Jesper.Lindberg's questions

我在 ubuntu 服务器上设置了一个 openvpn 客户端，我希望即使连接失败也能始终保持界面打开。我已persist-tun在 .conf 文件中尝试过此操作：

但是，如果我运行，那么界面就不会再显示？sudo systemctl stop openvpn@myconf.serivceifconfig

我正在尝试将操作系统切换到 CentOS，但是 CentOS 安装使用org.freedesktop.NetworkManager 似乎返回了太多网络设备。所以我想尝试org.freedesktop.NetworkManager.GetDevices()从我的 ubuntu 服务器运行，看看它返回什么。我怎样才能做到这一点？

运行：Ubuntu 服务器 18.4

我设法让我的 sudo... 但是，由于 sudo 已损坏，我无法覆盖受保护的文件。

制作和恢复备份时我厌倦了遵循的准则：https ://help.ubuntu.com/community/BackupYourSystem/TAR

基本上我想跑

sudo tar -xvpzf /path/to/backup.tar.gz -C / --numeric-owner

生成：

sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

有什么建议么？

我的问题是每次启动笔记本电脑时都会显示启动菜单，我必须选择要使用 Ubuntu。我在网上搜索过，发现其他人也有同样的问题，但是在他们将计时器设置为 0 的情况下对他们有用的解决方案对我不起作用。

我试过的：

sudo nano /etc/default/grub
GRUB_TIMEOUT=0

然后我跑了sudo update-grub。

我仍然有这个问题。我运行全新安装的 Ubuntu 18.04.2。

该文件如下所示：

# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
#   info -f grub -n 'Simple configuration'

GRUB_DEFAULT=0
GRUB_TIMEOUT_STYLE=countdown
GRUB_TIMEOUT=0.1
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
GRUB_CMDLINE_LINUX=""

# Uncomment to enable BadRAM filtering, modify to suit your needs
# This works with Linux (no patch required) and with any kernel that obtains
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"

# Uncomment to disable graphical terminal (grub-pc only)
#GRUB_TERMINAL=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
#GRUB_GFXMODE=640x480

# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY="true"

# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"

我想备份我的文件系统并并行执行。我找到了本指南：https ://help.ubuntu.com/community/BackupYourSystem/TAR 他们在哪里给我命令：

tar -cvpzf backup.tar.gz --exclude=/backup.tar.gz --one-file-system / 

我发现我应该放在-I pigz命令的开头，但是这给了我错误：

tar: Conflicting compression options

如何解决？

为了在我的服务器上访问 jupyter notebooks 和 rstudio-server 之类的站点/服务，我创建了一个 ssh 隧道，然后在本地计算机上的 webbrowser 中浏览它们，但是，从昨天开始，我的所有服务在我的浏览器中加载速度都很慢。不知道为什么或从哪里开始故障排除。我可以通过 ssh 进入服务器并查看文件等。昨天我什至尝试重新安装其中一项服务，然后才意识到我的所有服务都很慢......有什么想法或建议如何解决这个问题？

编辑：可以补充一点，如果我设法连接到浏览器中的一项服务，似乎一旦我连接，服务就会在浏览器中运行而不会延迟。所以似乎它“只是”需要永远的连接。（几分钟）还可以添加端口在我的远程和本地计算机上都是打开的。

我刚刚意识到，在我的终端中，我收到以下消息：

channel 3: open failed: connect failed: Connection refused
channel 2: open failed: connect failed: Connection refused
channel 2: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 4: open failed: connect failed: Connection refused
channel 5: open failed: connect failed: Connection refused

我用来打开隧道的命令：

ssh -N -f -L 8787:localhost:8787 myNick@192.168.1.xx

每次我使用 apt-get update 我都会收到以下警告

W: Skipping acquire of configured file 'multiverse//binary-amd64/Packages' as repository 'http://archive.ubuntu.com/ubuntu bionic-updates InRelease' doesn't have the component 'multiverse/' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'multiverse//i18n/Translation-en' as repository 'http://archive.ubuntu.com/ubuntu bionic-updates InRelease' doesn't have the component 'multiverse/' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'multiverse//cnf/Commands-amd64' as repository 'http://archive.ubuntu.com/ubuntu bionic-updates InRelease' doesn't have the component 'multiverse/' (component misspelt in sources.list?)

不确定这是不是我应该担心的事情？我用谷歌搜索了这些警告，但找不到任何有相同警告的人，只有相同类型的警告。

内容/etc/apt/sources.list：

deb http://archive.ubuntu.com/ubuntu bionic main universe restricted multiverse
deb http://archive.ubuntu.com/ubuntu bionic-security main universe restricted m$
deb http://archive.ubuntu.com/ubuntu bionic-updates main universe restricted mu$
deb https://cloud.r-project.org/bin/linux/ubuntu bionic-cran35/

第二个命令 cat /etc/apt/sources.list | grep multiverse：

deb http://archive.ubuntu.com/ubuntu bionic main universe restricted multiverse
deb http://archive.ubuntu.com/ubuntu bionic-security main universe restricted multiverse
deb http://archive.ubuntu.com/ubuntu bionic-updates main universe restricted multiverse/

我按照本指南安装了 no-ip 动态 ddns： https ://www.noip.com/support/knowledgebase/installing-the-linux-dynamic-update-client/

我让服务运行

sudo /usr/local/bin/noip2

但是我希望服务在启动时启动，我尝试将以下脚本添加到 /etc/init.d/noip2.sh

#######################################################
#! /bin/sh
# . /etc/rc.d/init.d/functions  # uncomment/modify for your killproc
case "$1" in
    start)
    echo "Starting noip2."
    /usr/local/bin/noip2
    ;;
    stop)
    echo -n "Shutting down noip2."
    killproc -TERM /usr/local/bin/noip2
    ;;
    *)
    echo "Usage: $0 {start|stop}"
    exit 1
esac
exit 0
#######################################################

其次是：

sudo chmod +x /etc/init.d/noip2.sh
sudo update-rc.d noip2.sh defaults

现在我应该可以启动服务了

sudo service noip2 start

但我不是。当我运行时，journalctl -xe我得到以下信息：

-- Unit noip2.service has begun starting up.
Nov 03 12:36:11 media systemd[3111]: noip2.service: Failed to execute command: Exec format error
Nov 03 12:36:11 media systemd[3111]: noip2.service: Failed at step EXEC spawning /etc/init.d/noip2.sh: Exec format error
-- Subject: Process /etc/init.d/noip2.sh could not be executed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The process /etc/init.d/noip2.sh could not be executed and failed.
--
-- The error number returned by this process is 8.
Nov 03 12:36:11 media systemd[1]: noip2.service: Control process exited, code=exited status=203
Nov 03 12:36:11 media systemd[1]: noip2.service: Failed with result 'exit-code'.
Nov 03 12:36:11 media systemd[1]: Failed to start noip2.service.
-- Subject: Unit noip2.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support

用户 PerDuck 的更新信息：尝试您的解决方案时出现以下错误... :( 尝试添加

RestartSec=30

至少它现在一直在尝试，但仍然没有开始。我仍然可以使用 sudo /usr/local/bin/noip2 启动它

错误：

Nov 03 23:26:42 media systemd[1]: noip2.service: Service hold-off time over, scheduling restart.
Nov 03 23:26:42 media systemd[1]: noip2.service: Scheduled restart job, restart counter is at 5.
Nov 03 23:26:42 media systemd[1]: Stopped noip2 service.
Nov 03 23:26:42 media systemd[1]: noip2.service: Start request repeated too quickly.
Nov 03 23:26:42 media systemd[1]: noip2.service: Failed with result 'start-limit-hit'.
Nov 03 23:26:42 media systemd[1]: Failed to start noip2 service.

我在互联网上尝试了多个指南，试图解决我遇到的这个问题。我已经在我的 Ubuntu 服务器 18.04.1 上安装了 samba。我使用以下设置添加了共享文件夹：

#my shared folders
[ Backup ]
 comment = Backup
 path = /media/Backup
 browseable = yes
 read only = no
 valid users = MyUserName

但是，当我尝试从 Windows 连接时，没有提示输入我的登录信息。我只是收到一条错误消息：“您无法访问此共享文件夹，因为您组织的安全策略阻止未经身份验证的访客访问。这些策略有助于保护您的 PC 免受网络上不安全或恶意设备的侵害。”

我尝试将这些行添加到我的配置中：

#Globala settings
[global]
admin users = MyUserName
security = user

当我这样做时，我现在没有收到错误消息，而是收到我的 Windows 计算机无法连接到该地址的消息。

我目前运行 Ubuntu 服务器 18.04.1 LTS。我已经设置了拆分隧道 VPN，它似乎工作正常，但是我想检查 DNS 泄漏。有没有办法用命令行来做到这一点？无法在 Ubuntu 服务器中真正打开浏览器...

更新了 heynnema 的信息：

ls -al /etc/openvpn

total 52
drwxrwxrwx  4 root root  4096 Nov  2 21:32 .
drwxr-xr-x 99 root root  4096 Nov  3 12:40 ..
-rwxrwxrwx  1 root root  1403 Nov  2 20:35 ca.crt
drwxrwxrwx  2 root root  4096 Sep  5 14:43 client
-rwxrwxrwx  1 root root  1597 Nov  2 20:39 iptables.sh
-rwxrwxrwx  1 root root    18 Nov  2 20:36 login.txt
-rwxrwxrwx  1 root root   670 Nov  2 21:29 openvpn.conf
-rwxrwxrwx  1 root root   623 Nov  2 20:40 routing.sh
drwxrwxrwx  2 root root  4096 Sep  5 14:43 server
-rwxrwxrwx  1 root root   636 Nov  2 20:35 tls.key
-rwxrwxrwx  1 root root 11773 Nov 12  2017 update-systemd-resolved

#

grep -i hosts /etc/nsswitch.conf
hosts:          files resolve [!UNAVAIL=return] dns

# 我从在线指南中获得的“防止 DNS 泄漏”部分，但是如果我启用该命令，VPN 对我根本不起作用。

up/down/down-pre
#up and down scripts to be executed when VPN starts or stops
up /etc/openvpn/iptables.sh
down /etc/openvpn/update-systemd-resolved
down-pre

# prevent DNS leakage
#dhcp-option DOMAIN-ROUTE .

更多信息：

#! /bin/bash
# Niftiest Software – www.niftiestsoftware.com
# Modified version by HTPC Guides – www.htpcguides.com

export INTERFACE="tun0"
export VPNUSER="vpn"
export LOCALIP="192.168.1.10"
export NETIF="enp1s0"

# flushes all the iptables rules, if you have other rules to use then add them into the script
iptables -F -t nat
iptables -F -t mangle
iptables -F -t filter

# mark packets from $VPNUSER
iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT ! --dest $LOCALIP -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT --dest $LOCALIP -p udp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT --dest $LOCALIP -p tcp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT ! --src $LOCALIP -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT -j CONNMARK --save-mark

# allow responses
iptables -A INPUT -i $INTERFACE -m conntrack --ctstate ESTABLISHED -j ACCEPT

# block everything incoming on $INTERFACE to prevent accidental exposing of ports
iptables -A INPUT -i $INTERFACE -j REJECT

# let $VPNUSER access lo and $INTERFACE
iptables -A OUTPUT -o lo -m owner --uid-owner $VPNUSER -j ACCEPT
iptables -A OUTPUT -o $INTERFACE -m owner --uid-owner $VPNUSER -j ACCEPT

# all packets on $INTERFACE needs to be masqueraded
iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE

# reject connections from predator IP going over $NETIF
iptables -A OUTPUT ! --src $LOCALIP -o $NETIF -j REJECT

# Start routing script
/etc/openvpn/routing.sh

exit 0