The Importance of VPN Tunnels

DEF CON was this past weekend, and in usual fashion, the staff of the convention had projected onto a screen the “Wall of Sheep”: a list of usernames and obfuscated passwords that were transmitted in the clear on the convention’s wireless network. As DEF CON has doubtlessly the most hostile wireless network ever seen, ensuring that all transmissions are conducted in a secure fashion is paramount at this particular convention.

With the proliferation of publicly accessible wireless networks, one must be certain to use caution when checking things such as email. Some email providers have SSL enabled, so that solves that problem, but what about unencrypted web page logins, like forums? How does one secure these?

My solution to secure all traffic uses OpenVPN, a freely available VPN solution that works on pretty much any operating system. I won’t go into excessive detail in this post, but it is actually fairly easy to set up. My first brush with it was when I ran IPCop on my router machine. The OpenVPN add-on for IPCop, ZERINA, generates configuration bundle zip files that make connecting simple. Setting up one from scratch isn’t much more difficult, but it can be time-consuming to set up properly.

OpenVPN works great for a temporary tunnel, but for something more permanent, IPsec is a better choice as it requires less CPU overhead. The configuration of IPsec is beyond the scope of this post, however.

I’ll write a follow-up to this in the next few days explaining my setup, but for now know that if you’re going to be using an open, unencrypted wireless network, be aware that passing cleartext passwords can be a very perilous mistake.

eeeRouter Online!

Well, I had pfSense working for a wired interface, but once I enabled the wireless interface and a client connected to it, the machine hardlocked. I am not one to be defeated by technology, so I dug out my IPCop install disc and attempted to load that on instead. Sadly IPCop 1.4 does not have support in the installer for the wired connection, so I gave the new beta a try. It works! I had to give the proper INIT string for the aircard and find a working version of WLAN-AP, but once all that was done, I was able to connect both wirelessly and wired.

I am all set to go for the not so distant future!

Netbooks as Routers

In my last post I talked about building an alternative to Cradlepoint’s routers, and as I’ve decided to use my Dell Mini 10v for my “carry” netbook, I’m looking at what to turn my Eee PC 901 into.

The most obvious choice I’m seeing is loading pfSense on it and using it as a prototype for the embedded router project. It meets the criteria for it: USB ports, a single ethernet port, and a supported wireless card. Having a keyboard and screen is a good benefit for configuring the interfaces.

This will make the transition to the embedded setup easier once I get the pieces for that as the netbook has the same concept as the embedded board, just with more RAM and a faster CPU. One other major boon is a battery for a rudimentary UPS. The 6-cell battery included with the Eee PC 901 offers about 6 hours of run time.

This all hinges on my aircard being supported by the current pfSense 2.0 betas. If it’s not, well, I’ll need to do manual configuration with FreeBSD 8.1-RELEASE. Either way, it should be quite fun!

Building a Better Cradlepoint

A random search of “T-Mobile Rocket Linux” on Google retrieved a post showing how to make the T-Mobile webConnnect Rocket Stick HSPA+ device work in Linux. This is relevant because as of June 17, the Atlanta metro area has HSPA+.

In my adventures with embedded computing, I’ve come across the PC Engines ALIX boards. These are slightly less expensive than Soekris’ and similarly capable. Their alix2d13 board has 3 LAN ports and 2 USB ports. pfSense 2.0 is currently in beta, and as it is based on FreeBSD 8-RELENG (future 8.1), it should have support for my UMG-181.

The article on making the Rocket Stick work in Linux showed its device ID: its device ID also exists in /src/sys/dev/usb/serial/u3g.c in FreeBSD 8-STABLE. As development on FreeBSD 8.1 continues, it may indeed be functional when 8.1-RELEASE is out.

Needless to say, I put a plan together. An alix2d13 equipped with a wireless card, loaded with pfSense 2.0 or similar, and paired with a USB aircard is the same concept of Cradlepoint’s WWAN routers. It also has the flexibility and extensibility of pfSense and the bonus of being open-source.

From the looks of things, the whole setup will run just under $200. I should be able to squeak this into my budget later on this year, maybe.

My tests of T-Mobile’s upgraded network with my UMG-181 have produced results as high as 4Mbps. My home DSL connection is 6Mbps for comparison. I do believe that I will have sufficiently fast access at this year’s hamfests and at conventions for sure. Now to implement this new project.

The Netbook OS Shuffle, Part the Second!

In the end, the lack of xorgcfg and the seeming lack of documentation on writing a proper xorg.conf file led me to install Ubuntu Netbook Edition on the Eee. Works like a champ.

Need to get a touchscreen installed now!

The Netbook OS Shuffle!

I’ve been doing some work on my Eee PC lately trying to decide which OS to load on it. I had Windows on it for a while and that worked, then I set it aside when I got the Dell Mini 10v and Hackintoshed it. I was going to set the Eee up for one of my parents, but decided that the larger screen and keys on the Mini 10v would be better for them. So I’ve got that as an ongoing to-do project.

My initial idea was to run FreeBSD on my Eee. I ran into a snag when I realized that FreeBSD’s ACPI support isn’t as mature as Linux’s; therefore, I couldn’t hibernate the system. I grew addicted to hibernate on my old Vostro 1400, and it was a serious boon for productivity on trips and during work days. It’s not been as big an issue on my Macbook Pro as its battery life is far superior to the Vostro’s, though.

I had a working X-less FreeBSD install going, and it was time to get X working. Sadly, I was stymied by a lack of documentation on how to get the Eee’s trackpad working in X. Turns out it involves using moused, but I decided in the end that that was a pain, so I tried PC-BSD. It worked, but KDE is fairly slow, and I didn’t relish the thought of using it. The next try was Gentoo, but I’ve not compiled the Linux kernel in a very long time, and I was unable to find a canned config for the latest version of the kernel, so I decided to try FreeBSD once more. The installer failed to download part of the OS, so I was going to try Gentoo once more.

Then as I sat staring at the kernel configuration menu, I looked at the Arch Linux wiki’s article on the Eee 901. After reading Arch’s “Who We Are” blurb, I decided to give it a whirl.

I’m impressed, to say the least. My long-time bias against running a Linux laptop is the userland interface to netfilter, iptables. It goes without saying that iptables is complicated, and while I consider myself a knowledgable person, the fact that it takes 94 lines to do in iptables what took me just under a dozen to do in pf (OpenBSD’s firewall, which has been ported to the other BSDs) really doesn’t set well with me. Fortunately, some sanity has been brought forth. Ubuntu ships with something called ufw, or Uncomplicated Firewall, and its syntax is quite similar to PF’s. Finding ufw in Arch’s respositories further cemented my use of it.

Getting X installed took a scant 5 minutes as opposed to two hours for Gentoo, and installing the base system was very quick. All this using Arch’s cleverly-named package manager “pacman” (how Namco doesn’t sue them I’ll never know). A proper resolutioned framebuffer console with the stock kernel was a nice touch as well.

Tonight’s plot involves getting other software installed then deciding which window manager to use. My “go to” one for years has been WindowMaker, but for a desktop environment I prefer XFCE or GNOME. The new paradigm of tiled window managers is quite interesting, so we shall see.

I’m just glad I have a hard drive in this machine for all this randomness of installing. I will ultimately set up a large-capacity fast SSD in it, but for now, the hard drive works fine. Now to get all the bluetooth/aircard dialing set up. This will be fun stuff indeed!

Home Network Rearranging

With the last of /home dealt with, I will be powering tsuki down tonight to prep for a rebuild. In my locating its drives the other day, I noticed that I have a spare 160GB IDE drive. That will make a perfect start for it. Additionally, the 250W power supply that’s in the 2U case already should suffice for the system since it’s not going to be using an overpowered video card. So that’s two items down in the setup.

Rebuilding tsuki in the 2U case will be the first step in rearranging and rebuilding my network to a point past its former zenith. The next step is moving the printer and my mother’s computer out of the computer room into the kitchen. The second step is probably more important as it will clear up a rather large amount of desk space for me to move my desktop to a temporary location as I continue to clean up the computer room in preparation for the rack.

Once enough room has been cleared out for the rack, I’ll roll it in and start putting hardware in it. The first things to go in are the rackmount switch and tsuki, then once I get a large enough shelf, my desktop. Putting my desktop in the rack will allow me to return to my old computer desk after being away from it for almost 8 years. My crazy idea back in ’02 to switch my old desktop to a server pulled me away from it, but soon I will be back in front of it. I rather liked that desk, and the router Mac is sitting in its computer spot.

I have a few other machines that will need rackmounting, so I’ll be picking up more shelves for them. Pictures will definitely be posted once this is all set up.

And once the initial transfer is done, I get to start pricing even more equipment to get the remaining machines set up how I want them. Should be quite the fun project!

Privilege Escalation

Old, but had to be posted.

Old Server Online Temporarily

So I fired tsuki up tonight! The 200GB drive I had for my home directory is toast, but the 60GB that was the primary drive still yet lives, and its MySQL database with it! There’s a fairly large amount of data on it that belongs to people, so if you had an account there, let me know and I’ll reset your password. You’ll have to use ssh/sftp/scp to connect to it though as I’m not poking holes in for FTP just yet.

I’ll leave it up and running for a bit as it’s a terribly old install of FreeBSD and I want to work on getting things set in motion to get the board in a new case with new drives and such. If anyone needs data burned off and mailed to them, I can do that as well.

The major reason I did this was to get the old WordPress database out of it so I could import the 2005 posts from it into here so this blog goes back to its true beginning. A nice ancillary to it was discovering that my old social linkshell’s website still was on there and worked. I need to see how easy it is to move it off there since there’s a lot of very old memories there.

This is really exciting in a way! I forgot how much stuff I had on that machine, and a lot of it needs a good home.

The Convention Conundrum

Here’s a scenario: you’ve found a {convention|hamfest|trade show|conference} you want to attend, have a hotel picked out, and have your method of transportation picked out. What you don’t know, though, is if you want to leave out Sunday evening or Monday morning. This was the scenario I ended up with in 2005 when it was decided that my group was going to get a room for Anime Weekend Atlanta.

I made reservations at the Renaissance Waverly earlier in the year and decided to go from Thursday to Sunday in my naïveté. As we rushed to exit the room Sunday morning, I decided that next year I would reserve from Thursday to Monday. I think that the tremendous crowd at the front desk Sunday morning was enough to dissuade me from booking for Sunday departure the next year. Furthermore, the rush to exit conspace to take a friend to the airport to catch his flight home wasn’t fun either.

I do a small amount of travel for my job, attending hamfests throughout the Southeast. In every case, we’re checking out of the hotel early Sunday morning to work the day and go home. This is to streamline the “putting the store back together” process.

In 2008, I went to three out-of-down conventions: Anime Boston, A-Kon, and Otakon. In each of these, I chose to fly home on Sunday. At AB and Otakon, I had access to public transit, so getting home wasn’t too big of a deal. At A-Kon, I had to rely on a longtime friend of mine to get me around. Fortunately, we decided after checking out that the con wasn’t worth staying at, so we dropped his wife off at their house then went and hung out for a bit before I departed.

All in all, I’ve determined over the past few years that whenever it’s feasible financially to stay over an extra day. I especially see this at AWA as I get to hang out with both my out-of-town friends and local friends at the same time. This leads to much random awesome that usually ends up with us being up half the night. Therefore, waking up at 8 or 9 on Sunday only to rush like madmen to get out of the hotel is usually deemed a bad idea.

As September rapidly approaches and this year’s plans for AWA continue to be set in motion, I prepare myself mentally, physically, financially, and emotionally for that weekend. I will definitely relish checking out on Monday instead of Sunday this year yet again.