I was a bit afraid that getting an UMTS USB stick to work under Linux would be an impossible task. Turns out to be reasonably simple. These notes are for a Huawei K4505 HSPA+ USB stick, as provided by Proximus (Vodaphone group).
Archive for the ‘Networking & Security’ Category
As already introduced in a previous post, OpenPGP keys have different uses. These uses are: certify other keys, sign data, encrypt communications or storage and authentication. To maximize security, I already have a master key which I only use to certify other keys, but the key flags don’t enforce this.
Socat is the swiss army knife of networking. Getting it installed on dd-wrt took me some trail and error to find a compatible version. Thisfrom OpenWRT seems to work, and requires the libssl and libcrypto library (which I already have installed).
As a follow up on my previous article with the WRT320N, here’s my journey for the WRT610N revision 2 (which is very similar, but has two radio’s).
I again used the, openvpn has its own . There are, however, several dependencies:
- libssl.so.0.9.8 and libcrypto.so.0.9.8 from
- liblzo2.so.2.0.0 (and symlinks) from
I already had libcrypto installed, so I only needed 713kB of free space.
Setup was fairly straightforward. Just make sure to do all heavy calculations on your desktop computer (i.e. generating keys). I installed the CA and host certificate into /jffs/etc/ssl, and added my openvpn-specific config files into /jffs/etc/openvpn. I did rewrite the verify-cn script from perl to bash, since dd-wrt doesn’t come with perl.
Next, I wrote a very simple wanup script to get openvpn (re)started at the appropriate time:
# openvpn.wanup if [ -e /tmp/openvpn.pid ] ; then kill -HUP `cat /tmp/openvpn.pid` else /jffs/sbin/openvpn --cd /jffs/etc/openvpn --config server.conf --daemon --log /tmp/openvpn.log --writepid /tmp/openvpn.pid fi
Obviously: don’t forget to add the corresponding configuration to the firewall.
As mentioned before, when switching to IPv6 (or more realistically, to dual stack) one of the things that might not work out of the box is VPNs. I decided to put some effort in it to get it to work anyway.
Together with most of the , we tested IPv6 on World IPv6 day last week. I won’t go into details on what IPv6 is and why it’s important. Although IPv6 has been tested intensely in isolated networks, this is the first time it was tested on such a large scale. Technically, the participants would just add AAAA-records for their websites to DNS. This small change causes a huge effect. Since most browsers are configured to prefer IPv6 AAAA-records over IPv4 A-records, this causes all IPv6-connected users to suddenly connect over IPv6 instead of IPv4.
For the most part, this major changeover happened without as much of a hitch. In fact, if I hadn’t known it was World IPv6 day, I wouldn’t have noticed anything. But I’m not a normal web-user, so I did notice some issues.
The new installs of Belgacom’s DSL internet connection are actually fairly descend. They provide a “b-box 2” which provides 2 wired 10/100base-T ports and an 802.11g access point. It consumes 10.1W of power once booted (21VA with a cosφ of .47, measured with 241Vac), which costs around €22/year at the current prices. The box has a built-in router which performs the PPPoE connection and does the NAT. While this setup is perfectly fine for a regular setup, obviously I wanted something more…
I regularly watch log files in real time using the highly appreciated tail -f command. But I usually find myself manually inserting newlines to give a visual clue of which log-lines happened together. Obviously the timestamps in the lines tell you the full story, but it’s not that visually appealing.
I assume I don’t have to introduce the concept of spam. Fighting spam can be done on different levels. A first line of defense is the mail server receiving them. There are several checks it can perform. Here is my configuration of Postfix.