May 9, 2013

hg serve multiple projects

To use "hg serve" to serve multiple project internally (with your LAN). Create a file named webconf (it can be any name) with the following content:



[collections]
repos/ = .

[extensions]
hgext.highlight=

[web]
allow_push = *
push_ssl = false
pygments_style = vs
style = gitweb


Then in system start up run this:

cd your_hg_directory && sudo -u your-name hg serve --web-conf ./webconf


I like the "gitweb" style because it gives you date on files. The default style is "paper". Other styles can be:

atom
coal
gitweb
monoblue
paper
raw
rss
spartan

May 8, 2013

shrew vpn masquerade on Linux

Once your have your VPN client running on a Linux box, sometimes you would like to share that link with that machines on your LAN (either physical LAN or virtual LAN such as Virtual Machines).

Because shrew uses the kernel IPsec VPN, the iptables masquerade rule does not work on the virtual tap0 interface. There does not seem to exist an easy fix.

The work around I have is to install a linux virtual machine (virtualbox) on the host, which has two NICs, one is NAT, the other one is bridging. Then run iptables masquerade on the virtual Linux, taking traffic from the bridged NIC, and send it out to the NATed NIC. On the host, since virtualbox behaves just like any other application, it is able to access all the VPNed network resources. Bingo!

It works well here. Let me know your thoughts.

shrew vpn client on Linux for Cisco Concentrator

To talk to a Cisco VPN Concentrator, one can use "vpnc" or "shrew vpn client".

My vpnc only stays up for a few hours, while on Windows the Cisco VPN client can stay up for days. So I wanted to give shrew a try.

Shrew can import Cisco .pcf configuration file. After that, a connection entry is created. However, you probably will need to modify the profile for it to work. On the "qikea" window, right click on the profile, then "Modify", go to tab "Phase 2" and make your choices instead of auto. For example, try change PFS Group to "2". This worked for many people.

If you are interested, you can try to use the tool "ike-scan" to probe your vpn server and find out exactly the parameters for this tab.

That solved my problem.

The following screenshot is a Windows screenshot, but the Linux one is very similar.

VPN Setting

I got the this tip from the following post:
http://www.rhyous.com/2009/10/29/windows-7-64-bit-vpn-client-shrewsoft/