Using OpenVPN to route a specific subnet to the VPN

I have an OpenVPN server that has the push "redirect-gateway" directive. This directive changes the default gateway of the client to be the OpenVPN server, what I wanted though was to connect to the VPN and access only a specific subnet (eg. 100.200.100.0/24) through it without changing the server config (other people use it as a default gateway).

In the client config I removed the client directive and replaced it with these commands:
tls-client
ifconfig 172.18.0.6 172.18.0.5
route 172.18.0.0 255.255.255.0
route 100.200.100.0 255.255.255.0

What the previous lines do:
tls-client: Acts as a client! (“client” is an alias for “tls-client” + “pull” … but I don’t like what the pull did–>it changed my default route)
ifconfig 172.18.0.6 172.18.0.5: The tun0 interface will have ip 172.18.0.6 on our side and 17.18.0.5 on the server side. The IPs are not random, they are the ones OpenVPN used to assign to me while I was using the “client” directive.
route 172.18.0.0 255.255.255.0: Route all packets to 172.18.0.0 on the tun0 interface. In order to access services running on the OpenVPN server (172.18.0.1) I needed a route to them.
route 100.200.100.0 255.255.255.0: Route all packets to 100.200.100.0 on the tun0 interface

A traceroute to 100.200.100.1 now shows that I accessing that subnet through the vpn.

Greek adblock plus filter on the official subscription list

Six months after my original post on the creation of Greek Adblock Plus filter, the filter is finally added on the official subscription list thanks to Wladimir Palant.
Apart from Adblock Plus add-on for Firefox/Iceweasel/etc, the filter is also usable by the AdThwart extension for Google Chrome/Chromium

Until today the list peaked at 70 subscribers…I hope this will make more people trust my filter list and reach at least 100 subscribers.

As a sidenote, my RBL for Greek spam has moved to a new, better server thanks to a very kind person who donated it and some people administering mail servers have already added it to their spam filters. Since the original announcement the RBL jumped from 500 reqs/min to 2000 reqs/min.

26c3: Here Be Dragons!

We have been talking with Patroklos (argp of census-labs.com) about going to a CCC event for years. This year though we were determined. So on late September 2009 we booked our flight tickets to Berlin. A couple of weeks later some other friends expressed their wish to come with us. So in the end me, Patroklos, huku and SolidSNK (of grhack.net) and Christine formed up a group to visit 26c3 Here Be Dragons. Another group of Greeks also came to 26c3, among them Ithilgore, xorl, sin , gorlist and one more that I have no idea who he was, sorry 🙂

After a canceled flight on the 26th of December due to fog on SKG airport we finally flew on the 27th and went to Berlin. After arriving there we immediately went to the hotel we had booked and then straight to the Berliner Congress Center where the 26c3 was taking place.

BCC is an excellent conference center, nothing close to anything I have ever seen in Greece. It looks great both from the outside and from the inside. When we entered BCC we saw a huge number of diverse people. You could see and feel the difference with all the other IT conferences. People were very relaxed, very talkative and extremely friendly. What makes CCC so special is it’s community. There were soooo many CCC volunteers inside the BCC willing to help you with any information you might need. More on that later on…

After paying just 80€ for the whole conference, 4 days, we started walking around the ground floor. There were many information desks of various projects, free PCs to use (loaded with Ubuntu), the huge lounge which included a bar for food and drinks with lots of seats for people and 2 rooms for presentations. On the upper floor there were many more projects and another large room for presentations.

What made BCC so lively were all these projects around the presentation rooms. There were always hundreds of people sitting outside of the presentation rooms hacking on their projects, discussing with other people, selling merchandise, etc. Because it was our first time in the conference we were not experienced enough to use our time wisely between the lectures so I only managed to visit very few projects, Cacert, Gentoo and Debian. I am sure that there were people who did not attend any lectures at all and just sat all day at their projects’ infodesk.

Before I continue with the presentations we went to I want to make a note about volunteers again. Volunteers at 26c3 were called angels and they did an EXCELLENT job. They would not allow you to sit wherever you liked at a lecture, they would try to find you a seat or they would put you on a place where you could stand without blocking others. Nobody was allowed to sit at the corridors, nobody. Everything was in order and I never ever heard a single person complain about angels’ policy. They were strict and firm on one hand but helpful, fair and polite on the other. They were probably the best volunteers I have ever faced anywhere. All of them were carrying an ID and a DECT phone on them to cooperate with other angels (oh yes, the conference had it’s own DECT network…AND it’s own GSM network!!!) Funny quote: Angels at the entrance and exit doors wore t-shirts that wrote “Physical ACL”, heh.

The very first presentation we attended was “Here Be Electric Dragons“, and then we moved to see “Exposing Crypto bugs through reverse engineering“. After a break we tried to go to the “GSM: SRSLY?” lecture but it was SOO full that we were not allowed to go inside the presentation room. So we went to the “Tor and censorship: lessons learned” presentation which was more interesting than I expected. The final talks we saw on the first day were: “UNBILD – Pictures and Non-Pictures” which was in German and of course “cat /proc/sys/net/ipv4/fuckups“. Since none of us spoke German there was no urge to see the UNBILD lecture, but as we painfully understood by not being able to even enter the presentation room for the “GSM: SRSLY?” lecture, you have to go a LOT earlier to see a good lecture. We definetely wanted to see fabs lecture so we went there an hour earlier to find some seats. By the way, outside of the presentation rooms were TVs with live streaming from inside for people who couldn’t go inside or for people who didn’t want to. As I said earlier a lot of people preferred sitting at their projects’ infodesk and watched the streams of the presentations.

On the next day we saw: “Milkymist“, “Advanced microcontroller programming“, “Fuzzing the Phone in your Phone“, “Defending the Poor, Preventing Flash exploits“, “Haste ma’n netblock?” and “SCCP hacking, attacking the SS7 & SIGTRAN applications one step further and mapping the phone system“.

On the third day just “Playing with the GSM RF Interface“, “Using OpenBSC for fuzzing of GSM handsets” and “Black Ops Of PKI” since we decided to do some sightseeing as well 🙂

Finally on the last day we went to “secuBT” and from that to another German lecture about a distributed portscanner called Wolpertinger that replaced a canceled lecture on IBM AS/400. Afterwards we went to the realtime English translation stream of “Security Nightmares” and to the “Closing Event“.

I had a really great time and I certainly want to be there again next year. If I manage to go there again though I will try take a lot more days off work so I can visit many more places around the city. The whole event was excellent, the organization was almost perfect and the people who contributed to it deserve a huge applaud, especially the angels.

Congratulations to all.

Necessary pics:
lounge Room 1
FX presentation BCC at night
Pirate Flags BCC with snow
Closing EventThe Greeks

P.S. I don’t want to go into specific details about the lectures I attended. Some were REALLY good, some were average and some were totally boring. If you follow the news you already know which streams of lectures you should certainly download and see. You can find every lecture on CCC’s FTP server.

P.S.2 What a great wiki for an event…I was amazed by the amount of information one can find in there…

P.S.3 To Greeks only…please download the closing event presentation to see how we should start organizing events. Just check on the efforts of the people who contributed to the 26c3 event. I don’t want to write anything more about this issue because the difference with any Greek event I’ve ever attended to, or even the mentality of the people attending “our” events is SO SO SO HUUUUGE that it makes me really sad. I hope that this might fire up something. If more Greeks attended events organized abroad then maybe one day we might get more serious about our events as well.

iftraffic.pl: perl script to measure in/out traffic in realtime

During some QoS tests on Linux I needed to measure the traffic of the system in realtime without being able to compile any new software on it. The system had already perl installed so I googled to find a script that could monitor in/out traffic of an interface. The first script I found was this: http://perlmonks.org/?node_id=635792

While it’s actually doing what it says, it only runs just once. I wanted the script to run for a period of time. So I changed it a bit.
Here’s the outcome:
#!/usr/bin/perl
my $dev=$ARGV[0];
sub get_measures {
my $data = `cat /proc/net/dev | grep "$dev" | head -n1`;
$data =~ /$dev\:(\d+)\D+\d+\D+\d+\D+\d+\D+\d+\D+\d+\D+\d+\D+\d+\D+(\d+)\D+/;
my $recv = int($1/1024);
my $sent= int($2/1024);
return ($recv,$sent);
}
my @m1 = get_measures;
while(1) {
sleep 1;
my @m2 = get_measures;
my @rates = ($m2[0] - $m1[0], $m2[1]-$m1[1]);
foreach ('received' , ' transmit') {
printf "$_ rate:%sKB",shift @rates;
}
print "\n";
@m1=@m2;
}

I’ve changed it so that it’s:
a) running continuously until someone presses ctrl+c to stop it,
b) parsing the /proc/net/dev output instead of the ifconfig output. I think this is more efficient/fast than parsing the ifconfig output.

Sample output:

$iftraffic.pl eth0
received rate:1564KB transmit rate:71KB
received rate:1316KB transmit rate:44KB
received rate:1415KB transmit rate:48KB
received rate:1579KB transmit rate:76KB

I am sure that someone with more insight into perl than me can make it even more efficient.

You can also download a version with comments that I made so that one can make the script run for X number of repetitions instead of running until someone stops it.
Download: iftraffic.pl

MacOSX: Vodafone Mobile Connect not opening

Today I had a very unpleasant surprise with my Vodafone Mobile Connect on Mac OS X. After a normal laptop standby, the application refused to open. Upon starting the application it peaked at 100% cpu usage but no gui ever appeared. I had to kill the application after a while…No messages at the console either. The solution was to (re)move the /Library/Application Support/nova media and /Library/Application Support/Vodafone folders to another location.

This way you lose your stats (data transfered, time used) but at least you can get back on the net…pheeeewwww

Mac OS X tips/reminders

3 simple tips/reminders for stuff I had to deal with while using Mac OS X the last two days…

To get arrows working while inside vim in a remote server one needs to change Mac OS X’s terminal type.
$ cat .profile
TERM=linux

If you use push "redirect-gateway" option in an openvpn server configuration file, you need to add redirect-gateway def1 in your client’s configuration file when using openvpn’s Mac OS X client (Tunnelblick) or else when you close the VPN the previous default route is not restored.

To check on the signal quality of nearby Access Points get AP Grapher.

Speed up multiple ssh connections to the same destination

When you are doing multiple ssh connections to one host there’s a way to speed them up by multiplexing them. When you open the first network connection a special socket is created and then all other connections to the destination machine pass through the first network connection and don’t open any new ones. All that is done via ControlMaster and ControlPath settings for ssh_config.

Example usage:
Inside /etc/ssh/ssh_config
ControlMaster auto
ControlPath /tmp/%r@%h:%p

Firsh ssh connection:
% ssh foobar@foo.bar.gr
Password:
Linux foo.bar.gr 2.6.20.1-1-686 #1 SMP Sun Mar 4 12:44:55 UTC 2007 i686 GNU/Linux
foobar@foo:~$

Second ssh connection:
% ssh -p 22 foobar@foo.bar.gr
Linux foo.bar.gr 2.6.20.1-1-686 #1 SMP Sun Mar 4 12:44:55 UTC 2007 i686 GNU/Linux
foobar@foo:~$

No password is asked and the connection opens up immediately.

kudos to apoikos for telling me about this neat feature in fosscomm 🙂

Αναλύοντας ένα attack σε honeypot

Ο Δημήτρης έχει μια αρκετά καλή ανάλυση ενός attack σε ένα honeypot που έχει στήσει για πειραματισμούς. Αξίζει να του ρίξετε μια ματιά…

Επιτέλους μας την έπεσαν

44Mbit of multicast traffic can cause a lot more problems than you might think

I was reading my mails today and I bumped into some problems that Internet2 routers faced a couple of days ago with some multicast traffic sent from a host in France. Apparently the host was sending 44Mbit of traffic to a multicast group and that was more than enough to raise a very high load on some routers and cause problems to some firewalls too. Their solution was to either blacklist the host or to disable SAP listen on their routers.

To read more you can check the thread “Another SAP Storm?” from wg-multicast@internet2.edu All things related to multicast .

The same problem appeared on GrNET routers too, but unfortunately they don’t have any public archives of their exchanged mails on the problem. The only way to take a look at this problem from the GrNET point of view is to check on the GrNET router status page, click on the load of some routers and check the spike that appears on Wednesday night in the weekly graph.

Quite interesting…

Openvpn – MULTI: bad source address from client – solution

Problematic Configuration:
OpenVPN server config:
dev tun
port 1194
proto udp
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
persist-key
persist-tun
server 10.8.0.0 255.255.255.0
keepalive 10 30
client-to-client
comp-lzo
ifconfig-pool-persist ipp.txt
status /etc/openvpn/openvpn-status.log
verb 3
push "redirect-gateway"

OpenVPN client config:
dev tun
client
proto udp
persist-tun
persist-key
resolv-retry infinite
mute-replay-warnings
remote REMOTE.HOST 1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client1.crt
key /etc/openvpn/client1.key
comp-lzo
verb 3

The problem:
Using the above config files I continuously got errors like this on the server syslog:

May 1 00:00:00 hostname ovpn-openvpn[22563]: client1/X.Y.Z.W:1194 MULTI: bad source address from client [10.10.1.11], packet dropped

where X.Y.Z.W is my public IP and 10.10.1.11 is the Lan IP of the machine that makes the connection to the openvpn server.

The solution:
OpenVPN server config:
dev tun
port 1194
proto udp
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
persist-key
persist-tun
server 10.8.0.0 255.255.255.0
keepalive 10 30
client-to-client
comp-lzo
ifconfig-pool-persist ipp.txt
status /etc/openvpn/openvpn-status.log
verb 3
push "redirect-gateway"
client-config-dir ccd
route 10.10.1.0 255.255.255.0

Then I created the /etc/openvpn/ccd/ dir and put inside a file named client1 with the following contents:
# cat /etc/openvpn/ccd/client1
iroute 10.10.1.0 255.255.255.0

Client configuration stays the same.

All should be fine now and in your server logs you will now see entries like this:

May 1 00:00:00 hostname ovpn-openvpn[27096]: client1/X.Y.Z.W:1194 MULTI: Learn: 10.10.1.11 -> client1/X.Y.Z.W:1194

Hint: If you want your clients to be able to access the internet through the VPN tunnel you _must_ create NAT.
a typical config on a debian acting as the OpenVPN server:
# cat /etc/network/interfaces
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address A.B.C.D
netmask 255.255.255.0
gateway A.B.C.E
network A.B.C.0
broadcast A.B.C.255
post-up iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.1/24 -j MASQUERADE
post-up echo 1 > /proc/sys/net/ipv4/ip_forward

pysmssend

pysmssend is a utility to send sms over some internet gateways. It currently has support for 3 ISPs, Otenet, Voipbuster and Voipdiscount. There are 2 ways to use it, either with a QT4 gui or by command line. It also has some, experimental at the moment, support for address book (gui only).

Since I liked the idea behind the utility I contacted the author and helped him by providing some ideas and a few fixes. I’ve also created an ebuild for it.

You can find more info about the utility and see some screenshots on the pysmssend kde-apps site since the utility’s website on sourceforge is not yet ready and has only the ebuild and a pkgbuild for Arch Linux.

Its command line usage combined with a monitoring package that supports external commands when something important has happened, can prove very handy. I hope Markos (the author) will keep on fixing bugs and improving the utility 🙂

more netroute2 hacks – new traffic shaper

On my previous post, more netroute2 hacks – high availability, one of the changed files was the dial_conn file. At the end of the diff there was a line with a # in front:
+ sleep 5
+ #/etc/bin/wshaper ppp0 192 1024

Inside netroute2 one can find the /etc-ro/ppp/wshaper file which is the traffic shaping script of the modem/router. Unfortunately it resides in the read-only section of the router so you can’t make changes directly to it. What I did was to make a copy of it on the writable /etc/bin/ and change a line in my /etc/bin/dial_conn to call it from there, right after (5 seconds later) the connection with the ISP has been established.

If you have followed the previous post about high availability the only thing you need to change is to edit your /etc/bin/dial_conn file and remove the # from the live above. Else…read the previous post 🙂

The first argument of the script is the device the rules will apply to, the second argument is the upload speed and the third is the download speed. Netroute2’s own traffic shaping script gets the 3 arguments while syncing with the dslam. The problem with adsl lines here in Greece, and I guess in many other countries as well, is that the speed the modem syncs with the dslam has nothing to do with the real speed you actually get. So shaping for 256kbit upload while never reaching more than 200 is a bit foolish imho. What I did was lower the upload so that I am always (or mostly always) sure that this is my max upload speed at the time. I can now create rules based on the assumption that my upload speed is 192kbit. If the upload speed your modem syncs is 192kbit I would advise you not to put more than 128kbit as the first argument. It’s a trial and error situation.

While lowering my shaped upload speed and keeping the rest of the script intact already made a difference I knew that I could do some more tweaking.
The first thing one has to know before creating any traffic shaping script is to learn what the TOS field is:

#TOS FIELD
# 0x10 – (minimize delay)
# 0x08 (maximize throughput),
# 0x04 (maximize reliability),
# 0x02 (minimize cost)
# 0x00 (best effort)

You can then create rules with iptables to change the TOS field of certain packets, for example:
$IPTABLES -t mangle -A POSTROUTING -o $DEV -p tcp --syn -m length --length 40:68 -j TOS --set-tos 0x10
$IPTABLES -t mangle -A POSTROUTING -o $DEV -p tcp --tcp-flags ALL ACK,FIN -j TOS --set-tos 0x10

A great rule to add to any of your scripts is to speed up ACK packets,(2) by adding them to the highest priority class (on netroute2 that’s 1:10):
$TC filter add dev $DEV parent 1: protocol ip prio 1 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10

What is also very very helpfull is to specify the port your torrent client uses (eg 17777) and add it to the lowest priority class (on netroute2 that 1:30):
$TC filter add dev $DEV parent 1:0 protocol ip prio 3 u32 match ip sport 17777 0xffff flowid 1:30
$TC filter add dev $DEV parent 1:0 protocol ip prio 3 u32 match ip dport 17777 0xffff flowid 1:30

Of course you can create your own classes inside /etc/bin/wshaper. If you are carefull enough with the rules you add you will be more than happy with the result 🙂

To monitor how your traffic shaping is going you can download a great perl script from here: http://qos.kallenberg.dk/ called qos.pl. This script reads a machine’s qos classes and priorities and creates graphs like the ones on the site. The problem with netroute2 is that it doesn’t have perl included, so one has to modify qos.pl to make it read netroute2’s qos performance while running from another machine. This is done by making the script run its commands through ssh-ing to netroute2 using public key auth. If you don’t know how to enable this on netroute2 please read part F of my older post: Intracom netroute2 hacks/.

What you need to change on the qos.pl script is:
a) change the $tc line with something like this:
$tc = "ssh root\@NETROUTE2.IP.GOES.HERE /usr/sbin/tc";
b) Find any occurances of “eth2” and replace with “ppp0” (there must be 2 occurances only).

now run the qos.pl script and it will start creating some graphs (png files) and an index.html on the directory from which you executed it. qos.pl depends on gnuplot, so you must install it before you run it.

The graphs are a great visual aid to to tweak your new traffic shaping script more and more.

more netroute2 hacks – high availability

The following post is going to be a one in a series of 2-3 posts regarding netroute2 (the link is in Greek) and some of my hacks/modifications on it. All hacks refer to netroute2 firmware 577 that I have previously posted on my blog. For those who haven’t noticed yet, firmware 577 is unlocked, you can now connect to any ISP you like.

Netroute2 has a strange bug and sometimes (not always) cannot reconnect to the ISP when the connection for some strange reason goes down. To cope with that, the netroute2 developers at Intracom have created a script named high_avail that runs every 5 minutes from crontab. For some even stranger reason this script did not work for me as it should, so I patched it to make it _always_ work.

The problem I faced at the very beggining was that the “high_avail” script resided in the read-only section of netroute2’s flash (/usr/bin/high_avail). My solution to that problem was to create a directory named /etc/bin/ and store there all my new scripts and changes since the /etc dir is writable.

My changes to the high_avail script are these:
--- usr/bin/high_avail 2007-07-03 20:59:21.000000000 +0300
+++ etc/bin/high_avail 2007-07-04 03:31:54.000000000 +0300
@@ -15,25 +15,32 @@
if [ -s /var/run/dial ]; then
act_conn=`$CAT /var/run/dial`
fi
-adsl_iface=$ADSL_BASE
+if [ -z "$act_conn" ]; then
+ act_conn="/etc/wan/current/CHANGEME"
+fi
+
+adsl_iface=$ADSL_BASE
+echo "$act_conn"
reload_module() {
/bin/hangup
+ killall -9 pppd
+ ifconfig eth2 down
/sbin/rmmod $loaded_mod
if [ $? -eq 0 ]; then
$ECHO "done"
else
$ECHO "failed"
$ECHO "ERROR: high_avail: Failed to unload $loaded_mod"
- exit 13
+# exit 13
fi
- [ -n "$act_conn" ] && /usr/bin/dial $act_conn
+ [ -n "$act_conn" ] && /etc/bin/dial $act_conn
}
HIGH_AVAIL_IP=`$GREP HIGH_AVAIL_IP /etc/net.conf | $CUT -d'=' -f2`
-
#Check Current Modem status
if [ -z "$loaded_mod" ]; then
$ECHO "high_avail: No Module found loaded."
+ reload_module
exit 1
elif [ "`/usr/bin/modem_wrap halt`" = "yes" ]; then
$ECHO "high_avail: Module $loaded_mod found in HALTED state"
@@ -41,6 +48,7 @@
exit 11
elif [ -z "$act_conn" ]; then
$ECHO "high_avail: No WAN Connection dialed ..."
+ reload_module
exit 2
elif [ -z "$HIGH_AVAIL_IP" ]; then
$ECHO "high_avail: No Ping Target IP Found ..."

and the whole new script resides here: /etc/bin/high_avail. (You need to gunzip it).

What you need to change for your connection is the part that says CHANGEME. You can replace that with what you can find inside the /etc/wan/current/ directory.

I noticed that when the module for the modem was loaded then the modem was unable to reconnect to the ISP, but upon unloading and reloading of the module, and then trying to connect again, all came back to normal. So what I changed in the high_avail script was making sure the module gets unloaded properly and reloaded when there’s no connection active.

One might notice that inside high_avail I’ve also changed a path from /usr/bin/dial to /etc/bin/dial.
This script is used to call another script that actually makes the call to the isp.

--- usr/bin/dial 2007-07-03 21:00:13.000000000 +0300
+++ etc/bin/dial 2007-07-04 03:39:45.000000000 +0300
@@ -1,25 +1,16 @@
#!/bin/sh
ECHO=/bin/echo
-
conn="$1"
#ATM encapsulation mode for modem
encmode=0
-
$ECHO "Dialing $conn ...."
-
if [ $# -lt 1 -o ! -e $conn ]; then
-
$ECHO "Usage: dial <connection> [ppp_option]"
$ECHO "connection: connection name"
$ECHO "[ppp_option]: optional argument passed to PPPD"
-
exit 1
-
else
-
#Bring down previous processes
/bin/hangup
-
- /usr/bin/dial_conn $conn primary_conn $2
-
+ /etc/bin/dial_conn $conn primary_conn $2
fi

These are my changes to /usr/bin/dial script that is now placed under /etc/bin/dial
The whole scripts resides here: /etc/bin/dial. (You need to gunzip it).

As said before, this script in turn calls another one, dial_conn which is used to actually make the call. My changes to /usr/bin/dial_conn which now becomes /etc/bin/dial_conn:


--- usr/bin/dial_conn 2007-07-03 21:00:13.000000000 +0300
+++ etc/bin/dial_conn 2007-07-04 03:43:11.000000000 +0300
@@ -154,14 +154,13 @@
exit 1
fi
done
-
fi
-
if [ "$2" = "primary_conn" ]; then
#Start the high-availability service
- $ECHO "*/5 * * * * root $PIDOF high_avail > /dev/null 2>&1 || /usr/bin/high_avail > /var/run/high_avail 2>&1" > /etc/cron.d/cron_high_avail
+ $ECHO "*/5 * * * * root $PIDOF high_avail > /dev/null 2>&1 || /etc/bin/high_avail > /var/run/high_avail 2>&1" > /etc/cron.d/cron_high_avail
$CHMOD 755 /etc/cron.d/cron_high_avail
fi
-
+ sleep 5
+ #/etc/bin/wshaper ppp0 192 1024
exit 0
fi

the whole file resides here: /etc/bin/dial_conn. (You need to gunzip it).

What I’ve changed here is the line that gets stored on crontab and calls the high_avail script every 5 minutes to check whether our connection is active or not. The rest of the changes will be the subject of the next post about netroute2 on this blog.

What is left now is to make netroute2 calls these new scripts from /etc/bin/ on boot instead of the ones from /usr/bin.

a) Copy /bin/dial_current to /etc/bin/dial_current, edit it with vi and go to line 5 and change the line that says /usr/bin/dial with /etc/bin/dial.
b) Edit /etc/init.d/rc-run, go to line 243 and change all occurences of /bin/dial_current with /etc/bin/dial_current. There must be 2.
c) Edit /etc/rc.d/rc.dialcurrent with vi, go to line 8 and change /usr/bin/dial to /etc/bin/dial.

So, if you have done it right, you should now have 4 scripts inside your netroute2’s /etc/bin:
a) /etc/bin/high_avail
b) /etc/bin/dial
c) /etc/bin/dial_conn
d) /etc/bin/dial_current
and you should have also changed 2 scripts, /etc/init.d/rc-run and /etc/rc.d/rc.dialcurrent

That’s all. Now save your changes with /etc/init.d/checkpoint and upon reboot your modem will have a nice new high_avail script that will (hopefully) always work.

useless tip of the day – clockdiff

How much time difference does your box and another host on the net have ?

~# clockdiff www.gentoo-wiki.com
...................................................
host=www.gentoo-wiki.com rtt=215(0)ms/206ms delta=508000ms/508000ms Thu Jun 28 16:25:31 2007
~# clockdiff www.ntua.gr
..................................................
host=achilles.noc.ntua.gr rtt=54(1)ms/49ms delta=-77ms/-76ms Thu Jun 28 16:25:47 2007

clockdiff is inside iputils package (at least on gentoo) and can only by executed as root.

P.S. exams suck bigtime….

Hands-on OLPC

Today I was woken up by a courier who brought me a very interesting box. The box had an OLPC and some CDs inside.
The package was kindly sent to me by Mr. Karounos in order to present it in our local LUG event on the 9th of June in Ioannina. (Visit the website for more information).

First thought when I took it out of the bag…”it’s very small but it’s kinda pretty in a way too”. I put it on my desk and tried to open it. Well, it took me more than 1 minute to find out how to open it. I plugged it to the current and pushed the power button. I was greeted by Openboot bios and after 3 seconds it started to boot. It takes more than 1 minute from the time you press the power button until the sugar interface comes up.

When the interface had finished starting up I was a bit puzzled. I didn’t know what exactly to do. If you have used any kind of computer before, sugar will certainly stun you, for good or for bad. I started checking out the applications it comes with. The “Paint” application is really nice kids and so is “BlockParty” which is a tetris clone. Next was the “Camera”, I really liked the camera’s resolution, I didn’t expect it to be that good. “Calculator”..is another calculator with scientific functions as well, if you enable them. “Write” is an abiword clone, it’s very easy to use and you can import pictures taken with the camera and put them inside the document you are writing. What I didn’t like though was that the default “save as” format was “Microsoft Word .doc”. Why ? Anyway, continuing with the applications, next came the “News Reader” which looks like a minimal version of liferea but since I didn’t have any networking yet I could not test it any more. “Web” is a web browser that when you open it it takes you directly to your local Library of e-books. Very very usefull. At that time I couldn’t do any more testing of web sites due to lack of network connectivity. “Read” is a stripped down version of evince for reading various documents. Absolutely necessary for the kind of job this laptop must do. “TamTam” is a music creation tool for kids. And finally Etoys. Etoys is something that needs a lot of studying. It’s a creativity suite for kids. I won’t go into this any deeper for now.

Then was the time to connect OLPC to my access point at home. I tried various stuff from the interface but nothing made the “Web” connect to any sites. I couldn’t resist any more…I had to find access to the linux console somehow. I tried ctrl+alt+ various keys until one got me to the console. There are no F-keys on the OLPC keyboard so it wasn’t so straightforward as one might think. I was very lucky because when you give the root login no password is asked. You are immediately given a shell. I tried the usual iwlist, iwconfig, dhclient commands and …tada! they worked! ifconfig showed that I was given an IP by the Access Point. Back to the sugar interface with another ctrl+alt+another key and the “Web” was finally working. The browsing experience was quite good I can say. Four buttons (up, down,left,right) next to the OLPC’s monitor make the browsing a bit easier because OLPC keys on the keyboard are small. NO, they are not just smaller than a normal keyboard…they are so small that only a five year old kid can press them with ease.

I have been playing for more than 7 hours today with OLPC and did various interesting (at least for me) stuff on it. Even this post is written through OLPC’s “Web” browser (and believe me it’s very very difficult to type, but hey…this laptop is not for me, it’s for kids 🙂 )but I feel that I need to spend a lot more to fully understand the “sugar interface”. I will try to write more about stuff I’ll be doing on the OLPC in the next few days.

Feelings ? Mixed, both good and bad. There were some things I liked a lot, for example the monitor, and some things that I didn’t, for example in sugar’s network manager there’s no “interaction” when you choose/click between mess networking and normal access point (more on how, where, etc on a another post), so there were times that I couldn’t really figure out what was going on, whether it’s trying to connect to my access point or not.

That’s all for today. I hope I can write a bit more about OLPC in the next few days but I have to finish my presantation for ILUG’s event on time too.

I have some pictures from the OLPC on my flickr.

Thanks again to Mr. Karounos for being so helpfull.

P.S. If someone wants to type with greek characters you need to edit /etc/X11/xorg.conf and add these 2 lines inside Section “InputDevice” where Identifier is “ATKbd”:

Option "XkbLayout" "us,el"
Option "XkbOptions" "grp:alt_shift_toggle"

then you can change to greek with alt+shift. e.g. “Ένα Λάπτοπ για Κάθε παιδί”