Install Dxspider on a Debian system

Posted onAuthorPD9Q1 Comment

Here is a list of command’s that i use to install dxspider on a fresh system.

sudo apt-get install wget
sudo apt-get install git-core
sudo groupadd spider
sudo useradd -m sysop -G spider
sudo usermod -g spider sysop
sudo passwd sysop
sudo adduser sysop sudo

Install the perl modules

sudo apt-get install libtimedate-perl
sudo apt-get install libnet-telnet-perl
sudo apt-get install libcurses-perl
sudo apt-get install libdigest-sha-perl
sudo apt-get install libdata-dumper-simple-perl

Simlink and reboot

sudo su
cd ~sysop
ln -s /home/sysop/spider /spider
shutdown -r now

After restart login as sysop

login sysop
cd ~
mkdir spider
git clone git://scm.dxcluster.org/scm/spider spider.new
cp -a /home/sysop/spider.new/.git /spider
rm -rf spider.new
cd /spider
git reset --hard
sudo su
cd /home/sysop/
chown -R sysop.spider spider
find . -type d -exec chmod 2775 {} \;
find . -type f -exec chmod 775 {} \;
exit
cd /spider
mkdir local
mkdir local_cmd
cp perl/DXVars.pm.issue local/DXVars.pm
cp perl/Listeners.pm local/Listeners.pm
cd local
nano Listeners.pm
- edit DXVars.pm following the instructions in the comments
- edit Listeners.pm to remove “#” from the line for the port, and add additional ports as needed:
@listen = (
 [“0.0.0.0”, 7300],
);

Next create the sysop

cd /spider/perl/
./create_sysop.pl

Next get the us database

cd /tmp
wget http://ftp.w1nr.net/usdbraw.gz

The next step can take a few minutes

/spider/perl/create_usdb.pl /tmp/usdbraw.gz
cd /spider/src
make

Let start the cluster

cd /spider/perl
./cluster.pl

On a separate ssh or system console, log into the system as sysop

/spider/perl/console.pl

From the command line of the console enter:

load/usdb # US database ?

Edit /etc/inittab to add the following two lines at the end of the file.
Start DXSpider on bootup and respawn it should it crash.

DX:2345:respawn:/bin/su -c "/usr/bin/perl -w /spider/perl/cluster.pl" sysop >/dev/tty6

Add a line to /etc/services for spider

spdlogin   7400/tcp     # spider anonymous login port

Add a line to /etc/inetd.conf for spider

spdlogin       stream  tcp     nowait  sysop   /spider/src/client client login ax25

Add a node to your system.
Create in the dir /spider/connect a file with the name of the node.

nano /spider/connect/pi1lap-4

timeout 15
abort (Busy|Sorry|Fail)
# don't forget to chmod 4775 netrom_call!
connect telnet 44.137.31.65 7300
'login' 'pi1lap-4'

Chmod 4755 pi1lap-4

Now login to your spider.

/spider/perl/console.pl

Hello Niels, this is PI1LAP-4 in Kortgene ZLD, Nederland
running DXSpider V1.55 build 0.196
Cluster: 241 nodes, 1 local / 433 total users  Max users 433  Uptime 5 03:45
PD2LT de PI1LAP-4  8-Dec-2017 1845Z dxspider >
Page Length is now 500
PD2LT de PI1LAP-4  8-Dec-2017 1845Z dxspider >

set/spider pi1lap-4
PI1LAP-4 set as DXSpider style Node
PD2LT de PI1LAP-4  8-Dec-2017 1847Z dxspider >

 

Installing openvpn on Linux Debian wheezy 7

Posted onAuthorPD9QLeave a comment

I have installed openvpn on my Debian system so it’s possible to surf with my winhoos laptop on the amprnet. Work quite nice

In this description I do not give much text and explanation. On the internet there is plenty to find about configuring openvpn.

apt-get update
apt-get install openvpn easy-rsa
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
nano /etc/openvpn/server.conf

This is what I use, it’s a simple setup.

# OpenVpn server.conf setup
port 1194
proto udp
dev tap

ca /etc/openvpn/ca.crt
cert /etc/openvpn/gw.pd2lt.crt
key /etc/openvpn/gw.pd2lt.key
dh /etc/openvpn/dh1024.pem

server 44.137.31.80 255.255.255.248
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 44.137.0.1"
push "route 44.0.0.0 255.0.0.0"
push "route 44.137.31.64 255.255.255.224"

keepalive 1800 4000

comp-lzo
max-clients 10

persist-key
persist-tun

Enable Packet Forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward
nano /etc/sysctl.conf

Change
#net.ipv4.ip_forward=1
to
net.ipv4.ip_forward=1

Save and exit

cp -r /usr/share/easy-rsa/ /etc/openvpn
mkdir /etc/openvpn/easy-rsa/keys
nano /etc/openvpn/easy-rsa/vars

Changes to your own needs.

export KEY_COUNTRY="NL"
export KEY_PROVINCE="Zeeland"
export KEY_CITY="Kortgene"
export KEY_ORG="packet-radio"
export KEY_EMAIL="packet ( @ ) packet-radio.net"
export KEY_OU="packet-radio"

In the same vars file, also edit this one line shown below.

# X509 Subject Field
export KEY_NAME="EasyRSA"

Also changes to your own needs.

# X509 Subject Field
export KEY_NAME="packet-radio"

Next

openssl dhparam -out /etc/openvpn/dh1024.pem 1024

Cd to directory easy-rsa

cd /etc/openvpn/easy-rsa
. ./vars
./clean-all
./build-ca
./build-key-server packet-radio

Hit ENTER to accept defined, default values.

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Press ENTER to pass through each one.

Hit (Y) and enter

Sign the certificate? [y/n]
1 out of 1 certificate requests certified, commit? [y/n]

cp /etc/openvpn/easy-rsa/keys/{packet-radio.crt,packet-radio.key,ca.crt} /etc/openvpn
service openvpn start
service openvpn status

Generate Certificates and Keys for Clients

./build-key pd2lt

Press ENTER to accept the defaults.

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Hit (Y) enter

Sign the certificate? [y/n]
1 out of 1 certificate requests certified, commit? [y/n]

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/pd2lt.ovpn
nano /etc/openvpn/easy-rsa/keys/pd2lt.ovpn
client
remote server-ip 1194
ca c:\\certs\\ca.crt
cert c:\\certs\\pd2lt.crt
key c:\\certs\\pd2lt.key
ns-cert-type server
comp-lzo yes
dev tap
proto udp
nobind
auth-nocache
persist-key
persist-tun

Copy the the files to the client computer in the c:\certs directory.

pd2lt.crt
pd2lt.key
pd2lt.ovpn
ca.crt

axMail admin util “spamblock”

Posted onAuthorPD9QLeave a comment

There is a spamblock util for axMail. It’s handy to block spam.
Here can you get the program.

ftp://n1uro.ampr.org/pub/hamradio/linux-utils/spamblock-1.0.tar.gz

Read the INSTALL file carefully. If you do not have the line smtpd_client_restrictions in your main.cf you need to add it.

The complete rule is ….

smtpd_client_restrictions = check_client_access hash:/etc/postfix/access

Let test the program.

root@gw:/usr/local/src/spamblock# ./spamblock
What ip or block do you wish to deny? 192.168.1.238
[info] Adding 192.168.1.238 to your postfix access file....
postfix/postfix-script: refreshing the Postfix mail system
[ ok ] Block for: 192.168.1.238 is in place.

Now let test if you can send mail by postfix.

'pd2lt (@) zeelandnet.nl' op 7-12-2017 7:37
            554 5.7.1 <test.packet-radio.net[192.168.1.238]>: 
                           Client host rejected: Access denied

Okay that just work quit well. Have a look in the file /etc/postfix/access

1.1.1.1     REJECT
2.2.2.2     REJECT
3.3.3.3     REJECT
192.168.1.238     REJECT

Delete the last line if you want to send e-mail. And “postfix reload”

For those running axMail-FAX, I have created an admin script I call
spamblock. This creates a filter list within postfix of who you wish to
connect to you and who NOT to connect to you. 

Especially this time of year spammers are at their worst trying to see
you their grandmother to make a small coin... most of which is simply
junk and abuse of bandwidth YOU pay for. Also, if  you run axMail in a
location who's rules are extremely strict about financial transactions
on ham radio this will also help protect your users as well as yourself
against unlawful communications.

Instructions are in the INSTALL file. I strongly urge  you to add blocks
through whois lookups rather than single IPs as spammers tend to open up
several servers within a data center so capturing their block protects
you that much more. I'm of the mindset that any data center or block
that has a spammer on it doesn't deserve the right to send me junk
mail... and MY expense of bandwidth.

 

Uronode update version 2.8.1

Posted onAuthorPD9QLeave a comment

Brian n1uro just released a minor update. To correct some issues.

Download https://sourceforge.net/projects/uronode/files/latest/download

12/07/2017 v2.8.1
Spotted and fixed an issue in the D command within router.c that I somehow
introduced in regards to columns not equalling a full 4x4. Locally it
didn't show but remotely it did. When one ran a D command and there were less
than 4 columns a carriage return/new line was not sent making the user's
screen look "stuck" when in fact it was not. Fixed!.. before bugs were
reported :)

Bugs i love bugs.

 

Setup new System on PI1LAP

Posted onAuthorPD9QLeave a comment

Today I started setting up a new system. I still have an old system on the shelf
that I think is suitable for the purpose of a ax25 system.

It’s a Dell Vostro 220 Series/0P301D with Pentium(R) Dual-Core CPU E5200 @ 2.50GHz processor.
And 2Gb of memory.

Furthermore, I have chosen to use a sata raid controller. From Delock.
PCI Card > 4x internal SATA with RAID.
(RAID bus controller: Silicon Image, Inc. SiI 3114 [SATALink/SATARaid] Serial ATA Controller)
Data transit 150 MB/s <-> 1.5 Gbit/s

This card can be RAID 0/1, 0+1. I have chosen to use RAID 1 (mirroring).
This has the advantage that if I use 2 disks there can always be one piece that can go up in smoke,
and the system still continues to run without data loss. Now I can change the broken HD and rebuild the RAID array. All this without data loss. Only the system will know some downtime because a sata disk is not hot swappable. (in this system). And we have to rebuild the RAID array.

I still have 4 old 80Gb drives, but I’m a little bit hesitant because these drives have been running for hours/days/months already. So I think I buy some SSD discs. I have been testing this system with Debian Stretch, and it just running fine.

I have benchmark the old HDD’s… It doesn’t look good.

Using Fio to benchmark. Random read/write performance

./fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=test / 
--bs=4k --iodepth=64 --size=4G --readwrite=randrw --rwmixread=75

This will create a 4 GB file, and perform 4KB reads and writes using a 75%/25% (ie 3 reads are performed for every 1 write) split within the file, with 64 operations running at a time. The 3:1 ratio is a rough approximation of your typical database.

pth=64 --size=4G --readwrite=randrw --rwmixread=75
test: (g=0): rw=randrw, bs=4K-4K/4K-4K/4K-4K, ioengine=libaio, iodepth=64
fio-2.1.10
Starting 1 process
Jobs: 1 (f=1): [m] [100.0% done] [1504KB/388KB/0KB /s] [376/97/0 iops] [eta 00m:00s]
test: (groupid=0, jobs=1): err= 0: pid=8223: Thu Dec 7 08:54:51 2017
read : io=3071.7MB, bw=498349B/s, iops=121, runt=6463092msec
write: io=1024.4MB, bw=166188B/s, iops=40, runt=6463092msec
cpu : usr=0.11%, sys=0.58%, ctx=1035400, majf=0, minf=6
IO depths : 1=0.1%, 2=0.1%, 4=0.1%, 8=0.1%, 16=0.1%, 32=0.1%, >=64=100.0%
submit : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
complete : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.1%, >=64=0.0%
issued : total=r=786347/w=262229/d=0, short=r=0/w=0/d=0
latency : target=0, window=0, percentile=100.00%, depth=64

Run status group 0 (all jobs):
READ: io=3071.7MB, aggrb=486KB/s, minb=486KB/s, maxb=486KB/s, mint=6463092msec, maxt=6463092msec
WRITE: io=1024.4MB, aggrb=162KB/s, minb=162KB/s, maxb=162KB/s, mint=6463092msec, maxt=6463092msec

Disk stats (read/write):
sda: ios=782814/264536, merge=3607/1804, ticks=309674428/102480492, in_queue=412156584, util=100.00%

iops, Input/Output Operations per Second, and that’s what it’s all about. But well, this system doesn`t get a full load… I’m curious about the test with SSD disk.

Update 🙂
Yes i’m dead…my girlfriend is going to kill me, I just ordered 3 ssd discs 😉

Debian wheezy LTS

Posted onAuthorPD9QLeave a comment

It looks like I’m going to get into trouble if I keep using Wheezy. There will probably be no security updates after May 31, 2018, any more. Maybe I should switch to Jessie. Or perhaps Stretch. There is even a newer version “Buster” (Alpha 1). I think Jessie can be a good choice.

LTS stands for Long Term Support.

However, I do not like the idea that Wheezy sees the end of his life.

mkiss: ax2: truncating oversized transmit packet!

Posted onAuthorPD9QLeave a comment

I encountered strange behavior today. Syslog is fully spammed

Dec  2 17:05:28 gw kernel: [33263.528216] mkiss: ax2: truncating oversized transmit packet!
Dec  2 17:05:28 gw kernel: [33263.529380] mkiss: ax2: truncating oversized transmit packet!
Dec  2 17:05:28 gw kernel: [33263.530492] mkiss: ax2: truncating oversized transmit packet!
Dec  2 17:05:28 gw kernel: [33263.531606] mkiss: ax2: truncating oversized transmit packet!
Dec  2 17:05:28 gw kernel: [33263.533164] mkiss: ax2: truncating oversized transmit packet!
Dec  2 17:05:28 gw kernel: [33263.534454] mkiss: ax2: truncating oversized transmit packet!
Dec  2 17:05:28 gw kernel: [33263.535679] mkiss: ax2: truncating oversized transmit packet!
Dec  2 17:05:28 gw kernel: [33263.537071] mkiss: ax2: truncating oversized transmit packet!
Dec  2 17:05:28 gw kernel: [33263.538409] mkiss: ax2: truncating oversized transmit packet!

The main issue was that i set the mtu of ax2 to 128. I do not know why, but just don`t do it. 🙂

ax2       Link encap:AMPR AX.25  HWaddr PI1LAP-3
          inet addr:44.137.31.73  Bcast:44.137.31.95  Mask:255.255.255.224
          UP BROADCAST RUNNING  MTU:128  Metric:1
          RX packets:1267 errors:0 dropped:0 overruns:0 frame:0
          TX packets:198 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10
          RX bytes:253763 (247.8 KiB)  TX bytes:4538 (4.4 KiB)

This is the code that generates this error. (mkiss.c)

 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */
// translation of above: if data size of frame is GREATER than the 
// allowed MTU of ax25, generate the printk (print kernel error) below.
 - len = ax->mtu;
 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n",
 ax->dev->name);
 dev->stats.tx_dropped++;
 netif_start_queue(dev);

Brian n1uro had this to say about it

It looks like this isn't a bug but a config issue on your end if I'm
reading their code correctly. You're trying to squeeze 100 litres of
water/minute through a hose that can only handle 50 litres/min so it's
telling you that it's fragmenting your frames to fit the proper MTU.

So just set your mtu to 256.

root@gw:/etc/ax25# cat axports
ax2     PI1LAP-3        19200   256     4       BBS pi8lap

 

Fpac issues.

Posted onAuthorPD9QLeave a comment

Brian n1uro wrote in the news group that he had problems with “ifconfig rose0 down”. Now I have also experienced this problem. And even a “kernel panic” with fpac.

First the piece of Brian n1uro.

If you run rose and try to "ifconfig rose0 down" or if you try to remove
the module:

Nov 27 23:18:10 n1uro kernel: [398645.598318] unregister_netdevice:
waiting for rose0 to become free. Usage count = 556
Nov 27 23:18:20 n1uro kernel: [398655.836006] unregister_netdevice:
waiting for rose0 to become free. Usage count = 556
Nov 27 23:18:30 n1uro kernel: [398666.073800] unregister_netdevice:
waiting for rose0 to become free. Usage count = 556
Nov 27 23:18:41 n1uro kernel: [398676.311558] unregister_netdevice:
waiting for rose0 to become free. Usage count = 556
^Cn1uro@n1uro:~$

The kernel goes into an endless loop every 10 seconds. This began in 3.x
series kernels. On 4.2=< it tends to panic.

“ifconfig rose0 down” seems to work. But if you try again a “rsattach” you will see that he takes “rose1”. Try it against “mobprobe -r rose” and you immediately get an “unregister_netdevice”. Fairly annoying.

Here we come to the “kernel panic”. After starting and stopping fpac, it means that the rose0 interface has not been released. If you then make a rose connection from uronode to fpac you get a “kernel panic”

pd2lt@uro.pd2lt.ampr.org-IPv6: fpac
Trying pi1lap-6 @ 2040330113... <Enter> aborts.

Message from syslogd@gw at Nov 28 15:40:33 ...
 kernel:[121671.208449] Oops: 0000 [#1] SMP

Message from syslogd@gw at Nov 28 15:40:33 ...
 kernel:[121671.211078] Process fpacwpd (pid: 5892, ti=f580a000 task=f4df7ae0 task.ti=f4f7e000)

Message from syslogd@gw at Nov 28 15:40:33 ...
 kernel:[121671.211207] Stack:

Message from syslogd@gw at Nov 28 15:40:33 ...
 kernel:[121671.211780] Call Trace:

Message from syslogd@gw at Nov 28 15:40:33 ...
 kernel:[121671.212007]  <IRQ>

After stopping and starting fpac, syslog / user.log is fully spammed. It was even so bad that I got an email from my system in one day that the disk was full. Helppppppp ….. panic

Syslog and user.log were a few gigabytes in size.

Nov 29 14:37:43 gw fpad: accept error Invalid argument
Nov 29 14:37:43 gw fpad: accept error Invalid argument
Nov 29 14:37:43 gw fpad: accept error Invalid argument
Nov 29 14:37:43 gw fpad: accept error Invalid argument
Nov 29 14:37:43 gw rsyslogd-2177: imuxsock lost 884 messages from pid 5960 due to rate-limiting
Nov 29 14:37:43 gw fpacroute: FPAC fpacroute accept error Invalid argument
Nov 29 14:37:43 gw fpad: accept error Invalid argument
Nov 29 14:37:43 gw fpad: accept error Invalid argument
Nov 29 14:37:43 gw fpad: accept error Invalid argument
Nov 29 14:37:43 gw fpacroute: FPAC fpacroute accept error Invalid argument
Nov 29 14:37:43 gw fpacroute: FPAC fpacroute accept error Invalid argument
Nov 29 14:37:43 gw fpacroute: FPAC fpacroute accept error Invalid argument
Nov 29 14:37:43 gw fpacroute: FPAC fpacroute accept error Invalid argument
Nov 29 14:37:43 gw fpacroute: FPAC fpacroute accept error Invalid argument
Nov 29 14:37:43 gw fpacroute: FPAC fpacroute accept error Invalid argument
Nov 29 14:37:43 gw fpacroute: FPAC fpacroute accept error Invalid argument

So do not stop fpac en restart it again. Reboot the system to free the rose interface. Unfortunately