- Download Fedora LXDE Spin
- Create a new VM and point it at the Fedora iso
- Run the VM and install Fedora to the hard drive
- Remove the iso from the VM
- 'visudo' and add the following: 'paul ALL=(ALL) NOPASSWD: ALL'
- 'sudo yum update'
- Ensure there is an optical disk attached to the VM: create if not
- Install Guest Additions Virtual Drive: Devices-> Install Guest Additions
- 'yum install dkms gcc kernel-devel'
- 'cd /run/media/paul/VBOXADDITIONS*'
- 'sudo ./VBoxLiuxAdditions'
- 'sudo usermod -g vboxsf paul'
- 'sudo mount -t vboxsf Temp ~/share'
Tuesday, December 26, 2017
Installing a Fedora Guest VM
Sunday, December 10, 2017
Installing Lego Mindstorms NXT 1.0 on Windows 10
See here for excellent instructions.
- From the installation CD search for all msi files and install:
- Mindstorms.msi
- MinstormsEng.msi
- Ensure English resource files are installed in the correct location (could be installed on D:) and move to C:\Program Files (x86)\LEGO Software\ if not
- Install driver from here. Note that cab file may have to be manually moved from zip file to temp file during the installation process
- Install updated driver from here. (not sure step 3 is also required. However...)
- Run...
Sunday, October 08, 2017
Installing OpenVPN
Based on OpenVPN 2.4.0. On a Raspberry Pi...
sudo apt-get install openvpn openssl easy-rsa
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 8.8.8.8"
user nobody
group nogroup
And the following firewall rule is required to ensure that all traffic initiated from clients will be masqueraded as traffic outgoing from wlan0 (change this to the appropriate interface!):
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0-j MASQUERADE
Installing iptables-persistent can make the firewall rules persistent:
sudo apt-get install iptables-persistent
They are configured with:
iptables-save >/etc/iptables/rules.v4
or better:
dpkg-reconfigure iptables-persistent
It is also necessary to enable IP forwarding by un-commenting net.ipv4.ip_forwarpv4.ip_forward=1 in /etc/sysctl.conf and running sudo sysctl -p
sudo apt-get install openvpn openssl easy-rsa
sudo cp -r /usr/share/easy-rsa /etc/openvpn
Update the file /etc/openvpn/easy-rsa/vars:
export EASY_RSA="/etc/openvpn/easy-rsa"
export KEY_SIZE=2048
Create Certificates
These should be built into the /etc/openvpn/easy-rsa/keys directory
cd /etc/openvpn/easy-rsa
sudo su
source vars
ln -s openssl-1.0.0.cnf openssl.conf
./clean-all
# build CA cert
./build-ca OpenVPN
# build server key files
./build-key-server server
# build client key files
./build-key client1
./build-key client2
# build Diffie-Hellman key exchange
./build-dh
# static Pre-Shared Key PSK
openvpn --genkey --secret ta.key
Create Server Configuration File
A default version can be found in /usr/share/doc/openvpn/examples/sample-config-files. Should be named /etc/openvpn/openvpn.conf. However, this is all that is required:
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keysca.crt
cert /etc/openvpn/easy-rsa/keysserver.crt
key /etc/openvpn/easy-rsa/keysserver.key
dh /etc/openvpn/easy-rsa/keysdh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher AES-128-CBC
tls-auth /etc/openvpn/easy-rsa/keysta.key 0
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn
verb 3
explicit-exit-notify 1
Create Client Configuration File
This is all that is required:
client
dev tun
proto udp
remote 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
Routing all Client Traffic Through VPN
To route all traffic through the VPN, the following is added to /etc/openvpn/openvpn.conf:push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 8.8.8.8"
user nobody
group nogroup
And the following firewall rule is required to ensure that all traffic initiated from clients will be masqueraded as traffic outgoing from wlan0 (change this to the appropriate interface!):
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0-j MASQUERADE
Installing iptables-persistent can make the firewall rules persistent:
sudo apt-get install iptables-persistent
They are configured with:
iptables-save >/etc/iptables/rules.v4
or better:
dpkg-reconfigure iptables-persistent
To list the NAT tables:
iptables -t nat -vL
It is also necessary to enable IP forwarding by un-commenting net.ipv4.ip_forwarpv4.ip_forward=1 in /etc/sysctl.conf and running sudo sysctl -p
Subscribe to:
Posts (Atom)