Morroni Blog

We’ve stopped buying small consumer grade proprietary routers for our business clients. We recently had a client that needed a VPN but only had Dynamic DNS. We did this once with a Dlink router but found the setup to be laborious and slow. The web interface was painful to use and refreshes took too long. With Vyatta, we have one single configuration file. We were able to build a configuration file that could provide: DDNS, a DHCP Server, a Firewall, and a VPN. Everything is right there in one single file. The solution is simple, elegant and easy to maintain. Now we just backup the single config file and we can easily recover from any disasters. Here is the config file we have been using for clients.
interfaces {
ethernet eth0 {
address dhcp
duplex auto
hw-id 00:0c:29:21:da:48
speed auto
}
ethernet eth1 {
address 192.168.1.1/24
duplex auto
hw-id 00:0c:29:21:da:52
speed auto
}
ethernet eth2 {
duplex auto
hw-id 00:0c:29:21:da:5c
speed auto
}
loopback lo {
}
}
service {
dhcp-server {
disabled false
shared-network-name OCInternal {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.100 {
stop 192.168.1.200
}
}
}
}
dns {
dynamic {
interface eth0 {
service dyndns {
host-name XX.XXXXX.COM
login XXXX
password XXXX
}
}
}
}
nat {
rule 1 {
description "Main outbound"
outbound-interface eth0
source {
address 192.168.1.0/24
}
type masquerade
}
}
ssh {
allow-root false
port 22
protocol-version v2
}
}
system {
gateway-address 192.168.2.1
host-name vyatta
login {
user root {
authentication {
encrypted-password XXXXX
}
level admin
}
user vyatta {
authentication {
encrypted-password XXXXX
}
level admin
}
}
name-server XX.XX.XX.XX
ntp-server 69.59.150.135
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
}
time-zone GMT
}
vpn {
pptp {
remote-access {
authentication {
local-users {
username XXXXX {
password XXXXX
}
}
mode local
}
client-ip-pool {
start 192.168.1.30
stop 192.168.1.80
}
outside-address 0.0.0.0
}
}
}


I love to save money. Who doesn’t, right? I have often found that a little bit of research and persistence can save huge amounts of money in Information Technology. This brief article is about the low cost back office setup that I have created for my business. I started Morroni Technologies in 2000. At the time I was strictly a Microsoft Guy. I had owned Apple in the past and worked with Unix/Linux but at that time, everything I worked on was Windows. I went along like this for a couple of years. As the business grew, I found a need to get some office space. Along with office space, came the need for some sort of file server. I priced out Windows Server…woah! I was in no position to be dropping $700+ on anything at that time. I went on using my desktop for everything until a year or so later when I was ready to upgrade. I was trying to figure out what to do with my old machine when I decided to install Ubuntu Server on it and see if I could make it work as a fileserver. I threw a second drive in and setup Ubuntu with software raid on the hard drives. My original server went through several iterations until it became what it is today.

Ubuntu 8.10 Server

AMD Athlon 2800+

1GB RAM

Dual 200GB hard drives

So without spending more than the cost of one 200GB hard drive, I had myself a fully functional server that acted as a file server(samba and nfs), a source control server(svn), a staging web development server, a local maven repository, and a squeezebox server!

A few months later, a friend of mine’s company was getting rid of some old hardware. I scored a “broken” 1U UPS device and two 1U DL360 G2’s. At the time, I was looking to upgrade my office phone system so I took one of the 360’s and made it an Asterisk server. I used the Trixbox build. The installation and configuration were relatively painless. I signed up for Vitelity SIP phone service and voila, my phone bill went from $50/month to less than $15/month. In addition to a lower monthly cost, I had a huge number of added features from the Asterisk system. My phone system now does cool stuff like emailing voicemail attachments, providing an intro phone menu, providing a web interface for managing voicemails, forwarding to my cell, out of office messages, and click to dial phone numbers from my desktop which allows me to make phones calls with my physical phone by clicking numbers on my desktop.

My next task at hand was to upgrade the existing Verizon FIOS Router to a more robust routing solution. We wanted to have something that allowed a high degree of flexibility with Quality of Service and port forwarding. Amazingly, the Actiontec router that was provided by Verizon had a clunky interface and was having issues handling our 5 static IPs. After some reaearching, I settled on the Vyatta open source project for routing. I found a very old and FREE IBM NetVista. Several friends recommended them for the router because of how well they were built and the relaibility of the power supplies and motherboard. I bought 3 1GB NICs for the NetVista at $25 a piece and installed Vyatta. There was a slight learning curve with Vyatta but most of it was due to the fact that Verizon had several wires crossed back at our local hub. We were the first or second customer to setup FIOS in our borough and so we dealt with some of their initial issues. Once those issues were tackled, things settled down and the management of the Vyatta router really became very simple. The whole configuration is nothing more than one single text file. I really like the Vyatta project.

The most recent upgrade was the file server. The original file server was running Ubuntu with software drive RAID. The software RAID proved to be a poor decision. Upgrading from Ubuntu 8.10 to 9.04 corrupted the filesystem and instead of playing around and trying to fix this, I decided to redo the system. I did some asking around and one of my clients sold me a Dell Poweredge 1850(Dual 2.8Ghz Xeon 2GB RAM 73 GB SCSI RAID 1) for $150! A great price indeed. I installed Ubuntu 9.04 and the process was super smooth. Fortunately, the latest Ubuntu had full support for the Dell’s Perc 3i drive array. No more software RAID needed. I restored my entire file system and all system configurations in about a day.

Another client gave us a full 42U rack that they no longer had use for. It’s a monster but I like free and I needed a more suitable home for my growing back office. This completed my low cost open source back office. In summary, here’s what I now have:

FILE SERVER

Dell Power Edge 1850

Hardware: Dual 2.8GHZ Xeon processors, 2 GB RAM, Dual 73GB RAID drives

Operating System: Ubuntu 9.04

Software Essentials:

Samba - Provides Windows File/Print Sharing

NFS Server - File sharing for our Macs/Linux desktops

Apache Web Server/MySQL Database Server

Subversion Source Control

Nexus Repository Manager - Maven Repository Manager

Proftpd - Reliable/Secure FTP Server

ccTiddly - This is a PHP App based on the popular TiddlyWiki. We use it as our intranet where we have useful links but more importantly, notes on everything under the sun. This is the spot where we record our thoughts after solving a problem that took us awhile and will likely arise again.

COST: $150

ASTERISK SERVER

HP DL360 G2

Hardware: Nothing Special

Operating System: Linux Trixbox Community Edition

Features: Emailing voicemail attachments, providing an intro phone menu, providing a web interface for managing voicemails, forwarding to my cell, out of office messages, and click to dial phone numbers from my desktop which allows me to make phones calls with my physical phone by clicking numbers on my desktop.

COST: FREE + $75 for three 1GB NICs + $100 per SIP Phone(Aastra 9133i)

ROUTER

IBM NETVISTA

Hardware: Primordial

Operating System: Vyatta Community Edition

Features: Full flexibility and power of a commercial routing solution like Cisco with the open source bonus.

COST: FREE

NETGEAR 48Port 1GB SWITCH

COST: $200 (This is the only item I had to buy new)

UPS

I just opened up the UPS and plugged in the battery and it was no longer “broken”

COST: FREE

42 U RACK

COST: FREE

TOTAL HARDWARE/SOFTWARE COST: $425 + $100 PER SIP DESK PHONE

TOTAL TIME: SIGNIFICANT BUT REWARDING

I wrote this article so others could see the benefits of leveraging open source technologies for their offices. If you are building an office network fro

m scratch then I would strongly encourage you to consider using some of the components I have listed here. This low cost open source back office solution is awesome!