Author Archives: paul

Create .ovpn file from openVPN configuration files

The .ovpn file format is an embedded version of the usual 3-4 files openvpn format. It can be very handy when dealing with mobile setups like android or iOS or on some mac applications like Tunnelblick. According to my recent openvpn post you only need to follow this code:

client
remote example.com
comp-lzo yes
dev tun
proto udp
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nobody
group nogroup

<ca>
-----BEGIN CERTIFICATE-----
# insert content of your ca.crt
-----END CERTIFICATE-----
</ca>

<cert>
Certificate:
 # insert content of your user.crt
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
# insert content of your user.key
-----END PRIVATE KEY-----
</key>

Remember to transfer that key securely, do NOT send this via unencrypted email to you external device 🙂

 

OpenVPN Server with easy-rsa on Ubuntu 14.04 easy setup

In case you want to run an simple openVPN server on your own host, but like me think most of the tutorials do not focus enough on plain commands, feel free to follow this little instruction set:

# install openvpn and easy-rsa
sudo apt-get install openvpn easy-rsa
# copy sample config files
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
# unzip files in the designated folder
sudo gunzip /etc/openvpn/server.conf.gz
# copy easy-rsa scripts (required for easy key generation)
sudo cp -r /usr/share/easy-rsa /etc/openvpn/easy-rsa2
# sometimes the keys folder is missing, which is why we generate it to be sure
sudo mkdir /etc/openvpn/easy-rsa2/keys -p
#since 14.04 openvpn requires an additional key in the vars file
sudo sh -c 'echo "export KEY_ALTNAMES=\"Irgendwas\"" >> /etc/openvpn/easy-rsa2/vars'
# copy current openssl version to match default config sudo cp /etc/openvpn/easy-rsa2/openssl-1.0.0.cnf openssl.cnf
# customize vars file with the est editor in the world: (but you could use vi,nano,... too)
sudo vim /etc/openvpn/easy-rsa2/vars

Set your /etc/openvpn/server.conf to:

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa2/keys/ca.crt
cert /etc/openvpn/easy-rsa2/keys/server.crt
key /etc/openvpn/easy-rsa2/keys/server.key
dh /etc/openvpn/easy-rsa2/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Back in the terminal we will now start the crypto-foo:

# get root to simplify following commands
sudo -i
# change dir to the easy-rsa scripts folder
cd /etc/openvpn/easy-rsa2/
# set variables into current bash session
source ./vars
# clean existing dir (attention! deletes everything in keys folder)
./clean-all
# generate certificate authority key
./build-ca
# generate server key
./build-key-server server
# generate diffie hellmann parameter (can take some time)
./build-dh

And now you are basically done. In cases of firewalls remember to open the openVPN port (which is set in /etc/openvpn/server.conf and defaults to 1194).

To add a client with an own keypair use distinct key-name values:

sudo -E ./build-key client1
sudo -E ./build-key client2
sudo -E ./build-key client3

or in case you want it password protected (which requires to enter the password everytime you’ll connect):

sudo -E ./build-key-pass client1
sudo -E ./build-key-pass client2
sudo -E ./build-key-pass client3

Now safely(!) distribute the keys to your client machines, using PGP, secure USB sticks or printed paper 🙂 according to the following scheme:

Original by yed licensed under CC BY-SA 4.0

You might

Do not forget to start your server:

/etc/init.d/openvpn start server

If you want to use these files on the client with your Network-Manager, install the required plugin:

sudo apt-get install network-manager-openvpn

and set the following options:

openVPN-NetworkManagerIt is also possible to generate a .conf or .ovpn file, which is required by some apps e.g. on android and iOS but will be handled in a separate post soon.

my first Thinkpad T450s experiences

Leave a reply

tl;dr probably my device was laptop version of a lemon car, which took me nuts, but still I want to have (a properly working) T450s again

IMG_20150221_193556

I recently got a brand new Thinkpad T450s, which I was waiting for since December and yet I am writing this post from my old sloppy Asus F3JA. You might just ask yourself why – well, the reasons are multifarious, but in the end lead to send it back to the producer. First the positive things: the 14” FullHD display is amazing, the magnesium case very stable and nice – the background led keyboard really impressed me and increased my coding experiences. Both of the integrated and the external battery held longer than every device I had but still…

iwlwifi drove me mad, unable to hold a connection longer than a few minutes – it interupted my workflow significantly. Furthermore several parts like brightness, power saving settings didn’t work properly and blended me at night while burning power. Last but not least, the squeak of doom:

Youtube Video

Every time you put your hand on the laptop it groaned as like it didn’t like to be used. After two days I shred the 320Gb SDD the times by overwriting it with random data and sent it back as a warranty case. Hopefully this device will be replaced as all of the errors I had didn’t occur on my colleagues T450s, who has got it in the same order and time.

But still and in conclusion: I really like the T450s, it is very light, feels right, is really powerful and mobile. Its 14” fit perfectly into an usual european A4 (default paper size) bag and its case keep it intact. Overall I really look forward to get a properly working version of this little fellow soon.

Goliath tracked mine – one of the first mobile robots

Leave a reply

During my thesis I did some research about mobile robots.  Therefore the Goliath tracked mine, or the ‘Leichter Ladungsträger Goliath (Sd.Kfz. 302/303a/303b)’ in German as one of the first mobile robots always fascinated me. Created in the late 1940 and mass produced between 1942 and 1944 about 7500 of this remote cable controlled mobile bases could carry up to 60kgs of high explosives. Way before modern Robots like the iRobot BigDog or its successors this equally sounding robot is powered by two combustion engines.

After some research I figured out that in my area there is the Bundeswehr Military History Museum in Dresden, which is presenting one of this impressive machines. Therefore I went to Dresden an took some photos, which I want to share with you:

Some people also present them in action:

Youtube Video

In case there will be an bigger version of the aMoSeRo this robot might share its physical dimensions with it. Also the track system is impressive and in case its operable upside down really well suitable for heavy duty terrain.

Defending the planet using docker and ssl

Leave a reply

In the recent days I moved this blog to a new server mainly to fix the latest SSL issues like POODLE- , Heartbleed – and SSL downgrade attacks. In order to save money I used the free of charge startSSL.com-signed certificate, which offers to sign in private generated certificate sign requests for your main site and one sub domain.  This does not just keep the little padlock next to the address pane green but furthermore allows a higher rank in google searches in future.

But moving a blog from a physical server usually means a lot of programming pain: files have to be moved, databases exported and imported back again, configuration files need to be adjusted and so on. To avoid this unnecessary work in future I was researching some possible solutions. First of all, its nothing new at all – visualization and containerization are multiple years old technologies.   The most remarkable approach in my optionion is docker. Its more lightweight than VMWare or VirtualBox, while supporting most of the features they offer. With its help you can run multiple instances of linux machines on a (single) physical host. Besides that is a real security feature as it keeps every process inside its on container never allowing to affect the functionality of the others even during security breaches.

Its also possible to version a dockerized application and share them over github.  In case of wordpress there are multiple versions available: docker-wordpress by jbfink, docker-wordpress-nginx by eugeneware, both of them lack of dockers VOLUME support, but after adding this, they still saved a lot of work.

In conclusion this blog is now in its own container, using its own http nginx, mysql and php instances. The container in turn is made public by a ssl reverse proxy nginx, which in case its required can be supplied by varnish caching in future.

BetaPrusaV2 3D printer kit a Reprap Prusa i2+ Part 1

I am currently assembling a reprap 3D printer.

Howto flash an image to Raspberry Pi or Banana Pi using dd and a progressbar

Most tools don’t show reliable progress informationwhen flashing an operating system to an ssd card. In case you use dd to copy, this issue can be solved by the nice pv tool with:

pv -tpreb /path/to/image.img | dd of=/dev/yourUSBorSDSlotTarget bs=1M

which results in:

pvScreenshot21.01.2015

And really lighten up the time when flashing your Pi devices like Raspberry Pi or BananaPi.

 

ROS presentation recommendation

There is a nice talk about ROS hold by Andreas Bihlmaier presented on the 31. Chaos Communication Congress recently. It introduces the most important parts of ROS to a beginner and explains why the high learning curve is worth the effort.

available here

Status Update: Calibrating for Depth

Currently I am experimenting with stereo vision usb webcams, where an essential step is good calibration. It felt a bit strange to see the image feature detection working on live data:

Screenshot - 09.11.2014

I’ll try to form the gained experiences into a small step by step guide and probably a github repository soon. Currently I am aiming towards depth data gained by webcams only, especially to compare the results to previous setups, and to see if visual odometry can be an option in low cost environments.

ROS Basics – a short Introduction into ROS

The Robot Operating System (ROS) is an open-source meta-operating system which provides essential features, namely hardware abstraction, low-level device control, implementation of environmental functionality, such as visualisation, simulation or testing and allows message-passing between concurrent running processes [O’K13]. Furthermore, it offers implementations of commonly used functionality in installable packages which even cover complex
algorithms like Simultaneous Localization and Mapping (SLAM) and Visual Object Recognition (VOR).

ROS moreover contains tools and libraries for obtaining, building, writing and running code across multiple heterogeneous computers and therefore includes language and platform independent tools. For example, ROS supports multiple client libraries, namely roscpp for C++ , rospy for Python , roslisp for Lisp and many others. It is also possible to link application-related code and external libraries like OpenCV for computer vision or Eigen3 for efficient linear algebra computation. Furthermore, ROS can successfully be wrapped around other frameworks like the Player Project .

ROS is mostly licensed free and has been developed as open source software under BSD Licence, which offers a variety of advantages for a low cost robot.

Unsurprisingly, with the high complexity of ROS there comes one of the highest learning curves of all robotic frameworks. Besides, due to rapid changes of main characteristics during different major versions, nearly all books and most tutorials on the internet became unreliable which is often very confusing for a beginner. But, after the top of the curve, a lot of things are self explanatory and complex features can be implemented very fast.

Unfortunately, another point to mention and one of the main disadvantages of ROS is the dependency on the ROS host and its Operating System (OS). In case you do not develop on a x86 32bit system a lot of automations do not work and require patience to be solved.
Especially, the support of packages on armhf , the ARM release repository, is not very usable, yet. Additionally, despite the importance of reactivity and low latency ROS is – like all other frameworks – no realtime OS.

ROS general terminology

ROS is a message-based concurrent running heterogeneous peer-to-peer network application. Its structure can be imagined as a mostly undirected graph with an obligatory center process node, called roscore . Broadly speaking, this one master node tracks every other part of the robotic network, including running processes and their interfaces. The centralistic design consequently uses its advantages by offering global debugging possibilities and error logging. It further mediates direct connections between every graph node on request. This becomes very useful in cases like image processing, where running traffic over the central node would impact the global system by increasing network usage and processing power.
Still simplifying, other parts of the graph are organized name spaces, called rosnodes , which in turn are containing more rosnodes or process edges called dependently on their function as rostopics or rosservices . A rosnode in a ROS environment therefore can be a robot, a processing server for navigation or even a human interaction device, like a laptop. Usually they physically do not cross the border of a single computing system, but often a single system can run multiple name spaces. Also, rosnodes profit from zero copy shared memory handling between their topics by using the ROS nodelet manager and by that significantly reduce
memory consumption. Every rosnode offers at least one rostopic , a multi-peer subscribable message provider, or a rosservice , a bidirectional unique connection between peers containing parameters.

ROS history

In 2007, the first robot running a version of ROS was STanford Artificial Intelligence Robot
(STAIR) which was developed by Stanford Artificial Intelligence Laboratory (SAIL). During
that time ROS was called switchyard but already followed its main principles like inter-
process communication, concurrency and heterogeneous environments. After that, Willow
Garage primarily developed ROS until February 2013. At this time ROS reached the critical-
mass, every open source project needs to survive without being mainly driven by external
funding. Since then the stewardship of ROS has been moved to the Open Source Robotics Foundation  and subsequently left Willow Garage .
Major versions of ROS are called distributions and are named using adjectives that start
with with successive letters of the alphabet. Starting with box turtle , C Turtle , diamondback ,
electric , fuerte , groovy , hydro and finally Indigo , which is available since May 2014.