Computer Tips -Tech Info

Tag: openvpn

  • A few other odd updates…

    Just updated some information on the Virtualization page adding some information about virtualbox which I have spent some time with lately.

    I’ve also had a big vpn/dd-wrt project going which I’ve teased out a bit of information on my dd-wrt and openvpn pages. I haven’t given our “recipe” for it yet, but it’s a vpn that can bridge between any two networks (regardless of network address collision issues…. well there is a small subset of cases where we could still find network address collision, but it’s much more robust than anything else I’ve done in that area.

    I’ve also added a bit to my Online Virtual Servers page. I’ve been trying out gigenetcloud as an alternative to slicehost/vps.net – not for any particular reason, just to have options. Their billing is a slightly different model which may be of interest to many. By the way, I am still a HUGE fan of VPS.net. I can’t recommend them ENOUGH as a cloud VPS provider. It seems as though they are always rolling out great new features and they have great pricing and data centers in so many locations to boot. Their setup is soooooo resilient and their support is superb.

    I think I’ll have to hold off on any of the other stray thoughts that I’ve had the last few weeks to post here as it’s looking like another busy stretch… here’s wishing everyone a good start to summer and a good 4th of July coming up!

  • SSH, Proxies (Proxy’s?), Tor and Web Browsing

    For quite some time I’ve been making use of a dd-wrt modified linksys box on my home network as an openvpn endpoint so that when I’m out and about in the world, I connect the vpn, switch firefox to route through a squid proxy server on the home network and I’ve got a nice fairly secure web browsing setup. But, as they say there’s more than one way to skin a cat. And, that’s what I’ve played around with the last couple days. First off, I guess I should describe the concept. 1) Let’s say that you’re browsing the web at an open wireless access point and you don’t trust the network or 2) let’s say you need to be able to access an intranet web server that is not accessible from the internet side of a network or scenario 3) let’s say a web site is blocking access based on ip address (for instance say you’re behind the great firewall of xyz business/company)…. how can you still manage to access the web pages you want to 3,2) at all or 1) securely with as little snooping as possible.

    (more…)

  • Building Deb packages from source….

    Openvpn has been one of the tools of choice this week, so as I was tinkering on my ubuntu boxen…. I thought why don’t I install openvpn there as well for a little broader testing. So, I did, but was a bit disappointed to see that the version was not the most current. (Yes, they may have merged changes from the current version and left the version number at 2.0.6, but 2.0.9 is out and easy to build an rpm from source….. so….) I’ve compiled from source before, I’ve built RPM’s on Mandrake/Mandriva, but never a deb package.

    (more…)

  • UDP problem…

    I found a peculiar problem while I was setting up an openvpn link the other day. The goal was a simple shared key setup and I started with the sample configuration and modified it a bit to fit the circumstances, I allowed the correct UDP port through the firewall (I think 1194 if I recall correctly) and … it didn’t work. So…. I started over and worked from empty config files and put in the bare minimums… it still didn’t work – no appearance that it was making the connection at all to negotiate the link. I double and triple checked the firewall config/restarted it… nothing Then I decided to try TCP instead of a UDP port. Changed the firewall config to allow the TCP traffic on 1194, adjusted the server and client config and lo and behold it worked. The firewall in question….

    (more…)

  • OpenVPN

    The last time I used openvpn, it was version 1.x and only supported a single connection per running process. So, if you had a server that you wanted to support multiple clients connecting, you had to… have multiple ports open to the outside world (unless you did something VERY fancy), and had to have as many openvpn processes open and listening for connections, as you had clients you expected to connect. It wasn’t a pretty setup unless you had a small number (1-5) that you expected to connect. Fortunately that has changed with the 2.0 series of openvpn and it’s really matured as a vpn solution.

    (more…)

  • OpenVPN series

    After the Hamachi article I wanted to do a series on OpenVPN. I’ve used it before, but not since the 1.x days…. it’s now at version 2.0.5 and has quite a bit more flexibility. When I first used it, it was pretty much a point-to-point vpn solution. You could set up routing to see the rest of the network and for the network to see the vpn client, but only one client could connect to one server. What this meant is that multiple tap or tun devices were needed on the server, one for each remote vpn client. Also, multiple openvpn processes and multiple openvpn ports.

    From my understanding this setup wasn’t necessary under the 2.x series.

    (more…)

  • Hamachi p2p vpn

    A few days back I was at grc to run a “shields up” scan on a clients machine and found reference to their Security Now podcast (Leo Laporte and Steve Gibson.) The cast was about a VPN tool called Hamachi… so I revisited and gave a read to the Security Now! transcript. And then visited the Hamachi site. I’ve got to say, I’m impressed on a couple of levels with Hamachi. 1st it sounds as though they’ve done a great approach to a secure free VPN implementation. (Steve Gibson is a pretty good reference….) It’s also easy to install and use and beyond that there are linux/Windows versions of the client currently, Mac will be released after the 1.0 for Linux and Windows.

    (more…)

  • Building RPM’s – building from tarballs

    Again – I’m NOT an expert on the subject, but have had some success with building rpm’s from either src.rpms (covered last time) and building from tarballs… This entry will talk about the simplest kind of rpm build from tarballs. This is a situation where the developer’s in their great foresight have actually got a spec file in the tarball (and it’s kept current).

    (more…)

  • A tun of trouble….

    Sorry, VERY bad pun but I couldn’t resist. I mentioned that I was having tun difficulties that kept me from playing around with anything fancy networking-wise with qemu. For starters let me see if I can explain what tun is. Tun is a method of creating a point-to-point “imaginary” network connection between a program and an operating system. For instance, Qemu sets up a device called /dev/tun0 in the host operating system. This /dev/tun0 can communicate with the kernel and then the outside world. /dev/tun0 behaves just like any other network interface to the viewers on the outside (even getting it’s own ip address that is network reachable.)

    (more…)