OpenVPN

New project at work! Setting up OpenVPN. It's great fun...except when it doesn't work.

I love the Windows interface for setting up the Server. It's straight-forward, and following the tutorial at http://openvpn.net/index.php/open-source/documentation/howto.html works like a charm. Setting up the client is just as easy, and the connection can be made in a matter of minutes.

However, I started running into problems when I began trying to replicate the server over to Ubuntu 12.04. The tutorial once again was straightforward and everything SEEMED to work out. I could start up the server and everything. It was all good.

However, for some strange reason, I was unable to actually connect to the client. I would generate the certificate authority key, server key, and client key plus the Diffie Hellman number. Server again started up great. But after transferring the client keys to my Windows computer, and setting up the client configuration, I kept getting an odd error "Private key password verification failed."

Looking this error up, all I could find were forum entries on http://forum.openvpn.eu talking about making sure you didn't set a challenge password when generating keys and ensuring that the user/password authentication on your OpenVPN server was turned off. Both of these were true in my case, so no help.

Then I started thinking, could it be the age-old, infamous Unix vs. MS line ending problem? Let's find out! Opened each of the files, ca.crt, client.crt and client.key in a text editor in turn, made a slight change, undid it and saved the file to ensure they all had MS line endings.

Well....it was in this process that I found my big problem. Opening client.key (the private RSA key that the client would use when authenticating over SSL), I found that instead of a standard RSA hash, it read:


<html><head><br /><title>403
Forbidden</title></head><body><br /><h1>
Forbidden</h1>
<br />You don't have permission to access /Lynx/dp_m14x.key<br />on this server.<br />
<br /><hr />
<br /><address>
Apache/2.2.22 (Ubuntu) Server at 192.168.10.21 Port 80</address>
</body></html>

Oops.  Turns out that Ubuntu, when generating the key/cert via easy-rsa, decided to give the private key file root-only access, which, for this type of file is a *very good thing*. Thus, when attempting to access it via the standard Apache www-data user from the browser, it gave me a 403 which I did not see as I did a right-click > Save As on my directory listing of the file.

Attempted to instead copy it to my Samba folder and transfer it over to my Windows client that way. Still no go. Now I got Windows access errors "Could not read file..."

Finally decided to get smart about it.
cp /etc/openvpn/easy-rsa/keys/client.key /home/daniel/Documents
chmod 777 /home/daniel/Documents/client.key

rm /home/daniel/Documents/client.key

Now I just need to figure out how in the world to transfer it over without being so unsecured about it. Gzip?

-------------------------------
11-2014 Edit:
I recently had to rebuild my IP tables this last week due to some unforseen ISP issues. For future reference, here's what I had to input in order to allow OpenVPN clients full internet plus LAN access:

iptables -I FORWARD --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -d 192.168.10.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE

It's also good to note that I did have to do a full server reboot to apply this.
Posted by at No comments:
Tags: , , , , , , , ,

This Annoying Christmas Theme

Amazing. I've neglected this site so much in the past year that I forgot to take my Christmas theme down and now it's time to put it back up!

Awesome.
Posted by at No comments:
Tags: , , ,

Ruby on Rails - Success kinda!

Okay. I'm totally going to try this again, just to see if I can't figure it out.

Ruby on Rails - A ruby based framework for web stuff. Basically, I haven't a clue, but I'm going to at least try to get it running on Windows and make some rudimentary website things, just to see HOW easy it is once I get the basic syntax down.

For the steps outlined below, I'm basically following the tutorial from http://guides.rubyonrails.org/getting_started.html verbatim, save for a few edits I'm needing to make to get the libraries downloaded and installed properly (i.e., they never told me in that tutorial that we needed the Ruby DevKit installed, and the DevKit download page doesn't really say HOW to install it).

  1. Download and install Ruby. Current version is 2.0.0p247 from http://rubyinstaller.org/downloads/. I installed mine to C:\Ruby200.
  2. Ensure Ruby is accessible from anywhere in the command shell by typing "ruby -v". You should get the current version of Ruby. If not, you may need to edit your environment variable "PATH" to include C:\Ruby200\bin (edited, of course, to where you installed Ruby).
  3. Download and unzip ruby DevKit, again from RubyInstaller.org. For version 2.0.0 and up, use DevKit 4.7.2. MinGW64-32 or MinGW64-64 specifies whether you're on 32 or 64-bit. I unzipped the development kit to C:\Ruby_DevKit.
  4. Install Ruby DevKit:
    1. Open a command shell and navigate to the location where you unzipped the development kit (C:\Ruby_DevKit).
    2. Type "ruby dk.rb" init
    3. Type "ruby dk.rb" install
    4. You should get messages that the development kit overwrote a few ruby gems that may have been already installed (Updating convenience notice gem override for 'C:/Ruby200'), and an "installing /devkit.rb"
    5. Type "gem install rails". You should get a ton of secondary libraries (gems) downloaded along with the main rails gem and documentation for each which could take a good long while. Just be patient. You should get something like "20 gems installed" at the end of the sequence.
    6. Type "rails --version". I got the message "Rails 4.0.0"
    7. We now have the ruby libraries needed to build a Rails application. Create a new location for Rails (C:\Rails, perhaps), navigate into it from the command shell and type "rails new ". I did like the tutorial suggested and just tried "rails new blog" which created an entire app folder structure in the "blog" subfolder. This was after I received the success messages "Your bundle is complete!" after it had installed a bunch of ...whatevers to the blog folder.
    8. Now, I did notice, rails automatically installs its OWN webserver (WEBrick, not Apache or IIS), so this app is able to run straight from its own folder out of Rails. I believe there's a way to install it over top of Apache, and use the Apache server configurations to control its access, but that's for later. Right now I just want to get this thing working in the first place, and am willing to put up with WEBrick.
    9. So anyway, I'm now told to startup Rails by typing "rails server".
    10. Whoops! I got a bunch of sqlite errors. Looks like I need to set up database config and connections first. I also tried starting OUT of the blog application, in which case I was told I needed to be inside a Rails application folder before I could start the server.
    11. Well that was odd. Tried installing the sqlite3 gem, which did not fix anything. Turns out I needed some other version of Ruby that had all the headers included, which I apparently did not do by using the windows installer. I REALLY hate trying to compile gcc projects on Windows. Hopefully I can try to make it work with MySQL since I already have that installed with source files and it's a part of my path.
    12. Thus, I deleted the blog folder and re-created the app with "rails new blog -d mysql" which forces the new app to use MySQL instead of the default sqlite.
    13.  Got a bundler error that said I needed the mysql2 gem. Ran "gem install mysql2 '0.3.13'. This errored, so I tried "gem install mysql" which worked, but was not the right version.
    14. Finally after a bit of research, I got the mysql2 gem to work with the following
      1. "subst X: "C:\Program Files\MySQL\MySQL Server 5.6"
      2. "gem install mysql2 mysql2 --platform=ruby -- --with-mysql-dir=X: --with-mysql-lib=X:\lib --with-mysql-include=X:\include" <== Note the double -- in there. Basically, this splits out the main command with a bunch of sub-switches....I think. Simply put, you HAVE to have the -- --with-mysql- in there. Otherwise it will fail with an "invalid switch" error.
    15. Trying "rails new blog -d mysql" once more.
    16. Success! I received the "Your bundle is complete" message.
    17. However, when starting up the server, I once again got errors (needed MySQL2 gem 0.3.13). Tried to install using "gem install mysql2 --version=0.3.13 -- stuff stuff stuff". That worked. However, when trying to start up the server, I was STILL getting a bunch of stupid errors about missing something inside the mysql2 0.3.13 gem.
    18. I managed to fix this error. Basically, I was able to copy libmysql.dll from the MySQL Server/lib folder into Ruby/bin. Rails is now started up clean with no errors whatsoever -  I actually see the line "=> Ctrl-C to shutdown server."
    19. Tried navigating to "localhost:3000" and got the error "Specified 'mysql' for database adapter, but the gem is not loaded. Add `gem 'mysql'` to your Gemfile." - My database.yml I think is using mysql instead of mysql2 for its handle. I will change it there.
    20. Sure enough. Changing the "adapter" field in config/database.yml from "mysql" to "mysql2" got rid of the error. However, now it's attempting to login to my MySQL root user without a password. Gotta enter that information (with a password that you will not see repeated here ;)).
    21. Entered the password into database.yml. However, the error did not disappear. I manged to figure it out. I have to restart Rails. Ctrl-C in the command shell and run "rails server" again. This time it worked. However, now the website saying that it cannot find the "blog_development" database. Apparently it's not smart enough to create it itself (yet), so I will have to look up new tutorials on how to do that later on.
    22. Check that. I just went into PHPMyAdmin and created a blank "blog_developement" database, not adding anything to it. A refresh on the page now shows the "welcome to rails" homepage! I'm in!
In any case! I've apparently gotten it to work, so I'll be changing the title of the blog post from "A failed attempt" to "Success kinda!!"
Posted by at No comments:
Tags: , , , , , , ,

IFTTT

IFTTT - What in the world!? I just discovered this this morning while once again searching for alternatives to Google Reader, since it's dying in about 2 weeks. I tried Feed Demon at home, but it just didn't cut it; half of the problems being that it was yet another application (and a memory hog at that) that ran in the background on my computer. The other half of the problem is I kept forgetting it was there and couldn't access it remotely.

So I decided, perhaps I'd better port all my podcast subscriptions to iTunes. That's fine. I can deal with that. But what about the rest of my feeds? What about the hundreds of ICHCB titles that come through in a single day? What about InterfaceLift which I've subscribed to for YEARS!? How am I supposed to stay apprised of those?

In the past few days, I've been attempting to get back into Evernote, a service that I've had installed on my phone for about a year and have liked so far, but have not seen the potential of. Well, I thought, why can't I subscribe to an RSS feed via Evernote? Researching, I found nothing conclusive right off the bat. Just a lot of other people asking the same thing. Then one link that said, hey why not just set up an IFTTT link? IFTTT is great.

I asked, what in the world is IFTTT? These people seem to swear by it...so maybe I should look at it. And much to my surprise, it turns out it's just as cool as they say - programmatic links between accounts based on events in either account to cause a reaction in another account!! Want to create a new note in Evernote when an RSS post comes through? No problem. Set up IFTTT to monitor an RSS feed and post a note to Evernote with preset title, content and tag list patterns! Wish Instagram photos showed up in Twitter like they used to? Again, no problem. Have IFTTT post your instagram photos automatically as a Twitter picture attachment. You could even set it up to post the link to the original Instagram post in your Tweet!

Almost every social network I can think of is on there. The only concern I see is for every network you link IFTTT to, you basically click the "Allow IFTTT to do stuff on my account" oAuth button that everybody has. So basically, IFTTT has the capability of centralizing your entire online social life. And if someone got the password to THAT...well.......

For now, I'm attempting to remember all of my old Google Reader RSS feeds that I cleared out over six months ago. I'm sure I still have the list at home, but it should be interesting to see them all pop up in Evernote or whatever else I decide to publish them to!
Posted by at 2 comments:
Tags: , , , ,

A Domain!!

At last!! I tucked in my shirt, tightened my belt and made the plunge. I am now the proud pseudo-owner of ppsstudios.com! For that reason, I've created this Google Sites ...site, and then in addition linked THIS blog to blog.ppsstudios.com (mostly because I wanted to try subdomains, to see how easy they were).

All the other links work as well, as Google doesn't let you delete the original naming conventions for their sites, but we (as in I) now have friendly DNS naming for all this stuff! So excited.

Perhaps I'll even get a bit inspired, install BIND on my personal computer, and route a CNAME to my Apache server there. But that's for another date. For now, hopefully I'll get back into this blog, perhaps add a few family members to the main site and let them have a crack at editting their own pages.

Who knows! We could have created the next big Internet phenomenon!


Posted by at No comments:
Tags: , , , , , , ,

My New C++ Endeavors

Awesome news! I've been asked at work to start doing a bit of GUI development for our NASA projects. They've said that all of their stuff is developed using Borland C++. Now with my PennMUSH development experience, I've taught myself a bit of C++ (though my PennMUSH development experience has been mostly debugging and making sure it compiles under Windows, so it isn't too in depth).

One of the big hangups I've always had with C++ is the pointer and reference concepts. And I think I know why now. It's because immediately after teaching us pointers in college, our teacher jumped right into recursion. And it was hard enough grasping pointers without sending my mind into an out-of-control fractal spiral.

However, reading C++ All-in-One for Dummies (the big 7-volume one that I got at Barnes and Noble for a surprising $35), the entire concept of pointers suddenly made sense to me!!

Here it is in a nutshell:
Variable has a value.
Pointer has a value also. Its value is actually a hex word.
Pointer's value, that hex word, points at the memory location of the variable.
We can access the variable's value via the pointer, which expands our capabilities of manipulating it.

And in short:
var = var value
&var = var location
ptr = var location
*ptr = var value

As you can see, all we REALLY care about in the end is what or where the variable is.

Then we get into heap variables where we don't even care what the variable is called! We only work with it via pointers!

Then apparently C++ has this new thing that wasn't in C called Referencing. This is, at least from what I know, a shorthand way of passing actual variables in and out of functions.

Functions normally just pass variable values in and out:
int manipulate(int input) {
    bigValue = input + 5;
    return bigValue;
}
int main() {
    smallValue = 5;
    cout << smallValue << endl; // Will return 5.
    nextValue = manipulate(smallValue);
    cout << nextValue << endl; // Will return 10 (Function added 5 to 5).
    cout << smallValue << endl; // Will return 5. Actual variable passed in is unchanged, because we really only passed in its VALUE.
}
With references, we can actually change the VARIABLE we pass in:

void manipulate(int &smallValue) {
    smallValue += 5;
    // We aren't returning anything! We don't have to because we're not manipulating an internal function variable anymore.
}
int main()  {
    smallValue = 5;
    cout << smallValue << endl; // Will return 5
    manipulate(smallValue);
    cout << smallValue << endl; // Will return 10. The REFERENCE to the variable was passed in, rather than the value, so the function worked on the variable we were referencing rather than one it created itself.
}
So I'm not too adept on the actual advantages to all this, but then again, I don't need to know its advantages right away in order to get excited about understanding it!


Posted by at No comments:
Tags: , , , , ,
Subscribe to: Posts (Atom)