marcfargas.com

I started to get tired of managing my own exim+spamassassin+clamav+dovecot only to serve my domain, so I dediced to give Google Apps a try.

The move was fairly easy, simply register and change MX records (and use imapsync to copy mail). I guess I didn't loose anything but If you sent me a mail in the last two weeks and I haven't answered, please resend.

The only downside, I hoped google would have some "easy" way to move my google account from *@gmail.com to my Google Apps domain.

Today I had some connection problems in one of our offices, so I needed to connect in some alternative way. A good moment for experimenting... The alternative connection was my laptop acting as a router connected with my mobile phone via bluetooth.

The problem's come with the VPN connections, IPSec is nice, but you can hate it on lots of things... i.e. all tunnels are setup using static ip addresses so in order to use the alternate connection (dynamic IP) I need to change the ipsec config of the other offices.

So today I wanted to try something new, tunneling ip traffic from one network to another over an ssh connection. And it works, Gentoo's wiki has some information on the subject: here

In brief, you need to, on the server:

• Add "PermitTunnel yes" to /etc/ssh/sshd_config

Now, on the client it's as easy as to run ssh with some parameters, my script for launching it is:

#!/bin/sh
HOST=REMOTE_PARTY_ADDRESS
HOST_PORT=22
TUN_LOCAL=0   # tun device number here.
TUN_REMOTE=0  # tun device number there
IP_LOCAL=192.168.111.2 # IP Address for tun here
IP_REMOTE=192.168.111.1 # IP Address for tun there.
IP_MASK=30 # Mask of the ips above.
NET_REMOTE=192.168.0.0/16 # Network on the other side of the tunnel
NET_LOCAL=192.168.8.0/24  # Network on this side of the tunnel
 
echo "Starting VPN tunnel ..."
modprobe tun
ssh -w ${TUN_LOCAL}:${TUN_REMOTE} -f ${HOST} -p ${HOST_PORT} "\
	ip addr add ${IP_REMOTE}/${IP_MASK} dev tun${TUN_REMOTE} \
	&& ip link set tun${TUN_REMOTE} up \
	&& ip route add ${NET_LOCAL} via ${IP_LOCAL} \
	&& true"
sleep 3
ip addr add ${IP_LOCAL}/${IP_MASK} dev tun${TUN_LOCAL}
ip link set tun${TUN_LOCAL} up
ip route add ${NET_REMOTE} via ${IP_REMOTE}
echo "... done."

You'll maybe want to run this as root, because of the "ip" commands, and so

It's still far from perfect (i.e: the tunnel dies too often for some reason... although keep alive is set). But at least people around can print again! Luckily VoIP is handled out of the VPN.

Hobbes in the river

Cargado originalmente por teleniek0

This Saturday there was the "Fast Painting" course on Gualba (a town in El Montseny), as you may guess from the photo, Me and Hobbes didn't spend any time painting.

He spent the whole day running on the river with the tennis ball, And I threw the ball and took photos

Ok, as you may have noticed I'm running Wordpress.

Although I'm a big fan of Django and I really enjoy developing sites with it, I just realised I do not have time to "build" my own website, neither to write up a blog app (I know, there are many out there). So I decided I'd try to live with Wordpress for some time, ...

That just has a few problems... My server (marcfargas.com) has no PHP, and no MySQL! So I have to run the blog on a subdomain which is hosted in Dreamhost (I have an account here for other stuff).

So, Djangonauts, forgive me for using Wordpress

NOTE to RSS Subscribers: I plan to write in either Spanish, Catalan or English. Posts in either language will be categorized so you can subscribe only to the language you want. See links at the right.