Browsed by
Category: How To

Running OpenVPN on your Motorola Droid 2.2

Running OpenVPN on your Motorola Droid 2.2

I have finally gotten OpenVPN working on my Motorola Droid. Here are a few short notes for anyone who is on a similar mission.

  • This method requires root access for which I used CyanogenMod 6.0. If your phone is not already rooted you will need to do this first (CyanogenMod or another ROM).
  • Since the TUN module was removed I had to switch to a different kernel. I choose the P3Droid 1250 2.2 low voltage (125Mhz) kernel using setCPU to manage my clock speeds. This kernel is important because it adds TUN support. I had no end of trouble trying to load the module myself with tun.ko and insmod which never ended up working any way.
  • Create some directories and symbolic links. To do this I ran adb remount; adb shell mkdir /system/xbin/bb; adb shell ln -s /system/xbin/ifconfig /system/xbin/bb/ifconfig; adb shell ln -s /system/xbin/route /system/xbin/bb/route from my host PC with the USB cable plugged into my Droid using the Android SDK. Note that I run Linux but if you are running Windows just run each command in between the semi-colons, one by one.
  • I ran OpenVPN Installer available in the Android Market. When asked make sure you answer /system/bin/, /system/xbin/bb.
  • Now you are ready to load up your OpenVPN-related stuff. Write a new configuration (named whatever.conf) and generate some new certificates for your new client. Stick them on your SD card in the openvpn directory.
  • Install OpenVPN Settings from the Android Market. Once opened it should now show the configuration file you stuck on your SD card. Just tap it and watch it connect.

You may want to tweak your configuration a bit to ping more often or the like to deal with the fact this is a cellular connection and it will be going up and down on a regular basis. Both TAP and TUN adapters worked great in my tests.

If any of this seems confusing or you do not understand what a line does you should not be doing any of this. A lot of these commands– if done in the wrong context, at the wrong time, in the wrong order, or if your chi is off– will brick your phone and your warranty will be voided. Hell, your warranty will be voided if everything goes right. Beware!

Force an fsck Check

Force an fsck Check

In order to force an fsck check on reboot simply stick a file in the root of the filesystem you wish checked named forcefsck and reboot. You can use the line touch /forcefsck to create it. If you have the filesystem mounted under another path edit the line accordingly. fsck will automatically remove this file when it is done with it.

If you wish to check a filesystem you can not mount for whatever reason boot into a live-CD (such as Ubuntu) and run fsck /dev/sdXY where X and Y are your device and partition. Assuming the issue is not with your partition table you can use fdisk -l /dev/sdX to help figure out which partition is which.

These commands may require root privileges depending on your distribution.

Apache 2.2 with SSL on Windows

Apache 2.2 with SSL on Windows

There are a few services I run that I need to access over the web that I do not want anyone watching (phpMyAdmin, for example). The simple solution is to encrypt this traffic with SSL certificates. Here is how I did it on Windows with Apache 2.2:

  • Install the latest Apache 2.2 with OpenSSL: http://httpd.apache.org/download.cgi.
  • Open the Command Prompt and browse to [apache 2.2 path]/bin.
  • Enter openssl req -config ../conf/openssl.cnf -new -out foo.csr -keyout foo.pem. Fill out this information the best you can but you can leave most of it blank. The most notable exceptions are the PEM Pass Phrase fields and the Common Name field (which should be the domain name you will use this certificate on). It is best that you leave the Challenge Password at the end blank.
  • Enter openssl rsa -in foo.pem -out foo.key. You will be asked to reenter the password you entered in the last step.
  • Enter openssl x509 -in foo.csr -out foo.crt -req -signkey foo.key -days 3650. You can replace 3560 with however long you want to certificate to be valid for.
  • You will now wind up with four files: foo.crt, foo.csr, foo.key, and foo.pem. At this point you really only need foo.crt and foo.key and may delete the other two (unless you want to sign more certificates later on).
  • Move your two remaining files somewhere safe (not any place where the web server will be able to serve them to clients).
  • Open [apache 2.2 path]/conf/httpd.conf in your favorite text editor. Uncomment out the line LoadModule ssl_module modules/mod_ssl.so.
  • Open [apache 2.2 path]/conf/extra/httpd-ssl.conf. Uncomment out the line Listen 443.
  • In Windows Explorer browse to [apache 2.2 path]/conf and open up the configuration for the site you want to SSL enable. Make sure you are setup to listen on port 443 if you are running a virtual host. Add the lines SSLEngine on, SSLCertificateFile "[foo.crt path]", and SSLCertificateKeyFile "[foo.key path]".
  • Restart Apache 2.2: net stop apache2.2 and net start apache2.2

Some notes:

  • Certificates can only be used for whole domains or virtual hosts as opposed to a single directory. However with some clever allows, denies, and redirects in your web root you can do just about anything.
  • Only one SSL connection per IP on the same server is allowed. This is by design within SSL.
  • These certificates are self-signed. That means that anyone who views your new secure site will most likely be greeted with a warning they must accept before continuing. You setup the certificates yourself so you know there is nothing fishy going on but they might not know that. If you want to avoid this you will have to put out the cash to Verisign or someone else who can offer the same service.
  • Check out the SSLCipherSuite and SSLCARevocationFile directives (which you will notice are missing in my instructions) to further lock down your site.
  • Remember that if you ever change your certificate in any way the client may need to remove their old certificate before they will be able to view the site again.
  • I generally replace foo with the domain name.
  • Since this was always meant as a quick-and-dirty howto you can find more information at the Apache site.
  • I am running Windows XP SP3, Apache 2.2.14, and the included OpenSSL 0.9.8k.
Manually Empty Linux Swap and Control Linux Swap Usage

Manually Empty Linux Swap and Control Linux Swap Usage

I have noticed that the Linux versions of VMware products love their swap usage. I do not know if this is a “fault” of Linux or the VMware software but it annoys and slows me down. After looking around for an elegant solution I just decided to take the brute force method to emptying my swap: running sudo swapoff -a;sudo swapon -a as (make sure you have enough free RAM to fit the contents of swap).

There is also the option of swappiness included with the 2.6.x+ kernel. Just edit /etc/sysctl.conf to include the line vm.swappiness=0. Either change the existing value or, if it does not exist, add it (changing/adding this value will require a reboot or running sudo sysctl vm.swappiness=value). vm.swappiness can be between 0 and 100 (inclusive) where 0 will try to never swap anything and 100 will aggressively swap. If you would rather just change the value until next reboot use the line sysctl vm.swappiness=value (replacing value with an appropriate value). You can view the current value with the command cat /proc/sys/vm/swappiness. Ubuntu 10.04, for example, has a default value of 60.

Update 2011.02.14
While searching for something completely unrelated I came across this from the Community Ubuntu Documentation:

#!/bin/bash

err="not enough RAM to write swap back, nothing done"
mem=`free|grep Mem:|awk '{print $4}'`
swap=`free|grep Swap:|awk '{print $3}'`
test $mem -lt $swap && echo -e $err && exit 1
swapoff -a && swapon -a

Stick it into a script, make it executable, and it will let you know if you have enough free RAM to empty the swap before doing it.

Tether Motorola Droid with Windows 7

Tether Motorola Droid with Windows 7

As a follow up to my Tether Motorola Droid with Ubuntu 9.10 and Ubuntu 10.04 article I have decided to post the steps for Windows 7.

  • Grab and install the latest Droid Drivers: http://www.motorola.com/Support/US-EN/Support-Homepage/Software_and_Drivers/USB-and-PC-Charging-Drivers/
  • Grab and install the latest OpenVPN: http://www.openvpn.net/index.php/open-source/downloads.html
  • Grab the latest Android SDK and extract it: http://developer.android.com/sdk/
  • Create a file called azilink.ovpn file and enter into it:

    dev tun
    route-method exe
    remote 127.0.0.1 41927 tcp-client
    ifconfig 192.168.56.2 192.168.56.1
    route 0.0.0.0 128.0.0.0
    route 128.0.0.0 128.0.0.0
    socket-flags TCP_NODELAY
    ping 10
    dhcp-option DNS 192.168.56.1

  • Create a file called azilink.bat and enter into it:

    "[path to android sdk]\tools\adb.exe" forward tcp:41927 tcp:41927
    openvpn "[path to azilink.ovpn]"

  • Set your Droid to debugging mode: Settings -> Applications -> Development -> USB debugging
  • Grab and install the latest Azilink .apk file onto your Droid: http://azilink.googlecode.com/ (This can be done by pointing the Droid’s web browser directly to the download link or loading it onto the SD card. Either way you may need to go to Settings -> Applications -> Unknown sources to allow it to be installed.)
  • Start up Azilink on your Droid and select Service active.
  • Right-click azilink.bat and select Run as Administrator.

If all these steps went well you should be able to access the Internet on your computer via Azilink’s tethering capabilities. Be sure to check out the About screen in the Azilink application on the Droid to see if any of that applies to you.

A few things worth mentioning:

  • This method does not require your Droid to be rooted.
  • I am under the impression that these steps will also work for Windows Vista but I can not confirm that.
  • I am under the impression that these steps will also work for Windows XP with the route-method exe line removed from azilink.ovpn but I can not confirm that.
  • I am running Droid firmware 2.1, OpenVPN 2.1.1, Azilink 2.0.2, and MotoConnect 4.6.0.
Intalling VMware Tools on Linux

Intalling VMware Tools on Linux

Installing VMware Tools on a Linux host is very simple. All you need to do is make sure the headers for your current kernel and GCC are installed. Here is an example of the commands you would run for Debian/Ubuntu:

sudo apt-get install linux-headers-generic gcc
sudo mount /dev/cdrom /media/cdrom
cp /media/cdrom/VMware*.tar.gz /tmp
sudo umount /media/cdrom
cd /tmp
tar xzvf VMware*.gz
cd vmware-tools-distrib/
sudo ./vmware-install.pl

You should now notice your Linux VMs are more responsive and have a few more options.

Linux Swap File

Linux Swap File

For some unexplainable reason it annoyed me that most Linux distros use a swap partition instead of a swap file. Depending on your setup a swap file will be just as fast and will even allow you to suspend to disk. Here is how you do it.

Enter the following lines at the Terminal:

sudo dd if=/dev/zero of=/swap bs=1G count=X
sudo chown root:root /swap
sudo chmod 600 /swap
sudo mkswap /swap
sudo swapon /swap

Replace “X” in the first line with how many gigabytes you want your swap file to be (~1.5 times your amount of RAM is a good rough guess). Now add the line “/swap none swap sw 0 0” to your /etc/fstab file.

If you already have a swap partition you can safely remove the corresponding line from /etc/fstab, sudo swapoff partition, and then remove the swap partition completely with a tool like GParted.

If you get a error from dd indicating you do not have enough RAM you can use sudo dd if=/dev/zero of=/swap bs=1M count=X instead.

Dungeons Keeper 2 on Ubuntu with Wine

Dungeons Keeper 2 on Ubuntu with Wine

When Microsoft announced Windows 7 I went to my favorite retailer and pre-ordered my copy of Ultimate. Of course the more versions of Windows we get the less older games we can play on them.

Dungeon Keeper 2 was always one of my personal favorites. Seeing my lovely girl playing it on Windows Vista made me want to play a game so I dug it out from a pile of old discs and installed it on Windows 7. It would not start. I tried compatibility modes, sacrificing a dog, and a third thing. It simply, positively would not start. So I thought “screw this, I am going to Linux.”

These are the steps I took to get Dungeon Keeper 2 1.7 working on Ubuntu 9.10 x64:

  • Prepare Apt: In a terminal type sudo add-apt-repository ppa:ubuntu-wine/ppa
  • Update Apt: In a terminal type sudo apt-get update
  • Update Wine: In a terminal type sudo apt-get upgrade
    (Note that this will upgrade everything. You can use System -> Administration -> Update Manager to upgrade only the related Wine packages.)
  • Fire up regedit and set the following keys: In a terminal type wine regedit

    HKEY_CURRENT_USER -> Software -> Bullfrog Productions Ltd -> Dungeon Keeper II -> Configuration -> Video -> EngineID = 4
    HKEY_CURRENT_USER -> Software -> Bullfrog Productions Ltd – >Dungeon Keeper II -> Configuration -> Video -> ScreenHardware3D = 0
    HKEY_CURRENT_USER -> Software -> Wine -> DirectInput -> MouseWarpOverride = “disable”

    If any of these keys do not exist create them. Running the game and using Alt-F4 to exit it will create most of– if not all of– these. MouseWarpOverride had to be created in my case and I set it as a string.

  • Run the game: In a terminal browse to the Dungeon Keeper 2 directory and type wine DKII.exe

One might note that I never actually installed the game. I had it installed on Windows and I simply moved the files over to my EXT4 partition (running them off of my NTFS partition probably would have worked just as well). I also grabbed a no-CD crack so I would not need the disc (buy the game because it is damn well worth it). I have not yet gotten the mouse perfect but I am pretty happy with it right now. All the applications I had open at the time seemed to disappear but were still running. I do not know why this was and I currently have no idea where to look to fix it.

[Source]

Update 2011.04.22
As of Ubuntu 10.10 there is no need to add the Wine repositories (the Prepare Apt step).

Playing Encrypted DVDs in Ubuntu

Playing Encrypted DVDs in Ubuntu

Most DVDs you will come across are CSS encrypted. When you rely on a open source operating system that aims to be free, like Linux, this can prove to be a problem for you. Just run the following in a terminal to allow Ubuntu to play commercial DVDs.

sudo apt-get install libdvdread4
sudo /usr/share/doc/libdvdread4/install-css.sh

You may need to reboot before these changes will take effect. This should work for both 32-bit and 64-bit installations. I tested this on Ubuntu versions 9.04, 9.10, 10.04, and 10.10.

In some countries this is illegal. Take a look at your local laws to make sure you will not bring the fuzz down on yourself.