Context; Ubuntu 12.04 server, where root (“/”) has just 7 GB of space (don’t ask me why I was such a Scrooge when I set it up).
For the last two months, I haven’t been able to run updates on the server as it complained of not having enough drive space. On checking, I indeed had only about 20 MB left. I clean away another 500 MB, but alas, the problem persisted. At the time, I neither had the time to investigate or could afford the server going down (as it was integral to my development process), so I left it until tonight.
“df -h” again showed me that I had the 500 MB free, and so I searched online. I found a post that reminded me that there was also a possibility that I’d run out of INodes, and so I checked using “df -i”. True to form, this was the case. I closed down all my mounts and searched for where they were being used using;
find / -xdev -printf ‘%h\n’ | sort | uniq -c | sort -k 1 -n
And to my horror I then noticed 20 kernel versions just sitting there taking up 30% of the INodes. I tried to purge them, but my package manager was wanting to perform another task first that required INodes – Catch 22.
In the end, I moved the files over to the storage drives I had attached and linked them over (in case they were a dependency in some way or another). 30 minutes later of updating and purging, everything was fixed.
Following different tutorials, I was able to successfully implement a non-SSL FTP server without much difficulty. However, the SSL portion proved difficult. There were no debug or error messages that I could read, and searches for the Filezillas generic message of “Unexpected TLS message” did not help… until I found this blog and realized that the unexpected message was the error message from the server (that’s a bad place to put debugging messages!). Following the blog’s instructions, I then proceeded to sniff the network and was able to quickly find that a single line of my configuration file was invalid (during runtime and not on starting the program, adding further to the difficulty of debugging).
An additional problem between VSFTPD and Filezilla is that Filezilla does not accept low encryption method (at least in the newest versions). This is not mentioned in either debug files and instead kills the connection with “TLS error”. Setting the VSFTPD encryption method setting to HIGH fixed the problem.
To ease firewall complexities, and allow quite interesting network setups (combining resources from several physical locations seamlessly, for example), I’ve used OpenVPN as my VPN technology. PPTP is the easiest (smallest amount of configuration), however is no where near as feature rich and secure as OpenVPN.
Whilst OpenVPN offers both routed and bridged setup, I’ve been using the routing because;
- it has a simpler configuration, and
- allows a clear separation of networks (i.e. by default, one subnet cannot access the other)
Through the use of iptables, and the OpenVPN push configurations, it’s been quite simple to share the resources over the subnets.
The resources I used were;