OpenVPN on MacOSX

July 18, 2007 at 12:39 am | Posted in Howto, Networking, VPN | Comments Off on OpenVPN on MacOSX

OSX was the final platform I had to implement our OpenVPN based solution on. For this I used Tunnelblick.

TunnelblickIt worked well and I implemented it without a hitch. Configuration is kept (as you’d expect) in ~/Library/openvpn/ and it will generate menu options for any ‘.conf’ files it sees. The presentation is similar to a WiFi connection menu and is quite intuitive overall.

The only caveat I found was that it only “sees” conf files with less than 16 characters before the ‘.conf’. ie ‘123456789abcdef.conf‘ is fine, ‘123456789abcdefg.conf‘ will mysteriously not show up in the menu.

I was especially impressed that it automatically restarts if left running when you reboot. Maybe most Mac apps do that, but I was impressed anyway. :-p

Anyway, a very beautiful piece of software that made my final implementation of OpenVPN a breeze. Here’s a peek at the configuration screen from the server.

Smart-Net VPN Client

OpenVPN GUI on Windows Vista

July 12, 2007 at 1:01 am | Posted in Howto, Networking, Vista, VPN, Windows | 58 Comments

I have spent this morning trying to get OpenVPN GUI running on Vista. Since it took a morning’s worth of research I’ll compile everything you need to know here, in case you’re stuck with the same problem.

The Symptoms…

Using openvpn-2.0.9-gui-1.0.3 (and assuming you’re running it as Administrator!) the following errors were occuring:

route ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.9
ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct.
Route addition via IPAPI failed

The Problem…

With a bit of googling, I found an explantion on http://www.nynaeve.net/?p=74 that pointed to a broken Vista API:

Previously, I had posted about a compatibility problem with Windows Vista if you used CreateIpForwardEntry to manage the IP routing table. In particular, if you call this routine on Vista with the intent to create a new route in the IP routing table, you may get an inexpicibly ERROR_BAD_ARGUMENTS error code returned.
[…snip…]
(Yes, this does suck. It is a total breaking change for anyone who did route manipulation on OS’s prior to Vista, until you patch your programs out in the field. If this is unacceptable to you, I would encourage you to provide feedback to Microsoft about how this issue impacts customer experiences and your ability to deploy and use your product on Vista.)

The Solution…

Fortunately, the lastest development builds of OpenVPN have a patch for this. I successfully used openvpn-2.1_rc4 but reportedly the fix has been available since 2.1_rc2. The “OpenVPN 2.1_beta7 & OpenVPN GUI 1.0.3” development build found on the OpenVPN GUI site gave me problems installing the TAP drivers so I had to do two separate installs.

Firstly, install the stable OpenVPN GUI. (I failed to notice yesterday that rc4 of the Windows OpenVPN Installer already includes the GUI)
Secondly, install the development build of OpenVPN on top of that.
After that, everything seemed to work fine and routes were pushed from the server successfully.

NB. It’s important to remember to run OpenVPN GUI as administrator every time. I recommend you change the settings on the “C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe” binary.

301 Moved Permanently

July 11, 2007 at 1:19 am | Posted in Uncategorized | Comments Off on 301 Moved Permanently

Owing to my resignation from my current employer, I have moved this blog from the previous (employer-provided) hosting to the venerable wordpress.com. At the expense of customization and control, I now have a site where everything will be handled for me and should be able to cope with a lot more traffic. As such, please excuse any broken links etc.

Also I was inspired by this…

… as found on the Official Google Reader Blog. So we’ll see what comes…

skriptd presents: Unzipping with Windows Vista

May 6, 2007 at 2:56 am | Posted in Vista, Windows | Comments Off on skriptd presents: Unzipping with Windows Vista

One of the nice things about the folks down at Redmond is just how far they went to improve the usability of their new operating system. Whereas in XP you had to first click the “Start” button to shutdown your computer (how intuitive is that!?!), you now have that pesky function removed completely from untrained eyes – yes, that wonderful little symbol we’ve all come to understand means “Power” now simply means “Standby… sort of”.

Another of the benefits contributing to the $400USD price tag of Vista is the immensely improved security. Our new safety-conscious operating system will not try anything without first getting you – the informed user – to agree. Want to add or remove hardware? “Windows needs your permission to continue”. Installing software? “An unidentified program wants access to your computer”. Need to adjust the height of your seat? By all means, go ahead! If you want a system that makes its own decisions, look elsewhere. If you want a system that will give you the authority and respect you deserve… well… you’ll end up clicking a lot anyway.

But do you want to know where Vista really shines? It’s in the mundane. The everyday tasks that, when strung together, probably make up most of our productive time. Take for example, the relatively common experience of unzipping a compressed file. Let’s say… a 46 Mb zip file, unzipped on a 3.4 GHz Pentium D with roughly a gig of RAM.

I mean… why do they even have the progress bar?

A picture paints a thousand words, so here’s 18000 frames x 1000 words = an 18 million word video essay on usability. (Full video, 41Mb). NB: You may need this codec to view the AVI.

Or, a slightly fuzzy version:

Flash CodeIgniter Plugin

February 15, 2007 at 10:51 am | Posted in Code Igniter, Web 2.0 | 16 Comments

I have finally released my “flash” plugin for CodeIgniter. It is intended to provide similar functionality to the flash helper for ruby on rails – basically providing a simple way to give your users feedback from your controller. It is very simple to use with only two functions, get_flash(array options) and set_flash(string message, array options).

It is highly flexible and supports autofading and all sorts of clever things! By default, it uses script.aculo.us – however, this is configurable. Check out the demo here. [Sorry folks, no demo at the moment]

Download:

flash_pi.php – v 0.95 – 5.11k [Link updated – 06/04/09]

Installation:

Simply remove the .txt extension, put it in your “system/plugins/” directory and you’re done!

Usage: (also see included documentation)

  1. Put $this->load->plugin('flash'); in an appropriate place (eg the constructer for your controller)
  2. In your controller put something like:
    # Create a new thingy
    function create()
    {
    $this->thingy_model->create($_POST);
    set_flash('Created a new thingy.');
    redirect('/thingy/index/');
    }
  3. In your view file put something like: get_flash()
  4. Finally, put appropriate CSS in your stylesheet. eg
    #flash {
    position: relative;
    float: right;
    border: 1px solid #FF6600;
    background: #FFCC00;
    text-align: center;
    width: 20%;
    padding: 5px;
    }

Automatic Client Configuration for OpenVPN

January 16, 2007 at 12:52 pm | Posted in Linux, Networking, VPN | Comments Off on Automatic Client Configuration for OpenVPN

Before you start…

I found OpenVPN setup to be relatively straight forward. It’s assisted hugely by some good documentation, notably http://openvpn.net/faq.html and http://openvpn.net/howto.html. I am running openvpn 2.0.7 from an RHEL4 based RPM. Configuration directory is /etc/openvpn/. Server config is as follows:

port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret
dh keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3

The idea with the automated configuration is that it will install the openVPN RPMs on the client for you, setup the client certificates and configure the client.

SSH with public key auth

The key to making this a seamless install/setup is to have a secure key based ssh connection to your target VPN client. I may post a quick tutorial on how to set this up some other time. The script assumes that you are working as root and have root access on the remote client.

The script

The latest version of the script can be found here [Right-click->Save Link As…] or at the downloads page. At the time of writing, it is purely interactive but I anticipate a need for a “batch” one eventually. It was written specifically for the setup I had to deal with but future updates should make it more flexible.

The Flow of the Web

January 10, 2007 at 12:09 pm | Posted in Networking, Web 2.0 | Comments Off on The Flow of the Web

This comes from a recent presentation I gave on Advances in Web Development. It is a visual overview of how the Web communicates, tying the simplest processes to the latest advances in “AJAX”. The intention is not an historical overview, but more of a logical one.

In the beginning…
The original world wide web was designed for static content. HTML files sat on servers, ready to be downloaded and rendered by your favourite browser. The content was heavily intermixed with the layout, making it an onerous task to change either. Files were transferred via HTTP and everything was designed for slow connections and very limited graphical abilities.

Basic Web

The next steps…
The next advances in complexity came in CGI. This enabled HTML to be dynamically generated by the server when a page was requested, potentially based on data passed by the requester. Now the content and layout was both flexible and scripted, increasing the ease of development for large sites. Modern CGI languages include PHP, Ruby (on Rails), Perl, ASP and others.

From the browser’s point of view, CSS and javascript were introduced. This allowed the separation of layout from content by putting it in a separate specification. CSS gave greater control of the look and feel of a site and made layouts independent of pages thus achieving reusability.

Javascript gave the user a way to interact with the page, altering the content and layout depending on client-side input. Form verification and DHTML were easily implemented using the browser’s scripting language. However, there was still largely a “page based” fetch-submit-fetch mentality.

Modern Web

Web 2.0…
Web 2.0 (and I use the term, like most, very loosely here) is AJAX driven. Strictly, AJAX is Asynchronous Javascript And XML – but it is often used to refer to the process of asynchronous javascript. This adds the very useful ability to communicate data back and forth with the server without having to fetch a whole new page. This gives pages a very dynamic feel to them and can add immense power to a site’s design.

The core functionality of this asynchronous communication is provided by a javascript object: XMLHttpRequest. The code required to implement the communication and subsequent “inline” updates is simple enough, but rather laborious to maintain. In practice, most work is done by a framework that provides a higher level API with which to develop. Ruby on Rails, Symphony, script.aculo.us are just a few examples of frameworks at one level or another.

Ajax web

Finally…
Here we have a brief look at how the flow of data across the web has evolved. Where we move from here is anyone’s guess, but I think it is safe to say that the design will always be catching up to the way we use it. As we extend and popularize certain functionality, we begin to push the limits of what that functionality was designed to do – and so the web evolves!

Create a free website or blog at WordPress.com.
Entries and comments feeds.