Technology – Page 2 – Nick's Blog

OpenVPN Woes: The Revenege of Nick

2010/01/19 Nicholas Ingrassellino Comments 0 Comment

After one week of struggle, head ache, and a very patient girlfriend I have OpenVPN running in a bridged configuration! What follows are the steps that I had taken (minus the blood, sweat, and tears):

Read the OpenVPN HOWTO! Nothing will replace the knowledge of how this beast works.
Bridge your OpenVPN virtual network adapter with your local LAN-side adapter. Make sure to set your bridge adapter network information (IP, netmask, ect) to what your local LAN adapter information was set to. I did come across a decent guide with images in my travels for Windows.
Generate the certificates. Do not forget to generate the Generate Diffie Hellman keys as this was a small road block for me. (I am just going to link this one since this step is easy and is explained very well in the HOWTO.) Copy the ca.crt, client1.crt, and client1.key files to your clients. It is also a good idea to read the section on Hardening OpenVPN Security and generating a ta.key.
Create your configuration files using the samples as a base making sure to use your new bridge adapters IP and netmask as your server configurations IP and netmask. These samples are also included in the OpenVPN distribution. (I am including my working configurations below.)
Fire up the server and then the client.
Read the OpenVPN HOWTO!

My Configurations

Server

port 1194
proto udp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge [Server IP] [Server Netmask] [OpenVPN DHCP Range Start] [OpenVPN DHCP Range End]
client-config-dir ccd
client-to-client
keepalive 10 120
tls-auth ta.key 0
tls-cipher DHE-RSA-AES256-SHA
replay-persist persist.txt
cipher AES-256-CBC
comp-lzo
max-clients 16
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 4
mute 20

Client

client dev tap proto udp remote [VPN IP] [VPN Port] resolv-retry infinite nobind persist-key persist-tun mute-replay-warnings ca ca.crt cert client1.crt key client1.key ns-cert-type server tls-remote [Server Common Name] tls-auth ta.key 1 cipher AES-256-CBC comp-lzo verb 4 mute 20

Notes

All my testing was done with OpenVPN v2.1.1.
A bridge configuration will give your VPN clients IPs on your local LAN. Make sure you choose a free range of IPs that does not conflict with anything (including an existing DHCP server).
Make sure to disable any firewalls on the bridged adapter if you can. If that is a problem– say your bridged adapter is plugged directly into a WAN connection– you will need to experiment since I did not have to go that far in my setup.
I have done most of my testing on Windows XP Professional SP3 and Ubuntu 9.10. These configurations should work for any support platform.
I have chosen to allow OpenVPN to dish out the IPs instead of my local DHCP server. The reason for this is some clients will not allow this functionally based on client OS. Since I was already using most of my IPs for DHCP I just lowered the number of available DHCP addresses and set OpenVPN to use those as it wished.
Some versions of Windows have an issue bridging the adapter properly. It will say it worked but there is still another step you need to take. Check out this article for more information.
If you are unfamiliar with networking and subnetting Wikipedia may be a good place to start.

With the OpenVPN HOWTO and this information you should be able to avoid the headache I went through.

I would very, very, very much like to thank #openvpn on the freenode IRC servers! Without them I would still be at this thing. You guys helped me so much and I appreciate it so much.

Edit 2010.12.23
I have done a lot of experimentation since I originally wrote this. I have updated this article with my current configs.

My Robotic Apartment

2010/01/15 Nicholas Ingrassellino Comments 0 Comment

I recently purchased a Synology DS409 (more on that another time). This has prompted me to restart work on something I have wanted to do since I moved into my apartment three years ago: build an infrastructure to house my e-mail, web, various media, and other content all in one place, all under my direct control. I also want these technologies to allow me to access everything as if I were home. This is not a difficult goal to accomplish– given the right equipment– but does require a number of moving parts that all need to work together. For example, the DS409 will now contain the web root for my web server which will run on a separate box. This not only unifies everything but also allows for RAID protection and backup of a single entity instead of worrying about monitoring several scripts on several boxes.

The following are the products/projects I am looking to employ:

Synology (DS409): For a while I was looking at Openfiler but the Synology OS offers more functionally for roughly the same price plus free, fast tech support if needed.
Linux (Ubuntu): This will be the platform most services will on. It is efficient with its resources and has a huge, active community.
OpenVPN: This is provide direct access to everything while I am away as if I were not.
TrueCrypt: For data at rest that that requires absolute secrecy.
Apache 2.2 + PHP 5: Between the various Apache web servers and PHP I have gotten so much work done these are now staples in my environment.
MySQL and SQLite: My tried and true database software for nearly as long as I have been working with SQL.
Orb: An oddity in the Microsoft world, this server will stream my media to nearly any device while dynamically adjusting its bandwidth usage.

Most of these are open-source and free.

Robot Traverses Maze

2010/01/09 Nicholas Ingrassellino Comments 2 comments

At the Singapore Robotic Games where “automation is a key factor towards advancement… to a technologically sophisticated country” some people have built a maze for robots to run through.

This is very similar to something I had done in high school except my maze and robots were virtual. With the introduction of the LEGO Mindstorms things that were the domain of nerds in academic labs before are now accessible to a wider audience. This audience includes people of a younger age than was commonly seen before. I often wonder what technology that I drooled over a year ago will soon be inexpensive enough for me to buy and screw around with.

[youtube]bproY7G2t4o[/youtube]
2009 Singapore Robotic Games MicroMouse Robot Competition

“Robot Consumers, Grow Up!”

2008/04/03 Nicholas Ingrassellino Comments 0 Comment

There is an interesting article on Americans default attitude towards robots. I do not speak so much of sci-fi robots– although sci-if often becomes reality soon enough– but of existing robots.

Sure we make heavy use of robots in places we can not go but that is based on a need. Once we have a choice robots just do not cut it here for most people. Somehow we have stopped seeing tools as tools and have started to expect something a little too abstract from a finite machine. One researcher went as far as to coin the term uncanny valley which refers to how people will react to a humanoid robots emotionally.

Perhaps one day robots will demand equal rights ala The Second Renaissance from The Animatrix. Maybe soon the derogatory term “robies” or some such thing will be coined to refer to robots who are not seen as equals. Who knows.

Use: http://technology.newscientist.com/article/dn13585-matrixstyle-virtual-worlds-a-few-years-away.html

Apple? More like A Cult… le… (???)

2007/07/03 Nicholas Ingrassellino Comments 0 Comment

I am not sure why but I dare to say the following out loud.

When someone refers to a PC they are either referring to Windows (I would dare to put that number somewhere in the 90% range) or Linux. Outside of those two OSes is inside a school or research facility or lab of some kind. Perhaps a data center with a specialized application for it. Not always but most of the time. Focusing on Windows or Linux one can say a lot about either (or even start comparing them with their fellow townsfolk and flaming sticks). It gets tiring. As much as I love a good flame I am so very tired.

So along comes Apples with its long hair, Free-the-Whales attitude and something I may start referring to as “The Way”. Instead of me (someone who has never touched a Mac in his life) describing it I direct you to Tycho from Penny-Arcade:

Having serviced Macs at one point in my illustrious IT career, I understand that there is simply an Apple Way of doing things, and it is often a very, very good way but it’s still their way as opposed to some natural ratio of the universe. It’s not universal, and there are strange blind spots, but there is a reason that their chosen people hoist the banner.

I am well aware I am not the first nor will I be the last to point this out but this is some kind of cult. A cult of artsy nerds. The kids who no one liked 10 to 20 years ago and sat alone at lunch– if they dared to show at all– have all band together into one, formless blob.

I use the word “formless” to describe the followers and not the leaders. Where as you see people in the Linux community (for example) working together– or even on their own– to create new experiences and applications you see the Mac-Heads (or whatever) on their knees praying. They pray Steven Jobs may come to them in a dream and tell them what to buy next. They pray for the next big thing to come to them instead of creating it themselves. This is a very important distinction to make as it will most likely define such a culture.

I do not want to sit at the station waiting for the bus. The people on the bus smell funny. When I come across a problem I either want to find a way around it or tackle it head-on. Being at the whim of a closed-OS means I am at the whim of a business. They may decide that instead of US coins (an obvious, nation-wide standard in the US) they are going to start requiring bus passes I do not want to be forced to buy a new bus. A bus I am not even allowed to drive no matter how much I paid for the privilege.

If you were to question– and of course get an honest answer– a cult member you may ask them why they joined in the first place. They may say something like “I just wanted to check it out but I never intended to join before I got there.” This is my fear: If I were to check out The Way could I turn back? What if I liked what I saw so much my parents and the police are showing up at my new home only to hear “but I am staying here under my own, free will.” This is the fear…

Is it time to buy a pair of white Nikes?

Vista Can See You!

2007/07/02 Nicholas Ingrassellino Comments 0 Comment

Softpedia offers this article about Vista and the spying it does.

I think if anyone is surprised by anything in this article they do not follow the industry. At all. This is a trend that is everywhere from the biggest companies to the smallest, well-meaning individuals. Can I blame Microsoft for collecting certain information? The line is blurred but my answer is still a “no”. It makes perfect business sense and can lead to better software– not that I mean to imply it will in this case. Microsoft has always seemed to go in 100 different directions at once and found themselves scrambling at the last moments only using the required information. I am not trying to say this information will go to waste but I highly doubt we will see any direct, positive results in their software.

Of course one can always hope.

Let There be (Images of) Fire!

2007/06/15 Nicholas Ingrassellino Comments 0 Comment

There are very, very impressive demos over at http://graphics.stanford.edu/%7Efedkiw/.

A few say we could see this in the next gen console hardware. Of course PCs will be doing it a lot sooner.

Nick's Blog

Personal projects, ideas, and the occasional comments on life.

Browsed by
Category: Technology