Virtual Machine

OpenVPN in VirtualBox

Send to Kindle

There are a number of reasons why you might want to run a VPN on your laptop. The most obvious is that you have to, in order to access files back at the office. Two other likely reasons are security (you are in a public place, and want to encrypt all traffic) and unfettered access (your provider is blocking certain ports or services).

I’ve been interested in implementing a VPN for a while now, but haven’t had any real need, nor tons of copious free time. On Friday, I was informed that one of my portfolio companies had installed OpenVPN and I was welcome to install a client and test it.

I am running Windows Vista Ultimate x64 (the x64 sometimes being problematic with certain software). It turns out that the latest release candidate for OpenVPN has full Windows x64 support, so that wasn’t going to be an issue.

I installed the software, edited the configuration files that the office sent me, fired it up, and it worked the first time. Cool. I tested a few things, including accessing hosts that I wouldn’t be able to see unless I was in the office, and it all seemed to work correctly.

Then I hit a small snag. I tried to fire up my fat-client brokerage application. It behaved as if I didn’t have a network connection, or more accurately, like it couldn’t find the server it wanted to home to. I suspect that this could be something as simple as whether the office itself is set up to route out this type of app/port/protocol through the VPN (I know for a fact that this specific app works when I am in the office).

I also suspect that other fat clients, like a Poker app, might have similar troubles. That got me thinking about the additional use cases beyond just needing access to files/apps/machines in the office.

I fired up VirtualBox, specifically with my new favorite Sidux distribution. I tried to install openvpn from the repo, but it wasn’t found. A Google search said that openvpn is included in Debian itself (which Sidux is based on), so I was temporarily puzzled. I had the following line in my sources:

deb http://ftp.us.debian.org/debian/ sid main

I added another line, identical to the one above, substituting de for us. Presto, openvpn was found, and installed smoothly.

I copied over the same config files from my Windows directory, fired up OpenVPN, and was connected to the office again. This time though, in a pretty cool configuration. Everything in Linux (Sidux), was routed through the VPN. Everything in Windows, was routed normally though my FiOS connection.

If I wanted access to something on the corporate lan, use the browser in Sidux. The brokerage app just worked as normal, as it was unaware of the VPN. On a number of levels, this is the best of both worlds.

Of course, I already summarized situations when you may want/need the full VPN, for the entire machine, or when this use case might be better. If you’re in a public hotspot, and want everything encrypted, even your personal surfing, the Windows-level VPN makes sense.

If you’re in a client’s office, and can’t connect to an odd port on your home server (e.g., you have an application running at http://www.mycompany.com:8765/) which is blocked by your client’s firewall, then you fire up the VPN in the VM, and use that browser, while not disturbing the rest of the applications on your desktop.

This also gave me the idea that since putting Linux on a USB stick is so trivial (see this post about multi-boot USB), it would be simple to have a bootable USB stick, with the OpenVPN client on it (password-protected, of course), that would allow you to boot off any PC/laptop as if you’re in the office, or without leaving any trace on the host PC, whenever the situation called for it. Friends wouldn’t need to feel that you were seeing their browsing history, etc.

Just for yucks, I also installed OpenVPN on my server, for the secondary scenarios mentioned above (security and unfettered access). While I don’t anticipate needing them frequently, knowing that it’s available, on a second’s notice, is a comfort.

Another trick added to my bag. 🙂

Sidux Wins Again

Send to Kindle

Almost two years ago, I wrote a post about an ancient (and very broken) laptop. Of the various Linux distributions that I tried on it, I really liked Sidux the most. I wrote about it in my In Praise of Sidux post.

I ended up trashing that laptop when the unreliability was more annoying that the brief moments that it would actually work (entirely a hardware issue, not a Sidux problem!).

A while later, I loaded a number of distros under VMware Player on my old XP laptop. Of course, Sidux was one of them. Unfortunately, I had problems getting X to work at greater than 800×600 (don’t know if it was a VMware problem, or a Sidux one, but as I noted in this post, I didn’t need it badly enough to track it down).

I’ve recently written about Virtualbox and how I got it to work with a multi-boot USB drive. In that post I mentioned the two main reasons that I boot Linux in a VM. I left out a use that is perhaps better, though I haven’t been disciplined enough to actually do it frequently. It’s almost the ideal way to surf to potentially dangerous websites, in particular, if you’re using a Live CD iso image to boot from. There’s simply nothing to infect on the part of the bad site!

Given how many malicious sites there are out there, it’s something I considered doing more often. In preparing, I decided that I wanted a tiny distribution, since I didn’t need to do actual work in Linux (e.g., I didn’t need an office suite, etc.). That said, I wanted two things:

  • Latest Firefox
  • Ability to build the VirtualBox Linux Additions

Both of those conspire against using something like Damn Small Linux (DSL, which I like), because it tends to use Firefox 2.x. I read a bunch, and Absolute Linux (12.2.1) sounded pretty good. I got it running quickly, and was even successful in getting the VirtualBox additions installed. I ended up giving up on it reasonably quickly for two reasons:

  • I couldn’t get the resolutions to be as flexible as I wanted, even with the additions installed
  • Package management was quite sparse and I wasn’t interested in going down the path of building tons of packages from source

In the past, I had success with Puppy Linux. I downloaded 4.1.2 and liked it instantly, much more than the 2.x and 3.x series that I had used before. Very attractive, very fast (booting and running). I really liked the unionfs filesystem. After trying reasonably hard to make this one work, I gave up (also for two reasons):

  • I couldn’t get Xorg to work under VirtualBox, but Xvesa worked flawessly
  • When I booted Puppy natively (from a USB drive), it couldn’t handle my Intel 5300 (a/b/g/n) wireless card (though NAT worked under VirtualBox perfectly)

Xorg worked flawlessly in native boot. Not having it work under VirtualBox meant no seemless mousing between Linux and Vista, a non-starter for me. VirtualBox couldn’t even find Xorg. 🙁

I hesitated to even look for Sidux, because I didn’t want a DVD-sized ISO file. Reluctantly, I went to the site anyway, and found that the 2008.4 release had multiple versions, including a 395MB CD ISO with Xfce instead of Gnome or KDE. That was very attractive to me, as I’ve liked the simple and clean interface of Xfce on other smaller distros, and I didn’t have a need for a more complex framework for multi-app work.

I downloaded the ISO and booted it in VirtualBox. Everything worked perfectly, instantly. When I say everything, I mean everything. I wrote a post a while ago about how Ubuntu worked out-of-the-box under VMware Player, and I didn’t understand how. Now I do. The VirtualBox additions are already built in with Sidux (or, perhaps, VirtualBox recognizes Debian, and supplies the correct drivers to fool the operating system).

The point is that I could definitely run Sidux as a Live CD if I wanted. Pretty darn cool. But, I decided to install it to a virtual disk anyway. This way, I could have a customized installation with my SSH keys, aliases, plugins, etc. It would also make it less painful to upgrade to the latest versions of packages (instead of waiting for the entire distro to be updated on a new CD).

So, I installed it, and the VirtualBox additions (because I wasn’t sure whether the latest version, 2.1.0 was there by default). It’s simply fantastic. I can copy/paste across Vista and Linux. I can move the mouse seemlessly between the desktops. I can change the resolution if desired, including going to a full 1920×1200, going full screen, making the machine appear to be a native Sidux Linux one (Vista simply disappears completely). Then, without rebooting, I can just change the resolution back to 1400×1050, which fits nicely within the Vista desktop.

I have shared folder support (which I mount at will, so a virus can’t infect Vista since I only mount if I need to move a file from one environment to the other). I have full USB support to the virtal machine (so I can read/write from a USB stick from Linux). Like I said above, it all just works.

So, while I am glad that I learned a bit about some other distros (in particular, Puppy 4.1.2 which is really great), Sidux wins again for me. It’s simply a fantastic distribution.

VirtualBox Multiboot USB

Send to Kindle

Yesterday, I wrote about paying for free software. At the very end of that post, I highlighted a program called Macrium Reflect. That program can automatically create a Linux-based Rescue CD (in order to restore a previously saved image to a damaged or new hard drive).

On their site, they have a good tutorial for how to put that rescue ISO on a USB drive. As long as your BIOS supports booting from the USB drive (most modern ones do), it’s a tad more convenient to carry around a flash (thumb) drive than a CD.

In that tutorial, they use a program called UNetbootin (Universal Netboot Installer). What’s cool about this program (free and open source as well) is it can take practically any ISO and create a bootable USB drive out of it. It has many other cool features (e.g., it can automatically download any number of Linux distros and create a bootable USB or CD without you even knowing the location of the Linux project website!).

UNetbootin uses SysLinux under the covers to create and manage the bootable USB drive. Within SysLinux, there is a single file, syslinux.cfg, which controls the menu of selections that can be booted (different kernels, options to pass to a kernel, etc.).

Now switching gears for a moment, then back to the above to tie it all together…

There are a number of high-quality Virtual Machine programs/products available for all of the major operating systems. The three biggies on Windows are VMware, Virtual PC (directly from Microsoft) and VirtualBox (from Sun). All three are very capable, and all three have at least one version that is completely free.

On my old XP laptop, I used to use VMware Player. It’s free and quite good. I have read that recent versions of Virtual PC are good as well (also free), but I’ve never bothered to install it. While I understand that you can run Linux in Virtual PC, I believe it’s not supported, and I don’t really have a need to run Windows under Windows, so I passed on checking it out.

A few months ago, I stumbled onto VirtualBox. It used to be called InnoTek in a previous incarnation, and was purchased by Sun. There is a free version, which is fully open sourced as well, and there is a proprietary version which adds a few bells and whistles (including some cool USB support), which is available in binary form for free as well (for non–commercial use).

Since I have no interest or need (or capability!) to mess with virtualization source code, I am using the full binary version. On my new Vista Ultimate x64 laptop, I have only VirtualBox installed. I didn’t even download VMware (no knock on their product whatsoever!).

Here is what I like about it. Very fast to load. Full 64 bit support (both their app and guest operating systems!). Virtual PC now has 64 bit support for their own application, but you can only run 32 bit guests (if I understand correctly). Most importantly, I like the fact that it’s more complete (or at least easier to use) than the free version of VMware. I’m way too casual a user (I can go months without launching a VM!) to be willing to pay for VMware Workstation.

So, here are my two normal use cases with VirtualBox, and why I rarely need to run it:

  • Check whether a new Rescue ISO works
  • Do something fancy with ssh and X-Windows

The first one is simple. For emergency purposes, I carry around a few Linux Rescue disks (used to be only CDs, but stay tuned). My current favorite is SystemRescueCD (currently in version 1.1.4). When a new version becomes available, I download, and boot it immediately in VirtualBox, make sure it seems to work correctly, and only then burn it to a CD and toss the old CD.

The second is rarer, but more complicated. On rare occasion, a friend of mine who is running Linux (that I set up for her) on a very old laptop (that I gave to her) has a problem that I can’t talk her through over the phone. When that happens, I fire up CDLinux under VirtualBox, do some port forwarding on my router, do some ssh magic, and take control of her machine (by allowing her to ssh into my box first, so I don’t have to make changes on her firewall!). I can then even run GUI apps from her machine, redirecting the X session back to me!

Anyway, the point is that VirtualBox works really well, has tons of knobs (we’ll get to one of them in a minute), and doesn’t seem to slow down my pretty darn fast system.

Back to our main story…

When I created the Macrium Reflect Rescue CD (burned to a real CD), I also followed the tutorial to creat a bootable USB disk. When I looked at the disk, I saw the SysLinux stuff, and noticed that all of the Macrium files were in a folder.

I then experimented by using UNetbootin to create another bootable USB disk with SystemRescueCD on it. I saw that it used a different directory to store the various Linux kernels that it can boot. I was able to copy that directory to the other USB disk and copy/paste the lines from the syslinux.cfg file on the SystemRescueCD drive into the other syslinux.cfg.

I did the same thing with CDLinux (version 0.9.0 Community Edition). It used the same name for its subdirectory as Macrium did. I renamed the subdirectory before copying it over, and used the new name in the merged syslinux.cfg file. That worked, because once SysLinux gives control to the kernel in the renamed directory, everything else is relative to that new root directory!

I then rebooted my machine to test the new USB disk. It booted perfectly, and I had 28 choices of kernels to boot from! SystemRescueCD offers most of them, but I had Macrium Reflect and a few flavors of CDLinux to choose from as well. I was able to boot both 64 bit and 32 bit versions of SystemRescueCD successfully. Awesome.

Now the big test. I wanted to see whether I could boot that USB disk from VirtualBox. That would allow my normal use case of testing new releases without having to burn and reboot. Unfortunately, the GUI for VirtualBox does not permit an actual hard disk (USB or otherwise) to be directly attached to the VM (at least not for direct booting).

A quick scan of their excellent manual gave me the answer. There is a command line administration tool called VBoxManage.exe that can be used to create a tiny virtual disk (a VMDK file) that essentially points to any real disk or partition. I used that to create this virtual pointer to my USB drive. It worked perfectly.

I then attached that tiny VMDK disk to my virtual machine and fired it up. Voila, I got the same 28 choices to boot from. I couldn’t get the 64 bit versions to work (they boot, but they claim to be missing modules and won’t start X-Windows), but everything else works flawlessly under VirtualBox.

So, now I have a multi-boot USB drive, that I can keep adding stuff to, that I can test under VirtualBox to be sure it will work correctly should I ever have an emergency. It’s a 1GB USB drive, that has all of these various operating systems and tools on it, and I still have 500MB free. 🙂

Updated Linux Distros in VMware Player

Send to Kindle

I’ve written before about running Linux under Windows XP using the free VMware Player. It works really well. Even though I’ve done it before, I don’t really have much of a need, so other than making sure most big-picture features work, I don’t really exercise the distribution.

Recently, I’ve had two reasons to crank it up just a drop (literally, just a drop, I’m not yet using VMware Player for anything serious). First, the possibility (however distant or unlikely) that my next laptop may be running Linux as the primary OS. Second, there have been a flurry of new (updated) Linux distros released this month, some that I have had a long curiosity about.

In the past, I’ve had little more than glimpses of Ubuntu releases (6.06 and 7.04). I didn’t really give either a whirl, but my initial impression was less than enthusiastic. The color scheme alone (I know, easy to change) was muddy and boring looking. On a more important note, I have always struggled (with little information!) as to whether there is a material difference between choosing a Gnome-based distro, or a KDE one.

To my eye, KDE looks better, but as much as I enjoy eye candy, it’s not the over-riding reason for me to select an OS (or I’d be happy with Vista, or I would have run to a Mac). If Gnome is more functional, or has a more likely future, I’d happily put up with a less-pretty UI, and even put up with less user friendliness.

Recently, I read a review of a late beta of Ubuntu 8.04 (Hardy Heron). The guy raved about it. In the past, I noticed that it took a day or two for KUbuntu (and other derivatives) to be released after the main Ubuntu distro, and that made me feel that they were step-children, possibly not as robust or integrated.

This time around, all of them were released on the same day, including a KDE4 version of KUbuntu as well.

So, in April alone, I downloaded and tested the following Linux distros:

  1. Sidux 2008.01
  2. Ubuntu 8.04
  3. KUbuntu 8.04
  4. KUbuntu-kde4 8.04
  5. DSL 4.3 (Damn Small Linux)
  6. SystemRescueCD 1.02
  7. CDLinux 0.6.1

Sidux (last year’s flavor) was one of my favorite distros. It’s based on Debian (as is Ubuntu) but it is tied to the unstable repository so you get more frequent updates (of things like Firefox for example). The 2008.01 release is a DVD iso, all of the other ones mentioned above are CD isos.

While it booted up fine (in Live mode, under VMware Player), it was not able to run in any resolution other than 800×600 (the default). That’s not entirely true, it could be made smaller, not larger). I hand tweaked the xorg.conf file and tried a few other things, none of which worked, and I quickly gave up. Remember, I don’t really have a short-term need, so struggling wasn’t appetizing and I had other distros to check out anyway.

I have installed every version of DSL for quite a while, so adding 4.3 to the mix wasn’t a surprise. It’s a good distro for getting small jobs done. One thing to keep in mind (not necessarily a downside) is that it’s still based on the 2.4 kernel branch. Anyway, this one works just fine. If it wasn’t for the next distro I am about to cover, this one would get some use from me whenever I needed an X Server on my desktop.

CDLinux 0.6.1 is the latest version of CDLinux (Compact Distro Linux). I hadn’t heard of it before this release. It’s a little larger than DSL (about 10MB bigger), but it still clocks in at under 60MB. What intrigued me was that it is significantly more modern. It uses the latest 2.6 kernel, Xorg, XFce (window manager), the latest Firefox (2.0.0.14), etc. I have to say that I really like this one for quickie jobs. It’s clean looking.

I am writing this post on CDL (under VMware Player) running Firefox. I scp’ed over a certificate for Firefox and I am using OpenID to log in as me to WordPress. I’m running the Live CD image, so my disk drive is ram. It’s working delightfully well. My only semi-complaint is that at the resolution that I’m running it (1400×1050) the fonts aren’t all that attractive. I don’t know if that’s a CDL issue, an XFce one, a resolution only one, etc. I don’t really care at the moment, but I thought I’d mention it.

A quick mention of SystemRescueCD. That’s another one (like DSL) where I download each version, and have been doing so for quite a while. It’s a very nice emergency CD, and while I rarely need one, this is the first one I turn to on those rare occasions. The only thing I do when I download a new version is check that it functions correctly under VMware Player, then I burn a real CD, as this one is for real emergencies, not for playing around in a virtual machine.

Now the Ubuntu family. My first impression (also not detailed in any way) is also extremely positive. Even the less-attractive main Ubuntu (Gnome-based) is reasonably nice. The KDE one and KDE4 one are both more attractive. While the KDE4 one looks very nice, I’m not sure that I don’t prefer the look of KDE3. I have no problem with KDE4 and could easily get used to it, and perhaps the only reason I prefer KDE3 is that I’m already used to it.

As opposed to Sidux, the rest of the distros mentioned above all resize easily and flawlessly to any resolution I like. Cranking them up to 1400×1050 was trivial, and worked immediately. My native resolution is 1600×1200, so I have plenty of room to run a 1400×1050 sub-window for Linux.

One curiosity. All of the Ubuntu distros automatically release the mouse at the borders of the VMware window. This is a default behavior that I prefer, making the Linux window feel like just another app on my XP desktop. The only theoretical downside is that alt-tab doesn’t cycle between the windows within Linux. The other distros (including CDL which I’m currently using to write this) trap the mouse at the borders, and force me to press Ctrl-Alt to release the mouse. It’s not that big of a deal, but I am curious as to what each distro is doing, as none of them knows about VMware.

Anyway, all are fine distros and may see more time on my desktop over the coming months. Like I said above, while it’s still not likely, there’s a possibility that my next laptop will be Linux, and my primary distro will either be one of the Ubuntu flavors or Sidux.

VMWare Player

Send to Kindle

My laptop is now ancient by date standards (I bought it 3.5 years ago), but it’s still reasonably peppy, and has some features that are difficult to find nowadays (like a 16″ non-widescreen LCD!). It was a real beast at the time I bought it (3.4Ghz desktop Pentium 4, dual 60GB hard drives at 7200 RPM each, 2GB ram, 1600×1200 screen, S-Video out, DVD +/- RW, etc.)

Every few months, I humor myself and configure up a new beast, and then convince myself that this one satisfies me in most ways (which it does), and I defer for a few more months.

When I first bought the laptop, I intended to run Linux on it full time. I kept getting errors on it, and it would die mysteriously. At first, I suspected that the Linux kernels just couldn’t quite deduce my beast’s configuration, but after breaking down and putting Windows on it, and getting similar errors, I shipped the machine back. Indeed, they found some kind of problem, and repaired it.

When I got the machine back, I reinstalled Linux and was reasonably happy for a week. Then I started to miss a few programs that I got very used to in Windows land. I then installed Win4Lin and Windows 98SE. That kept me reasonably happy, except that one or two programs would only work when I was hard-wired into the network, as they couldn’t control the adapter to their desired level if I was using WiFi (a limitation of Win4Lin at the time, probably now long resolved).

After six weeks of loving Linux 95% of the day, but requiring Windows 5% of the day (and not being happy with the above limitations), I finally, and regretfully, reverted back to Windows XP, full time.

Shortly thereafter, VMWare released VMWare Player for free. I thought that it would be interesting to reverse my previous usage, and be able to run Linux in a VM when I wanted (I had been using Cygwin forever, and still do, and like it a lot, but hey, there are other advantages to using a VM).

Unfortunately, while VMWare Player worked for the most part, occasionally it would crash on me (this was something like version 1.28). I attributed it to my non-standard config and lived with it. Until, after one crash, the VMWare image would no longer open. All of my hard work and configuration of that particular Linux install gone. I was completely locked out of it.

I uninstalled VMWare Player, and have lived with Cygwin ever since (again, reasonably happily). I can boot Linux off of a CD, or, with a floppy to a USB stick (because my BIOS can’t boot directly off of a USB device). I was also able to run the embedded distribution of DSL (Damn Small Linux).

The other day, I was browsing for something, and came across a mention of VMWare Player 2.02. Glutton for punishment that I am, I downloaded and installed it. One nice feature (which may very well have been in v1.x, in fact, it’s quite likely, but I never tried it) is that you can create a tiny configuration file (.vmx) and that file can point to any ISO file for the Player to boot.

This means that all Live Linux ISO images can be booted directly by the Player, without having to create a hard disk image for them. This is made even cooler, because by default, when you close down the Player, it suspends the VM rather than killing it. It saves the ram image to it’s own disk file, and the next time you launch the player and select the same vmx file, it opens Linux (or whatever image you were running) right where it was.

So, a Live CD image can be run over multiple sessions, with data remembered in betwen, etc. Of course, this can be a risky way of storing your data, so you shouldn’t expect it to be highly reliable. Of course, you can “back up” your data in any number of ways, including some distribution specific ones (like My DSL, etc.).

I have not used it heavily yet, but I have successfully booted DSL 4.2 a number of times (including coming out of a suspended session successfully), and Sidux 2007-4. The whole idea is cool to me and preferable for those rare occasions when I want an X-Server running on my laptop rather than using the X-Server that is available in Cygwin (that works too, but can be flaky and/or annoying at times).

It also makes for much safer browsing, especially if you are visiting a site that you have reason to be suspicious of. Fire up a Live CD version of Linux (DSL is small, and boots really quickly), browse, and don’t suspend if you suspect anything bad happened.

P.S. Of course, there’s nothing wrong with setting up a real permanent disk file, and installing Linux into that virtual filesystem, rather than running a Live CD over and over. Even so, I’d back up the data in that file separately, until I find out whether version 2.02 of VMWare Player is more trustworthy (at least on my machine) than 1.28 was.