Setting up OpenVPN in debian/ubuntu June 20th, 2009
This is little bit later than I originally intended but I finally got around to setting up OpenVPN, and here’s how I did it.
This guide is pretty simple to follow and should have an OpenVPN server on debian or ubuntu working within half an hour. I’ll also explain how to connect to the VPN from a windows PC.
First, install OpenVPN on the server (you’ll need to be root for all of this guide)
apt-get install openvpn
Next, we need to configure the server. You need to make a decision here whether you want tun (routed) or tap (bridged) connections. The main difference is that tap will give the client a network address on the server network, whereas tun creates a private network managed by the server. In this guide I will use tap because I find that it works better with windows clients.
Now you need to create certificates for the server and client for authentication purposes (which is much more secure than the passwords used in pptp). This is done through a number of steps:
Preparing to generate the keys
mkdir /etc/openvpn/easy-rsa
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa
Now you need to edit /etc/openvpn/easy-rsa/vars with your required settings. You only really need to change the last section which is the default values for the fields in the certificates.
Generate the certificate authority (CA) which will be used to sign the server and client certificates.
cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca
Next, we need to create the server keys
./build-key-server servername
Answer ‘yes’ when asked to sign the certificate and commit to the database, and then you’ll need to generate the diffie-hellman parameters which are used for key exchange between the client and server.
./build-dh
And finally, create some client keys which will be used to allow clients to authenticate with the server. I prefer to use pkcs12 which stores the client public key and certificate in one passworded file.
./build-key-pkcs12 client1
As before, sign the key and commit to the database. You will be asked for a password which the client will use to connect to the server.
Now all the keys are created, we need to configure the server.
vim /etc/openvpn/server.conf
(add the following lines)
port 443
proto tcp
dev tap
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/servername.crt
key /etc/openvpn/easy-rsa/keys/servername.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.1.0.1 255.255.255.0 10.1.0.236 10.1.0.245
push “route 10.0.0.0 255.0.0.0″
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
The only lines which you will need to change are ’server-bridge’, which is simply the default gateway, subnet mask, and the start and end IP’s to assign the clients, and the push route, which pushes specific routes to all clients.
Now we need to create an ethernet bridge. First, we need to install bridge-utils:
apt-get install bridge-utils
Rather than explain how to set up a network bridge, I found a shell script which will do it for you. This can be found here. Just edit this with your network settings and execute it. You will also need to set it to create the bridge at boot time:
update-rc.d bridge defaults
Now you can start the openvpn server
/etc/init.d/openvpn start
Now we need to set up the windows client. First, download the OpenVPN client from here (at the time of writing, select 2.1 RC15). Install it, and create a file ‘client.conf’ in the config directory with the following parameters
client
dev tap
proto tcp
remote x.x.x.x 443 # (replace with your server IP)
resolv-retry infinite
nobind
pkcs12 client1.p12 # (replace with the client name)
ns-cert-type server
comp-lzo
verb 3
You can also add ‘redirect-gateway’ to the client configuration to pass all traffic down the VPN tunnel (rather than just traffic intended for the VPN itself).
Now copy the client1.p12 certificate file to the config directory on the client, start the gui, and connect. Everything should now work.
If you need to create any clients in the future, do the following:
cd /etc/openvpn/easy-rsa
source ./vars
./build-key-pkcs12 clientx
If one of your certificates is compromised, you can revoke it using the guide here.
This guide has been written from my notes and what I remember, so there may be a couple of things which aren’t 100% right. If anything goes wrong then post a comment or contact me and I’ll update the guide.
Thanks to Author, orignal link http://www.monkeedev.co.uk/blog/2009/03/06/setting-up-openvpn-in-debianubuntu/
Install Ampache audio streaming server on Debian 4.0 Etch June 20th, 2009
Ampache is a software that allow you to stream your audio files on Internet. Before choosing this tool, i’ve tried Jinzora and KPlaylist, but Jinzora is way too complex and KPlaylist way to simple 
. Ampache is a great tool, simple of use, and with many functionnalities that fit me well. This article help you to install Ampache on Debian 4.0 Etch
Dependencies
First, you need a HTTP server with PHP support. You can for exemple use Lighttpd as described in my article Install Lighttpd and PHP 5 on Debian 4.0 Etch.
We add the Debian Multimedia repository in order to make Lake available:
/bin/echo "# Debian Multimedia Etch repository
deb http://www.debian-multimedia.org etch main" \
| /usr/bin/tee /etc/apt/sources.list.d/etch-debian-multimedia.list
We download the GPG key signing these repositories:
/usr/bin/gpg --keyserver pgp.mit.edu --recv-key 07DC563D1F41B907 /usr/bin/gpg -a --export 07DC563D1F41B907 | /usr/bin/apt-key add -
We update the list of available packages:
/usr/bin/apt-get update
We install the needed PHP modules, and additionnal software for file transcoding:
/usr/bin/apt-get install php5-mysql php5-xmlrpc mysql-client-5.0 flac \
mp3splt lame faad ffmpeg vorbis-tools
Install
We download the last Ampache version. In order to do this, choose the version you want to install:
VERSION=3.4
Download the Ampache sources:
/usr/bin/wget http://ampache.org/downloads/ampache-$VERSION.tar.gz \
--output-document=/tmp/ampache-$VERSION.tar.gz
Once the download complete, extract the file into the temporary folder:
/bin/tar --directory=/tmp -xzf /tmp/ampache-$VERSION.tar.gz
And move the created folder: :
/bin/mv /tmp/ampache-$VERSION /opt/ampache
Create a symbolic link to make Ampache available to the HTTP server:
/bin/ln -s /opt/ampache /var/www/ampache
We move configuration files to a place that fit them better:
/bin/mv /opt/ampache/config /etc/ampache /bin/ln -s /etc/ampache /opt/ampache/config
Once this done, we create the Ampache database. In order to do this, I encourage you to follow my howto MySQL for Debian 4.0 Etch.
Warning : If you have followed my howto, you can skip this lines. Otherwise, replace the bold text with the ones corresponding to your MySQL database:
MYSQL_DB=AMPACHE MYSQL_USERNAME=ampache MYSQL_USERPWD=ampache_password
Once the database created, you need to create the tables. This is done by:
/usr/bin/mysql --user=$MYSQL_USERNAME --password=$MYSQL_USERPWD $MYSQL_DB \
< /opt/ampache/sql/ampache.sql
You now need to update Ampache configuration. These command lines do the trick:
/bin/cp /etc/ampache/ampache.cfg.php.dist /etc/ampache/ampache.cfg.php
/bin/sed -i \
-e "s/;\(web_path[^=]*=\).*/\1 \"\/ampache\"/" \
-e "s/\(database_name =\).*/\1 \"$MYSQL_DB\"/" \
-e "s/\(database_username =\).*/\1 \"$MYSQL_USERNAME\"/" \
-e "s/\(database_password =\).*/\1 \"$MYSQL_USERPWD\"/" \
/etc/ampache/ampache.cfg.php
Once this done, you only need to create a admin account. This can be done by using this URL:
You can now delete the PHP file used to install Ampache:
/bin/rm /opt/ampache/install.php
Your Ampache install should be working now. You only need to place your audio files on your server, and configure the corresponding catalogs.
Files transcoding
In order to stream all kind of audio files, we configure Ampache to transcode into MP3 other audio file formats. First, we disable existing settings:
/bin/sed -i -e 's/^transcode_/;transcode_/g' /etc/ampache/ampache.cfg.php
And we insert the lines corresponding to our transcoding configuration:
echo ' ;###################################################### ; These are commands used to transcode non-streaming ; formats to the target file type for streaming. transcode_m4a = true transcode_m4a_target = mp3 transcode_flac = true transcode_flac_target = mp3 transcode_mp3 = false transcode_mp3_target = mp3 transcode_mpc = true transcode_mpc_target = mp3 transcode_MPC = true transcode_MPC_target = mp3 transcode_ogg = true transcode_ogg_target = mp3 transcode_wma = true transcode_wma_target = mp3 ; These are the commands that will be run to transcode the file transcode_cmd_flac = "flac -dc %FILE% | lame -q 2 -b %SAMPLE% -S - - " transcode_cmd_m4a = "faad -f 2 -w %FILE% | lame -r -b %SAMPLE% -S - -" transcode_cmd_mp3 = "mp3splt -qnf %FILE% %OFFSET% %EOF% -o - | lame --mp3input -q 2 -b %SAMPLE% -S - -" transcode_cmd_ogg = "oggdec -Q %FILE% -o - | lame -q 2 -b %SAMPLE% -S - -" transcode_cmd_wma = "ffmpeg -i %FILE% -f wav - | lame -q 2 -b %SAMPLE% -S - -" transcode_cmd_mpc = "ffmpeg -i %FILE% -f wav - | lame -q 2 -b %SAMPLE% -S - -" transcode_cmd_MPC = "ffmpeg -i %FILE% -f wav - | lame -q 2 -b %SAMPLE% -S - -" ' | /usr/bin/tee -a /etc/ampache/ampache.cfg.php
Going deeper
Music Player Daemon
It is possible to use Ampache to control a “MPD”. It allow you to use your Ampache server to play sound locally (aka. on its sound card). It is very usefull if you want to use one of your computers as a network controled Jukebox. I will not describe howto to setup such a thing, since i don’t need it, but I am willing to point you this feature.
Ampache bind mod_proxy
If you use Apache to gather all of your different sites on a same port, or for anyother reason, it is necessary to lightly edit Ampache.
- Edit the file /opt/ampache/lib/init.php.
- Replace this line
$results['web_path']Â Â Â Â Â Â Â Â Â Â Â = $http_type . $_SERVER['HTTP_HOST'] . $results['web_path'];
By the following line:
$results['web_path']Â Â Â Â Â Â Â Â Â Â Â = 'http://music.landure.fr'; // $http_type . $_SERVER['HTTP_HOST'] . $results['web_path'];
Where the bold text is your Ampache URL.
Thanks
- Thanks to Ampache developpers.
- Thanks to Debian Multimédia mainteners.
- Thanks to Dekkard for his post on Ampache forums: Ampache 3.4 and Musepack transcoding.
- Thanks to Author,source http://howto.landure.fr/gnu-linux/debian-4-0-etch-en/install-ampache-audio-streaming-server-on-debian-4-0-etch
Install the vsftpd FTP server on Debian 4.0 Etch June 20th, 2009
by Pierre-Yves Landur̩ Рlast modified 2009-02-28 14:18
vsftpd is an FTP server designed from the perspective of security and speed. It is very powerful, supports many features and is relatively simple to implement. This guide explains how to implement it on Debian 4.0 Etch.
Installation
First, we install the necessary software:
/usr/bin/apt-get install vsftpd fail2ban mysql-client libpam-mysql openssl
We activate the protection of vsftpd Fail2Ban by:
/bin/sed -i -e '/\[vsftpd\]/, /filter/ {0,/^enabled.*/ s//enabled = true/ }' /etc/fail2ban/jail.conf
And we restart Fail2Ban to accommodate this configuration:
/ etc/init.d/fail2ban restart
To make a little more flexible server and can edit files it does not own, we create a group “ftp”, and we add the user “ftp”:
/ usr / sbin / addgroup – system ftp
/ usr / sbin / adduser ftp ftp
Creating the database
Once this is done, we create the database to contain vsftpd users of our FTP server. To do this, I advise you to follow my guide MySQL 4.0 on Debian Etch.
Once the database created, we will resume normal things short. First, we place a default value for the hostname of the server database:
if [-z "$ MYSQL_HOST"]; then
MYSQL_HOST = localhost
fi
Warning: If you followed my guide, you can pass these command lines, if not, replace the information by those in bold corresponds to your MySQL database:
MYSQL_HOST = localhost
Mysql_db = vsftpd
MYSQL_USERNAME = vsftpd
MYSQL_USERPWD = vsftpd_password
Once the database is created, you must create the tables. This is done by the command:
/ usr / bin / wget http://howto.landure.fr/gnu-linux/debian-4-0-etch/installer-le-serveur-ftp-vsftpd-sur-debian-4-0-etch/vsftpd. sql \
- output-document = / tmp / vsftpd.sql
/ usr / bin / mysql – user = $ MYSQL_USERNAME – password = $ MYSQL_USERPWD – host = $ $ MYSQL_HOST mysql_db \
</ Tmp / vsftpd.sql
Configuring vsftpd
Now we configure vsftpd to accommodate the database and the SSL certificate:
/ bin / sed-i-e ‘s /^[#]* \ (anonymous_enable = \) .* / \ 1NO /’ \
-e ‘s /^[#]* \ (local_enable = \) .* / \ 1yes /’ \
-e ‘s /^[#]* \ (write_enable = \) .* / \ 1yes /’ \
-e ‘s /^[#]* \ (local_umask \ )=.*/ \ 1 = 022 /’ \
-e ‘s /^[#]* \ (dirmessage_enable = \) .* / \ 1yes /’ \
-e ‘s /^[#]* \ (xferlog_enable = \) .* / \ 1yes /’ \
-e ‘s /^[#]* \ (connect_from_port_20 = \) .* / \ 1yes /’ \
-e ‘s /^[#]* \ (nopriv_user = \) .* / \ 1ftp /’ \
-e ‘s /^[#]* \ (chroot_local_user = \) .* / \ 1yes /’ \
-e ‘s /^[#]* \ (secure_chroot_dir = \) .* / \ 1 \ / var \ / run \ / vsftpd /’ \
-e ‘s /^[#]* \ (pam_service_name = \) .* / \ 1vsftpd /’ \
/ etc / vsftpd.conf
We add the options that are not already present in the configuration file:
/ bin / echo ‘
# Virtual user configuration
guest_enable = YES
guest_username = ftp
local_root = / home / ftp / $ USER
user_sub_token = $ USER
virtual_use_local_privs = YES
user_config_dir = / etc / vsftpd.d ‘\
| / Usr / bin / tee-a / etc / vsftpd.conf
And we create the folder to contain the specific configuration of users:
/ bin / mkdir / etc / vsftpd.d
For more information, here is an excerpt from the manual vsftpd:
user_config_dir
This powerful option allows the override of any config option specified in the manual page, on a per-user basis. Usage is simple, and is best illustrated with an example. If you set user_config_dir to be / etc / vsftpd_user_conf and then log on as the user “chris”, then vsftpd will apply the settings in the file / etc / vsftpd_user_conf / chris for the duration of the session. The format of this file is as detailed in this manual page! PLEASE NOTE that not all settings are effective on a per-user basis. For example, many settings only prior to the user’s session being started. Examples of settings which will not affect any behviour on a per-user basis include listen_address, banner_file, max_per_ip, max_clients, xferlog_file, etc..
Default: (none)
We configure the PAM for vsftpd:
/ bin / sed-i-e ‘s / ^ \ (.* \) $ / # \ 1 /’ / etc / pam.d / vsftpd
/ bin / echo “# MySQL configuration for vsftpd.
auth required pam_mysql.so MYSQL_USERNAME user = $ passwd = $ MYSQL_USERPWD host = $ db = $ MYSQL_HOST mysql_db table = accounts usercolumn = username passwdcolumn = pass crypt = 2
pam_mysql.so user account required MYSQL_USERNAME = $ passwd = $ MYSQL_USERPWD host = $ db = $ MYSQL_HOST mysql_db table = accounts usercolumn = username passwdcolumn = pass crypt = 2 “\
| / Usr / bin / tee-a / etc / pam.d / vsftpd
We restart vsftpd to take into account the configuration:
/ etc / init.d / vsftpd restart
Encrypt data transfers
If you want to maximize your privacy, it is possible to configure the FTP server to encrypt data transferred. This is the coup of the transfer speed, because the figures are much larger than their equivalent in the clear. In good that I’m paranoid, privacy is something I appreciate, as I use this configuration. However, it is up to you.
Creating SSL certificate
To access your FTP server, I recommend you create the sub-field:
* Ftp.domaine.com
To complete this sub-domain, create the SSL certificate corresponding following my guide:
Create an SSL certificate multi-domains
Once the certificates created, put them in / etc / ssl with the following file names:
* / Etc / ssl / certs / ftp_cert.pem
* / Etc / ssl / private / ftp_key.pem
And we pay the private key only readable by root:
/ bin / chown root: root / etc / ssl / private / ftp_key.pem
/ bin / chmod go-rwx / etc / ssl / private / ftp_key.pem
Configuring vsftpd
Now we configure vsftpd to accommodate the database and the SSL certificate:
/ bin / sed-i-e ‘s /^[#]* \ (rsa_cert_file = \) .* / \ 1 \ / etc \ / ssl \ / certs \ / ftp_cert.pem /’ \
/ etc / vsftpd.conf
We add the options that are not already present in the configuration file:
/ bin / echo ‘
# SSL configuration
ssl_enable = YES
rsa_private_key_file = / etc / ssl / private / ftp_key.pem
ssl_tlsv1 = YES
force_local_logins_ssl = YES
force_local_data_ssl = YES ‘\
| / Usr / bin / tee-a / etc / vsftpd.conf
We restart vsftpd to take into account the configuration:
/ etc / init.d / vsftpd restart
Passive mode behind a NAT router
If your FTP server is behind a NAT router, you must specify the interval of ports used for passive mode.
PASV_MIN_PORT = 34560
PASV_MAX_PORT = 35324
You must also specify the IP address of your router on the Internet (static IP address that you gave your provider). To get it, you can use the following command:
PASV_ADDRESS = $ (/ usr / bin / wget-q-O-http://www.monip.org/ \
| / Bin / grep “IP:” | / usr / bin / cut – characters =- 80 \
| / Bin / sed-e ‘s / ^ .* \ (\ ([0-9] \ (1,3 \) \. \) \ (3 \) [0-9] \ (1,3 \) \ ).*$/ \ 1 / ‘)
Source: Thanks to the Linux lab for article Supinfo Know the public IP behind a router.
Once this is done, use the configuration:
/ bin / echo “# Passive connections through NAT.
pasv_address = $ PASV_ADDRESS
pasv_min_port = $ PASV_MIN_PORT
pasv_max_port = $ PASV_MAX_PORT “\
| / Usr / bin / tee-a / etc / vsftpd.conf
You can now restart your FTP server to accommodate the configuration:
/ etc / init.d / vsftpd restart
Warning: Do not forget to open the following ports on your router:
echo “Open Ports: 21, $ PASV_MIN_PORT, $ PASV_MAX_PORT”
Backup
To save your vsftpd, I advise you to use Backup Manager. To install, you can follow my guide:
Install and configure Backup Manager on Debian 4.0 Etch
Once Backup Manager installed, you can configure the backup files vsftpd with the following command:
/ usr / bin / update-bm-folders add / home / ftp
Important: Back up files is not enough! It should also save the database. The procedure for doing this is available in my MySQL on Debian 4.0 Etch.
Easy creation of users
We will set up two scripts facilitating the creation and deletion of users. These scripts read the vsftpd configuration file to retrieve the default users, and configuring connection to MySQL. You do not have to change, even if you slightly changed the configuration presented by this article. Here are the command lines to use for these scripts:
/ usr / bin / wget http://howto.landure.fr/gnu-linux/debian-4-0-etch/installer-le-serveur-ftp-vsftpd-sur-debian-4-0-etch/add- ftp-account \
- output-document = / usr / bin / add-ftp-account
/ bin / chmod + x / usr / bin / add-ftp-account
/ usr / bin / wget http://howto.landure.fr/gnu-linux/debian-4-0-etch/installer-le-serveur-ftp-vsftpd-sur-debian-4-0-etch/remove- ftp-account \
- output-document = / usr / bin / remove-ftp-account
/ bin / chmod + x / usr / bin / remove-ftp-account
You can now add a new user with the command:
ftp-add-account username
And delete it with the command:
remove-ftp-account username
To go further, you can get help on the advanced use of these commands:
ftp-add-account – help
remove-ftp-account – help
Manual creation of users
This section is presented as documentation. Preferably use the scripts provided by this article.
Prerequisite
Before you begin creating users, you must fill in the connection settings to the database:
MYSQL_HOST = localhost
Mysql_db = vsftpd
MYSQL_USERNAME = vsftpd
MYSQL_USERPWD = vsftpd_password
Creating a user
To create a user, start by identifying the information and password:
Ftp_username = my_username
FTP_PASSWORD = my_password
Once this is done, we create the folder of the user virtual
/ bin / mkdir / home / ftp / $ ftp_username
/ bin / chown ftp:nogroup / home / ftp / $ ftp_username
And we create the user in the database:
/ bin / echo “INSERT INTO accounts (username, pass) VALUES ( ‘$ ftp_username’, PASSWORD ( ‘$ FTP_PASSWORD’));” \
| / Usr / bin / mysql – user = $ MYSQL_USERNAME – password = $ MYSQL_USERPWD – host = $ $ MYSQL_HOST mysql_db
Note: If you want to use a different location for the folder of the user, you can do this using the File vsftpd.d. First, find the folder you want to use:
FTP_PATH = / some / other / folder
And if necessary, create it and assign it the proper permissions:
/ bin / mkdir – parent $ FTP_PATH
/ bin / chown-R ftp:nogroup $ FTP_PATH
You can then create the configuration file for your user:
/ bin / echo “# Custom user path.
local_root = $ FTP_PATH “| / usr / bin / tee / etc / vsftpd.d / $ ftp_username
Using the FTP client
In the configuration I propose, connections to the FTP server is encrypted. To connect with FileZilla, add your site to the Site Manager and select the server type FTPES.
Thanks to Author, orignal source http://howto.landure.fr/gnu-linux/debian-4-0-etch/installer-le-serveur-ftp-vsftpd-sur-debian-4-0-etch
by Pierre-Yves Landur̩ Рlast modified 2009-01-26 18:38
There are several cases or provide a proxy server can be very interesting. Installing Squid proxy may respond to several issues: save bandwidth, filter web sites visited (anti-virus, parental control, etc.), circumventing a protection-based access client IP address, etc. . This guide discusses several possible configurations for Squid in order to provide complete protection for your surfing.
Installation
First, you must install Squid 3:
/ usr / bin / apt-get install squid3
Note: By default, Squid or port awaiting connection is port 3128.
Once Squid is installed, it is necessary to configure it correctly.
First, it is necessary to enter the hostname of the proxy server. This is the name that appears in the error messages:
/ bin / sed-i-e “/ TAG: visible_hostname /,/^#[] * visible_hostname /{/#[] * visible_hostname / a \ \
visible_hostname $ HOSTNAME
/ Etc/squid3/squid.conf
Authorize the use of the Squid server by a LAN
Once this is done, it is necessary to configure networks allowed to use your proxy Squid. Indeed, by default, only the computer that hosts the Squid server is allowed to use it. First, contact the address range used by your local network:
LAN_RANGE = 192.168.1.0/24
Inquire as an alias for your network (the alias must be a “word” without spaces or strange characters):
LAN_ALIAS = my-local-network
Allow connection from this location:
/ bin / sed-i-e “0, / INSERT YOUR OWN RULE (S) HERE / (/ / a \ \
\ \
Allowing Local # allowed-network-lan $ () LAN_ALIAS. \ \
acl allowed-language LAN_ALIAS ($ src) ($ LAN_RANGE) \ \
http_access allow lan-allowed-$ LAN_ALIAS ()
/ Etc/squid3/squid.conf
Squid is configured to allow connection from your LAN, it only remains for you to reload the configuration to take into account:
/ reload etc/init.d/squid3
Configurations specic
You will find below some examples of configuring Squid.
Disable caching of all sites visited
If you want Squid does not cache content of all sites visited, this is done very simply by using this command:
/ bin / sed-i-e ‘/ TAG: cache $/,/^[ \ ]*$/{/^[ t \ t] * $ / i \
\
# Disabling cache for all sites \
cache deny all
‘/ Etc/squid3/squid.conf
Once Squid configuration update, do not forget to reload:
/ reload etc/init.d/squid3
Disable caching of specific sites
If you want the cache is disabled for certain sites only, this can be done with this. First, fill in the domain that you do not want hidden:
Www.my-NOCACHE_DOMAIN = cms.org
Calculate the ID of the rule:
NOCACHE_ID = $ (grep-e “.* acl-nocache” / etc/squid3/squid.conf | wc – lines)
And configure Squid not to hide the field:
/ bin / sed-i-e “/ TAG: cache \ $/,/^[ \ \ t] * \ $/{/^[ \ \ t] * \ $ / i \ \
\ \
# Disable caching for domain $ (NOCACHE_DOMAIN) \ \
$ acl-nocache NOCACHE_ID) (dstdomain $ NOCACHE_DOMAIN () \ \
cache deny nocache-$ () NOCACHE_ID
/ Etc/squid3/squid.conf
Once Squid configuration update, do not forget to reload:
/ reload etc/init.d/squid3
Setting up parental controls with DansGuardian
If you want to block access to pornographic sites to users using your proxy server, you can do simply by using DansGuardian. This software has the advantage of filtering the content of websites visited. It does not just check the URL against a blacklist of pornography.
Note: Many sites display SquidGuard as a parental control. SquidGuard is better integrated than DansGuardian Squid, and also much lighter in its daily operations. DansGuardian but to the advantage of integrating a control virus files downloaded, and filter the content of pages downloaded. For these last two characteristics that I have chosen.
First, install DansGuardian:
/ usr / bin / apt-get install dansguardian lha unrar
Configuring DansGuardian
If you wish, you can ensure that messages warning of DansGuardian are in french. To do this, use this command line:
/ bin / sed-i-e “s / ^ \ (language [\ t] *= \ ).*$/ \ 1 ‘french’ /” \
/ etc / dansguardian / dansguardian.conf
To preserve a minimum of surfing privacy of our users, and reduce the size of log files generated, we reduce the logging level:
/ bin / sed-i-e ‘s / ^ \ (LogLevel [\ t] *= \ ).*$/ \ 1 1 /’ \
/ etc / dansguardian / dansguardian.conf
If you want your download to be scanned for viruses, enable the plugin for ClamAV DansGuardian (Caution: This option is very consuming system resources):
/ bin / sed-i-e ‘s / ^ [\ t #] * \ (contentscanner [\ t ]*=.* clamav .* $ \) / \ 1 /’ \
/ etc / dansguardian / dansguardian.conf
Once your configuration tailored to your needs, it remains only to comment on the “unconfigured” to activate DansGuardian:
/ bin / sed-i-e ‘s / ^ .* Unconfigured .*$/# \ 0 /’ \
/ etc / dansguardian / dansguardian.conf
It is also possible to use blacklists of SquidGuard with DansGuardian. To do this, it is necessary to create the folder to contain these blacklists SquidGuard if not installed:
/ bin / mkdir – parent / var / lib / squidguard / db
/ bin / chown-R proxy: proxy / var / lib / squidguard / db
Now turn up the cron script to update the list daily:
/ bin / echo ‘#! / bin / bash
# Downloading the adult site blacklist update
/ usr / bin / wget-q ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/adult.tar.gz \
- output-document = / tmp / adult.tar.gz
/ bin / tar – directory / var / lib / squidguard / db-xzf / tmp / adult.tar.gz
# SquidGuard must be able to update db files.
/ bin / chown-R proxy: proxy / var / lib / squidguard / db
# SquidGuard We update the database with the downloaded data:
if [-x / usr / bin / squidguard]; then
/ bin / proxy su-c “/ usr / bin / C squidguard-all> / dev / null 2> & 1″
fi ‘\
| / Usr / bin / tee / etc / cron.daily / update-squidguard-blacklist
/ bin / chmod + x / etc / cron.daily / update-squidguard-blacklist
Run the first update to initialize the list:
/ etc / cron.daily / update-squidguard-blacklist
Create a symbolic link to the blacklist to the appropriate location for DansGuardian:
/ bin / ln-s / var / lib / squidguard / db / adult / / etc / dansguardian / lists / blacklists /
Finally, configure DansGuardian to use this blacklist:
/ bin / sed-i-e ‘s / [\ t #] * \ (.* Include adult .* .* \) $ / \ 1 /’ / etc / dansguardian / lists / bannedsitelist
You can now restart DansGuardian:
/ etc / init.d / dansguardian restart
To use DansGuardian, set your browser to connect to port 8080 proxy server.
Configuring Squid
Normally, there is no change to the default configuration of the Squid. However, if you have authorized one or more local networks to use Squid directly (see the method above), it is necessary to edit the file / etc / squid / squid.conf to remove lines configurations that allow the connection . In fact, your users should not be allowed to directly connect to Squid port 3128, otherwise, they are able to bypass DansGuardian, and connect to undesirable sites.
If you followed this guide, the handling is simple. Just run the command line:
/ bin / sed-i-e ‘/ allowed-lan-/ d’ / etc/squid3/squid.conf
And reload the configuration of Squid:
/ reload etc/init.d/squid3
Setting up parental controls with SquidGuard
Although less elaborate than DansGuardian, SquidGuard is also much lighter to implement. Indeed, SquidGuard is to check that the sites are not part of the blacklist.
First, install SquidGuard:
/ usr / bin / apt-get install squidguard
Note: In Debian 4.0 Etch, SquidGuard depends Squid 2, so we have to disable Squid 2 after installing SquidGuard:
/ etc / init.d / squid stop
/ usr / sbin / update-rc.d-f squid remove
Once done, configure Squid for SquidGuard be used to filter URLs:
/ bin / sed-i-e ‘/ TAG: url_rewrite_program /,/^#[] * /{/#[ none] none * / a \
url_rewrite_program / usr / bin / squidguard
‘/ Etc/squid3/squid.conf
We update the location of the file’s log SquidGuard to match the configuration of Squid 3:
/ bin / sed-i-e ‘s | ^ .* $ logdir | logdir / var/log/squid3 |’ \
/ etc / squid / squidGuard.conf
It is also necessary to enable content filtering in the configuration SquidGuard. To do this, begin by informing the destination URL of the redirect. Personally, I plan to redirect the Internet XD:
SQUIDGUARD_DESTINATION = http://www.perdu.com/
Now configure SquidGuard to reiterate adult sites to your site replacement:
/ bin / sed-i-e ‘s / ^ [#] * \ (dest adult .* \) $ / \ 1 /’ \
-e ‘/ ^ dest adult /,/}/{ s /^#//;)’ \
-e “/ ^ dest adult /,/}/{ s | ^ \ (.* redirect [\ t] * \) .* \ $ | \ 1 $ SQUIDGUARD_DESTINATION () |;)” \
/ etc / squid / squidGuard.conf
And enable this configuration for all users:
/ bin / sed-i-e ‘/ ^ [\ t] * default /,/}/{ s / ^ \ (.* pass [\ t] * \ ).*$/ \ 1! adult;)’ \
/ etc / squid / squidGuard.conf
Now that SquidGuard is configured, set up the cron script to update daily the blacklist of banned adult sites:
/ bin / echo ‘#! / bin / bash
# Downloading the adult site blacklist update
/ usr / bin / wget-q ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/adult.tar.gz \
- output-document = / tmp / adult.tar.gz
/ bin / tar – directory / var / lib / squidguard / db-xzf / tmp / adult.tar.gz
# SquidGuard must be able to update db files.
/ bin / chown-R proxy: proxy / var / lib / squidguard / db
# SquidGuard We update the database with the downloaded data:
if [-x / usr / bin / squidguard]; then
/ bin / proxy su-c “/ usr / bin / C squidguard-all> / dev / null 2> & 1″
fi ‘\
| / Usr / bin / tee / etc / cron.daily / update-squidguard-blacklist
/ bin / chmod + x / etc / cron.daily / update-squidguard-blacklist
Run the first update to initialize the list:
/ etc / cron.daily / update-squidguard-blacklist
Now you can reload the configuration of Squid:
/ etc/init.d/squid3 restart
Allow access SSL on a nonstandard port for a given web server
If you want to access via Squid servers using HTTPS ports other than port 443, it is necessary to configure Squid to explicitly authorize it. First, fill in the name of the server using a non-standard port for HTTPS:
WEIRD_HTTPS_SERVER = www.some-server.org
Inquire then the port number used:
WEIRD_HTTPS_PORT = 8080
Calculate the ID of the rule:
WEIRD_HTTPS_ID = $ (grep-e “weird-ssl .* domain dst” / etc/squid3/squid.conf | wc – lines)
And allow the CONNECT method for this site:
/ bin / sed-i-e “0, / Deny CONNECT to other than SSL ports / (/ / i \ \
\ \
# Allowing non-standard SSL port declaration: $ (WEIRD_HTTPS_SERVER): $ () WEIRD_HTTPS_PORT. \ \
weird-acl-ssl $ (domain)-WEIRD_HTTPS_ID $ dst) (WEIRD_HTTPS_SERVER \ \
weird-acl-ssl $ (WEIRD_HTTPS_ID)-port $ (port) WEIRD_HTTPS_PORT \ \
http_access allow CONNECT-weird-ssl $ ()-WEIRD_HTTPS_ID domain weird-ssl-WEIRD_HTTPS_ID $ (port) \ \
/ Etc/squid3/squid.conf
Squid is configured to allow connection to the server, it only remains for you to reload the configuration to take into account:
/ reload etc/init.d/squid3
Thanks to Author, source http://howto.landure.fr/gnu-linux/debian-4-0-etch/installer-un-serveur-mandataire-proxy-squid-3-sur-debian-4-0-etch-et-5-0-lenny
Install DirectX 9.0c on Linux using WineInstall a proxy server (proxy) 3 Squid 4.0 on Debian 5.0 Etch and Lenny June 20th, 2009
Wine is a implementation of Windows API on Linux. Even if it is quite complete, it still miss some DirectX functionalities. This article present how to add this missing functionalities by installing native DirectX 9.0c in your Wine environment.
Warning
It seems that many people have problems following this guide. So we sure that you are using the last version of Wine.
For Ubuntu 8.04 Hardy Heron, use :
sudo wget http://wine.budgetdedicated.com/apt/sources.list.d/hardy.list -O /etc/apt/sources.list.d/hardy-winehq.list wget -q http://wine.budgetdedicated.com/apt/387EE263.gpg -O- | sudo apt-key add - sudo apt-get update
For Ubuntu 7.10 Gutsy Gibbon, use :
sudo wget http://wine.budgetdedicated.com/apt/sources.list.d/gutsy.list -O /etc/apt/sources.list.d/gutsy-winehq.list wget -q http://wine.budgetdedicated.com/apt/387EE263.gpg -O- | sudo apt-key add - sudo apt-get update
You will now be able to install the last version of Wine with apt-get.
Wine environment setup
First, we install needed softwares:
/usr/bin/sudo /usr/bin/apt-get install wine cabextract wget
We create the Wine environment folder:
/usr/bin/wineprefixcreate
We configure the sound so that Wine use ALSA:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/audio.reg \
--output-document=/tmp/audio.reg
/usr/bin/regedit /tmp/audio.reg
Video memory amount setup
We must tell Wine the amount of Video memory present on our graphic adapter. First, download the template registry file:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/video_ram.reg \
--output-document=/tmp/video_ram.reg
We update the template with a auto-detected value that should fit to our system (if you have more than 256 MB of Video memory, the auto-detected value will only be of 256 MB):
/usr/bin/lspci | /bin/grep VGA | /bin/sed -e 's/^\([^ ]* \).*/\1/' \
| /usr/bin/xargs -iPCIID /bin/sh -c "/usr/bin/lspci -v -s PCIID" \
 | /bin/grep Memory | /bin/sed -e 's/.*size=\([0-9]*\).*/\1/' \
 | /usr/bin/sort -g | /usr/bin/tail -n1 \
| /usr/bin/xargs -iVIDEORAM /bin/sed -i -e 's/VIDEO_RAM/VIDEORAM/' /tmp/video_ram.reg
And we insert the corresponding registry key into Wine registry:
/usr/bin/regedit /tmp/video_ram.reg
DOS memory space access
In Ubuntu 8.04 Hardy Heron, access to the beginning of memory space is disabled for security reasons. For some old games (Caesar III for exemple), this access is needed. To allow access to this memory area, une these command lines:
/usr/bin/sudo /bin/cp /etc/sysctl.conf /etc/sysctl.conf.back /usr/bin/sudo /bin/sed -i -e 's/^\(vm.mmap_min_addr =\) .*/\1 0/' /etc/sysctl.conf /usr/bin/sudo /sbin/sysctl -p
DirectX installation
Once Wine configured, we download some files needed to install DirectX:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/mscoree.dll \
--output-document=$HOME/.wine/drive_c/windows/system32/mscoree.dll
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/streamci.dll \
--output-document=$HOME/.wine/drive_c/windows/system32/streamci.dll
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/gm.dls \
--output-document=$HOME/.wine/drive_c/windows/system32/drivers/gm.dls
And we register DirectX DLLs as native in the registry:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/directx.reg \
--output-document /tmp/directx.reg
/usr/bin/regedit /tmp/directx.reg
We download DirectX 9.0c installer:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/directx_mar2008_redist.exe \
--output-document=/tmp/directx_redist.exe
We extract its contents:
/bin/mkdir $HOME/.wine/drive_c/DIRECTX /usr/bin/cabextract -d $HOME/.wine/drive_c/DIRECTX /tmp/directx_redist.exe
And we install DirectX 9 :
/usr/bin/wine "C:\DIRECTX\DXSETUP.exe"
You can now test your installation by running dxdiag:
/usr/bin/wine "C:\windows\system32\dxdiag.exe"
Note: The test is to actually run dxdiag, don’t expect all tests runned by this software to work.
Once the install done and tested, we can do a little clean up:
/bin/rm /tmp/directx_redist.exe /bin/rm -r $HOME/.wine/drive_c/DIRECTX
HTML renderer install
This step is mandatory for installing Source games (Half-Life 2, Counter Strike, etc…):
First, download WineTricks :
/usr/bin/wget http://www.kegel.com/wine/winetricks \
--output-document=$HOME/.wine/winetricks
Then install Gecko HTML render with this command line:
/bin/sh $HOME/.wine/winetricks gecko
Now, test your installation with:
/usr/bin/wine "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://appdb.winehq.com/
Active Movie installation
Active Movie is needed for displaying video for some games. First, dowload the DLL file needed to install this software:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/dciman32.dll \
--output-document=$HOME/.wine/drive_c/windows/system32/dciman32.dll
And download the Active Movie installer:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/amov4ie.exe \ Â Â Â Â --output-document=/tmp/amov4ie.exe
Install Active Movie:
/usr/bin/wine /tmp/amov4ie.exe
And configure wine to use natively the amstream DLL:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/amstream.dll \
--output-document=$HOME/.wine/drive_c/windows/system32/amstream.dll
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/active_movie.reg \
--output-document=/tmp/active_movie.reg
/usr/bin/regedit /tmp/active_movie.reg
And registrer this DLL in the registry:
/usr/bin/regsvr32 "c:\windows\system32\amstream.dll"
QuickTime installation
QuickTime is needed to display videos in some games, such as Myst, RHEM 2, etc. First, download the QuickTime 6.5.2 installer:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/quicktimefullinstaller-6-5-2.exe \
--output-document=/tmp/quicktimefullinstaller-6-5-2.exe
And run it:
/usr/bin/wine /tmp/quicktimefullinstaller-6-5-2.exe
At the end of the install, your screen black out (at least, it is what it does on my computer). Don’t worry, it is a little display bug. We are going to solve it. Launch the QuickTime settings software:
/usr/bin/wine "c:\windows\system32\rundll32.exe" shell32.dll,Control_RunDLL QuickTime.cpl
And change the following parameters:
- In section “Browser Plug-in”, uncheck “QuickTime system tray icon”.
- In section “Video Settings”, choose “Save Mode (GDI Only)”.
You can now close the QuickTime settings.
Internet Explorer 6 installation
Warning: This is NOT recommanded. It is there because I need it for testing.
First, move the files that can create problems when installing:
/bin/mv $HOME/.wine/drive_c/Program\ Files/Internet\ Explorer/iexplore.exe $HOME/.wine/drive_c/Program\ Files/Internet\ Explorer/iexplore.exe.back /bin/mv $HOME/.wine/drive_c/windows/system32/mshtml.dll $HOME/.wine/drive_c/windows/system32/mshtml.dll.back /bin/mv $HOME/.wine/drive_c/windows/system32/shdoclc.dll $HOME/.wine/drive_c/windows/system32/shdoclc.dll.back /bin/mv $HOME/.wine/drive_c/windows/system32/shdocvw.dll $HOME/.wine/drive_c/windows/system32/shdocvw.back /bin/mv $HOME/.wine/drive_c/windows/system32/shlwapi.dll $HOME/.wine/drive_c/windows/system32/shlwapi.dll.back /bin/mv $HOME/.wine/drive_c/windows/system32/urlmon.dll $HOME/.wine/drive_c/windows/system32/urlmon.dll.back /bin/mv $HOME/.wine/drive_c/windows/system32/wininet.dll $HOME/.wine/drive_c/windows/system32/wininet.dll.back
And setup the registry keys needed for the install to run correctly:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/ie6.reg \
--output-document=/tmp/ie6.reg
/usr/bin/regedit /tmp/ie6.reg
We download the Internet Explorer 6 installer, and we run it:
/usr/bin/wget http://download.microsoft.com/download/ie6sp1/finrel/6_sp1/W98NT42KMeXP/EN-US/ie6setup.exe \
--output-document=$HOME/.wine/drive_c/ie6setup.exe
/usr/bin/wine "C:\ie6setup.exe"
Now, we register the newly installed DLLs (you need to repeat two times the same command):
for i in $HOME/.wine/drive_c/windows/system32/*.dll $HOME/.wine/drive_c/windows/system32/*.ocx; do /usr/bin/regsvr32 /i $i; done for i in $HOME/.wine/drive_c/windows/system32/*.dll $HOME/.wine/drive_c/windows/system32/*.ocx; do /usr/bin/regsvr32 /i $i; done
Note: Ignore errors shown by this two commands.
Once this done, we install the msls31.dll file:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/msls31.dll \
--output-document=$HOME/.wine/drive_c/windows/system32/msls31.dll
You can now run Internet Explorer with this command line:
/usr/bin/wine iexplore.exe
Going deeper
If you want to go further into Wine configuration, I encourage you to read:
Games
Guild Wars
First, download the game installer:
/usr/bin/wget http://www.guildwars.com/downloads/gwsetup.zip \
--output-document=$HOME/.wine/drive_c/gwsetup.zip
Uncompress it:
/usr/bin/unzip -d $HOME/.wine/drive_c/ $HOME/.wine/drive_c/gwsetup.zip
Download the optimized settings for Guild Wars and add them to the Wine registry:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/guild_wars.reg \
--output-document /tmp/guild_wars.reg
/usr/bin/regedit /tmp/guild_wars.reg
Now, install Guild Wars:
/usr/bin/wine "C:\GwSetup.exe"
Once this install done, you can go slash some monsters (arrrgh, I’m waiting for Diablo III to show up !).
Civilization IV
First, download WineTricks:
/usr/bin/wget http://www.kegel.com/wine/winetricks \
--output-document=$HOME/.wine/winetricks
And use it to install Microsoft XML 3:
/bin/sh $HOME/.wine/winetricks msxml3
Then, install Civilization IV from the game CD-Rom. And download patch 1.74:
wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/civilization_iv_patch_v1-74_multi-langues_40669.exe \
--output-document=/tmp/civilization_iv_patch_v1.74_multi-langues_40669.exe
And install it:
/usr/bin/wine /tmp/civilization_iv_patch_v1.74_multi-langues_40669.exe
Steam
Steam allow you to install Half-Life 2, Counter Strike, etc. In order to make Steam work, you need the Gecko HTML renderer:
First, download WineTricks :
/usr/bin/wget http://www.kegel.com/wine/winetricks \
--output-document=$HOME/.wine/winetricks
And use it to install the Gecko HTML renderer:
/bin/sh $HOME/.wine/winetricks gecko
Download the Steam installer:
/usr/bin/wget http://steampowered.com/download/SteamInstall_French.msi \
--output-document=$HOME/.wine/drive_c/SteamInstall_French.msi
And run it:
/usr/bin/msiexec /i $HOME/.wine/drive_c/SteamInstall_French.msi
Once the install done, you can delete the Steam installer:
/bin/rm $HOME/.wine/drive_c/SteamInstall_French.msi
You can now apply the registry settings for the Source engine (for Half-Life 2, Counter Strike, Source, Day of Defeat Source, Portal, etc…):
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/hl2.reg \
--output-document /tmp/hl2.reg
/usr/bin/regedit /tmp/hl2.reg
You can now install Half-Life 2, Counter Strike Source, Day of Defeat, Portal, etc…
Trackmania Nations Forever
To run Trackmania Nations Forever, first, apply registry settings for this game:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/tmforever.reg \
--output-document /tmp/tmforever.reg
/usr/bin/regedit /tmp/tmforever.reg
Once this done, install the game with Steam.
Once the installation done, replace the file wrap_oal.dll in order to get the sound to work:
/bin/mv $HOME/.wine/drive_c/Program\ Files/Steam/steamapps/common/trackmania\ nations\ forever/wrap_oal.dll $HOME/.wine/drive_c/Program\ Files/Steam/steamapps/common/trackmania\ nations\ forever/wrap_oal.dll.back
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/wrap_oal.dll \
--output-document=$HOME/.wine/drive_c/Program\ Files/Steam/steamapps/common/trackmania\ nations\ forever/wrap_oal.dll
Crimson Skies
Crimson Skies needs you to install Active Movie. The install of this software is described earlier in this article.
You also need to install the native imm32 DLL:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/imm32.dll \
--output-document=$HOME/.wine/drive_c/windows/system32/imm32.dll
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/cskies_install.reg \
--output-document=/tmp/cskies_install.reg
/usr/bin/regedit /tmp/cskies_install.reg
Once this done, install the game from the CD-Rom with this command line:
/usr/bin/wine /media/C_SKIES/install.exe
And download a NO-CD patch, the game can not work without it:
/bin/mv $HOME/.wine/drive_c/Program\ Files/Microsoft\ Games/Crimson\ Skies/crimson.exe $HOME/.wine/drive_c/Program\ Files/Microsoft\ Games/Crimson\ Skies/crimson.exe.back
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/crimson.exe \
--output-document=$HOME/.wine/drive_c/Program\ Files/Microsoft\ Games/Crimson\ Skies/crimson.exe
Now, we copy some files from the CD-ROM so that we can run the game without errors:
/bin/mkdir $HOME/.wine/drive_c/Program\ Files/Microsoft\ Games/Crimson\ Skies/LAUNCHER /bin/cp /media/C_SKIES/install.exe $HOME/.wine/drive_c/Program\ Files/Microsoft\ Games/Crimson\ Skies/LAUNCHER/ /bin/cp /media/C_SKIES/setupenu.dll $HOME/.wine/drive_c/Program\ Files/Microsoft\ Games/Crimson\ Skies/LAUNCHER/
To run the game, use the following command line, or a error message about broken database will show up:
/usr/bin/wine "C:\Program Files\Microsoft Games\Crimson Skies\LAUNCHER\install.exe"
Note: The mouse cursor is quite bogus in the menus. On my own, I get it to the target by doing great circular mouvements.
Once you have seen the introduction video, I encourage you to delete it, since i’ve found no way to bypass it. Without doing this, you will lost 3 minutes each time you launch the game:
/bin/rm $HOME/.wine/drive_c/Program\ Files/Microsoft\ Games/Crimson\ Skies/GOSDATA/ASSETS/GRAPHICS/MPG/msopen1.mpg /bin/rm $HOME/.wine/drive_c/Program\ Files/Microsoft\ Games/Crimson\ Skies/GOSDATA/ASSETS/GRAPHICS/MPG/zipper.mpg /bin/rm $HOME/.wine/drive_c/Program\ Files/Microsoft\ Games/Crimson\ Skies/GOSDATA/ASSETS/GRAPHICS/MPG/chap0.mpg
RHEM 2
RHEM 2 needs you to install QuickTime as described earlier in this article.
Once this done, install the game using for exemple the following command line (if it does not work, launch the “setup.exe” from the “setup” folder on the CD-ROM).
/usr/bin/wine /media/cdrom/setup/setup.exe
and download the No-CD Patch. The game is using the Starforce 2 protection (thank you, Micro Application… ), and it can not work without such a patch.
Supreme Commander
Warning: GPGNet work only since Wine 0.9.60.
Warning: GPGNet does not work well. But i’ve manage to get automatic updates to work. But do not expect to enter internet games with GPGNet. This install guide is not complete and it does not seems that completing it is possible in the actual state of Wine.
First, download WineTricks :
/usr/bin/wget http://www.kegel.com/wine/winetricks \
--output-document=$HOME/.wine/winetricks
Install the Gecko HTML render:
/bin/sh $HOME/.wine/winetricks gecko
Install Flash:
/bin/sh $HOME/.wine/winetricks flash
Install Dot Net 2.0 framework:
/bin/sh $HOME/.wine/winetricks dotnet20
Install Visual Java #:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/vjredist.exe \
--output-document=/tmp/vjredist.exe
/bin/mkdir $HOME/.wine/drive_c/VISUALJAVA
/usr/bin/cabextract -d $HOME/.wine/drive_c/VISUALJAVA /tmp/vjredist.exe
/usr/bin/wine "C:\VISUALJAVA\install.exe"
Once this done, you can do a little clean up:
/bin/rm /tmp/vjredist.exe /bin/rm -fr $HOME/.wine/drive_c/VISUALJAVA
We now download some DLLs:
/bin/mv $HOME/.wine/drive_c/windows/system32/shdocvw.dll $HOME/.wine/drive_c/windows/system32/shdocvw.dll.back
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/shdocvw.dll \
--output-document=$HOME/.wine/drive_c/windows/system32/shdocvw.dll
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/shlwapi.dll \
--output-document=$HOME/.wine/drive_c/windows/system32/shlwapi.dll
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/msimtf.dll \
--output-document=$HOME/.wine/drive_c/windows/system32/msimtf.dll
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/msctf.dll \
--output-document=$HOME/.wine/drive_c/windows/system32/msctf.dll
And we setup Wine to use them as native:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/gpgnet.reg \
--output-document /tmp/gpgnet.reg
/usr/bin/regedit /tmp/gpgnet.reg
We now install the game from the CD-ROM.
Then, run GPGNet with the following command line.Login and let the software update itself. Run GPGNet as many times as necessary.
/usr/bin/wine "C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"
Use this command until GPGNet version is 1.5.188.1. Since this version, GPGNet crash just after login. To correct this problem, we install a missing DLL:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/gpg-multiplayer-plugin.dll \
--output-document=$HOME/.wine/drive_c/Program\ Files/THQ/Gas\ Powered\ Games/GPGNet/GPG.Multiplayer.Plugin.dll
Then, when GPGNet version is the last one, login to a Supreme Commander session in order to get all the game updates.
Next, in order to get Supreme Commander sound, you need to install more DLLs:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/xactengine-dlls-tar.bz2 \ Â Â Â --output-document=/tmp/xactengine-dlls-tar.bz2 /bin/tar --directory $HOME/.wine/drive_c/windows/system32/ -xjf /tmp/xactengine-dlls-tar.bz2 /usr/bin/regsvr32 $HOME/.wine/drive_c/windows/system32/xactengine2_*.dll
And apply some optimizations for Supreme Commander in the Wine registry:
/usr/bin/wget http://howto.landure.fr/gnu-linux/installer-directx-9-0c-avec-wine/spc.reg \
--output-document /tmp/spc.reg
/usr/bin/regedit /tmp/spc.reg
You can now play to Supreme Commander on local network.
Wine environment reset
Warning : THE FOLLOWING COMMAND LINES DELETE ALL OF YOUR WINE ENVIRONMENT. This include:
- YOUR GAMES BACKUPS
- YOUR GAMES INSTALLS
- YOUR TRICKS
EVERYTHING THAT NEED WINE OR IS ABOUT WINE.
USE THESE COMMAND LINES AT YOUR OWN RISKS:
rm -fr ~/.wine rm -r ~/.local/share/desktop-directories/wine-* rm -r ~/.config/menus/applications-merged/wine-* rm -r ~/.local/share/applications/wine/
