Tuesday, December 26, 2017

Installing a Fedora Guest VM


  • Download Fedora LXDE Spin
  • Create a new VM and point it at the Fedora iso
  • Run the VM and install Fedora to the hard drive
  • Remove the iso from the VM
  • 'visudo' and add the following: 'paul   ALL=(ALL)   NOPASSWD: ALL'
  • 'sudo yum update'
  • Ensure there is an optical disk attached to the VM: create if not
  • Install Guest Additions Virtual Drive: Devices-> Install Guest Additions
  • 'yum install dkms gcc kernel-devel'
  • 'cd /run/media/paul/VBOXADDITIONS*'
  • 'sudo ./VBoxLiuxAdditions'
  • 'sudo usermod -g vboxsf paul'
  • 'sudo mount -t vboxsf Temp ~/share'

Sunday, December 10, 2017

Installing Lego Mindstorms NXT 1.0 on Windows 10

See here for excellent instructions.

  1. From the installation CD search for all msi files and install:
    1. Mindstorms.msi
    2. MinstormsEng.msi
  2. Ensure English resource files are installed in the correct location (could be installed on D:) and move to C:\Program Files (x86)\LEGO Software\ if not
  3. Install driver from here. Note that cab file may have to be manually moved from zip file to temp file during the installation process
  4. Install updated driver from here. (not sure step 3 is also required. However...)
  5. Run...

Sunday, October 08, 2017

Installing OpenVPN

Based on OpenVPN 2.4.0. On a Raspberry Pi...

   sudo apt-get install openvpn openssl easy-rsa
   sudo cp -r /usr/share/easy-rsa /etc/openvpn

Update the file /etc/openvpn/easy-rsa/vars:

   export EASY_RSA="/etc/openvpn/easy-rsa"
   export KEY_SIZE=2048

Create Certificates

These should be built into the /etc/openvpn/easy-rsa/keys directory

   cd /etc/openvpn/easy-rsa
   sudo su
   source vars
   ln -s openssl-1.0.0.cnf openssl.conf
   ./clean-all

   # build CA cert
   ./build-ca OpenVPN

   # build server key files
   ./build-key-server server

   # build client key files
   ./build-key client1
   ./build-key client2

   # build Diffie-Hellman key exchange
   ./build-dh

   # static Pre-Shared Key PSK
   openvpn --genkey --secret ta.key

Create Server Configuration File

A default version can be found in /usr/share/doc/openvpn/examples/sample-config-files. Should be named /etc/openvpn/openvpn.conf. However, this is all that is required:

   port 1194
   proto udp
   dev tun
   ca /etc/openvpn/easy-rsa/keysca.crt
   cert /etc/openvpn/easy-rsa/keysserver.crt
   key /etc/openvpn/easy-rsa/keysserver.key
   dh /etc/openvpn/easy-rsa/keysdh2048.pem
   server 10.8.0.0 255.255.255.0
   ifconfig-pool-persist ipp.txt
   keepalive 10 120
   cipher AES-128-CBC
   tls-auth /etc/openvpn/easy-rsa/keysta.key 0
   comp-lzo
   persist-key
   persist-tun
   status /var/log/openvpn-status.log
   log /var/log/openvpn
   verb 3
   explicit-exit-notify 1

Create Client Configuration File

   This is all that is required:
   client 
   dev tun 
   proto udp 
   remote 1194 
   resolv-retry infinite
   nobind
   persist-key
   persist-tun
   mute-replay-warnings
   ns-cert-type server
   key-direction 1
   cipher AES-128-CBC
   comp-lzo
   verb 1
   mute 20
   
   -----BEGIN CERTIFICATE-----
   ...
   -----END CERTIFICATE-----
   
   
   -----BEGIN CERTIFICATE-----
   ...
   -----END CERTIFICATE-----
   
   
   -----BEGIN PRIVATE KEY-----
   ...
   -----END PRIVATE KEY-----
   
   
   #
   # 2048 bit OpenVPN static key
   #
   -----BEGIN OpenVPN Static key V1-----
   ...
   -----END OpenVPN Static key V1-----
   

Routing all Client Traffic Through VPN

To route all traffic through the VPN, the following is added to /etc/openvpn/openvpn.conf:

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 8.8.8.8"
user nobody
group nogroup

And the following firewall rule is required to ensure that all traffic initiated from clients will be masqueraded as traffic outgoing from wlan0 (change this to the appropriate interface!):

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0-j MASQUERADE

Installing iptables-persistent can make the firewall rules persistent:

sudo apt-get install iptables-persistent

They are configured with:

iptables-save >/etc/iptables/rules.v4

or better:

dpkg-reconfigure iptables-persistent

To list the NAT tables:

iptables -t nat -vL

It is also necessary to enable IP forwarding by un-commenting net.ipv4.ip_forwarpv4.ip_forward=1 in /etc/sysctl.conf and running sudo sysctl -p