So I think I got this thing configured to start putting the RSS/ATOM feeds through FeedBurner now. I’m not really sure since I’ve only got the one machine to test on right now. If you’ve got an RSS/ATOM feed and it’s not working, please let me know!
After my last post about using OpenWRT, and OpenVPN to transform a $50 wireless router (the Linksys WRT54G) in to a $150 wireless router and VPN end-point I’ve had requests for more technical details. Below you’ll find an accurate description of how I accomplished this task. I don’t promise these instructions are the best or the easiest. They’re certainly not the most eloquent, nor the most succinct. However, the steps below did work for me. With a little luck they’ll work for you as well.
One further note: this is not to be undertaken lightly. Solid UNIX experience is required to follow these procedures. As I said, this is probably not the easiest path to travel. I simply worked the way I know how: with SSH, scp, and vi. If you aren’t comfortable with those three words, or don’t know what they are, look for another tutorial. I’ve failed you and I’m sorry. I firmly believe you can accomplish this task through OpenWRT’s web interface; I just didn’t bother.
Step 1: Check your hardware
Examine your wireless router carefully. Make note of brand, make, model, and if applicable, hardware version. The OpenWRT wiki has an extensive hardware compatibility matrix. My router is a Linksys WRT54G v1.1, a very well supported model. Apparently using the reset button on the back will have disastrous effects; I’ll have to keep that in mind.
Step 2: Download OpenWRT and upgrade your router firmware
I chose the latest stable version of OpenWRT: 0.9 (white russian). You can find a list of downloads on the OpenWRT website. Linksys makes firmware updates available from time to time. Normally these are in response to security issues. As such, they provide a simple administration page for uploading new firmware images. Uploading the OpenWRT file via this administration page is all that’s required.
I should point out that this is the most critical part of the procedure. There is a non-zero possibility of you doing irreparable harm to your router. This is termed “bricking it” since your devices ends up as functional as a brick if things go horribly wrong. While it’s highly unlikely this will happen you should be aware of the risk.
Your router will reboot once and come back up with all the settings you had before. You shouldn’t notice any interruption in service. It even keeps the old administrative password. The administrative password is assigned to root as well. Use this password when you ssh to the router.
Step 3: Install extra packages
This isn’t strictly VPN related. Skip this section if you’re satisfied with your current wireless network.
I wanted to use WPA2 (vs. WEP) for wireless encryption. My MacBook Pro supports WPA2 natively and Jess has a copy of Windows XP SP2 that can do it as well. The only issue was the router: the old firmware didn’t support it. Obtaining WPA2 support was simply an issue of finding the right package, nas, and installing it. Installing it couldn’t be simpler: ipkg install nas. Alternatively you can install this package through the web front end by going to System → Installed Software → Available Packages.
If you don’t know what tcpdump is you can safely skip this paragraph. Being a network geek I find that having tcpdump available can make life easier while diagnosing problems. A tcpdump package for OpenWRT is available: install it the same way as other packages, ipkg install tcpdump or via the web interface.
Step 4: Install OpenVPN on the router
ipkg install openvpn, or through the web interface. There’s apparently a web interfaces for OpenVPN, but I’ve not worked with it. This step concludes software installation on your router.
Step 5: Install OpenVPN scripts somewhere else and generate certificates
Having a UNIX-like machine available is very handy at this point. My MacBook Pro would work well. We also have a FreeBSD machine we can use (it hosts this site!). There might be a way to this using Windows, I simply don’t know how.
Since I already had OpenSSL installed on my FreeBSD machine I downloaded the full OpenVPN package and extracted the shell scripts that make life easier, they’re in the easyrsa directory. I’ve repackaged just the shell scripts and made them available. Be sure to edit the vars file and change the last few lines.
There are a few steps to this:
Run vars: . ./vars
Clean up: ./clean-all
Create a Certificate Authority (CA): ./build-ca
Create a server key & certificate: ./build-key-server server
Use TCP port 443 since that should be available on every network — it’s the port used for secure websites!
Tell OpenVPN where the CA, server cert, server key, and Diffie Hellman files are.
Define the subnet that will be used on the inside of the VPN tunnel. Notice that I picked a subnet I don’t expect to be commonly used.
Push two routes to the client making it easy to get to our two hosts (the mac mini and the tank robot.)
Use the normal compression settings
Use a CRL file to house revoked certificates.
Run as an unprivileged user so that in the case of an attack, control of the wireless router isn’t immediately granted.
Next you’ll need to upload certain files: the CA certificate, the DH file, and the server cert/key. Once it’s configured, get it running by creating a start-up script. It should look about like this:
Start the server by running the script with a single “start” argument. It won’t be functional yet, but it should start running and stay up.
Step 7: Configure the firewall to allow VPN traffic
There are some simple rules to add to /etc/firewall.user to allow VPN traffic into the router:
### OpenVPN
## allow connections from outside
iptables -t nat -A prerouting_wan -p tcp --dport 443 -j ACCEPT
iptables -A input_wan -p tcp --dport 443 -j ACCEPT
## allow input/forwarding for the VPN interfaces
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT
Note that above the tcp 443 correspond to the OpenVPN server configuration. Should you choose UDP or some other port, modify the rules accordingly.
Once those have been added, run /etc/firewall.user to commit those changes.
Step 8: Configure your client machine
I configured a Windows XP client by downloading the OpenVPN GUI for Windows. You’ll need the ca.crt, client key, and client cert you generated above to get the client working. Once you’ve installed the software, browse the example configuration file and change what’s appropriate. Generally this consists of updating the names of the keys, the name of the sever (your routers public IP or hostname)
Step 9: Test! Have a coffee!
At this point testing is best done from outside your home network. Go to a Starbucks or some other internet café. It would probably make your life easier if you knew the public IP of your router before you left the house. It would also help to have incoming SSH connections allowed through the firewall. Do this by adding or uncommenting these lines in /etc/firewall.user:
### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
iptables -t nat -A prerouting_wan -p tcp -s 69.63.196.112 --dport 22 -j ACCEPT
iptables -A input_wan -p tcp -s 69.63.196.112 --dport 22 -j ACCEPT
At this point your VPN should work. If it doesn’t you can SSH to the router to experiment with and modify the configuration. You can also look at the output your client is giving you: most OpenVPN clients seem to be rather verbose. Finally, you can run tcpdump on the router if you installed it.
Step 10: Enjoy!
If all went well you should have a lovely new VPN and your wireless router has a new lease on life. If things didn’t go so well, please share. If you’ve found a better way to do something or have questions, please comment. I’m not offering complete tech support, but I can answer questions. If you’d like to complain about my writing, feel free to leave a note with /dev/null.
Recently I decided that running VNC on our Mac Mini was fun. VNC is a program that lets you control other computers as though you were sitting directly in front of them. Since the mini is connected to our TV that meant I could do things on it (like move files around) without having to change what’s on the TV.
That’s a pretty easy thing to do. I downloaded Vine Server onto the mini and opened it up. Next I downloaded Chicken of the VNC onto my laptop. Chicken of the VNC is a VNC client it lets me connect to Vine Server on the mini.
Once I got that working I decided that being able to do this kind of thing remotely would be really fun. The thing is, I didn’t want to open some ports in the firewall and give the whole world access to my mini. There was only one solution: a VPN! (Background on VPNs). Here’s the rub though — our wireless router (the ubiquitous WRT54G from Linksys) doesn’t have the software to be a VPN end-point.
If I wanted to get a VPN end-point box it would cost about $100. That’s $100 I didn’t want to spend. $100 buys a lot of sushi.
I remembered a friend of mine playing with OpenWRT before and having success. OpenWRT is a firmware replacement for WRT routers — just like mine! The firmware is what tells the device how to be what it is — like DNA for hardware.
So I downloaded OpenWRT and installed it. That put Linux on the router. Now that linux was on it I could install lots of Linuxy software. After a few more minutes I had OpenVPN installed and running. As you can guess from the name it’s a free (“Open”) VPN server. Following the directions only took a few minutes to get all the SSL certificates I would need set up.
When I got to work I quickly installed the OpenVPN for Windows software and got it configured. Now I can check on the tank if it’s a hot day and make sure it’s not getting too hot. I can also use Tight VNC (like Chicken of the VNC, but for Windows) to check on the mini from work.
Overall I this was a lot of fun and a great way to get some extra value out of hardware that’s already at least 4 years old. If you’d like more technical details, just say so in the comments!
I think this screenshot tells volumes about why I wanted to upgrade the firmware on our wireless router to OpenWRT. I wish I made it up, it’s lolspeak. This was the dying breath of the ancient firmware on our router.
So I wrote my first Windows GUI app this week. I wrote it in C# with .Net 1.1 (long story). It’s point is to perform the Knuth Shuffle on a deck of some size n. It’ll do the shuffle n! times with a random delay between shuffles. This random delay is required since the .Net 1.1 random number generator uses the current time as a seed, which is horrid. Without a pause it’ll generate the same shuffle many times.
The shuffle algorithm itself is relatively simple:
Start at one end of the deck
Pick a random card between the current position and the other end of the deck, at random
Swap the current card with the one selected above
Repeat until you get to the end of the deck
Since this algorithm goes through the deck only once it’s pretty fast and as good as your random number generator.
As you can see there’s a field for the size of the deck and two fields for the range of the delay you want between shuffles. There’s a counter for the number of times a deck is created more than once, and a counter for the total number of unique decks created. Below that is a nice progress bar and a countdown timer.
The settings in the picture took a little over 1 day to run. Increasing the deck size from 10 to 11 puts the ETA 13 days in the future. Upping the deck size one more time from 11 to 12 puts the ETA 5 months in the future!
Maybe it’s a healthy fear that if they don’t get to sleep they’ll turn in to the crazy cat lady from The Simpsons. I wish I could make this stuff up, found on Google News.
Friday I ordered a 15“ MacBook Pro. Having had my current iBook G4 nearly 3 years now, it’s time for an upgrade! I’m really excited because of all the improvements that I’ll be getting:
The screen is about 1” larger diagonally, but it runs at 1440 by 900 pixels. My iBook runs at 1024 by 768 pixels. That’s 65% more screen space. I’m ecstatic about that.
I opted for the 100 GB @ 7200 RPM drive. That’s 66% more space and it should be 33% faster at getting data off the disk. This may end up being a battery sucker, but I really don’t care. I don’t tend to use my laptop where there isn’t a wall outlet available.
I’ve ordered (not from Apple) two 1 GB RAM sticks to replace the 512 MB stick from the factory. The iBook can only handle 1.25 GB so that’s 60% more RAM.
A Core Duo processor. Supposedly at least 5x faster than my iBook G4.
Built-in iSight. That’ll be fun for talking to people far away from me.
Double the OS’s since with Parallels (or Boot Camp) I can run Windows, Linux, FreeBSD, etc. should I so desire.
All in all this lappy will be awesome. I’m in negotiations with Jessica for an Invisible Shield. She won’t let me get one unless they’ll custom make one for her Dell.
The only part of all this I’m not excited about is waiting. Apple expects it to show up around Oct. 17th a little more than a week from now. Oh well, I’ve been waiting for months anyway, another week won’t kill me!
It’s been almost exactly 1 year since I first looked up the battery info for my trusty iBook G4, banky. In that year, some things have changed and some haven’t.
1 year ago I was cycling the battery roughly 31 times/month — almost every day. Since I leave it running at work, that’s to be expected I suppose. I also never shut it down, so it has to sleep a lot.
1 year ago, my battery was able to hold 73% of it’s original charge. That’s a degradation (assuming linear degradation) of about 1.2%/month.
1 year ago I didn’t have any stickers on my laptop
As of today I’m cycling the battery roughly 31 times/month. Again, almost every day.
Today my battery is able to hold 11% (!!) of it’s original charge. That’s a degradation (again, assuming linear degradation) of about 2.5%/month. The loss in charge has accelerated, therefore it can’t really be linear.
cialis blues Cialis In India cialis comments
lilly cialis! 50mg Viagra Retail Price Q cialis restrictvalue web tadalafil soft tabs usa 576.
cialis patient assistance program Buy Real Cialis Online cialis generic pharmacy online
cialis en ligne de pharmacie How Do I Get Cialis australia viagra cialis supply;
cialis alternative
what is better levitra viagra cialis
tadalafil prescribing information Viagra Pfizer taking cialis and viagra together
5 mg cialis Best Canadian Pharmacy cialis segmentation,
are enseignes sp cialis esLevitra Uk hiv drugs and interactions with cialis
cialis best price Legal Pharmacy Online "cialis without a perscription"
buy cialis online say wordpress Buy Viagra Online Without Prescription lowest price cialis
very cheap cialis Soft Viagra cialis accessory
cialis general information Buy Viagra Soft Tabs cialis and erections
cialis dependence
net cialis
cialis blues Cialis Online From Canada cialis comments
cheapest cialis price Best Canada Meds Q cialis restrictvalue web tadalafil soft tabs usa 576.
cialis patient assistance program Viagra 50 Mg cialis generic pharmacy online
buy cialis domain Canadian Non Prescription Viagra australia viagra cialis supply;
cialis alternative
Q cialis restrictvalue web tadalafil soft tabs usa 576.
cialis and viagra Cheap 25mg Viagra cialis generic pharmacy online
cialis en ligne de pharmacie Propecia 1mg australia viagra cialis supply;
cialis alternative Buy Cialis Once Daily what is better levitra viagra cialis
So I wrote my first Windows GUI app this week. I wrote it in C# with .Net 1.1 (long story). It’s point is to perform the Knuth Shuffle on a deck of some size n. It’ll do the shuffle n! times with a random delay between shuffles. This random delay is required since the .Net 1.1 random number generator uses the current time as a seed, which is horrid. Without a pause it’ll generate the same shuffle many times.
1 year ago I was cycling the battery roughly 31 times/month — almost every day. Since I leave it running at work, that’s to be expected I suppose. I also never shut it down, so it has to sleep a lot.
As of today I’m cycling the battery roughly 31 times/month. Again, almost every day.
