Monthly Archives: August 2009

openvpn server on a linksys-wrt54gl

First, install dd-wrt (the vpn edition) on the router.

Next, install openvpn on a “real” computer to get access to the openvpn tools. With the tools build the keys:

In Debian do it like this

cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/

#edit vars to reflect reality, then
. ./vars
./clean-all
./build-ca
./build-key-server server
./build-key client1
./build-key client2   # Etc, for other clients
./build-dh

Add the certs and keys in the web.interface like this:

Public Server Cert                   > ca.crt
Certificate Revoke List (CRL) > (blank)
Public Client Cert                    > server.crt
Private Client Key                    > server.key
DH PEM                                  > dh1024.pem
OpenVPN Config                     > (see below)
OpenVPN TLS Auth                > (blank)

This is for the server config file and will give the vpn-network addresses in the 192.168.66.0 scope (and expects that the LAN IP is in the 192.168.1.0 scope):

push “route 192.168.1.0 255.255.255.0”
server 192.168.66.0 255.255.255.0

dev tun0
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

Next, tweak iptables (Administration->Commands->Firewall):

# Replace 1194 with your OpenVPN port number:
iptables -I INPUT 1 -p tcp –dport 1194 -j ACCEPT
iptables -I INPUT 1 -p udp –dport 1194 -j ACCEPT

# Replace 192.168.66.0/24 with your OpenVPN server subnet, this must match the scope from vpnconfig:
iptables -I FORWARD 1 –source 192.168.66.0/24 -j ACCEPT

# These next two lines may or may not be necessary.
# I did not need them, but others did.
# Thus, include them so that this works for more people:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

That should be it for the server. Next up is the client-config-file.

remote <IP or host> 1194

client
remote-cert-tls server
dev tun0
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
float

ca ca.crt
cert client1.crt
key client1.key

The float option is necessary for a routed openvpn.

EDIT:

When pasting stuff in the webinterface on the router, make sure your browser doesn’t fuck up the EOL’s!

ROOTING THE HTC HERO, PART 2

I’m using the following tools:
android-sdk-linux-1.5r3
cm-hero-recovery.img
fastboot
su
superuser.apk
First step is to install the sdk, I’ve installed it in ~/bin/android-sdk
and I have added the tools folder to my PATH.
I’ve copied fastboot, recovery.img, su and superuser to the tools folder.
Shut the phone down and turn it on by pressing both the powerbutton and the back button.
The phone booted a fastboot bootscreen and I plugged in the usb-cable and ran:
fastboot device
(should return you phones productcode if everything is working)
And then
fastboot boot <path-to>/cm-hero-recovery.img
This boots the the phone with the recoveryimage, I used this oppetunity to make a backup by choosing nandroid backup.
It makes a snapshot of the filesystem on the sdCard and can be used like this to recover your phones original software:
fastboot flash boot <path-to>/boot.img
fastboot flash system <path-to>/system.img
fastboot flash userdata <path-to>/data.img
fastboot reboot
The above steps are “just” prep. Now to actally root the bastard 😉
The adb-tool sends commands and files to the phone, I did this:
adb shell mount /system
adb push su /system/bin/
adb shell chmod 4755 /system/bin/su
adb push Superuser.apk /system/app/
adb shell reboot
All the above keyboardgymnastics was to get paid apps in Market, this will help me do just that:
http://code.google.com/p/market-enabler/downloads/detail?name=MarketEnabler_3.0_beta.apk&can=2&q=

I’m using the following tools:

android-sdk-linux-1.5r3

cm-hero-recovery.img

fastboot

su

superuser.apk

First step is to install the sdk, I’ve installed it in ~/bin/android-sdk

and I have added the tools folder to my PATH.

I’ve copied fastboot, recovery.img, su and superuser to the tools folder.

Shut the phone down and turn it on by pressing both the powerbutton and the back button.

The phone booted a fastboot bootscreen and I plugged in the usb-cable and ran:

fastboot device

(should return you phones productcode if everything is working)

And then

fastboot boot <path-to>/cm-hero-recovery.img

This boots the the phone with the recoveryimage, I used this oppetunity to make a backup by choosing nandroid backup.

It makes a snapshot of the filesystem on the sdCard and can be used like this to recover your phones original software:

fastboot flash boot <path-to>/boot.img

fastboot flash system <path-to>/system.img

fastboot flash userdata <path-to>/data.img

fastboot reboot

The above steps are “just” prep. Now to actally root the bastard 😉

The adb-tool sends commands and files to the phone, I did this:

adb shell mount /system

adb push su /system/bin/

adb shell chmod 4755 /system/bin/su

adb push Superuser.apk /system/app/

adb shell reboot

….waiting for the phone to boot

Then I do:

adb devices

(to make sure the phone is talking with my computer)

adb shell

su

(Click Always allow on the phone)

All the above keyboardgymnastics was to get paid apps in Market, this will help me do just that:

MarketEnabler

And guess what, it works 🙂
Now to explore what other options a rooted phone gives me 😉

Rooting the HTC Hero, Part 1

I’m considering rooting my HTC Hero. My first step is to make sure that I can make a backup of my current image and how to make sure I doesn’t brick my phone. But my research so far indicates that the backup shouldn’t be a problem 🙂

More will follow

New phone

I ordered a new phone yesterday. HTC Hero and I almost can’t wait for it to show up… Its an android phone and synchronization with google-mail and calendar should be really easy. And there i an ssh-client for it (but it is a linux-phone, it would be a bit strange if there wasn’t).