[gentoo-gwn] Gentoo Weekly Newsletter 11 October 2004

[Ulrich Plate <plate@gentoo.org>]

---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 11 October 2004.
---------------------------------------------------------------------------
 
==============
1. Gentoo News
==============
  
Portage breaks through the 100,000 files ceiling
------------------------------------------------
  
In early 2002, synchronizing the Portage tree was usually done in a few 
seconds. At less than 10,000 files, there wasn't much to wait for, and 
certainly no real need for today's option in /etc/make.conf that limits 
syncs to certain parts of the Portage tree. If they want to do the same 
thing today, Gentoo users must allow for significantly more time: Since 
Friday last week, the Portage tree contains more than 100,000 files, 
leaving little to desire in terms of ebuilds for popular and lesser-known 
applications. Thousands of enhancements, security or Gentoo-specific 
patches to merge with the original sources, even for different versions of 
applications available via Portage are included in the tree. Counting 
toward the total sum are also an increasing number of genuine Gentoo 
developments, like catalyst or tenshi. Congratulations to all who 
contributed to this impressive record! 
    
Ten PegasosPPC desktops on their way to Gentoo developers
---------------------------------------------------------
  
Freescale Semiconductor, Inc.[1], a Motorola company that took over 
production of the PowerPC chips from the mother recently, is donating a 
large number of computers to various open-source projects, in order to 
evaluate if there is a market for Linux on PowerPC desktops. Ten of the 
machines, PegasosPPC desktops with 1 GHz G4 CPUs, are being sent to Gentoo 
developers in the U.S. and in Europe over the next two weeks. The machines 
will go to the base system, security and hardened herds, one each to 
Gentoo's X11 and Gnome maintainers, three more to test accessibility, web 
applications and media/video, and the rest go to the embedded and PPC 
projects. The Gentoo developers are excited and would like to express 
their gratitude for this generous donation to Freescale Inc.

 1. http://www.freescale.com
 
Figure 1.1: Inside the PegasosPPC: G4 CPU, Radeon 9200 graphics
/images/gwn/20041011-pegasos.jpg
 
The producers of the donated PegasosPPCs, the Luxemburg-based company 
Genesi S.a.r.l.[2], is unique in openly and actively supporting Linux for 
desktop PowerPCs, regardless of its own operating system, MorphOS, shipped 
pre-installed, too. 3D acceleration isn't available yet, but CPU upgrades 
will be easier than usual in the PowerPC world: Both 7447A 1.3 GHz 
processors that do not require active cooling, and a dual-CPU card will be 
available in a couple of months. Since the G3/G4-series from both IBM and 
Freescale are pin-compatible, CPU upgrades can be done as soon as the new 
processors hit the shelves. Freescale will be releasing 2 GHz CPUs soon 
and is also working on a series of dual-core CPUs. 

 2. http://www.genesi.lu
    
Turkish GWN translation reanimated
----------------------------------
  
After more than a year of inactivity, a Turkish translation of the GWN is 
available again since last week. Thanks to Bahadir Kandemir[3], the 
Turkish users of Gentoo join the Japanese, Italian and German readers of 
the GWN who receive regular service in their own languages. Several other 
languages still need additional help. Volunteers can contact 
gwn-feedback[4].

 3. kandemir@gmail.com
 4. gwn-feedback@gentoo.org
    
==================
2. Gentoo security
==================
  
Netpbm: Multiple temporary file issues
--------------------------------------
  
Utilities included in old Netpbm versions are vulnerable to multiple 
temporary files issues, potentially allowing a local attacker to overwrite 
files with the rights of the user running the utility. 
 
For more information, please see the GLSA Announcement[5]

 5. http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml
    
NetKit-telnetd: buffer overflows in telnet and telnetd
------------------------------------------------------
  
Buffer overflows exist in the telnet client and daemon provided by 
netkit-telnetd, which could possibly allow a remote attacker to gain root 
privileges and compromise the system. 
 
For more information, please see the GLSA Announcement[6]

 6. http://www.gentoo.org/security/en/glsa/glsa-200410-03.xml
    
PHP: Memory disclosure and arbitrary location file upload
---------------------------------------------------------
  
Two bugs in PHP may allow the disclosure of portions of memory and allow 
remote attackers to upload files to arbitrary locations. 
 
For more information, please see the GLSA Announcement[7]

 7. http://www.gentoo.org/security/en/glsa/glsa-200410-04.xml
    
Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities
---------------------------------------------------------
  
Cyrus-SASL contains two vulnerabilities that might allow an attacker to 
completely compromise the vulnerable system. 
 
For more information, please see the GLSA Announcement[8]

 8. http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml
    
CUPS: Leakage of sensitive information
--------------------------------------
  
CUPS leaks information about user names and passwords when using remote 
printing to SMB-shared printers which require authentication. 
 
For more information, please see the GLSA Announcement[9]

 9. http://www.gentoo.org/security/en/glsa/glsa-200410-06.xml
    
ed: Insecure temporary file handling
------------------------------------
  
The ed utility is vulnerable to symlink attacks, potentially allowing a 
local user to overwrite or change rights on arbitrary files with the 
rights of the user running ed, which could be the root user. 
 
For more information, please see the GLSA Announcement[10]

 10. http://www.gentoo.org/security/en/glsa/glsa-200410-07.xml
    
ncompress: Buffer overflow
--------------------------
  
compress and uncompress, which could be used by daemon programs, contain a 
buffer overflow that could lead to remote execution of arbitrary code with 
the rights of the daemon process. 
 
For more information, please see the GLSA Announcement[11]

 11. http://www.gentoo.org/security/en/glsa/glsa-200410-08.xml
    
=========================
3. Heard in the community
=========================
  
gentoo-user
-----------
  
Groupware products
 
Looking for recommendations for groupware products? Several different 
packages are listed for consideration in this thread: 
 
 * Groupware solution[12] 
 12. http://thread.gmane.org/gmane.linux.gentoo.user/102447

 
Local.start errors
 
Setting up an interrupt at boot time for a low latency test kernel, Mark 
Knecht added a local.start script that doesn't work as expected. A quick 
resolution is offered in this thread: 
 
 * setup commands in local.start[13] 
 13. http://thread.gmane.org/gmane.linux.gentoo.user/102473

 
Last emerge sync
 
How does one determine when the last emerge sync was run? Several 
suggestions went into this thread: 
 
 * when was last sync?[14] 
 14. http://thread.gmane.org/gmane.linux.gentoo.user/102058

 
Athcool risk
 
Athcool is a powersaving utility for Athlon CPUs, but the ebuild claims it 
may cause instability. Here's what users have really experienced: 
 
 * athcool - how safe is it?[15] 
 15. http://thread.gmane.org/gmane.linux.gentoo.user/102476

    
gentoo-dev
----------
  
A new cron herd
 
The base-system herd has many extra packages that don't really belong into 
base-system but lacks other maintainers. To reduce the workload, all cron 
daemons will be outsourced to the new cron herd. Other package groups may 
follow in the near future.
 
 * A new cron herd[16] 
 16. http://thread.gmane.org/gmane.linux.gentoo.devel/21840

 
Portage subcategories
 
This thread discussed the advantages and disadvantages of extending the 
package categories from category/package to 
category/subcategory/.../package. At the moment, portage is unable to 
handle it, and the usefulness of such a change is not obvious. 
 
 * Portage subcategories[17] 
 17. http://thread.gmane.org/gmane.linux.gentoo.devel/21818

 
Portage in embedded systems?
 
How big is portage, and how do embedded systems with low memory handle it?
 
 * Portage in embedded systems?[18] 
 18. http://thread.gmane.org/gmane.linux.gentoo.devel/21850

 
Moving passwd from /usr/bin to /bin
 
This small change will help in system recovery. For example, fsck wants 
the root password but might fail if /usr/bin is not mounted (which might 
not be the case during bootup/recovery).
 
 * Moving passwd from /usr/bin to /bin[19] 
 19. http://thread.gmane.org/gmane.linux.gentoo.devel/21865

    
=======================
4. Gentoo International
=======================
   
Antarctica: First Gentoo penguin webcam online 
 
No, the German GARS-O'Higgins Station[20] on the tip of the Antarctic 
Peninsula was not built for watching Gentoo penguins breed - but since 
last week it does have a webcam that serves this exact purpose. The 
station's mission, financed and run by German federal research 
organizations, is to receive and store vast amounts of geodetic data 
beaming down on its 9m antenna from various European Space Agency 
satellites in orbit, forwarding them for number-crunching at data centers 
in Germany. On 29 September 2004, the GARS team installed its fourth web 
camera, this one donated by elementary school schildren and other private 
sponsors back home, and pointed it to a spot where a Gentoo penguin colony 
takes shelter from the wind during the Antarctic summer, between 
mid-October and April. The first Gentoos started coming here years ago, 
right after the antenna and its concrete foundation were built, and have 
been growing in numbers ever since. Whether they like the place because 
it's warm and cuddly, or because of the average Gentoo's affinity to 
technology, is clearly beside the point. At the time of this writing there 
isn't much to see besides rocks and snow, but the birds should waddle in 
within the month, says Martin Grund[21], the penguin fan who had the idea 
for the Gentoo webcam and organised its setup. The camera (a Mobotix[22] 
M10 Secure Dual) has a StrongARM CPU and runs Linux, by the way.

 20. http://vlbi.leipzig.ifag.de/ohiggins/
 21. http://www.martingrund.de
 22. http://www.mobotix.de
 
Figure 4.1: Gentoo penguins and their favorite iceberg
/images/gwn/20041011-gentoo.jpg
 
Note: Photo courtesy of Reiner Wojdziak, BKG Leizpig
    
======================
5. Gentoo in the press
======================
  
IEEE Computing in Science and Engineering (Volume 6 Issue 5, 
September/October 2004)
-----------------------
  
The IEEE's journal of Computing in Science and Engineering has published a 
paper by George K. Thiruvathukal titled Gentoo Linux: The Next Generation 
of Linux[23]. Thiruvathukal is an associate professor at Loyola University 
in Chicago, and an affluent Gentoo activist, who recommends using it in 
his advanced Linux classes at the university. His article for the IEEE 
describes why Gentoo "is a good choice for scientists, and how its 
structure gives us the flexibility and ease of management we need." Only 
the abstract is accessible free of charge on the IEEE website, if you want 
to read the full article, you need to purchase the document (35 USD), or 
go to a library that subscribes to the journal.

 23. http://ieeexplore.ieee.org/xpl/abs_free.jsp?arNumber=1324553
    
AnandTech (4 October 2004)
--------------------------
  
A report by Kristopher Kubicki at AnandTech is really about Linux 3D AGP 
GPU Roundup: More Cutting Edge Penguin Performance[24] and just mentions 
Gentoo en passant, but in nice enough words to point it out here: "It may 
be due to the circles that we run in, but the sheer interest for Linux 
among our peers seems to have peaked 100-fold what it was last year. 
Simple, clean distros like SuSE, Fedora Core and Mandrake have done 
wonders to the Windows migration crowd - and then there is the whole 
Gentoo sensation as well," writes Kubicki in his introduction to 
AnandTech's hardware benchmarking report for high performance 3D graphics 
cards. 

 24. http://anandtech.com/linux/showdoc.aspx?i=2229
    
ZDNet Tech Update (7 October 2004)
----------------------------------
  
David Berlind writes under the headline "Microsoft Surrounded?" that Linux 
shows promise for the desktop, but must adopt the ease of use seen in Mac 
OS X, for example, especially with regard to network, management and 
resource sharing: "Leading the way on that front (according to ZDNet's 
readers) is the Gentoo distribution." 
    
Dallas Morning News (7 October 2004)
------------------------------------
  
Titled "Love that Linux - Programmer finds happiness in moving Microsoft 
out of his life", an article by Doug Bedell draws a portrait of Gentoo 
Linux user Mike Owens, CIO at a real estate company and busy migrating 
proprietary Windows environments to Linux. Registration is compulsory to 
be able to read this article[25]. 

 25. 
http://www.dallasnews.com/sharedcontent/ptech/generalstories2/100604ccjrpte
chgeeklife.95181.html
    
The Triangle (1 October 2004)
-----------------------------
  
The student newspaper of Drexel University carries an article by Kevin 
Lynch[26] about Linux distribution choices, comparing the "almost 
idiot-proof configurations" of RPM-based distributions to "the sporty 
young Gentoo" and others. The article's message is borrowed from Indiana 
Jones and the Holy Grail: "Choose wisely." 

 26. 
http://www.thetriangle.org/news/2004/10/01/SciTech/Versatility.Of.Linux.Dis
tribution.Allows.Choice-738620.shtml
    
The Triangle (8 October 2004)
-----------------------------
  
The same Kevin Lynch writes about the Linux Standard Base (LSB) just one 
week later[27]: "Most of the controversy surrounding the LSB is over the 
chosen installation package method, the Red Hat's Package Manager format. 
[...] Gentoo Linux must redesign its entire package system to conform to 
the LSB standards." 

 27. 
http://www.thetriangle.org/news/2004/10/08/SciTech/Linuxs.Future.Lies.In.It
s.Communitys.Hands-747249.shtml
   
Maximum PC (October 2004 issue)
-------------------------------
  
On page 36 of this print-only magazine[28], editor Will Smith writes in an 
article on must-have features for Longhorn, the next version of Windows: 
"Finding and installing new applications is ludicrously easy on most Linux 
distros these days. Microsoft needs to make finding new apps and loading 
them on a PC as easy as emerge does on Gentoo or apt-get does on Debian. 
I'm sick of the Installshield installer." 

 28. http://www.maximumpc.com
    
===========
6. Bugzilla
===========
  
Summary
-------
  
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
    
Statistics
----------
  
The Gentoo community uses Bugzilla (bugs.gentoo.org[29]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 03 October 2004 and 09 October 2004, activity on 
the site has resulted in: 

 29. http://bugs.gentoo.org
 
 * 655 new bugs during this period 
 * 402 bugs closed or resolved during this period 
 * 20 previously closed bugs were reopened this period 
 
Of the 7116 currently open bugs: 134 are labeled 'blocker', 237 are 
labeled 'critical', and 530 are labeled 'major'. 
    
Closed bug rankings
-------------------
  
The developers and teams who have closed the most bugs during this period 
are: 
 
 * Gentoo's Team for Core System packages[30], with 66 closed bugs[31]  
 * media-video herd[32], with 20 closed bugs[33]  
 * Jeremy Huddleston[34], with 19 closed bugs[35]  
 * Java team[36], with 14 closed bugs[37]  
 * AMD64 Porting Team[38], with 13 closed bugs[39]  
 * Gentoo Security[40], with 12 closed bugs[41]  
 * Gentoo Games[42], with 12 closed bugs[43]  
 * Net-Mail Packages[44], with 10 closed bugs[45]  
 30. base-system@gentoo.org
 31. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
ED&assigned_to=base-system@gentoo.org
 32. media-video@gentoo.org
 33. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
ED&assigned_to=media-video@gentoo.org
 34. eradicator@gentoo.org
 35. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
ED&assigned_to=eradicator@gentoo.org
 36. java@gentoo.org
 37. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
ED&assigned_to=java@gentoo.org
 38. amd64@gentoo.org
 39. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
ED&assigned_to=amd64@gentoo.org
 40. security@gentoo.org
 41. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
ED&assigned_to=security@gentoo.org
 42. games@gentoo.org
 43. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
ED&assigned_to=games@gentoo.org
 44. net-mail@gentoo.org
 45. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX
ED&assigned_to=net-mail@gentoo.org

    
New bug rankings
----------------
  
The developers and teams who have been assigned the most new bugs during 
this period are: 
 
 * Gentoo's Team for Core System packages[46], with 31 new bugs[47]  
 * AMD64 Porting Team[48], with 15 new bugs[49]  
 * Gentoo Games[50], with 13 new bugs[51]  
 * Gentoo Toolchain Maintainers[52], with 11 new bugs[53]  
 * osx porters[54], with 9 new bugs[55]  
 * media-video herd[56], with 9 new bugs[57]  
 * Gnustep herd[58], with 9 new bugs[59]  
 * Gentoo Linux Gnome Desktop Team[60], with 9 new bugs[61]  
 46. base-system@gentoo.org
 47. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
-09&assigned_to=base-system@gentoo.org
 48. amd64@gentoo.org
 49. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
-09&assigned_to=amd64@gentoo.org
 50. games@gentoo.org
 51. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
-09&assigned_to=games@gentoo.org
 52. toolchain@gentoo.org
 53. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
-09&assigned_to=toolchain@gentoo.org
 54. osx@gentoo.org
 55. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
-09&assigned_to=osx@gentoo.org
 56. media-video@gentoo.org
 57. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
-09&assigned_to=media-video@gentoo.org
 58. gnustep@gentoo.org
 59. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
-09&assigned_to=gnustep@gentoo.org
 60. gnome@gentoo.org
 61. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10
-09&assigned_to=gnome@gentoo.org

    
==================
7. Tips and Tricks
==================
  
OpenVPN primer
--------------
  
There are as many advantages to VPN tunnels as there are different VPN 
scenarios. One easy implementation is the "OpenVPN via tun-device" 
solution. An example: you'd like to connect your laptop to your LAN at 
home so that you can use your mail client without reconfiguring it anytime 
you switch from home to internet and back. Let's say your mail-server is 
192.168.1.10 in your LAN (192.168.1.0/24) at home, and you have got a 
router/firewall providing access to the Internet. You connect from work or 
school and want to read mail. OpenVPN can create two virtual devices for 
you when connecting two computers through an encrypted tunnel. Naturally 
you then have the possibility of forwarding traffic into the networks 
behind them, and thus would be "virtually connected" to your LAN behind 
the firewall. To enable this, either your firewall or a server behind it 
should run OpenVPN (if you choose a server in your LAN, you'll have to 
forward the destination port to the OpenVPN server).
 
Here's what you need to do:
 
---------------------------------------------------------------------------
| Code Listing 7.1:                                                       |
|Enable the tun module in your kernel: Kernel config - tun                |
module---------------------------------------------------------------------
----
|                                                                         |
|         [*] Networking support                                          |
|                Networking options  --->                                 |
|          [ ] Amateur Radio support  --->                                |
|          < > IrDA (infrared) subsystem support  --->                    |
|          < > Bluetooth subsystem support  --->                          |
|          [*] Network device support                                     |
|          < >   Dummy net driver support                                 |
|          < >   Bonding driver support                                   |
|          < >   EQL (serial line load balancing) support                 |
|          <M>   Universal TUN/TAP device driver support  This option must |
be enabled
---------------------------------------------------------------------------
 
Make sure this module exists and can be loaded. Next, install OpenVPN and 
it dependencies.
 
---------------------------------------------------------------------------
| Code Listing 7.2:                                                       |
|Install                                                                  |
OpenVPN--------------------------------------------------------------------
-----
|emerge openvpn                                                           |
---------------------------------------------------------------------------
 
Now on both server and client, create a directory for your configuration:
 
---------------------------------------------------------------------------
| Code Listing 7.3:                                                       |
|Make                                                                     |
directory------------------------------------------------------------------
-------
|mkdir /etc/openvpn                                                       |
|mkdir /etc/openvpn/myhomelan                                             |
---------------------------------------------------------------------------
 
Inside that directory, create a shared key for your VPN session and copy 
that key to the client's directory, /etc/openvpn/myhomelan.
 
---------------------------------------------------------------------------
| Code Listing 7.4:                                                       |
|Generate shared                                                          |
key------------------------------------------------------------------------
---------------------------------------------------------------------------
|cd /etc/openvpn/myhomelan                                                |
|openvpn --genkey --secret myhomelan-key.txt                              |
---------------------------------------------------------------------------
 
Now for the tricky part, the routing. It is important that the two tun 
devices on the client and server use IP addresses from the same subnet. 
The configuration files shown below list the type of device, the two 
end-points of the tunnel, the compression method and the UDP-port on which 
the tunnel is established. Finally privileges are dropped to user and 
group as listed:
 
---------------------------------------------------------------------------
| Code Listing 7.5:                                                       |
|Server-side configuration file                                           |
/etc/openvpn/myhomelan/local.conf------------------------------------------
-------------------------------
|dev tun                                                                  |
|ifconfig 172.16.1.1 172.16.1.20  IP of the local tun device and its peer |
|secret /etc/openvpn/myhomelan/myhomelan-key.txt                          |
|comp-lzo                                                                 |
|port 5000                                                                |
|user nobody                                                              |
|group nobody                                                             |
---------------------------------------------------------------------------
 
The client's configuration needs the tunnel's destination address. This is 
often a dynamic DNS address, sometimes a fixed IP, depending on your ISP. 
You also need to route to your home LAN (192.168.1.0 in our example). You 
can call a shell script from the configuration file that accordingly sets 
a route. 
 
---------------------------------------------------------------------------
| Code Listing 7.6:                                                       |
|Client-side configuration file                                           |
/etc/openvpn/myhomelan/local.conf------------------------------------------
-------------------------------
|remote <servers.dynamic.dns.address>   or your VPN server's external IP  |
if you have a fixed one
|dev tun                                                                  |
|ifconfig 172.16.1.20 172.16.1.1        IP of the local tun device and its |
peer
|secret /etc/openvpn/myhomelan/myhomelan-key.txt                          |
|comp-lzo                                                                 |
|port 5000                                                                |
|user nobody                                                              |
|group nobody                                                             |
|up /etc/openvpn/myhomelan/route.sh      sets up the route to the network |
behind the VPN server
---------------------------------------------------------------------------
 
The route command would need to set the client's gateway for the network 
192.168.1.0 to its peer's address (172.16.1.1 in our setup).
 
---------------------------------------------------------------------------
| Code Listing 7.7:                                                       |
|/etc/openvpn/myhomelan/route.sh-------------------------------------------|
------------------------------
|#!/bin/bash                                                              |
|route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.1.1           |
---------------------------------------------------------------------------
 
That's it. Start OpenVPN on the server and the client, and check the 
devices with ifconfig and the routes with route -n. Success!
    
===========================
8. Moves, adds, and changes
===========================
  
Moves
-----
  
The following developers recently left the Gentoo team:
 
 * None this week 
    
Adds
----
  
The following developers recently joined the Gentoo Linux team:
 
 * None this week 
    
Changes
-------
  
The following developers recently changed roles within the Gentoo Linux 
project:
 
 * None this week 
    
====================
9. Contribute to GWN
====================
   
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
email[62].

 62. gwn-feedback@gentoo.org
    
================
10. GWN feedback
================
   
Please send us your feedback[63] and help make the GWN better.

 63. gwn-feedback@gentoo.org
    
================================
11. GWN subscription information
================================
   
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-subscribe@gentoo.org.
 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@gentoo.org from the email address you are 
subscribed under.
    
===================
12. Other languages
===================
   
The Gentoo Weekly Newsletter is also available in the following languages:
 
 * Danish[64] 
 * Dutch[65] 
 * English[66] 
 * German[67] 
 * French[68] 
 * Japanese[69] 
 * Italian[70] 
 * Polish[71] 
 * Portuguese (Brazil)[72] 
 * Portuguese (Portugal)[73] 
 * Russian[74] 
 * Spanish[75] 
 * Turkish[76] 
 64. http://www.gentoo.org/news/da/gwn/gwn.xml
 65. http://www.gentoo.org/news/be/gwn/gwn.xml
 66. http://www.gentoo.org/news/en/gwn/gwn.xml
 67. http://www.gentoo.org/news/de/gwn/gwn.xml
 68. http://www.gentoo.org/news/fr/gwn/gwn.xml
 69. http://www.gentoo.org/news/ja/gwn/gwn.xml
 70. http://www.gentoo.org/news/it/gwn/gwn.xml
 71. http://www.gentoo.org/news/pl/gwn/gwn.xml
 72. http://www.gentoo.org/news/br/gwn/gwn.xml
 73. http://www.gentoo.org/news/pt/gwn/gwn.xml
 74. http://www.gentoo.org/news/ru/gwn/gwn.xml
 75. http://www.gentoo.org/news/es/gwn/gwn.xml
 76. http://www.gentoo.org/news/tr/gwn/gwn.xml

   
Ulrich Plate <plate@gentoo.org> - Editor
Brian Downey <bdowney@briandowney.net> - Author
Marc Hildebrand <zypher@gentoo.org> - Author
Patrick Lauer <patrick@gentoo.org> - Author
Emmet Wagle <ewagle@email.com> - Author


--
gentoo-gwn@gentoo.org mailing list