk and FreePBX in Gentoo. I tend to get a bit verbose. Believe it or not, I did leave out some details in this article. If you get stuck feel free to contact me for help. You can also comment on this article for pointers as well.

I understand this is probably better served in a Wiki.  I will eventually get it into one but for now all I have is my blog.

Tags: , , , , ,
Posted in Uncategorized | 6 Comments »

PHP acceleration by APC … the best thing since sliced bread

Thursday, February 19th, 2009

I have to say that one of the best packages that I rely on as a web host and PHP application developer is APC.

Where I’m coming from

I have to say after finally mastering Gentoo as a Linux distribution I can’t go back.  Most of my Linux posts will revolve around Gentoo.  Right now I’m renting a VPS from linode.com for my hosting environment.  I spent a number of years hosting off of my own net connection with local hardware.  It’s hard to maintain quality of service with that setup if you plan on supporting paying clients.  I’ve found linode to be reasonably priced and near perfect up time.

I’m currently hosting 11 different sites fully loaded with PHP applications.  Some of the apps are small up to larger open source projects.

How to get started

If you’re hosting a site with any PHP pages a few minutes will increase application responsiveness considerably.  On gentoo you can start with

emerge pecl-apc

This will install the package and create a new config file

/etc/php/apache2-php5/ext/apc.ini

With my application load I found that the standard cache sise of 30MB was a little small.  I can fill that up very easily with my hosted sites.  On my linode I first attempted to increase the apc.shm_size parameter from 30MB to 64MB.  This failed my apache startup with a message in the error log:

[apc-error] apc_shm_create: shmget(0, 67108864, 914) failed: Invalid argument. It is possible that the chosen SHM segment size is higher than the operation system allows. Linux has usually a default limit of 32MB per segment.

I found that I can leave that value at the default 30 and increase apc.shm_segments to 3.  That gave me 90MB of room which seems to be around 43MB more than I can use right now.

Thanks to Imminet Web’s Blog Post I found a quick way to find your max shm size:

To find the Linux kernel’s maximum shared memory size, do

# cat /proc/sys/kernel/shmmax

On my linode I get:

# cat /proc/sys/kernel/shmmax
33554432

My Stats

Uptime1 day, 21 hours and 14 minutes [I needed to re-load to add another site]

Cached Files 724 ( 46.6 MBytes)
Hits 445229 (99.4%)
Misses 2774 (0.6%)
Request Rate (hits, misses) 2.75 cache requests/second
Hit Rate 2.73 cache requests/second
Miss Rate 0.02 cache requests/second
Insert Rate 0.02 cache requests/second
Cache full count 4

Where’s The Proof?

I would love to do an in depth analysis of my setup and come up with some concrete numbers but I’m too short on time for that now.  My justification is taking a look at all of my PHP apps just after an apache reload.  The first request for them, before they are cached, is always visually slow.  I can clearly see that my request took some time to process.  After it is cached it feels more like a static page.  My linode is on a 100mbit connection to the Internet and I’m on a 15mbit connection so application responsiveness is a big deal.

Why Is This Good?

From a server administration point of view its a completely transparent install.  You can roll this onto a live production system and all the apps running their immediately see benefit.  From my readings so far, APC is very good about not caching php files that were actually updated since they were cached.  Another plus of APC is that it is free and open source.

Tags: , , ,
Posted in Uncategorized | No Comments »