Long-term Memory

Author Archive

Flight log 2011-10-15

After way to long, I finally found some time/weather combination to fly again. I’m a little embarrassed it took so long…

Of course, all my batteries were fairly dead. The glow heater was completely gone (0V), but was still usable after charging. My starter-battery was dead beyond repair. The LiPo’s of the miniTitan were is fairly good shape after more than a year in the fridge: 3/4th charged.

Before the flights, I upgrade my CastleLink software to version 3.40.0, and upgraded the ESC firmware to 3.27 along with these (PDF) new settings.
Continue reading ‘Flight log 2011-10-15’ »

Posted by Niobos on 2011-10-16 at 11:46 under RCheli.
Tags: checkup, logbook, maintenance, miniTitan, raptor
Comment on this post.

Adding OpenVPN to dd-wrt mini

As described before, I chose to use the mini-build of dd-wrt on my Linksys WRT320N. Since I wanted OpenVPN support, I needed to add it myself.

Installing

I again used the openwrt modules, openvpn has its own package. There are, however, several dependencies:

libssl.so.0.9.8 and libcrypto.so.0.9.8 from libopenssl
liblzo2.so.2.0.0 (and symlinks) from liblzo

I already had libcrypto installed, so I only needed 713kB of free space.

Configuring

Setup was fairly straightforward. Just make sure to do all heavy calculations on your desktop computer (i.e. generating keys). I installed the CA and host certificate into /jffs/etc/ssl, and added my openvpn-specific config files into /jffs/etc/openvpn. I did rewrite the verify-cn script from perl to bash, since dd-wrt doesn’t come with perl.

Next, I wrote a very simple wanup script to get openvpn (re)started at the appropriate time:

# openvpn.wanup
if [ -e /tmp/openvpn.pid ] ; then
    kill -HUP `cat /tmp/openvpn.pid`
else
    /jffs/sbin/openvpn --cd /jffs/etc/openvpn --config server.conf --daemon --log /tmp/openvpn.log --writepid /tmp/openvpn.pid
fi

Obviously: don’t forget to add the corresponding configuration to the firewall.

Posted by Niobos on 2011-08-30 at 19:18 under Networking & Security.
Tags: dd-wrt, OpenVPN, VPN
Comment on this post.

Configuring OpenVPN to support IPv6

As mentioned before, when switching to IPv6 (or more realistically, to dual stack) one of the things that might not work out of the box is VPNs. I decided to put some effort in it to get it to work anyway.

Continue reading ‘Configuring OpenVPN to support IPv6’ »

Posted by Niobos on 2011-06-27 at 10:50 under Networking & Security.
Tags: IPv6, linux, MacOSX, OpenVPN, VPN, Windows
Comment on this post.

World IPv6 day – lessons learned

Together with most of the internet, we tested IPv6 on World IPv6 day last week. I won’t go into details on what IPv6 is and why it’s important. Although IPv6 has been tested intensely in isolated networks, this is the first time it was tested on such a large scale. Technically, the participants would just add AAAA-records for their websites to DNS. This small change causes a huge effect. Since most browsers are configured to prefer IPv6 AAAA-records over IPv4 A-records, this causes all IPv6-connected users to suddenly connect over IPv6 instead of IPv4.

For the most part, this major changeover happened without as much of a hitch. In fact, if I hadn’t known it was World IPv6 day, I wouldn’t have noticed anything. But I’m not a normal web-user, so I did notice some issues.

Continue reading ‘World IPv6 day – lessons learned’ »

Posted by Niobos on 2011-06-14 at 14:22 under Networking & Security.
Tags: crypto, DNS, Ethernet, IPsec, IPv6, linux, MacOSX
3 Comments.

What Time Machine does not back up

I was under the illusion that a Time Machine backup would do as they claim:

You can set up Time Machine to automatically back up all your important files, including your documents, music, photos, applications, and any other items you keep on your hard disk.

I consider my iTunes authorizations important, but apparently Apple does not. Seems that these are specifically excluded from backups… Removing the “SC Info” line from the /System/Library/CoreServices/backupd.bundle/Contents/Resources/StdExclusions.plist file solved this.

I know I should have de-authorized my machine before reinstalling, and I know you can “de-authorize all” to fix this as well; but it’s pretty disturbing to see iTunes remove all your applications from your iPhone…

Posted by Niobos on 2011-05-11 at 19:25 under Uncategorized.
Tags: backup, fail, MacOSX, TimeMachine
Comment on this post.

Getting a public IPv4 address with Belgacom’s BBox-2

The new installs of Belgacom’s DSL internet connection are actually fairly descend. They provide a “b-box 2” which provides 2 wired 10/100base-T ports and an 802.11g access point. It consumes 10.1W of power once booted (21VA with a cosφ of .47, measured with 241Vac), which costs around €22/year at the current prices. The box has a built-in router which performs the PPPoE connection and does the NAT. While this setup is perfectly fine for a regular setup, obviously I wanted something more…

Continue reading ‘Getting a public IPv4 address with Belgacom’s BBox-2’ »

Posted by Niobos on 2011-04-12 at 14:43 under Networking & Security.
Tags: b-box2, dd-wrt, dsl, Ethernet
Comment on this post.

Tail-ing logfiles with visual timing

I regularly watch log files in real time using the highly appreciated tail -f command. But I usually find myself manually inserting newlines to give a visual clue of which log-lines happened together. Obviously the timestamps in the lines tell you the full story, but it’s not that visually appealing.

Continue reading ‘Tail-ing logfiles with visual timing’ »

Posted by Niobos on 2011-03-09 at 10:45 under Networking & Security.
Tags: linux, log, Perl, script
Comment on this post.

My Postfix anti-spam configuration

I assume I don’t have to introduce the concept of spam. Fighting spam can be done on different levels. A first line of defense is the mail server receiving them. There are several checks it can perform. Here is my configuration of Postfix.

Continue reading ‘My Postfix anti-spam configuration’ »

Posted by Niobos on 2011-03-08 at 20:14 under Networking & Security.
Tags: linux, mail, postfix, SMTP
2 Comments.

iPhone compatible IPsec VPN on an Ubuntu server, with LDAP authentication

To get secure access to internal networks, one usually employs one of the many variants of a VPN. When connecting from a normal computer, you can install basically whatever variant you wish. When using devices such as smartphones however, the number of supported VPN technologies is usually limited. Especially on non-open platforms such as the iDevices by Apple, you can not add VPN software yourself, contrary to the Android platform.

In this post, I’ll explain how to set up an IPsec (without L2TP) tunnel endpoint on an Ubuntu server, capable of handling an iPhone/iPad/iPod/iWhatever. The users will be authenticated against an LDAP directory.

Continue reading ‘iPhone compatible IPsec VPN on an Ubuntu server, with LDAP authentication’ »

Posted by Niobos on 2011-03-03 at 10:53 under Networking & Security.
Tags: Cisco, iPhone, IPsec, VPN
20 Comments.

Automated #include tracking with make

When programming with multiple files/modules, dependency tracking is always a big issue. GNU Make calculates the correct order to compile in, but is only that smart. It does know that if a .cpp file changes, the corresponding .o file needs to be updated. But a change in an included header can go unnoticed.

While debugging a strange problem today, it was exactly that last scenario: A change in a header file did not cause a recompile, which left me debugging an old version of the binary. So I wanted to include the dependencies of .cpp files on the included headers in my Makefile. But since I’m too lazy to do it myself, I wrote a script.

Continue reading ‘Automated #include tracking with make’ »

Posted by Niobos on 2011-01-14 at 11:19 under Uncategorized.
Tags: C, make, Makefile, programming
Comment on this post.