Category: Computers

Automatic vpnc connection on DD-WRT

By , 2012-09-24 18:34

I sometimes have to work from home, which means using VPN. Cisco VPN works quite well, but it’s just not the same as being on the corp network.

Using a spare DD-WRT router (ASUS WL-520GU) running the VPN build of DD-WRT, I set up a persistent VPN connection. Now when I connect my work PC to this router, it behaves just like it’s on the corporate LAN.

How to do it

  1. First, get the recommended DD-WRT VPN build from dd-wrt.com and flash the router.
  2. Connect the VPN router’s WAN/Internet port to your home LAN.
  3. Make sure your router’s LAN IP doesn’t conflict with any subnets in the corp network or your existing home LAN. I used 192.168.133.0/24.
  4. Add your corporate domains and DNS servers to the dnsmasq config (Services tab)
  5. Next, customize the script at the end of this post and paste in the Administration>Commands section. Click Save Startup.
  6. Reboot the router. Wait about 5 minutes (it takes a while to start up) and verify you can ping/access servers on the corp LAN.
  7. Done!

This isn’t exactly the most stable solution, but it works and I haven’t had any disconnects so far. Also much cheaper and much less trouble than setting up a site-to-site VPN using a real Cisco router.

One sticking point is that from now on any changes to router config (DHCP, WiFi, etc.) will require a reboot. Otherwise your VPN tunnel will die and won’t come back for some reason.

Also, speeds are limited by the router’s processor. Mine is only a 266MHz ARM, so IPsec puts quite a load on it, meaning I can only sustain speeds of about 2Mbps – sadly still better than some of our WAN sites that are using T1 lines.

Script

mkdir /tmp/etc/vpnc
rm -f /tmp/etc/vpnc/vpnc.sh
#Create the VPNC startup script in /tmp
echo '
#!/bin/sh 
vpn_concentrator="your.vpn.gateway" ##enter ip or hostname of your Ipsec vpn concentrator
vpn_keepalive_host1="some.server.corp"        ##enter the ip or hostname of a computer that is only reachable if vpn connection is established.
vpn_keepalive_host2="other.server.corp"        ##enter the ip or hostname of a computer that is only reachable if vpn connection is established.
vpn_groupname="groupname"  ##enter the group name here
vpn_grouppasswd="grouppass"   ##enter the group password here
vpn_username="user"       ##enter your username here
vpn_password="pass"        ##enter your password here

#--do not edit this--
#Written by Alain R. 28.Sep.2007
#updated by Matthieu Y. 2012-09-24
vpnc-disconnect
rm -f /tmp/etc/vpnc/vpn.conf
#Create vpnc config file
echo "
IPSec gateway $vpn_concentrator
IPSec ID $vpn_groupname
IPSec secret $vpn_grouppasswd
Xauth username $vpn_username
Xauth password $vpn_password
" >> /tmp/etc/vpnc/vpn.conf
# allow dnsmasq to forward dns replies for LAN subnets
sed -i "s/stop-dns-rebind//g" /tmp/dnsmasq.conf
killall dnsmasq
dnsmasq --conf-file=/tmp/dnsmasq.conf 
#Check if we can ping the IPs specified above
pingtest1 () {
 ping -q -c1 $param1 >> /dev/null
 if [ "$?" == "0" ]; then
       echo 0 #reachable 

 else
	echo 1 #not reachable
 fi
}

pingtest2 () {
 ping -q -c2 $param2 >> /dev/null
 if [ "$?" == "0" ]; then
       echo 0 #reachable 

 else
	echo 1 #not reachable
 fi
}
doloop=true

while [ $doloop==true ]; do
			param1=$vpn_keepalive_host1;

			if [ "`pingtest1`" == "0" ]; then
				sleep 300
			else
				param2=$vpn_keepalive_host2;
				if [ "`pingtest2`" == "0" ]; then
					sleep 300
				else
					doloop=false
					vpnc-disconnect
					vpnc /tmp/etc/vpnc/vpn.conf --dpd-idle 0
					sleep 1
					if [ "`pingtest1`" != "0" ]; then
						sleep 10
					fi
					tundev="`ifconfig |grep tun |cut -b 1-4`"
					iptables -A FORWARD -o $tundev -j ACCEPT
					iptables -A FORWARD -i $tundev -j ACCEPT
					iptables -t nat -A POSTROUTING -o $tundev -j MASQUERADE
					sleep 9
				fi
			fi
done

return 0;
' >> /tmp/etc/vpnc/vpnc.sh
chmod 700 /tmp/etc/vpnc/vpnc.sh
/tmp/etc/vpnc/vpnc.sh&

References:

 

 

Windows shares on iSCSI volumes disappear after reboot

By , 2012-09-05 16:28

The loss of your Drobo’s shared resource settings (i.e., the volumes do not show) can be caused when the server service in Windows starts up before the iSCSI Initiator service does. The server service needs the iSCSI service to have already started file shares.

To fix this issue, open a command prompt, type: “sc config LanManServer depend= MSiSCSI” and press Enter.

via Drobo Support.

WRONG WRONG WRONG. If you run the above command, the LanManServer (Server) service will fail to start.

The correct command for adding the dependency on the iSCSI service (on a stock Win2K8 box) is

sc config lanmanserver depend= SamSS/Srv/MSiSCSI

Running the other command deletes the original dependencies of the Server service and replaces them with only  MSiSCSI.

Correct answer via User Error.

Using multiple Gmail accounts with mailto: links in Firefox

By , 2012-08-19 20:36

For a while now, Google has allowed you to sign in to multiple Google accounts and switch back and forth between them quite easily. Firefox also allows you to use Gmail as the default application for mailto: links.

This is all fine and dandy, until you click a mailto: link and decide you don’t want to send that e-mail using your primary Gmail account. In my case, this happens when replying to posts on craigslist. I always assumed there wasn’t a “clean” solution, resigning myself to copying and pasting the e-mail and subject lines, or even at times clicking the mailto: link on my Android phone, which allows me to select any account on my phone to send the e-mail from.

Finally decided to do some research and found a solution on the mozillazine forums.

To summarize:

  1. Go to about:config in Firefox
  2. Set gecko.handlerService.allowRegisterFromDifferentHost = true
  3. Open the Web Developer scratchpad. (Firefox> Web Developer> Scratchpad or Tools>Web Developer > Scratchpad)
  4. In the scratchpad, type the following line of JavaScript:
navigator.registerProtocolHandler("mailto",
  "https://mail.google.com/mail/b/[email protected]/?extsrc=mailto&url=%s",
  "Description of your Gmail Account");
  1. Repeat the line as many times as necessary, once for each of your Gmail accounts.
  2. Once you have created all the necessary lines, go to Execute > Run.
  3. The “information bar” will pop up in your main Firefox window, asking you if you want to add your Gmail account as a handler for mailto: links. Accept once for each account.
  4. That’s it. Now when you click a mailto: link, you’ll be prompted which Gmail account to use.

Simple PHP script to display user’s IP address

By , 2012-06-13 13:22
< ?php
// Stolen from: http://www.cyberciti.biz/faq/php-howto-read-ip-address-of-remote-computerbrowser/
// and http://roshanbh.com.np/2007/12/getting-real-ip-address-in-php.html
// with CSS from http://www.w3schools.com/css/css_examples.asp
 
function getRealIpAddr()
{
    if (!empty($_SERVER['HTTP_CLIENT_IP']))   //check ip from share internet
    {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))   //to check ip is pass from proxy
    {
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}
 
$adresseip = getRealIpAddr();
?>
<html><head>
<title>Adresse IP: < ?php echo $adresseip; ?></title>
<style type="text/css">
div { font-family:"Segoe UI","Lucida Grande","Calibri","Tahoma","Sans"; }
div.ip { font-size:250%; }
div.desc { font-size:200%; }
</style>
</head>
<body>
<div><img src="csdccs-blanc.png" alt="logo CSDCCS" /></div>
<p><div>Votre adresse IP: </div>
<div>< ?php echo $adresseip;?></div>
</p>   
</body>
</html>

The secret nightlife of status LEDs

By , 2012-06-03 01:59

Pretty rad.

Canon Rebel XSi, Canon EF 24mm f2.8 prime.

1/15, f2.8, ISO 800

5" f3.2 ISO 200

30" f6.3 ISO 200

30" f2.8 ISO 400

30" f2.8 ISO 1600

 

 

Character encoding

By , 2012-03-29 11:41

ISO-8859-1

UTF-8

I run my site on Linux, using UTF-8 encoding soooo I can do this:

ééééààààççççëëëüôùòîîîïëë

without getting a bunch of this:

��������

Important note that nano on Linux always works in UTF-8 as far as I can tell, so to get a js file or what have you to display proper characters you’ll need to use iconv to convert the final file to ISO-8859-1/Latin-1 or whatever encoding you happen to be using.

iconv -c -f UTF-8 -t ISO-8859-1 someCamelCaseScriptFilename.js  -o someOtherCamelCaseScriptFilename.js

Web server fingerprints

By , 2012-03-23 23:34

Running Apache 2 (Debian) on Windows 2008, and Microsoft IIS on Linux. Like a boss.

via http://uptime.netcraft.com/up/graph?site=www.csdccs.edu.on.ca

Enabling “swap” in an OpenVZ container

By , 2012-03-23 19:28

Oracle client for Linux for some reason requires 1GB of swap space, and will refuse to install, even if you have 9999999999TB of RAM, but 0 swap. Go figure.

Anyway, an OpenVZ container created with Proxmox will by default have 0 swap allocated, despite the Web UI allowing you to specify swap space.

In order to add swap to the container, from a shell prompt, run

On a somewhat related note, here’s how to install oracle client on Debian:

debian + php5 + oracle (oci8)

vzctl set 213 –swappages 262144 –save

 

Where 213 is your CTID, and 262144 is the amount of swappages you want. 1 page=4096 bytes , so 262144 = rougly 1024MB.

Also, Oracle installer detects 262144 swappages as 1023MB and change, so you will have to put something like 262200 instead.

 

Windows XP driver to force CF as fixed disk (XPfildrvr1224.zip)

By , 2012-03-16 10:39

Some CF cards identify themselves as removable disks as opposed to fixed disks.

This poses a problem when using a CF card as the primary install drive for Windows, which will not enable DMA or pagefile on “removable” disks.

The solution is to force the driver for a Hitachi MicroDrive on the CF card. (Not the IDE controller)

xpfildrvr1224_320.zip

(File source: http://wayback.archive.org/web/*/http://home.graffiti.net/jaclaz:graffiti.net/Projects/USBXP/xpfildrvr1224_320.zip)
(Ref: http://www.thinkwiki.org/wiki/CompactFlash_boot_drive)

Farewell, Desktop Metaphor

By , 2012-03-04 16:20

We’re living the end of an era. I’m sad to say that as tech journalists have been proclaiming for a little while now, it seems “the desktop is dead” or at least on its last legs. (I would have liked to provide some data to support that but unfortunately big G has killed off their search timeline feature as of a few months ago.)

The original Macintosh Desktop

Now, when I say desktop, I don’t mean the desktop PC. I mean the traditional personal computer desktop metaphor introduced on the original Macintosh in 1984 (- yes, I know Xerox was first). Since then, most personal computers have used some variation of a desktop as their primary UI. Windows, icons, folders, documents, trash/recycle bins have become familiar and nearly universal. The desktop metaphor also includes some important elements that were not really part of a traditional physical desktop, such as menu, status and task bars.

Why do I concur that the desktop is dying? Well, there are a few reasons.

Mobile device sales

Smartphones and tablet sales surpassed PC sales this past year. In Q4 of 2011, vendors shipped just over 100 million smartphones, while PC sales were numbered at 92.1 million. It’s not a huge relative difference, but the trend shows no sign of stopping for now since many consumers are still using feature phones but already own a PC. Tablets are also poised to take a bite out of PC sales, especially with ever-faster processors and slimmer packages. New releases of tablet OS in 2011 should also contribute, with Apple iOS 5 no longer requiring activation using iTunes on a traditional PC and Android 4 (“Ice Cream Sandwich”) replacing the rather underwhelming Android 3 “Honeycomb”.

Web apps

Web Apps running in Firefox

There’s no denying that the Web has come a long way from its beginnings on Tim Berners-Lee‘s NeXT cube at CERN. Web sites have evolved from being essentially online news or encyclopedia articles to being hubs for dynamic multimedia content and information sharing. Take a look at your taskbar/dock/other app switcher (if you’re viewing this from a desktop!). There’s a very good chance a Web browser is running. Even if there isn’t one running, chances are you have already used the Web more than once today. More and more of our daily computing activities are performed using a Web-based tool. Sharing. Word processing. Blogging. Watching videos. Listening to music. Instant messaging. Photo editing. E-mail. CLI shell access. Hell, why not any GTK application. True, there are some things that can only be done using a desktop application. Like OS virtualization. Oh, wait – never mind.  There are probably quite a few computer users who never open a desktop app at all. Even as a network admin, most of my work is done using Web-based administration tools.

Single-purpose, full-screen apps

The new Metro UI in Windows 8

With the new breed of smartphones and tablets that started with the iPhone, single-purpose, full-screen apps have become mainstream. Game consoles and PCs had full-screen apps before, but now, more than ever, “there’s an app for that”. With limited screen real estate, these apps are supposed to be fast, intuitive and immersive. Desktop PCs have hopped on the bandwagon too. During the netbook era, “mainstream” Linux distro Ubuntu launchedUbuntu Netbook Remix“, a special version of their OS optimized for small (typically 1024×640) netbook screens featuring large buttons, automatically maximized apps and minimal user distractions. Ubuntu’s new interface, Unity, is based on UNR. Following the immense popularity of their iOS mobile devices, and the successful launch of the iPad, Apple released Mac OS X Lion with support for full-screen apps and many other features and UI elements pulled from iOS. Over in Redmond, Microsoft is bringing their “Metro” interface from Windows Phone 7 and XBOX 360 to the Windows desktop.

The future

It could be argued that some of these new interfaces are an evolution of the desktop metaphor. I would agree, however, the traditional desktop seems to have its days numbered. The future seems to be a future of full-screen apps, custom web/HTML-driven interfaces and maybe widgets. Windows 8 still has what they call a traditional desktop, however the Start button has been unceremoniously killed off. The next version of Apple’s OS is not Mac OS X Mountain Lion, but simply OS X Mountain Lion, a clear sign that the Macintosh and its once-revolutionary desktop is now a part of the past.

For my part, I feel saddened and almost homeless with the prospect that my beloved desktop belongs to the confines of history. True, I could just continue using Gnome 2, or Mac OS X 10.6, or Windows 7, but that means missing out on the latest and greatest. I don’t like where this is going. Change is not always good. I must be getting old.

On a more optimistic note, I know that there are teams of brilliant designers, engineers and programmers also living through this change. And I know I’m not the only person to feel less than satisfied with current desktop environments. Nothing to do but wait to see what the future brings! (Or become a programming pro and write a new Linux DE from scratch/help out with MATE or Cinnamon.)

Custom theme by me. Based on Panorama by Themocracy