Monthly Archives: February 2015

Create .ovpn file from openVPN configuration files

The .ovpn file format is an embedded version of the usual 3-4 files openvpn format. It can be very handy when dealing with mobile setups like android or iOS or on some mac applications like Tunnelblick. According to my recent openvpn post you only need to follow this code:

Remember to transfer that key securely, do NOT send this via unencrypted email to you external device 🙂

 

OpenVPN Server with easy-rsa on Ubuntu 14.04 easy setup

In case you want to run an simple openVPN server on your own host, but like me think most of the tutorials do not focus enough on plain commands, feel free to follow this little instruction set:

Set your /etc/openvpn/server.conf to:

Back in the terminal we will now start the crypto-foo:

And now you are basically done. In cases of firewalls remember to open the openVPN port (which is set in /etc/openvpn/server.conf and defaults to 1194).

To add a client with an own keypair use distinct key-name values:

or in case you want it password protected (which requires to enter the password everytime you’ll connect):

Now safely(!) distribute the keys to your client machines, using PGP, secure USB sticks or printed paper 🙂 according to the following scheme:

Original by yed licensed under CC BY-SA 4.0

You might

Do not forget to start your server:

If you want to use these files on the client with your Network-Manager, install the required plugin:

and set the following options:

openVPN-NetworkManagerIt is also possible to generate a .conf or .ovpn file, which is required by some apps e.g. on android and iOS but will be handled in a separate post soon.

my first Thinkpad T450s experiences

tl;dr probably my device was laptop version of a lemon car, which took me nuts, but still I want to have (a properly working) T450s again

IMG_20150221_193556

I recently got a brand new Thinkpad T450s, which I was waiting for since December and yet I am writing this post from my old sloppy Asus F3JA. You might just ask yourself why – well, the reasons are multifarious, but in the end lead to send it back to the producer. First the positive things: the 14” FullHD display is amazing, the magnesium case very stable and nice – the background led keyboard really impressed me and increased my coding experiences. Both of the integrated and the external battery held longer than every device I had but still…

iwlwifi drove me mad, unable to hold a connection longer than a few minutes – it interupted my workflow significantly. Furthermore several parts like brightness, power saving settings didn’t work properly and blended me at night while burning power. Last but not least, the squeak of doom:

Every time you put your hand on the laptop it groaned as like it didn’t like to be used. After two days I shred the 320Gb SDD the times by overwriting it with random data and sent it back as a warranty case. Hopefully this device will be replaced as all of the errors I had didn’t occur on my colleagues T450s, who has got it in the same order and time.

But still and in conclusion: I really like the T450s, it is very light, feels right, is really powerful and mobile. Its 14” fit perfectly into an usual european A4 (default paper size) bag and its case keep it intact. Overall I really look forward to get a properly working version of this little fellow soon.

Goliath tracked mine – one of the first mobile robots

During my thesis I did some research about mobile robots.  Therefore the Goliath tracked mine, or the ‘Leichter Ladungsträger Goliath (Sd.Kfz. 302/303a/303b)’ in German as one of the first mobile robots always fascinated me. Created in the late 1940 and mass produced between 1942 and 1944 about 7500 of this remote cable controlled mobile bases could carry up to 60kgs of high explosives. Way before modern Robots like the iRobot BigDog or its successors this equally sounding robot is powered by two combustion engines.

After some research I figured out that in my area there is the Bundeswehr Military History Museum in Dresden, which is presenting one of this impressive machines. Therefore I went to Dresden an took some photos, which I want to share with you:

Some people also present them in action:

In case there will be an bigger version of the aMoSeRo this robot might share its physical dimensions with it. Also the track system is impressive and in case its operable upside down really well suitable for heavy duty terrain.

Defending the planet using docker and ssl

In the recent days I moved this blog to a new server mainly to fix the latest SSL issues like POODLE- , Heartbleed – and SSL downgrade attacks. In order to save money I used the free of charge startSSL.com-signed certificate, which offers to sign in private generated certificate sign requests for your main site and one sub domain.  This does not just keep the little padlock next to the address pane green but furthermore allows a higher rank in google searches in future.

But moving a blog from a physical server usually means a lot of programming pain: files have to be moved, databases exported and imported back again, configuration files need to be adjusted and so on. To avoid this unnecessary work in future I was researching some possible solutions. First of all, its nothing new at all – visualization and containerization are multiple years old technologies.   The most remarkable approach in my optionion is docker. Its more lightweight than VMWare or VirtualBox, while supporting most of the features they offer. With its help you can run multiple instances of linux machines on a (single) physical host. Besides that is a real security feature as it keeps every process inside its on container never allowing to affect the functionality of the others even during security breaches.

Its also possible to version a dockerized application and share them over github.  In case of wordpress there are multiple versions available: docker-wordpress by jbfink, docker-wordpress-nginx by eugeneware, both of them lack of dockers VOLUME support, but after adding this, they still saved a lot of work.

In conclusion this blog is now in its own container, using its own http nginx, mysql and php instances. The container in turn is made public by a ssl reverse proxy nginx, which in case its required can be supplied by varnish caching in future.