Friday, April 27, 2012

How to configure IPv6 Router advertisement Daemon under Linux?

在此簡單記錄一下如何在Redhat/Fedora下透過Router advertisement Daemon(radvd)自動分派IPv6的IP address.

Step1: 設定Kernel參數 for IPv6 support

net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.autoconf = 0

Step2: 設定系統支援IPv6
# vi /etc/sysconfig/network
......
NETWORKING_IPV6=yes
......

Step3: 安裝radvd
# yum install radvd

Step4: 設定radvd.conf
# vi /etc/radvd.conf
interface eth1
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
        AdvOtherConfigFlag on;
prefix 3001:288::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};


Step5: 啟動radvd
# /etc/init.d/radvd start; chkconfig radvd on

Thursday, April 26, 2012

How to configure FreeRADIUS2.x support EAP-TTLS under Linux?

If you would like to make FreeRADIUS 2.x support EAP-TTLS, then following steps outline how to configure it:

1. Re-generate Root CA/Server certificate:
# cd /etc/raddb/certs
# rm -f ca.der ca.key ca.pem
# rm -f server.crt server.csr server.key server.p12 server.pem

2. Make Root CA:

# vi ca.cnf
  Edit the "input_password" and "output_password" fields to be the
  password for the CA certificate.
  Edit the [certificate_authority] section to have the correct values
  for your country, state, etc.
# make ca.pem
  This step creates the CA certificate.
# make ca.der
  This step creates the DER format of the self-signed certificate,
  which is can be imported into Windows.

3. MAKING A SERVER CA:

# vi server.cnf
  Edit the "input_password" and "output_password" fields to be the
  password for the server certificate.
  Edit the [server] section to have the correct values for your
  country, state, etc.  Be sure that the commonName field here is
  different from the commonName for the CA certificate.
# make server.pem
  This step creates the server certificate.
  If you have an existing certificate authority, and wish to create a
  certificate signing request for the server certificate, edit
  server.cnf as above, and type the following command.
# make server.csr
  You will have to ensure that the certificate contains the XP
  extensions needed by Microsoft clients.

4. To modify client configuration directives in /etc/raddb/clients.conf

client 10.10.0.0/16 {
        secret          = testing123
        shortname       = private-network-2
}

5. To modify EAP type in /etc/raddb/eap.conf

default_eap_type = ttls
....
ttls {
                default_eap_type = mschapv2
                copy_request_to_tunnel = yes
                use_tunneled_reply = yes
                #virtual_server = "inner-tunnel"
}
....

6. To add user in /etc/raddb/users
lawrence Cleartext-Password := "testing"

7. To disable MPPE in /etc/raddb/modules/mschap
        use_mppe = no

8. Restart FreeRADIUS:
# /etc/init.d/radiusd restart

That's all.




Tuesday, April 24, 2012

How to configure DHCP Server prefer broadcast response all the time under Linux?

上篇Configure Windows7 prefer DHCP unicast or broadcast response,說明了可更改OS的設定,然而有一種情況是DHCP Server說了算!也就是說DHCP Server可以不管DHCP client原本的預期,而一律採用broadcast的方式回應,在dhcpd中,只要加一筆參數就可以了。

# vi /etc/dhcpd.conf
.....

always-broadcast on;
......

修改後,記得restart dhcpd。
# /etc/init.d/dhcpd restart

BTW, Windows7預設prefer broadcast response,WindowsXP則是unicast response,而一般的linux distro.同樣也是unicast。

How to send Gratuitous ARP request/reply via arping under Linux

What's Gratuitous ARP:
http://wiki.wireshark.org/Gratuitous_ARP

How?
1. GARP request:
 # arping -U 10.10.10.100 -I eth0
  -U : Unsolicited ARP mode, update your neighbours
  -I device : which ethernet device to use (eth0)

2. GARP reply:

 # arping -A -U 10.10.10.100 -I eth0
  -A : ARP answer mode, update your neighbours