Wednesday, November 26, 2014
Monday, June 30, 2014
OpenWRT - Mount rootfs on External Storage
Unable to install more software on OpenWRT ? Below is how to extend the storage using USB drive.
1. What is need :
-OpenWRT Router with USB port
-Any USB Storage
2. opkg update
opkg install kmod-fs-ext4 kmod-usb-storage-extras block-mount
3. Create new partition on USB storage using gparted, 1st partition is Swap partition 64M ( size is depend on your router model, usually mem size x2), 2nd partition is ext3 partition.
4. Duplicate the rootfs to USB storage
root@OpenWrt:/etc/config# mkdir /mnt/usb
root@OpenWrt:/etc/config# mount /dev/sda2 /mnt/usb/
root@OpenWrt:/etc/config# mkdir /tmp/root
root@OpenWrt:/etc/config# mount -o bind / /tmp/root
root@OpenWrt:/etc/config# cp /tmp/root/* /mnt/usb -a
root@OpenWrt:/etc/config# umount /tmp/root/
root@OpenWrt:/etc/config# ls /mnt/usb/
5. Edit the fstab using ssh terminal / putty and add configs below.
# vi /etc/config/fstab
config 'mount'
option 'target' '/mnt/usb'
option 'device' '/dev/sda2'
option 'fstype' 'ext3'
option 'options' 'rw,sync'
option 'enabled' '1'
option 'is_rootfs' '1'
option 'enabled_fsck' '1'
config 'swap'
option 'device' '/dev/sda1'
option 'enabled' '1'
1. What is need :
-OpenWRT Router with USB port
-Any USB Storage
2. opkg update
opkg install kmod-fs-ext4 kmod-usb-storage-extras block-mount
3. Create new partition on USB storage using gparted, 1st partition is Swap partition 64M ( size is depend on your router model, usually mem size x2), 2nd partition is ext3 partition.
4. Duplicate the rootfs to USB storage
root@OpenWrt:/etc/config# mkdir /mnt/usb
root@OpenWrt:/etc/config# mount /dev/sda2 /mnt/usb/
root@OpenWrt:/etc/config# mkdir /tmp/root
root@OpenWrt:/etc/config# mount -o bind / /tmp/root
root@OpenWrt:/etc/config# cp /tmp/root/* /mnt/usb -a
root@OpenWrt:/etc/config# umount /tmp/root/
root@OpenWrt:/etc/config# ls /mnt/usb/
5. Edit the fstab using ssh terminal / putty and add configs below.
# vi /etc/config/fstab
config 'mount'
option 'target' '/mnt/usb'
option 'device' '/dev/sda2'
option 'fstype' 'ext3'
option 'options' 'rw,sync'
option 'enabled' '1'
option 'is_rootfs' '1'
option 'enabled_fsck' '1'
config 'swap'
option 'device' '/dev/sda1'
option 'enabled' '1'
6. reboot & verify
Friday, June 27, 2014
OpenVPN Server with ACS SmartCard
This is note on how to configure OpenVPN server with smartcard (PKCS11), with window client.
1. Install OpenVPN server, please refer HERE
2. Generate cert for client :
# ./build-key-pkcs12 client2
Generating a 1024 bit RSA private key
........................++++++
....................................++++++
writing new private key to 'client2.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MY]:
State or Province Name (full name) [KL]:
Locality Name (eg, city) [Petaling Jaya]:
Organization Name (eg, company) [Test]:
Organizational Unit Name (eg, section) [server]:
Common Name (eg, your name or your server's hostname) [client2]:
Name [server]:
Email Address [me@test.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'MY'
stateOrProvinceName :PRINTABLE:'KL'
localityName :PRINTABLE:'Petaling Jaya'
organizationName :PRINTABLE:'Test'
organizationalUnitName:PRINTABLE:'server'
commonName :PRINTABLE:'client2'
name :PRINTABLE:'server'
emailAddress :IA5STRING:'me@test.com'
Certificate is to be certified until Jun 21 13:06:42 2024 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Enter Export Password:
Verifying - Enter Export Password:
copy all client2* file to window that installed ACS Cert Management Utility.
3. Import the client cert
3.1 plug the smartcard reader and login
3.2 Action > Certificate Manager
3.3 Click import , select file that you copy just now. e.g client2.p12
3.4 When prompt to enter export password, enter the password enter during generate the cert, DO NOT LEAVE BLANK.
4. Install and Configure OpenVPN client.(without install gui)
4.1 download http://ovpnppc.ziggurat29.com/files/openvpn-gui-1.0.3-pkcs11.src.zip gui, this version will prompt the pkcs11 pin where the official site verion won't.
4.2 Locate the middleware by the smartcard provider, my case is :
"C:\Program Files\Advanced Card Systems Ltd\ACOS5-CryptoMate Admin Client Kit\Mid dleware\x86\PKCS\>acospkcs11.dll"
4.2 Find the Serialized id.
openvpn --show-pkcs11-ids C:\Program Files\Advanced Card Systems Ltd\ACOS5-CryptoMate Admin Client Kit\Mid
dleware\x86\PKCS\acospkcs11.dll
The following objects are available for use.
Each object shown below may be used as parameter to
--pkcs11-id option please remember to use single quote mark.
Certificate
DN: C=MY, ST=KL, L=Petaling Jaya, O=Test, OU=server, CN=xp3,
name=server, emailAddress=me@test.com
Serial: 04
Serialized id: Advanced\x20Card\x20Systems\x20Ltd\x2E/CTM64/603868942
/ACS\x20Card\x20OS\x205/F8892A3678F75A7E586BFBEF805F3CA80DD2
4.3 Add PKCS provider to openvpn config file
pkcs11-providers C:\Program Files\Advanced Card Systems Ltd\ACOS5-CryptoMate Admin Client Kit\Mid
dleware\x86\PKCS\acospkcs11.dll
pkcs11-id 'Advanced\x20Card\x20Systems\x20Ltd\x2E/CTM64/603868942
/ACS\x20Card\x20OS\x205/F8892A3678F75A7E586BFBEF805F3CA80DD2'
/ACS\x20Card\x20OS\x205/F8892A3678F75A7E586BFBEF805F3CA80DD2'
5. Run openvpn-gui and connect.
Wednesday, June 25, 2014
FB Invite all friends js script
elms=document.getElementById('fbpage_invite_audience_action_finch').getElementsByTagName('button');for(var fid in elms){if(typeof elms[fid] === 'object'){(elms[fid]).click();}}
Steps:
1. Launch Mozilla and load the Pages.
2. Under invite friend click "See all friends"
3. Press F12 on keyboard > click on "Console" tab.
4. Paste the script above to console >>
5. Scroll down the friends list and repeat step 4.
Wednesday, June 11, 2014
Bluetooth module for old multimedia speaker
This is about how to adding Bluetooth feature to your old multimedia speaker.
Old phone charger with 5v output.
This AC-DC converter
Connect the phone charger board to 220AC on the speaker board
USB Bluetooth module
Connect the 5v output to Bluetooth USB input (pin 1(+) and pin 4 (-).
Connect the Bluetooth Aux out to speaker Aux input, above is Edifier R202 board.
Manually iron the AC input to phone charger board
Wrap the high voltage circuit for safely!!
Glue the charger board to panel
Glue the Bluetooth beside the charger board
Bluetooth speaker!!
NiMh Charger Disassemble
This post is to dissemble NiMH charger to inspect the build quality, I only have 3 units, 2 from GP and 1 from unknown china brand.
GP Fast Charge
China brand cheap charger
China brand cheap charger overview
Below 3 pictures is GP 4 position charger.
Tuesday, June 10, 2014
Bash script to adjust laptop LCD backlight
##!/bin/bash
export blval=`sudo intel_backlight |awk '{print $4}' |sed 's/%//g'`
if test "$1" = "up"
then
echo "currrent val : $blval"
export blval=`expr $blval + 10`
echo "increase to $blval"
elif test "$1" = "down"
then
echo "currrent val : $blval"
export blval=`expr $blval - 10`
echo "decrease to $blval"
else
echo "e.g adj_backlight.sh [ up | down ]"
fi
sudo intel_backlight $blval
exit
export blval=`sudo intel_backlight |awk '{print $4}' |sed 's/%//g'`
if test "$1" = "up"
then
echo "currrent val : $blval"
export blval=`expr $blval + 10`
echo "increase to $blval"
elif test "$1" = "down"
then
echo "currrent val : $blval"
export blval=`expr $blval - 10`
echo "decrease to $blval"
else
echo "e.g adj_backlight.sh [ up | down ]"
fi
sudo intel_backlight $blval
exit
Tuesday, April 22, 2014
How to Setup and Configure an OpenVPN Server on CentOS 6
How to Setup and Configure an OpenVPN Server on CentOS 6
Introduction
This article will guide you through the setup and configuration of OpenVPN server on your CentOS 6 cloud server. We will also cover how to configure your Windows, OS X, or Linux client to connect to your newly installed OpenVPN server.
Before we begin, you'll need to have the Extra Packages for Enterprise Linux (EPEL) Repository enabled on your cloud server. This is a third party repository offered by the Fedora Project which will provide the OpenVPN package.
wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm rpm -Uvh epel-release-6-8.noarch.rpm
Initial OpenVPN Configuration
First, install the OpenVPN package from EPEL:
yum install openvpn -y
OpenVPN ships with only a sample configuration, so we will copy the configuration file to its destination:
cp /usr/share/doc/openvpn-*/sample-config-files/server.conf /etc/openvpn
Now that we have the file in the proper location, open it for editing:
nano -w /etc/openvpn/server.conf
Our first change will be to uncomment the "push" parameter which causes traffic on our client systems to be routed through OpenVPN.
push "redirect-gateway def1 bypass-dhcp"
We'll also want to change the section that immediately follows route DNS queries to Google's Public DNS servers.
push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
In addition, to enhance security, make sure OpenVPN drops privileges after startup. Uncomment the relevant "user" and "group" lines.
user nobody group nobody
Generating Keys and Certificates Using easy-rsa
Now that we've finished modifying the configuration file, we'll generate the required keys and certificates. As with the configuration file, OpenVPN places the required scripts in the documentation folder by default. Create the required folder and copy the files over.
mkdir -p /etc/openvpn/easy-rsa/keys cp -rf /usr/share/openvpn/easy-rsa/2.0/* /etc/openvpn/easy-rsa
With the files in the desired location, we'll edit the "vars" file which provides the easy-rsa scripts with required information.
nano -w /etc/openvpn/easy-rsa/vars
We're looking to modify the "KEY_" variables, located at the bottom of the file. The variable names are fairly descriptive and should be filled out with the applicable information.
Once completed, the bottom of your "vars" file should appear similar to the following:
export KEY_COUNTRY="US" export KEY_PROVINCE="NY" export KEY_CITY="New York" export KEY_ORG="Organization Name" export KEY_EMAIL="administrator@example.com" export KEY_CN=droplet.example.com export KEY_NAME=server export KEY_OU=server
OpenVPN might fail to properly detect the OpenSSL version on CentOS 6. As a precaution, manually copy the required OpenSSL configuration file.
cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
We'll now change into our working directory and build our Certificate Authority, or CA, based on the information provided above.
cd /etc/openvpn/easy-rsa source ./vars ./clean-all ./build-ca
Now that we have our CA, we'll create our certificate for the OpenVPN server. When asked by build-key-server, answer yes to commit.
./build-key-server server
We're also going to need to generate our Diffie Hellman key exchange files using the build-dh script and copy all of our files into /etc/openvpn as follows:
./build-dh cd /etc/openvpn/easy-rsa/keys cp dh1024.pem ca.crt server.crt server.key /etc/openvpn
In order to allow clients to authenticate, we'll need to create client certificates. You can repeat this as necessary to generate a unique certificate and key for each client or device. If you plan to have more than a couple certificate pairs be sure to use descriptive filenames.
cd /etc/openvpn/easy-rsa ./build-key client
Routing Configuration and Starting OpenVPN Server
Create an iptables rule to allow proper routing of our VPN subnet.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE service iptables save
Then, enable IP Forwarding in sysctl:
nano -w /etc/sysctl.conf # Controls IP packet forwarding net.ipv4.ip_forward = 1
Finally, apply our new sysctl settings. Start the server and assure that it starts automatically on boot:
sysctl -p service openvpn start chkconfig openvpn on
You now have a working OpenVPN server. In the following steps, we'll discuss how to properly configure your client.
Configuring OpenVPN Client
Now that your OpenVPN server is online, lets configure your client to connect. The steps are largely the same regardless of what operating system you have.
In order to proceed, we will need to retrieve the ca.crt, client.crt and client.key files from the remote server. Simply use your favorite SFTP/SCP (Secure File Transfer Protocol/Secure Copy) client and move them to a local directory. You can alternatively open the files in nano and copy the contents to local files manually. Be aware that the client.crt and client.key files will are automatically named based on the parameters used with "./build-key" earlier. All of the necessary files are located in /etc/openvpn/easy-rsa/keys
nano -w /etc/openvpn/easy-rsa/keys/ca.crt nano -w /etc/openvpn/easy-rsa/keys/client.crt nano -w /etc/openvpn/easy-rsa/keys/client.key
With our certificates now on our client system, we'll create another new file called client.ovpn, where "client" should match the name of the client being deployed (from build-key), the contents should be as follows, substituting "x.x.x.x" with your cloud servers IP address, and with the appropriate files pasted into the designated areas. Include only the contents starting from the "BEGIN" header line, to the "END" line, as demonstrated below. Be sure to keep these files as confidential as you would any authentication token.
client dev tun proto udp remote x.x.x.x 1194 resolv-retry infinite nobind persist-key persist-tun comp-lzo verb 3 <ca> Contents of ca.crt </ca> <cert> Contents of client.crt </cert> <key> Contents of client.key </key>
As all of the required information to establish a connection is now centralized in the .ovpn file, we can now deploy it on our client system. On Windows, regardless of edition, you will need the official OpenVPN Community Edition binaries which come prepackaged with a GUI. The only step required post-installation is to place your .ovpn configuration file into the proper directory (C:\Program Files\OpenVPN\config) and click connect in the GUI. OpenVPN GUI on Windows must be executed with administrative privileges.
On Mac OS X, the open source application "Tunnelblick" provides an interface similar to OpenVPN GUI on Windows, and comes prepackagd with OpenVPN and required TUN/TAP drivers. As with Windows, the only step required is to place your .ovpn configuration file into the ~/Library/Application Support/Tunnelblick/Configurations directory.
On Linux, you should install OpenVPN from your distributions official repositories. You can then invoke OpenVPN by simply executing:
sudo openvpn --config ~/path/to/client.ovpn
Congratulations! If you made it this far you should now have a fully operational VPN running on your cloud server. You can verify that your traffic is being routed through the VPN by checking Google to reveal your public IP.
[src:https://www.digitalocean.com/community/articles/how-to-setup-and-configure-an-openvpn-server-on-centos-6]
.
.
Subscribe to:
Posts (Atom)