Sat 9 Jun 2007
Sun 1 Oct 2006
VPNs and You: 2 - Configuring the OpenVPN client
Posted by tom under Networking , SecurityNo Comments
If you followed part one of this series, VPNs and You: 1 - Providing secure remote access with OpenVPN, then you should have a ready-to-use OpenVPN server, so all we need now is the client. Fortunately for us the client configuration is even easier than the server configuration, so before you know it you’ll have a fully functioning VPN setup…
Thu 3 Aug 2006
Started using Notable - Ended up Creating New Version
Posted by tom under Blogging , Web[2] Comments
So I wanted some blog-posting shortcuts, and after a little searching it seemed that Notable was one of the most common, so I downloaded and installed it. It worked alright, but I had some gripes:
- page was no longer valid XHTML due to some unencoded &s and reused object IDs
- icons were not all the same size
- no way to display text along with the icons
- no slashdot submission support
- ability to use blog categor(y|ies) in submission URLs, for tag fields for instance
I ended up fixing these myself, and in the hope that others will want these fixes/features I am making the new version available for download.
Installation directions can be assumed to be the same as the official v1.14 release.
Read on for details of what was changed . . .
Mon 12 Jun 2006
So I wanted a nifty “Now Playing” box on the side of my blog, but I wanted to do it securely.
I found a WinAmp plug-in called Do-Something which looked promising, at the start of any new song it would do any (or any chain) of several actions. Most notable to me was submit a URL. The idea was simple enough, submit a url with the artist and song name (these it gets from the file tag), and a shared password, to a CGI script on the web server. The CGI would then update some file used in a SSI by the page, and poof, “Now Playing” would be up and running. Unfortunately, this simple method is not very secure…
Sat 27 May 2006
Just thought I’d take a second to say -”I mean, SunMilk man! Wow. SunMilk… you know? Wow.”
Basically they take nonfat milk and add sunflower oil, and you end up with milk that tastes almost like whole milk but is much better for you (1% fat, unsaturated). I find that if I mix it ~3:1 with nonfat milk it still tastes better than normal 1% milk, and has: less sugar, less calories, less cholesterol, less fat (and it’s unsaturated vs. saturated), and more protein. Plus it tastes good.
The only downside is the cost, it’s kinda expensive (like $3.50 for a half gallon), which is actually the main reason I do the 3:1 thing, stretches it out.
If you have the means, I highly recommend picking some up. Find some in your area!
Thu 25 May 2006
VPNs and You: 1 - Providing secure remote access with OpenVPN
Posted by tom under Networking , SecurityNo Comments
First things first, why not IPSEC you ask? Long story short, most IPSEC implementations suck. However, directly contrary to that statement, I will be using OpenBSD in this article, and OpenBSD has a truly excellent IPSEC implementation. So, why not use IPSEC? Because *most* IPSEC implementations suck! If both ends of our VPN were OpenBSD, or professional-level homogenius hardware solutions, then IPSEC could be ideal. Secure, high-speed, reliable, you name it - when IPSEC is done right it can be extremely powerful.
However, for remote access for employees, we need to assume the worst case, the worst case being Windows. Windows XP has an IPSEC implementation, I mean, in theory. In reality it is so craptacular that almost everyone uses either the SafeNet client or the Cisco client, both are quite good, both are not free. To be more specific, Cisco’s client is technically free, but only in combination with purchase of their hardware, which is significantly less free.
Enter OpenVPN, a free, open source, SSL based VPN solution for nearly any OS you can think, and of particular import to this discussion - a very good Windows client and a very good OpenBSD server. If you have any history with VPNs, then SSL may set off alarm bells for you as there are a number of crappy web-based SSL VPN solutions around. Don’t be worried, OpenVPN is NOT web based.
Here’s the basics:
- OpenVPN is an SSL VPN, again, please note that SSL != WEB BASED
- It works similarly to IPSEC, but is not compatible, as the cumbersome IKE algorithm is replaced with SSL/TLS
- Supports two-factor authentication (HIPAA compliance requirement)
- Relatively easy to install and manage
- It plays well with OpenBSD (ported at /usr/ports/net/openvpn)
- The Windows client GUI is solid and easy to use
Note: I love OpenBSD. I prefer to use it for any internet facing server unless there is a compelling reason not to, hence ability to play well with OpenBSD was a requirement for me.
Installation is a breeze, /usr/ports/net/openvpn/make install and you’re done.
Initial configuration is covered thoroughly in the very clear Official HOW-TO, but here’s the basics: