Sent off my application form for 3th year of college yesterday, the coures includes prolog and lisp as a subject so i’ve installed sw-prolog and clisp so i can make a start on them.
All i have to do now is to find some good tutorials on the language, and let the fun begin 
July 2005
Monthly Archive
Sat 23 Jul 2005
Fri 22 Jul 2005
The company I work for has opted for an all flash designed website here as a person who’s interested in the whole internet thing I have to say the choice of using flash is wrong, Although the company is a Animation Studio and they use flash all the time i have to disagree with the decision to not use tried and trusted web standards www.w3.org. For one thing flash isn’t a standard, it breaks loads of rules ,can’t use the back button, link colors don’t work, access for disabled people, not to mention that search engines ignore them as they can’t be indexed correctly.The idea of the internet is to get as many people looking at your site possible and making it easier for them to navagate your site. Flash is Wrong, Wrong, Wrong….
Mon 18 Jul 2005
I put together a website for the first Kilkenny Irish Animation Festival that will be happening would you believe it in kilkenny on the 1st weekend in September(1st to the 4th). It was a rush jobs and it’s just plain text with very few images. Because money is/was short i sorted out hosting with the WIT computer Society and quickly stuck up the information provided, I’m sure that by next year the site will have been redesigned to be better(in every way) Trying to get search engines to return queries for “irish animation festival” is proving more difficult than i expected. I’m sure with time it will.
Sun 17 Jul 2005
Setting up vacation support for the compay mail server, wasn’t as trival as i expected 
. The mail server uses postfix/courier-imap/mysql/postfix admin. For this kind of setup a good example is here I used high5 postfixadmin for simple user account setup (lazy and all that) which can be got here
Making sure that i had all my bases covered i upgraded to the latest version of postfixadmin(Backup,Backup,Backup).
Anyway reading the howto on enabling vacation support. you have to edit config-inc.php and change
$CONF['transport'] = 'YES';
$CONF['vacation'] = 'YES';
$CONF['vacation_domain'] = 'autoreply.YourDomain.tld';
Following the instruction in posfixadmin-dir/VIRTUAL_VACATION/INSTALL.TXT I configured Posftix changing master.cf and main.cf where necessary.The only mistake was in the master.cf entry:
filter unix - n n - - pipe
flags=DRhu user=vacation argv=/var/spool/vacation/vacation.pl
because /etc/postfix/transport contained this
#/etc/postfix/transport
autoreply.yourdomain.com vacation
From what I gather, filter was another delivery transport,next-hop destination for postfix to choose so any mail having autoreply.YourDomain.tld would be passed on to transport ‘vacation’ as it couldn’t find the delivery tranport ‘vacation’ in master.cf (which was filter), changing filter to vacation solved the problem.
Then pointing users in the direction of http://yourwebserver/postfixadmin/users/ is all that is needed.
Sun 10 Jul 2005
I started looking at openvpn over that last week, It’s is much simplier than IPSEC to setup but requires to know something about routing and iptables. I started by setting up a static key just to get it working, as the Documentation states 90% of problems are with firewalls. I banged my head against the wall for a while on this. I use shorewall for my home server and ipcop for work. I created a new zone in the /etc/shorewall/zones
vpn VPN VPN ZONE
I added this to /etc/shorewall/interfaces file
vpn tun0 detect
Then added these to /etc/shorewall/rules to the rules file
ACCEPT vpn loc all
ACCEPT vpn loc all
ACCEPT fw vpn all
ACCEPT vpn fw all
I could just restrict it to the VPN port of 1194 using
ACCEPT vpn loc tcp 1194
ACCEPT vpn loc tcp 1194
ACCEPT fw vpn tcp 1194
ACCEPT vpn fw tcp 1194
I had the VPN server on a box in work, so i had to tell ipcop to forward tcp port 1194 to the vpn server box.
After some testing with static keys(by far the easiest to setup) i rearranged the config files /etc/openvpn to allow certificate auth.
The Server Config file
mode server
tls-server
proto tcp-server
dev tun
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 192.168.10.0 255.255.255.0"
management localhost 7505
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
client-to-client
client-config-dir ccd
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
status openvpn-status.log
log openvpn.log
log-append openvpn.log
verb 4
I’m pushing route configuration to the client(s) so that i don’t have to add them manually to the client config files.
As the openvpn server isn’t on the firewall i had to add a route to the firewall so all traffic bound for the client subnet would go through the vpn box.
As IPCOP doesn’t give you a gui way to add routes i has to ssh to the box and add execute :
route add -net 10.8.0.0 netmask 255.255.255.0 gw 192.168.10.6 (gw is the ipaddress of the openvpn server)
Using bridged mode would bypass the need for adding routes.
http://openvpn.net/bridge.html
Openvpn comes with easy-rsa which under debian is located :
/usr/share/doc/openvpn/examples/easy-rsa
copy this folder to /etc/openvpn as you will be required to edit the file vars
Executing the file didn’t export aything so i had to manually export the variables, I’ll have to look into it sometime.
after that it was quite easy to run the script to generate the client certs and server certs.
http://openvpn.net/howto.html#pki
After i generated the client certificates i scp’ed them to my home box( faster than sticking it on floppy) and moved them to /etc/openvpn/
The Client config file
client
dev tun
tls-client
proto tcp-client
remote ipaddress(ipcop firewall)
ifconfig 10.8.0.2 10.8.0.1
ca ca.crt
cert client1.crt
key client1.key
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
status openvpn-status.log
log openvpn.log
log-append openvpn.log
verb 4
When all that was done it was just a matter of starting the server and starting the client.
Doing a ping 10.8.0.1 from the client returned this.
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_seq=8 ttl=64 time=61.0 ms
64 bytes from 10.8.0.1: icmp_seq=9 ttl=64 time=88.7 ms
Which showed that the vpn tunnel was established.