Friday, 19 April 2013

mppe_compress[0]: osize too small! (have: 1404 need: 1408)

Windows VPN and PPTP Connectivity Timeouts

In my pursuit for a personal cloud and convenient secure remote file system so as to be able to develop directly on the server I have researched, tested and decided against SFTP, WebDAV, and SMB/NFS over internet. The only approach still standing is the built in Windows VPN and PPTP + SAMBA/CIFS:


However there was one bug that prevented some sites/services from working and timing out; the /var/log/syslog showed the following intermittently:

Apr 19 10:15:15 sh1 pptpd[11330]: GRE: accepting packet #107
Apr 19 10:15:15 sh1 pptpd[11330]: GRE: accepting packet #108
Apr 19 10:15:15 sh1 pptpd[11330]: GRE: accepting packet #109
Apr 19 10:15:15 sh1 kernel: mppe_compress[0]: osize too small! (have: 1404 need: 1408)
Apr 19 10:15:15 sh1 kernel: ppp0: ppp: compressor dropped pkt
Apr 19 10:15:15 sh1 kernel: mppe_compress[0]: osize too small! (have: 1404 need: 1408)

This due to the way MPPE Microsoft point-to-point Encryption encodes data which results in the packet size being bigger then what was agreed in the VPN handshake - is my guess. There is a reported bug from 2005 which sadly hast not yet been addressed.

Fixing the issue by increasing the MTU

You can't fix this issue by modifying the MTU/MRU settings in '/etc/ppp/options' directly, you have to adjust the MTU after the PPP connection is up and this can be accomplished by adding a custom 'ip-up' script. Below is my work around script, place it into file '/etc/ppp/ip-up.d/mppefixmtu' and ensure that it is executable ('chmod +x mppefixmtu'):

#!/bin/sh
CURRENT_MTU="`ifconfig $1 | grep -Po '(?<=MTU:)([0-9]+)'`"
FIXED_MTU="`expr $CURRENT_MTU + 4`"
ifconfig $1 mtu $FIXED_MTU
echo "Increased MTU for $1 to $FIXED_MTU (from $CURRENT_MTU) to fix MPPE Microsoft Point-to-Point bug #330973"

Troubleshooting

You can review script errors by examining the file '/var/log/ppp-ipupdown.log', however if the file doesn't exist then you must create it to enable ip-up/ip-down script logging - don't forget to restart pppd.

As always if you found this useful feel free to follow me here or via twitter @danielsokolowski.

Tuesday, 26 March 2013

Automatically Refresh Browser Window

Automatically refresh the browser window when saving a file in Eclipse IDE

The edit/preview workflow pattern is make some change, save the files (CTR+S), swtich to browser (ALT+Tab), refresh the windows (F5), switch back to Eclipse IDE (ALT+Tab) and rinse and repeat. Even though I can do this quickly it is repetitive and cumbersome and the seconds it takes turn into minutes and hours wasted over many projects.

Googling you will find posts that show how to automate the Alt+Tab F5 Alt+Tab sequence using VBScript and setting it as an automatic builder in Eclipse.


Now this is a good enough solution and it does work very well except that it does not work with all browsers. Google Chrome being one of them where the SendKeys seem to be ignored. However using an alternative utility NirCmd I was able to make it work as follows:
  • Download NirCmd and extract 'nircmd.exe' into your projects.
  • Create the following 'nircmd-chrome-focus+f5.bat' batch file:

    ECHO Off
    REM This little batch files calls the awesome nircmd utility to focus Chrome window send an F5 and swtich
    REM back to Eclipse. This is no longer possible with VBScript in WIN7 as Chrome can only be focused but won't 
    REM accept key sends unless a click is made. Seriously donate to the NirSoft for making this tool. 
    
    %~dp0nircmd.exe win activate ititle "- Google Chrome"
    %~dp0nircmd.exe win max ititle "- Google Chrome"
    %~dp0nircmd.exe sendkey f5 press
    %~dp0nircmd.exe win activate ititle "- Eclipse"
    %~dp0nircmd.exe win max ititle "- Eclipse" 
    
    
  • Add the batch file as a project builder 'Project > Properties > Builder > New' and ensure 'Project > Build Automatically' is selected. See above screen shot for assistance.
Feel free to comment or share this if it has hepled you, also consider donating to NirSoft and check out some of their other utilities.

Thursday, 7 February 2013

Windows WebDAV Double Authentication 401 Requets

Speed up trick for Windows 7 WebDAV Client

One way to conveniently develop remotely with Eclipse + PyDev is to run WebDAV on the remote server and map it as a networked drive in Windows (PyDev over Eclipse Target Managmenet does not play nicely). WebDAV works rather well except it is not the fastest especially on initial project creation /project refreshing and if your share is protected with a username/password; below is how I improved the performance.

Apparently by protocol design and due to security Windows 7 client does not cache it's authentication and so on each request first an anonymous attempt is made followed by an authenticated one:

...
72.38.184.18 - - [22/Jan/2013:23:05:04 +0000] "PROPFIND /Files HTTP/1.0" 401 751
72.38.184.18 - username [22/Mar/2011:23:05:04 +0000] "PROPFIND /Files HTTP/1.0" 301 495
72.38.184.18 - - [22/Jan/2013:23:05:04 +0000] "PROPFIND /Files/ HTTP/1.0" 401 751
72.38.184.18 - username [22/Mar/2011:23:05:04 +0000] "PROPFIND /Files/ HTTP/1.0" 207 1175
72.38.184.18 - - [22/Jan/2013:23:05:07 +0000] "PROPFIND /Files HTTP/1.0" 401 751
...

After a bit of research I was able to implement a work around, allow anonymous access to the PROPFIND requests which are mainly used for directory listings and authenticated access for everything else. Refreshing a python/djagno project will take half as long for example 21876 files took 11 minutes with no authentication vs 21 with authentication

## Development HTTP Site
<VirtualHost *:80>
  ServerAdmin FOO@FOO.com
  ServerName development.FOO.com
  ServerAlias www.development.FOO.com

  # Log file location and settings; logs within project is ok as long as 'links' are made to system 'var/log/apache'
  ErrorLog /var/log/apache2/development.FOO.com-error.log
  CustomLog /var/log/apache2/development.FOO.com-vhost_combined-access.log vhost_combined

  # Canonical to always strip www - see: http://stackoverflow.com/questions/88011/make-apache-automatically-strip-off-the-www
  RewriteCond %{HTTP_HOST} ^www\.(.+)$
  RewriteRule ^(.*)$ ${SERVER_PROTOCOL}://%1/$1 [R=301,L,NC]

  # Authenticated access for the development site version - because without this Google will find you!
  # Just in case we also prevent serving of the password logins file if it is stored in a serving folder.
  Redirect /apache-logins.htdigest http://development.FOO.com
  <Location />
    AuthType Digest
    AuthName "development.FOO.com"
    # AuthDigestDomain which urls (and any under it) this applies - should match location
    AuthDigestDomain /
    AuthDigestProvider file
    AuthUserFile /srv/www/django/development.FOO.com/apache-logins.htdigest
    # uncomment the LimitExcept to receive a small boost for non caching Windows WebDAV client by allowing
    # anonymous directory listing; see http://serverfault.com/questions/250578/webdav-and-windows-7-client
    <LimitExcept PROPFIND>
     Require valid-user
    </LimitExcept>
  </Location>

  WSGIProcessGroup development.FOO.com
  # You can further limit processes, threads and set a inactivity-timer so deamon get unloaded
  WSGIDaemonProcess development.FOO.com display-name=%{GROUP}
  WSGIScriptAlias / /srv/www/django/development.FOO.com/apache-django-development.wsgi

  # Serve static / media files through apache instance and alias/map them to specific urls. to maximize security
  # `Options -Indexes` is enabled to prevent directory listing
  Options -Indexes
  Alias /robots.txt /srv/www/django/development.FOO.com/src/django-project/static/robots.txt
 #Alias /sitemap.xml /srv/www/django/development.FOO.com/src/django-project/static/sitemap.xml
  Alias /favicon.ico /srv/www/django/development.FOO.com/src/django-project/static/favicon.ico
  Alias /media /srv/www/django/development.FOO.com/src/django-project/static/
  Alias /static /srv/www/django/development.FOO.com/src/django-project/static/

</VirtualHost>

Hope this helps you out, feel free to follow me on twitter or google plus: @danielsokolowski and +1 this.