what is a vpn?

a virtual private network or vpn is a secure private network that makes use of a shared public medium, such as the internet. vpn makes secured communication cheaper. there is a whole range of techniques for offering vpn services, but not all hardware is compatible with these techniques.

a vpn connection is established by means of secure communication paths which are called ?tunnels?. each tunnel has two ends, one on either side, or one in each of the two separate networks. all the traffic from site A to site B must go through this tunnel. all the traffic between the ends of the tunnels is encrypted in turn, so that the data transfer is secure.

this is a little tutorial on how to setup an openvpn server. it doesn’t really matter what unix operating system you are using, the basic configuration and install is almost the same.

for this installation i used gentoo.

firstly you need to setup ip forwarding

openvpn ~ # cat /etc/sysctl.conf

net.ipv4.ip_forward = 1

secondly, make sure that your kernel is using the tun/tap driver support.

openvpn ~ # cd /usr/src/linux

openvpn ~ # make menuconfig

Device Drivers --->
   Network device support --->
[*]Network device support
<*>   Universal TUN/TAP device driver support  // This option must be enabled

openvpn ~ # cd /usr/src/linux

openvpn ~ # make && make modules_install

if you compiled any of the two options built-into the kernel, copy the new kernel to /boot and reboot!

now it is time to install openvpn

openvpn ~ # emerge -av openvpn

change to the dir with the openvpn scripts to setup the keys easily (this might be located somewhere else on your system if you are using another distro)

openvpn ~ # cd /usr/share/openvpn/easy-rsa/

we then must edit the basic parameters for the certificates. Edit the vars file and set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL parameters. don’t leave any of these parameters blank.

openvpn ~ # vi vars

Next, initialize the PKI.

openvpn ~ # source ./vars
openvpn ~ # ./clean-all
openvpn ~ # ./build-ca

now generate a certificate and private key for the server.

openvpn ~ # ./build-key-server server

As in the previous step, most parameters can be defaulted. When the common name is queried, enter “server”.

Two other queries require positive responses, “Sign the certificate? [y/n]” and “1 out of 1 certificate requests certified, commit? [y/n]“.

generating client certificates is very similar to the previous step.

./build-key client

if you would like to password-protect your client keys, substitute the build-key-pass script.
remember that for each client, make sure to type the appropriate common name when prompted, i.e. “client”, “client2″, or “client3″. always use a unique common name for each client.

Diffie Hellman parameters must be generated for the openvpn server.

openvpn ~ # ./build-dh

this is a fairly easy configuration, nearly default to openvpn’s

openvpn ~ # cat /etc/openvpn/openvpn.conf
port 1194
proto tcp
dev tun
ca /usr/share/openvpn/easy-rsa/keys/ca.crt
cert /usr/share/openvpn/easy-rsa/keys/server.crt
key /usr/share/openvpn/easy-rsa/keys/server.key
dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3

start openvpn

openvpn ~ # /etc/init.d/openvpn start

add openvpn to startup

rc-update add openvpn default

now you will also have to open ports/do NAting on your openvpn’s network’s firewall to allow traffic to it from outside.
you maybe also need to look at routing if the openvpn server is giving out IPs that the current network does not recognize.

one can also create a different config for each user connecting to the server and restrict them to certain machines on your network, but i only did a basic configuration here. if you want to do more stuff with it you can read up on it here or you can leave a comment.

so that’s that for the server configuration.
now we have to configure the client to be able to connect to the server.

you can download the openvpn client here openvpn

i created a folder on my desktop for the client configurations

C:\Users\geochi\Desktop\OpenVPN\client.ovpn
client
dev tun
proto tcp
# change this to your servers ip or hostname

remote some.hostname 1194
resolv-retry infinite
nobind

persist-key
persist-tun

ca ca.crt
cert client.crt
key client.key

comp-lzo
verb 3

copy the following files from the openvpn server to your windows machine

cd C:\Users\geochi\Desktop\OpenVPN\
C:\Users\geochi\Desktop\OpenVPN\> dir
ca.crt
client.crt
client.key
client.ovpn

then you can now right click on the client.ovpn and click “Start OpenVPN on this config file”
if you are having trouble connecting to it, have a look at your firewall settings on your desktop/router/firewall you may have.

ZaCon09 – Getting Punched in the Face – Nick Arvanitis from ZaCon on Vimeo.

i must say, i missed playing games such as balder’s gate, neverwinter nights and so forth and have not played them in yeeeears. then recently bioware released a game called dragon age. to be honest i never followed it during the making of it. then when it got released some people were going on about it and i was curious as to how it was.
so last night i decided to buy it and try it out for myself. let’s just say as i write this blog i want to be playing it more now! i have probably played about 7 hours of it and am loving it!

you get to choose only from 3 classes and 3 races but each race and class has their own beginning story line i am guessing. i am playing an elf mage right now. and to me it seems as though if i chose one of the other classes i would not have been doing the things my mage would be doing. i am trying not to spoil the story or anything but i will try my best not to!

the story line so far is awesome, keeps you very much wanting to play to be knowing what’s going to happen next! the graphics are amazing and the character details are life like in the sense you can customize the face, hair and everything to your liking.
the game play is just like your old baldur’s gate type where you can pause the game and plan your moves according to the situation. the movement is a little bit different where you can either use the mouse to click or you can use the keyboard to run around. what makes it stand out apart from baldur’s gate and neverwinter nights is, using the keyboard makes you feels like you are part of the battles and not just sitting back. you could even not use the pause button and fight in real-time. that makes it much much more challenging!

but yeah, this is probably such a crap little review of the game, haha, i shouldn’t become a reviewer of anything i guess.

this tutorial explains how you would split your international and local traffic across 2 adsl accounts on 1 line.

i currently have a 3GB account for international and a 10GB local for local.

i am running my firewall/router at home on debian so your installation process will be different if you are using anything else other than debain or ubuntu.

firstly you need to install the ppp software.

apt-get install ppp ppp-dev

next we need to edit the configuration files to add the international and local accounts.

vi /etc/ppp/pap-secrets

in this file you will add your 2 accounts

“username@isp1″ * “password1″

“username@isp2″ * “password2″

then we need to create the 2 ppp files

cd /etc/ppp/peers

cp provider dsl-isp1-3GB

cp provider dsl-isp2-10GB

then we edit those files to add the username

vi dsl-isp1-3GB

user “username@isp1″

vi dsl-isp2-10GB

user “username@isp2″

now we can start up the accounts

pppd call dsl-isp1-3GB

pppd call dsl isp2-10GB

now because both accounts create it’s own default gateways over the devices, e.g ppp0 and ppp1 we have to just give 1 default gateway

route del default gw 0.0.0.0 dev ppp1

now you have 2 network interfaces called ppp0 and ppp1. the next step is to add the local routes to the routing table. i got the list somewhere and just added  it to a .txt file. so it looked something like this

cat /opt/scripts/routes.local.txt

…
17.255.248.0/23
32.106.152.0/24
32.106.153.0/24
32.107.9.0/24
32.238.152.0/24
32.238.153.0/24
32.239.182.0/24
…

then i created a bash script.

vi /opt/scripts/routes.local.sh

while read i; do route add -net $i dev ppp1 ; done < /opt/scripts/routes.local.txt

and then execute the script

sh /opt/scripts/routes.local.sh

you should now have all your local traffic passing through the ppp1 interface which is your local adsl account.