Authormpkossen

Getting started with LowEndSpirit

A couple of years ago we saw an interesting new concept pop up: LowEndSpirit! An IPv6-only VPS (with 20 IPv4 NAT ports) for just €3/year! That’s cheap beyond anything anybody had ever seen at that time and it did actually change the market (for the good and for the bad).

The idea for LowEndSpirit came from Anthony from Inception Hosting. He wanted to revive the original LowEnd spirit which was the reason for LowEndBox (and later LowEndTalk) to start. While these sites still exist, there is hardly anything left of the original spirit: doing as much as you can with very little. At that time the price limit was set at $7 and the VPS you could get for that had about 64MB RAM, some disk space, and some bandwidth. Not much, but enough to run WordPress on if you tried hard enough.

With these small LowEndSpirit boxes (priced very competitively) the intention was to bring back that spirit. LowEndSpirit grew from one location with one provider to 17 locations world-wide with 5 different providers. LowEndSpirit has become more than a label or a product: it’s a movement.

So what can and can’t I do with a LowEndSpirit VPS? Well, a LowEndSpirit VPS is perfect for a number of things. First and foremost they are great VPN boxes. There’s even an automatic installation and configuration script for it. Other than that there’s a great number of other things you can do with them: run a small web server, create a cluster of servers for different tasks, run TeamSpeak or Mumble, or even build a round-robin or HA cluster. Basically anything that fits the RAM and disk space but doesn’t hammer the CPU.

Things that you are not allowed to do with these is use them for torrents, CPU-intensive applications, tor, a proxy for downloading torrents, sending bulk email, and things like port scanning, (D)DoS, etc.

With that out of the way, let’s get on to this tutorial. This tutorial is here to help you get started with your LowEndSpirit VPS. I hope you have fun!

Before you start (and order)

LowEndSpirit VPS do not come with direct support other than in situations of host node issues and/or billing issues. These VPS require you to be able to diagnose and/or resolve problems yourself, with or without the help of the community and/or Google. There are no backups in place and sometimes not even RAID, meaning that if a host node (or drive) crashes you will have your container re-created and will have to restore data yourself.

If the above puts you off, reconsider buying a LowEndSpirit VPS. These are great machines at great prices, but you have to realize that you get what you pay for and they are not suitable for all uses.

IPv4 & IPv6 connectivity

A LowEndSpirit VPS does not come with a dedicated external IPv4 address. This means you will have to share one with other people, which is similar to what you have to do with some domestic ISPs. This means you can still access your VPS over IPv4, like a VPS with a dedicated external IPv4 address, though it doesn’t work out of the box.

A LowEndSpirit VPS does come with a dedicated IPv6 subnet (which is, ironically, more than most other providers will give you) meaning you don’t have to worry about IPv6 connectivity. In certain locations you even get a /64 subnet, which is the size of the minimum required assignment according to IPv6’s design.

You also get 20 NAT (Network Address Translation) ports, which means that for 20 port numbers the shared external IPv4 address is translated to your internal IPv4 address. The 20 port numbers you have are based on your dedicated internal IPv4 address, according to this schema: the last octet of your internal IPv4 address with 01 to 20 added to the end of it. Here are some examples:

  • 192.168.0.3 has the following port range forwarded: 301 – 320
  • 192.168.0.13 has the following port range forwarded: 1301 – 1320
  • 10.10.10.33 has the following port range forwarded: 3301 – 3320
  • 192.168.0.133 has the following port range forwarded: 13301 – 13320
  • 10.10.10.7 has the following port range forwarded: 701 – 720
  • 192.168.0.17 has the following port range forwarded: 1701 – 1720
  • 10.10.10.221 has the following port range forwarded: 22101 – 22120

There’s one additional “special” port that you can use, which is number 21. This is set up (by default) to be the SSH port so you can log in via IPv4 right away. The schema is the same as the above. So if you internal IPv4 address is 10.10.10.33, your SSH port will be 3321.

You can use these ports freely, meaning you can configure any application to use them and then access that application over IPv4 using the shared external IPv4 address. Be careful with changing ports though, because if you change a port number it may be changed for IPv4 and IPv6, where your intention may only be to have an additional port number available for IPv4 access!

Great Firewall of China

A common occurrence is that people from China cannot connect to a Japan-based LowEndSpirit VPS because of the Great Firewall of China blocking your requests. This may apply to other locations as well. So if you live in China, be sure to check whether you are able to access a certain location before you order (or be aware of the fact that you may need another server to be able to connect to your LES VPS).

If you have issues connecting to your VPS it’s a good option to ask on the forums or in the LowEndSpirit IRC channel on FreeNode. There are always people around that are willing to help out and diagnose the issue.

Logging in for the first time

In the welcome email for your LowEndSpirit VPS there are several important things to remember, but only after having read the welcome email in full. Failing to do so may cost you money or may result in you ending up in an undesired situation due to different expectations.

So, after having read the welcome email in full, here’s some of the important information in there:

  • The login information to the control panel (usually SolusVM)
  • The list of external IPv4 addresses mapped to internal IPv4 ranges
  • IPv4 login information (in case you want to get started right away)

Logging in straight away

If you selected the right Operating System (OS) during ordering and remember the root password you entered there, you can log in straight away using IPv4. In this example I will use the external IPv4 address 192.0.2.1 and assume my forwarded port range is 3301 to 3320 (meaning I can connect via SSH using port 3321):

ssh root@192.0.2.1 -p 3321

This will ask you to accept the server’s SSH fingerprint (type ‘yes’) there and then ask you for your root password. Fill that one out and you should be logged in! Welcome to your LowEndSpirit VPS!

You can now skip to ‘Configuring IPv6’.

Setting up an OS using SolusVM

If you haven’t selected the right OS during ordering or want to change it, you’ll have to log in to SolusVM to reinstall your OS. The login information should be in your welcome email. Open the URL mentioned in there and log in with the username and password provided. You should now get an overview of your servers:

Click on the server you just ordered, which will get you an overview of the server’s details including all available options:

To reinstall the OS, click the ‘Reinstall OS’ button which should give you a list of available OS:

Select one and click ‘Reinstall’. Now’s the time to grab some coffee, as it may take up to 10 minutes for the OS to be reinstalled. Once done, you can log in to your VPS as described above in ‘Logging in straight away’ and then move on to the next section.

Getting to know your IPv6 address

By default you get a randomly selected IPv6 address, so there’s really not any setting up to do here other than grabbing the address from SolusVM. You may also customize it, but that’s no requirement.

To find out your pre-configured IPv6 via SolusVM (you may also do it from the CLI, but that commands for that may vary between Linux distributions) you can click on the ‘Networking’ tab on the VPS detail page in SolusVM, which will show you the following:

Click on the blue ‘Manage’ button behind the IPv6 subnet to go to the detail page for that subnet:

This is where your pre-configured IPv6 address is listed. You can use that to log in to your VPS as well, if you have IPv6. There’s no need to customize the port for that one. So, say your IPv6 address is …, you can use the following command to SSH into your VPS (using 2001:db8::ed4c as an example address):

ssh root@2001:db8::ed4c

Things to do first

Once you have logged in to your LowEndSpirit VPS for the first time, there’s two things you should (or need) to do first:

  1. Change your root password (or set up sudo)
  2. Update your server

How to update your server depends on which Linux distribution you used. I’m going to give an example for Debian-based distributions and CentOS-based distributions.

Debian-based distributions

To update your Debian-based distribution (including Debian, Ubuntu), run the following commands:

apt-get update
apt-get dist-upgrade

The first command updates the package index. The second command actually performs the update. You will be asked to confirm after running the second command. Press enter to confirm the update.

After this update it is recommended to reboot your VPS by running:

reboot

That’s it, you server should now be up-to-date!

CentOS-based distributions

To update your CentOS-based distribution (including CentOS, Fedora), run the following command:

yum update

You will be asked to confirm the update. Press ‘Y’ and then press enter to confirm the update.

After this update it is recommended to reboot your VPS by running:

reboot

That’s it, you server should now be up-to-date!

In the above examples I’m assuming a certain level of knowledge. If you are completely new to this it is best to look up how updating your distribution works in your distribution’s documentation.

Setting up a domain name

This part only works on LowEndSpirit VPS from Inception Hosting. For other LowEndSpirit VPS providers, please see this thread.

Because your VPS does not have a dedicated external IPv4 address, your server is not (automatically) getting requests on all ports over IPv4. It only receives requests on those ports you have been assigned. This means that if you want to set up a web server and point a domain name to it, it will not (automatically) end up on your server given that port 80 (for HTTP) is not forwarded to your internal IPv4 address.

Luckily, there’s a solution for this. LowEndSpirit providers deploy HAproxy to forward requests based on a domain name to the right port on the right VPS. You can configure domain names you would like to have tied to your VPS in SolusVM.

On the VPS detail page there’s a tab labeled ‘Proxy Domains’. This is there you can add domain named you would like to have “linked” to your VPS. Once a domain name is set up here, you can use it on your web server on LowEndSpirit VPS like on any other server.

Here’s a screenshot of how this works:

You can add and remove domains here easily. It could take a couple of minutes for a domain to become functional.

Support for SSL is yet to be set up, so for now (if you want to use SSL) it cannot be done using port 443.

A note on the chosen OS

When you pick an OS for your LowEndSpirit VPS you are likely going to end up with either a Debian-based or CentOS-based Linux distribution. Some only offer the choice of three: CentOS, Debian, and Ubuntu (Debian-based). Others may also offer OpenSUSE or other distributions.

A good thing to know about Debian and CentOS-based distributions is that they come with their own package manager. As can be seen above, the update commands for both were different.

Debian uses the APT package manager which uses .deb files. CentOS uses the YUM package manager which uses .rpm files. You’ll likely not notice the difference of these file types when using the package managers, but they may behave quite differently. So be aware that when you run a CentOS-based distribution you will have to use yum and if you run an Debian-based distribution you will have to use apt (or apt-get).

It is good to know that between Debian 7 and Debian 8 and between CentOS 6 and CentOS 7, a major change was made on how the OS works. Whereas Debian 7 and CentOS 6 uses the init system to start the OS and manage processes, in Debian 8 and CentOS 7 both distributions use systemd. While this shouldn’t change much performance-wise (if any, it could be a little bit quicker), the commands used to restart processes is different.

Whereas before (on Debian 7 and CentOS 6) you would run the following command to restart NGINX (for example):

/etc/init.d/nginx restart

or

service nginx restart

On Debian 8 and CentOS 7 you would run the following command:

systemctl restart nginx

Please take the above into account when using your LowEndSpirit VPS and especially when looking for help (be it on Google or the LowEndSpirit forums).

Need help?

If you run into any issues with your LowEndSpirit VPS do not file a ticket! Tickets are only a last resort since LowEndSpirit is an extremely-low-support product.

First thing you could do is perform a search on the LowEndSpirit forums regarding your issue. The solution is not always in the first result, so take your time for this. If that doesn’t get you a solution, try Google. Again, it’s not always right there. It doesn’t hurt to peek around a bit.

If searching doesn’t get you a solution, considering posting on the LowEndSpirit forums. Be as descriptive as you can so people don’t have to ask questions as a first response but may come up with possible solutions. Always be kind on these forums as people volunteer their time.

If that fails, consider asking around on the LowEndSpirit IRC channel on FreeNode or other internet fora. Sites like vpsBoard, LowEndTalk, and WebHostingTalk have a lot of users that may be able to help you out.

If you are absolutely 100% certain there is a host node issue that cannot be resolved by yourself you could file a ticket with the LowEndSpirit provider you are a customer with.

The above may sound a bit harsh to those new to LowEndSpirit, but this service may sometimes be ran at a loss or break-even. This means that any time spend on support is very costly and you should only ask that from your provider if there’s no other way to resolve it.

Merry Christmas

I just noticed that ever since I’ve started looking for a new job in October 2014 I haven’t posted something on my own blog anymore. While I could go into all the reasons for this, I’d rather share with you what my plans are with regards to my own little website (especially put in the context of me having left my position as LowEndBox/LowEndTalk community leader).

So, here’s an overview of some of my plans:

  • Blog more often. Yes, really.
  • Build a “database” of quality yet easy to understand tutorials.
  • Blog about cars. I love cars!

Nothing is set in stone, but I’m pretty sure I can live up to this little plan and hopefully be of value to some of my visitors!

Merry Christmas!

Some unexpected downtime

Over the past few weeks, my website has been badly reachable. Apparently, I have pissed someone off by banning him from a forum I manage: LowEndTalk (http://lowendtalk.com). As a result, he has been pounding my IPv4 address with attacks resulting in the IPv4 being permanently null-routed. I’ve now moved my website to a VPS with OVH where it benefits from their standard DDoS protection. I hope this will prevent any further attacks from causing downtime.

A new actual blog post will be up soon.

Base16: proper theming of vim, Gnome Terminal, Sublime Text, Cygwin and more

As a DevOps Engineer, I use several applications on a daily basis, on different operating systems. The ones I use most are vim, Gnome Terminal, Sublime Text, and Cygwin. For a long time, I’ve been having different themes on these applications and frankly, it was driving me crazy. Not only did my eyes need to get used to a different theme all the time; even while using the same theme on some of these applications there were still minor differences in appearance, as none of the themes were identical for all these applications. Being lazy and not willing to fix this myself by designing all the themes by hand, I went to look for some proper ones that could be used in all these applications.

I’ve had a bit of a hit-and-miss relationship with Solarized over the past few years, so I wasn’t necessarily looking for that. Gnome Terminal (or Cygwin for that matter) has always been a bit problematic with Solarized, as the colors weren’t always perfect (especially in htop). With Gnome Terminal being the more problematic application theme availability-wise, I decided to use that applications as a basis for my search. After doing some duckduckgoing (I say: word of the year 2014) for nice themes, I found the base16 project.

Enter the party zone

I was like a kid in a candy store! This project does not only contain quote some themes that have been specified properly; it also has them for a wide range of applications. On top of that, there is a project called base16-builder. This project contains all the color schemes of all the themes included in the bas16 project and lets you generate theme files for a long list of applications. So even if the templates aren’t in the base16 project, you can either generate them with base16-builder or add the theme templates yourself and then generate them!

Right now, I am still impressed with the amount of different color schemes the project includes and how properly they have been specified. It even includes a version of Solarized that doesn’t hurt my eyes in htop. But frankly, due to what’s available in the project, I haven’t been using Solarized anymore. I’m currently hung up on Base16 Default Dark, which I now use as my default theme for all the applications I mentioned before.

Give it a shot and give back

Everybody should try out these themes, as the project has something for everone. If you find a theme template that isn’t complete or not present yet, please add it to base16-builder and add a pull request in GitHub.  The more people contribute, the better this project will be.

Switching hosts – May 2014

Part of the reason for me to start blogging again was to try out a variety of hosts (as in: VPS providers) and share my experiences with them. The first month or so this blog was hosted on a VPS with GreenValueHost (GVH), a really cheap one I may add. After GVH had been bashed and ridiculed at LowEndTalk.com, I thought: let’s try out these guys. The VPS cost only $8/year, so the risk was really limited.

Although the machine felt snappy at first, after a week or so I experienced the occasional lag (as in: really slow disk performance). IPv6 connectivity never worked properly, despite me sending in a ticket and providing plenty of information on what the actual problem was. I me experience, the support I received wasn’t the best. When you send the output of an MTR run with 250 cycles and over 90% of the packages gets dropped at the gateway, I think a provider should be able to figure out where the problem is. Then again, I was paying $8/year for this machine, so I didn’t expect any support as all. The fact that they did respond is good, though that didn’t solve my problem. But the thing that made me move elsewhere was the fact that when GVH’s site was under a DDoS attack, the staff simply went to bed and only came back to look at it the following morning. I don’t expect people to give my any support for a $8/year VPS, but I do expect a company’s “CEO” to at least care a bit.

So, after that month or so, I moved this site to my Xen-PV VPS in Pune, India. I got this machine from Prometeus [affiliate link] when I purchased a load of iwStack credits in December. The performance of the machine is just fine; in fact, it performs really, really great. It being in India does provide a challenge when working on the machine, though. It’s not really close to where I live, so working on the CLI has some minor lag. That’s not a real issue though, as I only need to SSH into the machine occasionally!

For now, India it is. It gives me some time to think about where to move my blog next! Any suggestions are welcome, of course!

The major problem with SolusVM’s IPv6 implementation

SolusVM, the well-known VPS control panel, has supported IPv6 for a couple of years now. There has been one major problem, though: it’s terrible implementation and the consequences of that.

The implementation

SolusVM assigns IPv6 addresses to users by randomly handing out individual IPv6 addresses out of a larger range. Not an actual block; SolusVM requires you to give a set range of addresses from which to generate random ones. This allows the SolusVM Administrator or Reseller to assign up to 200 individual random addresses to an actual VPS.

IPv6 wasn’t designed for individual addresses, though. It was designed to give end users a block of addresses, the smallest one being a /64. The reason behind this being that the last 64 bits of the 128-bit IPv6 address are used as the interface identifier. It defines a unique interface inside a network, a subnet. This ensures that wherever an interface is, the last 64 bits should never have to change, only the first 64 bits, meaning an address inside a network is theoretically always available. This makes NAT completely unnecessary. More importantly, though, the last 64 bits are used for several IPv6 features: Neighbor Discovery (ND), Stateless Address Autoconfiguration (SLAAC), privacy extensions, and others. Not having a /64 assigned prevents people from using those features.

The problem

With SolusVM not assigning /64 blocks to end users they not only not get all the features of IPv6. They get a free problem with it: incompatibility with those that do use those features.

The best example of this is Google Mail. When you have VPS backed by SolusVM (no matter the virtualization technology) and with statically assigned random IPv6 addresses, you cannot send e-mail to Google Mail addresses using IPv6! Why not? Because the addresses you have come from a /64 (or worse, even smaller) and all your friendly neighbors who have a VPS with IPv6 addresses from that same block, will probably also try sending mail. Google Mail just looks at the /64 when receiving mail via IPv6 and notices that there is a lot of activity coming from that block. No wonder, because there could literally be hundreds of servers with an address from that block of IPv6 addresses. So, Google Mail considers it SPAM and starts blocking every address from that entire range. The result: you either have to disable IPv6 on mail sent to Google or you cannot send mail to Google using IPv6 (your mail server determines which address to use, IPv4 or IPv6).

And that’s just one example…

The solution

SolusVM should start implementing IPv6 the way it should have been years ago: giving users the option to assign a /64 to their VPS and then enable addresses from that /64 to the VPS (so they are actually available in the VPS). This way you don’t have to assign millions of unused addresses to the server and you give the users an address block that is in accordance with IPv6’s design and implementation. It will not only solve the Google Mail problem, but also other (and potentially future) problems.

Hello world!

Welcome to my blog! It’s been a while. I’ve decided to write blog posts regularly again, either long or short, on a variety of topics. This website will also contain some more information about who I am and what I do.

For now, this will have to as the first post.

Hello world!

© 2018 mpkossen.com

Theme by Anders NorénUp ↑