Wednesday, February 15, 2012

WPKG client in Windows 7

Wpkg is a fantastic tool to manage software installs on groups of Windows machines without a Windows server with Active Directory. However, I had a few problems with it in Windows 7. These were solved by replacing the Wpkg Client with Wpkg-GP.

By default, the Wpkg service runs at startup and does it's installs in the background. But very often, it failed for some reason to get a connection to the network share at the right time when the service was starting, and aborted. The log showed

WNetAddConnection2-> The network location can not be reached.

I tried to add dependencies to the service, but didn't really find a reliable solution.

So in services.msc, I changed the service startup to "Automatic (delayed)". That solved the connection problem, but brought another. If I want to upgrade Thunderbird for example, the installer has a taskkill command to close Thunderbird before upgrading it. But with a delayed start, the user probably has already started Thunderbird, and it seems quite inappropriate to just kill it while it may actually be in use.

In Windows XP, it was possible to delay the login window, so that wpkg could have done it's thing before the user logged in, but for some reason, this doesn't work in Windows 7 anymore.

So the next step was to change the configuration in settings.xml to have wpkg run at shutdown instead. This also failed because, as far as I understand, Windows Vista/7 don't allow a process to prevent shutdown for more than 5 seconds.

Finally, the solution was to remove the standard Wpkg Client, and replace it with Wpkg-GP. That seems to work. I changed the wpkg configuration back to running at startup, and added a wpkg-gp package which also takes care of uninstalling the original wpkg client:

<package id="wpkg-gp" name="Wpkg-GP" revision="%version%">

    <variable name="version" value="0.15" />

    <check type="uninstall" condition="versiongreaterorequal" path="Wpkg-GP %version% .*" value="%version%"/>

    <install cmd="%SOFTWARE%\wpkg-gp\Wpkg-GP-0.15_x64.exe /S /INI %SOFTWARE%\wpkg-gp\Wpkg-GP.ini">
        <exit code="3010" reboot="delayed" />
    <install cmd='msiexec /x "%SOFTWARE%\wpkg\WPKG Client 1.3.14-x64.msi" /qn /norestart' />

    <upgrade cmd="%SOFTWARE%\wpkg-gp\Wpkg-GP-0.15_x64.exe /S /INI %SOFTWARE%\wpkg-gp\Wpkg-GP.ini">
        <exit code="3010" reboot="delayed" />

Labels: , , , , ,

Sunday, February 12, 2012

NAT over OpenVPN tunnel

Quick NAT to use an existing VPN tunnel in Linux for an additional machine (Windows XP) on your LAN.

My Ubuntu notebook uses OpenVPN to access some other networks. It is also a host to various virtual machines. I wanted a Windows XP virtual machine to access resources on the remote network through my VPN tunnel.

The virtual machine uses "bridged" networking, so it has a separate IP on the LAN. So I guess the following would also work on a physically separate machine.

On the Linux VPN tunnel host:

  • Declare variables for the network interfaces. $lan is your normal network adapter, $wan is the VPN tunnel virtual adapter. 
  • Reset iptables
  • Enable forwarding
  • Configure iptables to provide NAT masquerading
lan=wlan5; wan=tun0
iptables --flush
iptables --table nat --flush
##not needed?:# iptables --delete-chain
##not needed?:# iptables --table nat --delete-chain
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o $wan -j MASQUERADE
iptables -A FORWARD -i $lan -j ACCEPT

(This is a minimal setup, without any security! Don't use this on a host visible to the Internet!)

On the Windows XP machine:

  • Declare IP of your Linux VPN host, and name of your interface (can be seen with the ipconfig command)
  • Set the gateway and DNS to the Linux host
SET IFNAME=Local Area Connection 2
route change mask %HOST%
netsh interface ip set dns name="%IFNAME%" static %HOST%


Labels: , , , , ,