Nice aggressive marketing!!!
Ryanair rocks! Go on ryanair.com, select italian language and…enjoy!!!
alitaGlia
1 Reply
Monthly Archives: July 2008
How to OpenVPN over Proxy
Sometimes there are places where is impossible to reach to internet without pass through a proxy. Using proxy is problematic because usually is impossible to read mail or use chat, irc and any application which work on a port different from 80 or 443.
This how to should work on most of the cases, unless the proxy policy is too restrictive.
Basically, the idea is to use the main connections to all the application which support proxy and are simple to configure and a customized route only for services that can’t pass thought a proxy.
Server
Openvpn uses default port 1194 (TCP or UDP), to pass over a proxy you must use the 443 port. I suggest to leave default openvpn port and apply a prerouting rule on iptables which map the 443 port on 1194:
iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 443 -j DNAT --to-destination 192.168.10.127:1194
Let’s start to configure openvpn service.
First of all you must read this official howto section to understand how to generate certificate (there are a lot of scripts and sample configuratino files shipped with openvpn package); you can also modify and use my configuration file.
Here my server configuration file:
mode server
local 192.168.10.127
;port 443
proto tcp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret
dh keys/dh2048.pem
server 10.8.0.0 255.255.255.0
push "route 192.168.10.0 255.255.255.0"
keepalive 10 120
tls-auth keys/ta.key 0 # This file is secret
cipher AES-128-CBC # AES
comp-lzo
user nobody
group nobody
persist-key
persist-tun
verb 5
mute 20
I stored my certificates into /etc/openvpn/keys and my openvpn configuration file into /etc/openvpn.
I want to spend just few words about network configuration:
- 192.168.10.0/24 is my home network (192.168.10.127 is my server network address)
- 192.168.x.x/x is network I’m connected with client
- 10.8.0.0/24 is the tunnel network
Client
Here a basic configuration (you can find a well explained file into sample configuration openvpn files):
client
dev tun
proto tcp-client
remote public_ip_address 443 #Public ip address of your home network
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-128-CBC
ca "/etc/openvpn/keys/home/ca.crt"
cert "/etc/openvpn/keys/home/client1.crt"
key "/etc/openvpn/keys/home/client1.key"
tls-auth "/etc/openvpn/keys/home/ta.key" 1
comp-lzo
verb 5
http-proxy proxy.ras 80 passwd_file basic
#http-proxy-retry
http-proxy-option AGENT Mozilla/5.0+(Windows;+U;+Windows+NT+5.0;+en-GB;+rv:1.7.6)+Gecko/20050226+Firefox/1.0.1
I will not explain about keys and certificates here because openvpn how to give you a good explanation about it.
If your proxy need authentication, you must put proxy username and proxy password into your passwd_file, respectly on first and second line.
Now, you can start openvpn on server (service start openvpn).
Then you have to start openvpn on client. If you pass through a proxy, services can return you a FAILED, in this case, you should check /var/log/messages to get information about it.
If you got something like:
Initialization Sequence Completed
the tunnel is started. To verify that it work, just try to ping other tunnel part.
Natting and fowarding
Now is necessary to enable NAT and forward on your openvpn server, to allow certain flows, forwarded througt your vpn can reach internet by passing on your home router.
Just apply this few rules:
/bin/echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
now the server configuration is done.
Now we have to create static routes:
route add -host ip_you_want_to_staticize gw your_vpn_tunnel_address
for example: jabber, you have to retrieve your jabber server ip address, and insert into route command.as “ip_you_want_to_staticize”.
If you don’t have a dns into your subnet, to maintain transparency in applications, is better to use /etc/hosts to map every ip address to his name.
I’m using vpn only for jabber and email, I want to use also mugshot but it doesn’t work…dunno why.
Thanks to Kiwi to help me.
This post is under construction…so If you have suggestion or any issue to propose me, don’t hesitate to tell me.
What about symbolic?
It’s a long time I’m not writing about symbolic project.
Right now I’m not working on it (and on func :-/), because I’m on another -boring- project which take all my time.Marco Mornati opened a blog to continue a set of articles around symbolic.
Stay tuned, because a new symbolic release is coming soon 
security holes
This XKCD strip is…simply…fantastic!!
bye bye Facebook
Yes. I did it.
Hi Luca,We have deleted your profile information and removed your email address from our login database. Let me know if you have further questions.
Thanks for contacting Facebook,
Audrina
User Operations
You can’t delete your Facebook account without sending a precise email to privacy@facebook.com, using the settings panel, you can only disable your account (so your contact network continue to work).
The reason to this decision is similar to some time ago, when I deleted my Gmail account. It was a difficult decision because, I admit. Gmail is the best email interface/provider never created: fast, simple, usable, etc..
Facebook is an useless (read “you can stay without it”; IMHO without mail is a bit hard) social networking to keep in touch with your friends (this is the useful part), but with a lot of application like “how hot are you?”, “what $adjective are you?”, “bla bla bla bla”…
IMHO Facebook is becaming too much invasive in my life, although you can set privacy policy, I don’t trust it.
I know…I’m a bit paranoid 
About social networking, I’ll keep my linkedin profile, which is less general and with precise purposes.
Quick and dirty Backup
After a long time I publish my backup (ultra sophisticated) technology 
I have a 80 Gb USB external hard drive and I want to copy everything inside my home directory (files, directory, hidden files, and so on), so I started using unison but it didn’t permit to exclude directories.
IMPORTANT:You MUST stay on your ~.
[lfoppiano@sboing ~]$ rsync -av --delete --exclude='Videos/*' --exclude='Music/*' --delete-excluded --progress . /media/Backup/sboing/home/lfoppiano/
My Hard drive directory is divided as /media/backup/host/directory/whatever/subwhatever
If you have suggestion, tell me, if will be useful I will update this post
WTF! I need a new web browser!!!!
Today my computer’s browsers played thermonuclear war. I’m frustrating!
Firefox 3
Firefox is the most famous web browser on Linux system. IMHO is almost too weight and too much unstable. Mozilla Foundation seems Ubuntu: great and effective marketing (made by a company) but poor development. It’s a great vaporware.
I got any type of problems with Firefox 3 on my Fedora 9 (my user configuration files was upgraded from Firefox 2):
- 100% cpu occupation on grails.org (resolved simply deleting ~/.mozilla. but, WTF why I have to lost all my bookmarks to resolve this problem?) — Update: watch at the bottom.
- sporadic crashes
- proxy problems (Firefox doesn’t read any information about user/password for authenticated proxies.
Epiphany
Although epiphany uses the same engine (Geko) it results more faster and responsive when do GUI operation and during rendering. Unfortunately epiphany lacks in features, like session saver, searching inside address bar (I found it only in Firefox 3) and several useful of plugins (for example mugshot). There are also some behaviours that i can’t change, for example I can’t disable the messages which appear when connection switch from https to http (I did also a quick search into configuration editor, but…nothing).
Opera
It’s a closed software, but I tried anyway. First step I tried to set proxy. OMG WTF! No possibility to use the flag “Use this proxy for all protocols”…boring!!! After 2 minutes I removed it.
Konqueror
I’m a GNOME user…Konqueror is poorly integrated into GNOME and I can’t use with GNOME composite manager. Removed!
Midori
Nice idea, a lightweight web browser with WebKit engine. Completely unstable.
Kazerhakase
Another webkit web browser…but is more unstable than Midori.
Any suggestion?
Update 03/11/08@14:27: Thanks to my colleague Alessandro, there is a solution to fix the problem occurred to firefox 3 when I surf on http://www.grails.org (for example). It’s a nvidia bug and not a firefox/Xorg bug. You just have to launch this command:
nvidia-settings -a InitialPixmapPlacement=0 -a GlyphCache=1
Dejavu
Happy Birthday LOLUG!!
Happy birthday LOLUG.
Exactly one year ago, me and other six people, founded LOLUG association: Me, Francesco Crippa, Matteo Castellini, Samuele Farfarini, Davide Cerri, Andrea Tasso and Martina scarabelli.
What happens during this long year? We organize and partecipate to various events:
- Linux Day 2007
- Two meetings on “Networking for dummies”
- Fedora By night
- Participation to Liberamente event
- Fedora 9 Release Party
In one year we grew our members number from 7 to 14.
We also start a project: “Linux Information” (called PiLLO), each Thurdsay we are available to answer questions and issues about Linux and FOSS world.
Tonight we will do a party to celebrate LOLUG birthday!
I have some ideas about some future events..so…stay tuned!!
