Tag Archives: Opensource

openvpn server on a linksys-wrt54gl

Leave a reply

First, install dd-wrt (the vpn edition) on the router.

Next, install openvpn on a “real” computer to get access to the openvpn tools. With the tools build the keys:

In Debian do it like this

cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/

#edit vars to reflect reality, then
. ./vars
./clean-all
./build-ca
./build-key-server server
./build-key client1
./build-key client2   # Etc, for other clients
./build-dh

Add the certs and keys in the web.interface like this:

Public Server Cert                   > ca.crt
Certificate Revoke List (CRL) > (blank)
Public Client Cert                    > server.crt
Private Client Key                    > server.key
DH PEM                                  > dh1024.pem
OpenVPN Config                     > (see below)
OpenVPN TLS Auth                > (blank)

This is for the server config file and will give the vpn-network addresses in the 192.168.66.0 scope (and expects that the LAN IP is in the 192.168.1.0 scope):

push “route 192.168.1.0 255.255.255.0”
server 192.168.66.0 255.255.255.0

dev tun0
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

Next, tweak iptables (Administration->Commands->Firewall):

# Replace 1194 with your OpenVPN port number:
iptables -I INPUT 1 -p tcp –dport 1194 -j ACCEPT
iptables -I INPUT 1 -p udp –dport 1194 -j ACCEPT

# Replace 192.168.66.0/24 with your OpenVPN server subnet, this must match the scope from vpnconfig:
iptables -I FORWARD 1 –source 192.168.66.0/24 -j ACCEPT

# These next two lines may or may not be necessary.
# I did not need them, but others did.
# Thus, include them so that this works for more people:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

That should be it for the server. Next up is the client-config-file.

remote <IP or host> 1194

client
remote-cert-tls server
dev tun0
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
float

ca ca.crt
cert client1.crt
key client1.key

The float option is necessary for a routed openvpn.

EDIT:

When pasting stuff in the webinterface on the router, make sure your browser doesn’t fuck up the EOL’s!

Chromium (google chrome) for linux

Leave a reply

It has been a while since I had a look at googles browser, Chrome. There is no linux port yet, not of chrome anyway, but the opensource project chromium (the codebase for chrome) has a buildbot that spits a couple of builds out every day. It is still in a very early (alpha) stage. But the browsing part works… And it is fast! Bookmarks, options, settings is not working yet but take it for a spin and decide for yourself 🙂

The screenshot is Chromium build 16178 on KDE 4.2.2, Debian unstable.

chromium.jpeg

KDE 4.1 first impressions

Leave a reply

well… I’ve installed KDE 4.1 from experimental and besides from wierd crashes when i log in (with plasmoids upside down and garbled screens) it behaves, more or less 😉 As I said, it have been installed from experimental and the buildnumber is 4.1.0-1, some bugs are to be expected! I’m really exited to see the development of the KDE 4.1 packages in Debian!

The Desktopeffects are really cool, not as extravagant as Compiz but that’s ok in my book. The only really bothersome bug for me right now is the ALT+TAB “walkthroughwindows” funktion doesn’t walk through the windows from all the desktops and I can’t find a way to make it :-s

stuff

Leave a reply

Have been a bit busy, to busy to keep this place updated even…

I’ve been trying to get a calendar solution up and running. I started out with phpIcalendar and experimented a bit with webdav for apache. I wanted a solution that gave me the the possibility to have my calendar-software (in this case KOrganizer) running on different machines but using the same iCal-file. After I got webdav running I realized that it would be much simpler just to use the already running ssh-server. I used the KDE fish: protocol to connect KOrganizer to my ssh-server and it works like a charm!

Opensource Facebook

Leave a reply

Rumor has it, that the social network, Facebook is about to release their platform as opensource. There are already other sites using the Facebook platform (Bebo among others). They have had licensing-agreements with Facebook. If the rumor is true the languages FMBL, FQL, the library FJS and the Facebook API will be released under an opensource license.

Read more here.