Category Archives: gentoo

OpenVPN setup with mysql auth and ssl port sharing

So, I decided it was time to prevent some firewalls from blocking my connection to openvpn.
Here’s what I did to share port 443 ( which I already had an apache listening on ) with openvpn !

# Make apache Listen on port 4545 and replace all VirtualHost directives to use that.
emerge net-misc/openvpn app-crypt/easy-rsa sys-auth/pam_mysql
cp -prv /usr/share/easy-rsa ~
cd ~/easy-rsa
cp vars{,.orig}
cat >> vars << _EOF_
export EASY_RSA="`pwd`"
export KEY_DIR="$EASY_RSA/keys"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
export KEY_SIZE=4096
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="US"
export KEY_PROVINCE="FL"
export KEY_CITY="Miami"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="master@myhost.domain"
export KEY_CN=changeme # Common Name (eg, your name or your server's hostname) 
export KEY_NAME=changeme # Name
export KEY_OU=changeme # Organizational Unit Name (eg, section)
_EOF_
source ./vars
./clean_all
./build-ca
./build-key-server server
./build-dh
openvpn --genkey --secret /root/easy-rsa/keys/ta.key
mkdir -p /etc/openvpn/certs
cp -pv ~/easy-rsa/keys/{ca.crt,ca.key,server.crt,server.key,ta.key,dh4096.pem} /etc/openvpn/certs/

cat >> /etc/openvpn/openvpn.conf << _EOF_
dev tun
# use udp .. it performs alot better, this tutorial just uses tcp because it is sharing the port with apache !
proto tcp
local 203.0.113.10 # replace with the ip you want it listening instead of 0.0.0.0
port 443
port-share 127.0.0.1 4545
keepalive 10 120
comp-lzo
user nobody
group nobody
server 192.168.7.0 255.255.255.0
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/server.crt
key /etc/openvpn/certs/server.key
dh /etc/openvpn/certs/dh2048.pem
tls-auth /etc/openvpn/certs/ta.key
#tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA # bettercrypto.org
tls-version-min 1.2 # you can try use tls-cipher see if everything is ok for you, if not, try this.
cipher AES-256-CBC
auth SHA384
verb 5
_EOF_

sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/' /etc/sysctl.conf
sysctl -p
rc-update add openvpn default
/etc/init.d/apache2 restart
/etc/init.d/openvpn restart

# now for the client part, give him this one file
./build-key-pass client
cat >> ~/client.ovpn << _EOF_
client
remote 203.0.113.10
dev tun
# set udp here too if you decided to use that!
proto tcp
port 443
cipher AES-256-CBC
comp-lzo yes
nobind
auth-nocache
script-security 2
persist-key
persist-tun
auth sha384

<ca>
$(cat ~/easy-rsa/keys/ca.crt)
</ca>

<cert>
$(cat ~/easy-rsa/keys/client.crt)
</cert>

<key>
$(cat ~/easy-rsa/keys/client.key)
</key>

<tls-auth>
$(cat ~/easy-rsa/keys/ta.key)
</tls-auth>
_EOF_

Gentoo apache 2.4 and Google’s mod_pagespeed

Here’s how you can get mod_pagespeed on your gentoo box running apache 2.4

emerge rpm
mkdir ~/src
wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm -O ~/src/mod-pagespeed-stable_current_x86_64.rpm  
cd ~/src
cpio ~/src/mod-pagespeed-stable_current_x86_64.rpm | cpio -idmv
cp ~/src/usr/lib64/httpd/modules/mod_pagespeed_ap24.so /usr/lib64/apache2/modules/
cp ~/src/etc/httpd/conf.d/pagespeed.conf /etc/apache2/modules.d/80_mod_pagespeed.conf
cp ~/src/etc/httpd/conf.d/pagespeed_libraries.conf /etc/apache2/modules.d/
mkdir /var/cache/mod_pagespeed/ -p
chown -R apache:apache /var/cache/mod_pagespeed/
# You'll need to have mod_version installed or you'll have to manually set the LoadModule to use the 24.so one.
# You'll also have to replace /usr/lib64/httpd with /usr/lib64/apache2
sed -i 's/\/usr\/lib64\/httpd/\/usr\/lib64\/apache2/' /etc/apache2/modules.d/80_mod_pagespeed.conf 
# Replace the Order and Allow lines with 'Require all granted'
/etc/init.d/apache2 restart

Many thanks go to tantruminv.comfor providing the initial info.

Installing Oracle’s JRE in gentoo

It’s as simple as this:

echo '>=dev-java/oracle-jre-bin-1.7.0.65:1.7 Oracle-BCLA-JavaSE' >> /etc/portage/package.license

wget --no-cookies --no-check-certificate --header "Cookie: oraclelicense=accept-securebackup-cookie" "https://download.oracle.com/otn-pub/java/jdk/7u65-b17/jre-7u65-linux-x64.tar.gz"

mv jre-7u65-linux-x64.tar.gz /usr/portage/distfiles

emerge =dev-java/oracle-jre-bin-1.7.0.65

java-config --list-available-vms # to see the VMS installed

java-config --set-system-vm oracle-jre-bin-1.7

You might have to update the link and version number since it might ( and will probably ) change since I wrote this post.

youtube-dl and ffmpeg volume raise

So .. I’ve been wanting to see some youtube tuts/audio offline while I comute ..

But the volume is pretty low, either from the video .. or my android tablet .. and I know I can raise the volume from the DSP Manager but I don’t want to need to change it back again for other videos ..

Here’s how I did it on my gentoo system.

# you might want to unmask a newer version
# echo '<=net-misc/youtube-dl-2014.10.18 ~amd64' >> /etc/portage/package.keywords
emerge youtube-dl
# Here's how you get the mp3 only version
youtube-dl https://www.youtube.com/watch?v=QzQkpCX5pMU -x --audio-format mp3
#other help
youtube-dl --help

This is the easy part !
Now, you probably want to raise the volume a lil’ bit ..

ffmpeg -i file.mp3 -vol 400 output.mp3
# 256 is normal, if you use 512 then it will double the volume.
# you can't use -acodec copy because -acodec copy and -vol are incompatible (frames are not decoded)