I decided to check out Ubuntu 10.10 RC today and I’m pleased to report that installation of the latest version in VMware Fusion (3.1.1) was trivial. I grabbed the install CD, told it to use “easy install” and away it went. Mouse ungrab, drag/drop file sharing, sound, et cetera were all available as soon as the GUI came up after the VMware tools install completed. HGFS was available as well under /mnt/hgfs. If you’re running an older version of VMware you may need to upgrade or grab the latest tools1 to have such a smooth experience.
Hulu is a great site to find new shows and catch up on old, but due to various contracts no one outside the US can use it. This irritated some friends of mine from Canada, England, Germany, et cetera. So I decided to write up one (very reliable) way to circumvent the Hulu geolocation checks — using a VPN.1
In this case, we’ll be using a small VM and the open source VPN server pptpd. All the server side instructions below are applicable to both OS X and Windows, but the client setup is only specified for Mac OS X.
First, obtain a VM from a reputable (and fast) US vendor. The VM must be located in the US since that’s our required origin. I personally use Slicehost, but there are many others. Once you get your login be sure you change the root password.
Install pptpd. If you’re running on Ubuntu or Debian you can simply run
apt-get install pptpd
Once you have pptpd installed, we’ll need to add a user. The default pptpd configuration is fine, but we’ll need to edit /etc/ppp/chap-secrets. When you edit the file (using vi, nano, emacs, et cetera) you’ll see this:
# Secrets for authentication using CHAP # client server secret IP addresses
Client is your username, server is “pptpd”, secret is your password in plaintext, and IP addresses is a range of allowed IPs. If you’re unconcerned about who might attempt to access your VPN, you can simply use a wildcard (*). Once you’ve populated this file with data it will look something like this:
# Secrets for authentication using CHAP # client server secret IP addresses testuser pptpd mypassword *
We need to set up IPv4 forwarding, so edit /etc/sysctl.conf and uncomment the line below from the file (remove the #).
This will enable the behavior after a reboot, but you can enable it right now by running:
echo 1 > /proc/sys/net/ipv4/ip_forward
Now run these commands:
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /sbin/iptables -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
Once you’ve run these you can save them so they execute every time your VM boots by following these quick instructions. This completes the server side setup.
Now it’s time to configure the Mac to utilize the VPN server. Bear in mind that all traffic to the internet will be routed through your VPN server when this is active, so you’ll only want to connect to your VPN when watching Hulu.2
Open System Preferences and go to Network. Click the plus sign in the lower left and choose add to add a VPN PPTP interface. Then set the server address (the IP of your VM) and account name (“testuser” from above).
After filling out those fields, click authentication settings and type your password, then click Okay.
Finally, click advanced, then click DNS and click the plus sign. Add 184.108.40.206 as a DNS server.3
Save these changes and then you can click connect to test it out. Your traffic should all be routed through the VPN and since the endpoint is located in the US Hulu should work just fine!
Server Name Indication (SNI), an extension to TLS, allows browsers that support it to connect to SSL hosts that do not have dedicated IPs (much like standard http virtual hosting has worked for years). This extension, however, must be supported on both the server and client side. Microsoft has not yet chosen to support it (maybe IIS 8?), but the Apache project did with the 2.2.12 release. Recently, Ubuntu 9.10 Server became the first server distribution to ship with Apache and OpenSSL built with the appropriate flags, so if you’d like to follow along you can use a 9.10 VM.
In the ideal case everything is the same as a regular vhost, but you’ll first need to enable SSL. On Ubuntu this requires you to run a2enmod and type “ssl”. After that you’ll need to add
to the root conf, then make your VirtualHost much like a normal one. A very basic pair of vhosts is seen below.
<VirtualHost *:443> ServerAdmin webmaster@localhost DocumentRoot /my/doc/root ServerName mydomain.com SSLEngine On SSLCertificateFile /path/to/domain.crt SSLCertificateKeyFile /path/to/domain.key </VirtualHost> <VirtualHost *:443> ServerAdmin webmaster@localhost DocumentRoot /my/doc/root ServerName mydomain2.com SSLEngine On SSLCertificateFile /path/to/domain2.crt SSLCertificateKeyFile /path/to/domain2.key </VirtualHost>
These vhosts should be placed in different includes ideally, but it isn’t required. If you just want to test with a self-signed certificate you can create one with
openssl req -new -nodes -keyout mykey.key -out mycert.cer -days 3650 -x509
You’ll need to specify the domain name you want in the “Common Name” section.
Once you’ve got all this done you can restart apache and test it out! If you test on a browser that doesn’t support SNI (IE on XP) you’ll get the SSL cert for the first vhost apache parses. To disable accessing it on non-SNI hosts you can add
to the root conf. This will cause a 403 error for those browsers.
If you’d like to see an example implementation of SNI you can check out my IDN domains https://☢.ws/ and https://☣.ws/. These sites are hosted on the same IP with different SSL certificates. I have strict host checking turned on so visiting them with a non-SNI capable browser will result in a 403 error.1
A quick reminder for those who don’t know or have forgotten how to upgrade an Ubuntu server:
sudo apt-get install update-manager-core sudo do-release-upgrade
Follow the instructions, reboot, and you’re done!
I’ve just updated my Ubuntu 9.10 in VMware article with a better process. If you’re looking to install Karmic Koala when it’s released on 10/29 check it out!
Update 2: Preliminary 10.04 instructions are available here. No real obstacles for those running the latest Fusion/Workstation.
Update: If you’re using VMware Fusion 3.0 or any VMware Tools version 8.2.3-204229 or better you can follow a drastically simplified process. sudo apt-get install build-essential, choose install VMware Tools from the menu, copy tar to desktop, untar, sudo ./vmware-install.pl and follow the instructions. Simple!
With the release of the Ubuntu 9.10 RC it’s time to revisit installing Ubuntu into a VMware VM. I’m using VMware Fusion 2.0.x, but behavior should be largely the same for any recent VMware release.
First, create a new VM and point the installation disk at your Ubuntu 9.10 ISO. At this time I would not recommend using “easy install”, so uncheck that and continue. If you wish to use the graphical installer you’ll need to increase the RAM allocated to your VM from 512MB to 768MB.1
Now you can boot your VM and follow the graphical installer. Once complete your VM will hopefully reboot properly and ask you if you want to force the CD to disconnect (you do). If this doesn’t occur, force the guest to shut down, disconnect the ISO in the settings, then boot the VM again.
The official VMware Tools do not work properly due to the newer kernel (2.6.31), so we’ll need to build the open-vm-tools for this kernel. Follow the steps below to build them yourself or simply download the AMD64 deb package I have already built for the modules.2
sudo apt-get install open-vm-tools build-essential open-vm-toolbox
vmware@vmware-desktop:~$ lsmod | grep vm vmsync 5104 0 vmmemctl 10120 0 vmhgfs 59080 0 vmci 33952 0
If you see the 4 modules listed above then you should have functioning copy/paste, auto-resolution switching, and even shared folders. However, to enable shared folders you’ll need to follow these steps:
sudo mount -t vmhgfs -v -o ro .host:/sharedfoldername /path/to/mnt
Let me know in the comments if you have issues or have improvements to the process. Waiting for the official VMware Tools release is boring!