PC.2:

[root@pc.2]$ ./netserver -4

Starting netserver at port 12865

Starting netserver at hostname 0.0.0.0 port 12865 and family AF_INET

[root@pc.2]$

PC.1:

[root@pc.1]$ ./netperf -f M –l 120 -H 172.168.1.3

TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 172.168.1.3 (172.168.1.3) port 0 AF_INET

Recv   Send    Send

Socket Socket  Message  Elapsed

Size   Size    Size     Time     Throughput

bytes  bytes   bytes    secs.    MBytes/sec

87380  65535  65535    120.00      49.91

[root@pc.1]$

This is a very common error and will cause the vpn not to come up. This basically means that this end of the vpn (where the log is) has received a request to handshake an ipsec vpn connection, but as far as this end of the link is concerned its not expecting a vpn connection from the ip address x.x.x.x and so ignores it.

If the ip address is the one you are expecting it from then you should check the ipsec.conf file and the ipsec.secrets file.

/etc/ipsec.conf

config setup

interfaces=%defaultroute

klipsdebug=none

plutodebug=none

plutoload=%search

plutostart=%search

uniqueids=yes

nat_traversal=yes

virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.2.0/255.255.255.0,%v4:\

!10.11.100.0/255.255.255.0,%v4:!192.168.4.0/255.255.255.0,%v4:!192.168.3.0/255.255.255.0,%v4:!192.168.0.0/255.255.255.0

conn %default

keyingtries=0

disablearrivalcheck=no

http://linuxconfig.org/VPN_-_Virtual_Private_Network_and_OpenVPN

1. SWAP
2. File System
3. RAW

NBD presents a remote resource as local resource to the client. Also, NBD driver makes a remote resource look like a local device in Linux, allowing a cheap and safe real-time mirror to be constructed.
You can also use remote machine storage area as local machine swap area using NBD.

To setup the NBD based file system, we need a nbd-server (on remote machine, where we like to access/create the content) and nbd-client (on local machine, where we like to access the remote storage device locally).

I. NBD Server Side Configuration Steps

1. Install nbd-server

If you working on Debian flavor, get the nbd-server through apt-get.

# apt-get install nbd-server

2. Create a file content

Create a file using dd as shown below.

# dd if=/dev/zero of=/mnt/dhini bs=1024 count=36000

Use mke2fs to make the /mnt/dhini as a filesystem.

# mke2fs /mnt/dhini

When you try to make /mnt/dhini as ext2 file system, you may get a warning message as show below. Press y to continue.

/mnt/dhini is not a block special device.
Proceed anyway? (y,n) y

3. Start the NBD Server Daemon

Syntax: nbd-server  port-number   filename/filesystem

# nbd-server 1043 /mnt/dhini

You can also run the nbd-server on multiple ports as shown below.

# nbd-server 1043 1077 1076 /mnt/dhini

You can also specify the timeout to make the server to run N idle seconds

II. NBD Client Side Configuration Steps

Perform the following steps in the client machine, where you like to access the remote storage device.

1. Install nbd-client

If you working on debian flavor, get the nbd-client through apt-get.

# apt-get install nbd-client

2. Using nbd-client create a filesystem on client machine

Syntax: nbd-client  server-ip  server-port#  filename/filesystem

# nbd-client 192.168.1.11 1043 /mnt/dhini

Starting NBD client process: Connecting...Negotiation: ..size = 36000KB
bs=1024, sz=36000
connected /mnt/dhini
Activating...
fsck 1.39-WIP (31-Dec-2005)
/mnt/dhini: Superblock last write time is in the future.  FIXED.
/mnt/dhini has gone 49710 days without being checked, check forced.
/mnt/dhini: |===============================| 56.0%
/mnt/dhini: |===============================| 100.0%

Once it gets to 100%, you will get the block device on your local macine on the same path.

$ls -lh /mnt/dhini
brw-r--r-- 1 root root 43, 0 2009-02-05 17:31 /mnt/dhini

If you face any issues during the NBD configuration process, you may also configure the nbd-server and nbd-client through dpkg-reconfigure.

III. Mount the File System on Client-side

# mkdir /rem_space
# mount /mnt/dhini /rem_space

Once mounted, you may get the directory with “lost+found”. You can start accessing the files and directories properly from this point.

IV. Get Client Changes on Server-side

Mount the nbd filesystem locally

# mount  -o loop /mnt/dhini /client_changes

If you are not using “-o loop” option, you may get the following error:

mount: /mnt/dhini is not a block device (maybe try `-o loop'?)

When you list the /client_changes, You will get all the client created files and directories properly.

V. Access Remote Storage as Local Swap Memory Area

Configuration On Server side:

1. Create a file

# dd if=/dev/zero of=/mnt/dhini bs=1024 count=16000

2. Instead of create a file in ext2 filesystem create it as swap file, using mkswap

# mkswap /mnt/dhini

3. Run the server daemon

# nbd-server 1043 /mnt/dhini

Configuration On Client side:

1. Get the filesystem as swap area

# nbd-client 192.168.1.11 1043 -swap  /mnt/dhini

2. Cross check using “cat /proc/swaps “. This will list the swap areas

$ cat /proc/swaps
Filename    Type       Size      Used    Priority
/dev/hda4   partition  650624     57732  -1
/mnt/dhini  partition  15992    0        -4

If you’re reading this, then you likely need to connect to your office network from home or during travel. Many companies utilize Cisco 3000 VPN concentrators for their VPN needs, and I am willing to bet that most Linux newbies think that they are forced to use Windows to connect to them. Well, this document informs you that connecting to a Cisco VPN is very possible and will hopefully enable you to setup a working tunnel using your Gentoo workstation or laptop.

• A guide to the basic workings of vpnc
• A discussion of DNS and routing issues that relate to VPNs
• Examples of managing VPN sessions
• Useful tips and tricks (hopefully)

• An in-depth guide to VPN/encryption technologies
• A feature by feature explanation of vpnc

The assumptions made at this point are:

• You have Gentoo installed
• You have Internet access
• You want to connect to a Cisco 3000 VPN concentrator
• You know how to configure, build, and install a new kernel

2.  Kernel Configuration

In order for Linux to be able to open a VPN connection Universal TUN/TAP device driver support must be enabled in the kernel. What is it and why do you need it? Below is a relatively straight forward explanation from the kernel configuration dialog:

TUN/TAP provides packet reception and transmission for user space
programs. It can be viewed as a simple Point-to-Point or Ethernet
device, which instead of receiving packets from a physical media,
receives them from user space program and instead of sending packets
via physical media writes them to the user space program.

When a program opens /dev/net/tun, driver creates and registers
corresponding net device tunX or tapX. After a program closed above
devices, driver will automatically delete tunXX or tapXX device and
all routes corresponding to it.

You can verify yourself if your kernel has TUN/TAP support with the following command:

#  grep "TUN" /usr/src/linux/.config
CONFIG_INET_TUNNEL=m
# CONFIG_INET6_TUNNEL is not set
# CONFIG_IPV6_TUNNEL is not set
(TUN/TAP enabled as a module)
CONFIG_TUN=m
# CONFIG_8139TOO_TUNE_TWISTER is not set

As you can see above, CONFIG_TUN=m is compiled as a module. If it is disabled in your setup, enable it in your kernel of choice, rebuild, install, reboot and return to this document before continuing with the next steps.

Device Drivers  --->
  Network device support  --->
    [*] Universal TUN/TAP device driver support

If you built TUN/TAP support directly into the kernel, you should see information from dmesg output like the following:

# dmesg | grep TUN
Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky

If you build TUN/TAP support as a module, you first must load the tun module:

# modprobe tun
# lsmod
Module                  Size  Used by
tun                     7296  0

Now that the tun module is loaded, check dmesg output. You should see something like the following:

# dmesg | grep TUN
Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky

3.  Install Needed Software

Now that you have a working kernel setup, you need to install net-misc/vpnc:

# emerge -av net-misc/vpnc

4.  Example Setup

In order to make the following sections more clear, we need an example setup to work from. For the purposes of this exercise, we will assume that you have a home network of several computers. All computers are on the 192.168.0.0 / 255.255.255.0 network. The LAN in question is run by a Gentoo box using an iptables firewall, DHCP, caching DNS, etc … and it masquerades the LAN behind the public IP address it receives from an ISP. You also have a workstation on the LAN from which you want to be able to VPN into your office with.

Our example workstation configuration looks like the following:

(Name server configuration)
# cat /etc/resolv.conf
nameserver      192.168.0.1

(Network configuration)
# cat /etc/hosts
127.0.0.1       desktop localhost
192.168.0.1     router
192.168.2.2     mediacenter

(Interface configuration)
# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:11:2F:8D:08:08
          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::211:2fff:fe8d:808/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3657889 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2305893 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2193722103 (2092.0 Mb)  TX bytes:1415104432 (1349.5 Mb)
          Interrupt:185 Memory:fac00000-0

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:35510 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35510 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:16023838 (15.2 Mb)  TX bytes:16023838 (15.2 Mb)

(Routing information)
# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     *               255.255.255.0   U         0 0          0 eth0
loopback        desktop         255.0.0.0       UG        0 0          0 lo
default         router          0.0.0.0         UG        0 0          0 eth0

5.  Configuring vpnc

Now that you have vpnc installed and we have an example to work from, let’s discuss the basics of setting up vpnc. The configuration file for vpnc connection settings can be located in a couple places, depending on how many profiles you want to setup. By default, vpnc looks first for /etc/vpnc/default.conf for its connection settings. If it doesn’t find that file, then it looks for /etc/vpnc.conf. This setup will only address a single profile example and will use the configuration file location/etc/vpnc.conf. Make sure you do not have a /etc/vpnc/default.conf file.

IPSec gateway vpngateway.domain.org
IPSec ID group_id
IPSec secret group_password
Xauth username network_signon
Xauth password network_password

The configuration file example above should be modified to reflect the appropriate values for your setup. The gateway optionvpngateway.domain.org can be a fully qualified domain name or an IP address. The ID and secret options should be given to you by a network administrator. If you cannot obtain this information but you currently have a working setup on a Windows box which utilizes the official Cisco VPN client, then all you have to do is export your profile. The user name and password options are for your normal network sign-on, such as a Windows NT domain account.

If you are forced to export your profile from a Windows machine, then what you will likely have is a file ending in .pcf. This file will have all the information you need. Below is an example:

[main]
Description=
Host=VPNGATEWAY.DOMAIN.ORG
AuthType=1
GroupName=group_id
GroupPwd=
enc_GroupPwd=F3256220AA200A1D532556024F4F314B0388D48B0FBF2DB12
EnableISPConnect=0
ISPConnectType=0
ISPConnect=FOOBAR
ISPCommand=
Username=
SaveUserPassword=0
UserPassword=
enc_UserPassword=
NTDomain=
EnableBackup=0
BackupServer=
EnableMSLogon=1
MSLogonType=0
EnableNat=1
TunnelingMode=0
TcpTunnelingPort=10000
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
SendCertChain=0
VerifyCertDN=
DHGroup=2
ForceKeepAlives=0
PeerTimeout=90
EnableLocalLAN=0
EnableSplitDNS=1
ForceNetLogin=0

In the above example, we can see entries for Host, GroupName and enc_GroupPwd. Your Username and UserPasswordmay or may not be exported depending on the setup. To generate a working vpnc configuration out of it, you can usepcf2vpnc, included with vpnc.

Now that you have a configuration in place, it’s time to test your setup. To start vpnc you do the following:

# vpnc
Enter password for username@vpngateway.domain.org:
VPNC started in background (pid: 14788)...

As you can see from the above command output, once you type vpnc (as root), you are prompted for your password. After entering your password, which will not be echoed back to you, the vpnc process will automatically become a background process.

#  ifconfig -a
eth1      Link encap:Ethernet  HWaddr 00:11:2F:8D:08:08
          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::211:2fff:fe8d:808/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2101119 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1577559 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1757862627 (1676.4 Mb)  TX bytes:732200131 (698.2 Mb)
          Interrupt:177 Memory:faa00000-0

sit0      Link encap:IPv6-in-IPv4
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.160.42  P-t-P:192.168.160.42  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1412  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:60 (60.0 b)  TX bytes:616 (616.0 b)

# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
vpn01.domain.or router          255.255.255.255 UGH    1500 0          0 eth1
192.168.0.0     *               255.255.255.0   U         0 0          0 eth1
loopback        desktop         255.0.0.0       UG        0 0          0 lo
default         *               0.0.0.0         U         0 0          0 tun0

As you can see from the above command output(s), vpnc has done the following:

• Created the tun0 network interface, a virtual interface to handle the traffic across your VPN tunnel
• Obtained the IP address for the tun0 device from your VPN provider
• Set the default route to your VPN gateway

At this point, your workstation is capable of communicating with hosts via the VPN. Because vpnc sets your default route to your VPN gateway, all network traffic will travel across the VPN, even if it destined for the Internet or elsewhere not specifically specified by additional routes. For some, this basic type of connection may be satisfactory, but for most, additional steps need to be taken.

Additional things you might want to have:

• DNS for the VPN
• A routing setup that will only send traffic destined for the VPN down the virtual tunnel. This way, you can browse the Internet while connected to the VPN, without your personal web/p2p etc. traffic going across the tunnel.
• A script to manage all this, because vpnc just doesn’t do enough by default.

When you are ready to end the VPN session, execute vpnc-disconnect. An example is shown below.

# vpnc-disconnect
Terminating vpnc daemon (pid: 26250)

6.  Set up DNS

Unfortunately, vpnc doesn’t handle the setup and management of DNS for your newly established tunnel. The user is left to decide how DNS should be handled. You could just overwrite /etc/resolv.conf when you connect, but that would utilize your VPN DNS for all DNS queries regardless of whether or not the traffic is destined for your VPN tunnel. This is a very functional solution and if you simply need to connect to the tunnel, do your work, and then disconnect, read no further. But, if you want to be able to leave your tunnel connected for lengthy periods of time and don’t want your work DNS servers handling requests for your personal traffic, read on.

The ideal setup would allow you to separate your DNS queries into two categories: VPN-related and other. Under this setup, all VPN-related DNS queries would be answered by DNS servers located at the other end of your VPN tunnel and all other queries would continue to be answered by local or ISP supplied DNS servers. This is the setup that will be demonstrated here.

So how do you set things up, so that only requests made to hosts on the example.org domain get sent to VPN supplied DNS servers? Well, you’re going to need to install a local DNS server, but don’t worry, it’s much easier than you think. There are several software packages that can handle the type of setup we desire, but for the purposes of this demonstration, dnsmasqwill be utilized. Let’s emerge it now:

# emerge dnsmasq

Now you need to add an option to your dnsmasq startup options. Edit the following option to suit your needs. Substitute .example.org with the appropriate domain and the IP address with a valid DNS server that belongs to the VPN tunnel.

Config file for /etc/init.d/dnsmasq

# See the dnsmasq(8) man page for possible options to put here.
DNSMASQ_OPTS="-S /.example.org/192.168.125.10"

Next, make sure that the first entry in /etc/resolv.conf is your local host 127.0.0.1, followed by the location of the backup DNS servers that should handle the DNS traffic in case dnsmasq fails to start, or if it needs to forward a DNS query it doesn’t currently have in its cache. An example /etc/resolv.conf is shown below.

nameserver 127.0.0.1
nameserver 192.168.0.1

Now that you have setup a rule for your VPN tunnel DNS, you need to start dnsmasq.

# /etc/init.d/dnsmasq start
# rc-update add dnsmasq default

7.  Configuring the routing table

The ideal scenario would be if only the traffic destined for VPN tunnel would travel across the link. At this point, you have a VPN tunnel setup and all traffic will travel across the tunnel, unless you specify additional routes. In order to fix this situation you need to know what networks are available to you on your VPN. The easiest way to find out the needed information is to ask a network administrator, but sometimes they are reluctant to answer such questions. If your local network admin won’t provide the needed information, some trial and error experiments will be required.

When the VPN tunnel was started, vpnc set the default route to the tunnel. So you must set your default route back to normal, so that things work as expected.

# route add default gw 192.168.0.1

Earlier, when DNS services were being configured for your VPN, you specified a DNS server to handle your example.org domain. You need to add a route for the 192.168.125.0 subnet so that DNS queries will work.

# route add -net 192.168.125.0 netmask 255.255.255.0 dev tun0

At this point, you should add any additional routes for known networks (such as for the subnet 192.168.160.0, which includes the IP address received by the TUN/TAP virtual device). If your friendly network administrator gave you the required info, great. Otherwise, you might need to ping hosts you will be connecting to frequently, to give yourself an idea about what your routing table should look like.

# ping intranet1.example.org
PING intranet1.example.org (172.25.230.29) 56(84) bytes of data.

--- intranet1.example.org ping statistics ---
18 packets transmitted, 0 received, 100% packet loss, time 16997ms

As you can see from the above example, the ping probes to intranet1.example.org were unsuccessful. So we need to add a route for that subnet.

# route add -net 172.25.230.0 netmask 255.255.255.0 dev tun0

A few ping and route commands later, you should be well on your way to a well working routing table.

8.  Manage the connection

Next is an example script to manage the VPN connection. You could execute it (as root) from an xterm to start a connection to your VPN. Then all you have to do is press return to disconnect the VPN. Obviously you will need to modify this for your setup, remembering to add all the additional routes that you may need.

#!/bin/bash

source /sbin/functions.sh

ebegin "Connecting to the VPN"
vpnc
eend

ebegin "Modifying the routing table"
route add default gw 192.168.0.1
route add -net 172.25.230.0 netmask 255.255.255.0 dev tun0
route add -net 192.168.160.0 netmask 255.255.255.0 dev tun0
route add -net 192.168.125.0 netmask 255.255.255.0 dev tun0
eend

einfo "Press any key to disconnect ..."

read $disconnect

ebegin "Disconnecting from the VPN"
vpnc-disconnect
eend
ebegin "Reconfiguring the default routing table"
route add default gw 192.168.0.1
eend

einfo "VPN should now be disconnected"

Version 0.4.0-r1 of vpnc contains an init script (/etc/init.d/vpnc) which can handle multiple configurations. The default script looks for /etc/vpnc/vpnc.conf, but as many configurations as can be imagined are possible. Before and after shutdown and start-up custom-made scripts can be executed that are connected by their name to the corresponding init script (since version 0.5.1-r1). Their names end in -preup.sh, -postup.sh, -predown.sh and -postdown.sh, stored in the/etc/init.d/scripts.d/ directory. The general naming scheme is sketched in the following table.

Add vpnc to default runlevel with the following commands (in this case for the standard configuration). Don’t forget to add the tun module (if you have built it that way) to the kernels autoload mechanism at startup.

# rc-update add vpnc default

If you don’t want to save your password in the configuration file, you can tell the init script to show all output and prompts on standard output by editing /etc/conf.d/vpnc. Set the variable VPNCOUTPUT to yes or no, where its default is to not display screen output.

9.  Tips and Tricks

If you are looking for a Linux application that supports RDP (Remote Desktop Protocol) then give grdesktop a try. It’s a GUI app written in GTK+ that fits in well with a Gnome desktop, but doesn’t require it. If you don’t want the GUI configuration dialogs that grdesktop provides, then just install rdesktop. Ultimately, grdesktop is just a frontend for rdesktop.

If you are a KDE user, you might want to try kvpnc. It a appears to be a very mature VPN management GUI.

If you need to connect to a Windows machine which doesn’t have a DNS entry, and you know the address of an available WINS server, you can use a tool called nmblookup to query the WINS server for the host name of the machine you want to connect to. Unfortunately, you have to install samba to get it, but if you are going to be working with boxes running Windows you might as well want to install samba, because it includes several other useful tools.

# emerge -av samba

When you have samba and its tools installed, test nmblookup by asking the WINS server at IP address 192.168.125.11 about a host named wintelbox1.

# nmblookup -U 192.168.125.11 -R 'wintelbox1'
querying wintelbox1 on 192.168.125.11
172.25.230.76 wintelbox1

The custom-made scripts for the init.d file can be used to setup a user-defined routing for the vpnc connection. The examples below show how to setup the routing table so that only connections to 123.234.x.x are routed over the VPN and all other connections use the default gateway. The example uses work-preup.sh to save the current default gateway before starting vpnc (which resets the default gateway using the VPN connection). Once vpnc has been started, work-postup.shdeletes this new default gateway, restores the old default gateway and sets the route for all connections to 123.234.x.x to use the vpnc connection.

#!/bin/sh
route -n | grep -E '^0.0.0.0 ' | cut -c 17-32 >/var/tmp/defaultgw

#!/bin/sh
route del -net 0.0.0.0 netmask 0.0.0.0 dev tun1
route add default gw $(cat /var/tmp/defaultgw)
route add -net 123.234.0.0 netmask 255.255.0.0 dev tun1

The example scripts assume that the vpnc connection uses tun1 as tun device. You can set the device name in the connection’s configuration file.

Interface name tun1
IPSec gateway vpn.mywork.com
Pidfile /var/run/vpnc.work.pid

10.  Useful Links

• vpnc homepage
• kvpnc homepage
• grdesktop homepage

11.  Final Notes

Hopefully by now you have been able to connect to your VPN of choice and are well on your way to remote office work. Feel free to file a bug at bugs.gentoo.org should you find a mistake or wish to make an addition or recommendation regarding this document.

# date 0412131627

Now set correct date with ntp client:

# ntpdate -v -b in.pool.ntp.org

13 Dec 16:27:50 ntpdate[997]: ntpdate 4.2.0-a Thu Nov 3 07:34:22 UTC 2005 (1)
25 Jan 12:35:47 ntpdate[997]: step time server 61.246.176.131 offset 35237275.965726 sec

You can verify that correct data is setup:

# date

Output:

Wed Jan 25 12:36:21 IST 2006

Enable date and time/ clock Synchronization at boot time

You need to set ntpdate via /etc/rc.local file.

# vi /etc/rc.conf

Append following line to it:
ntpdate_enable="YES"
ntpdate_hosts="asia.pool.ntp.org"
Save and close the file. Make sure you have correct ntpdate_hosts server entry.

sudo apt-get update
sudo apt-get install ibus-unikey

2. Install languages

2.1 System – Administrator – Language Support-> Vietnamese

2.2 in tab Language -> Keyboard Input Method->iBus

2.3 Restart X ( Ctrl+Atl+ Backspace or log out and login again). you will see iBus icon on Panel.

3. Configure iBus

3.1 Click on iBus->Preference -> Input Method -> Vietnamese-Unikey ->Add -> OK

3.2 Select and edit area and press Ctrl + Space, you will see the input method change

3.4 Default is Telex for Vietnamese

3.5 If you want change to Vni: iBus->Preference-> General->Show language panel -> Always.

and anytime you enable ibus-unikey, you will see at right conner panel to choose.

export LD_LIBRARY_PATH=/lib:/usr/lib

Another solution is patched to openSSL itself.

— openssl-0.9.8i/Makefile.shared      2009-12-16 00:27:33.667686278 -0500
+++ openssl-0.9.8i.fixed/Makefile.shared        2009-12-15 23:35:17.035659855 -0500
@@ -94,7 +94,7 @@
LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep ‘^ *-L’ > /dev/null 2>&1; then echo $$x | sed -e ‘s/^ *-L//’; fi; done | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e ‘s/ /:/g’`; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-    $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
+    $${LDCMD} $${LDFLAGS} -Wl,-EB -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )

LINK_SO=       \
( $(SET_X);   \