LiberLabs Blog

Remember: if you are using a privileged port for your openvpn (<1024, like 53/udp for bypassing captive portals), don’t configure privilege dropping, otherwise after the first timeout, the vpn will die with “TCP/UDP: Socket bind failed on local address [undef]:port: Permission denied”

My static key server config:
cat /etc/openvpn/ogre.conf
dev tun
ifconfig 10.0.66.1 10.0.66.2
secret static.key
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
# keep commented if using a privileged port
#user nobody
port 53
proto udp

The logfile of the failing openvpn:
Feb 28 09:48:37 ogre ovpn-ogre[6383]: OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
Feb 28 09:48:37 ogre ovpn-ogre[6383]: /usr/sbin/openvpn-vulnkey -q static.key
Feb 28 09:48:38 ogre ovpn-ogre[6383]: LZO compression initialized
Feb 28 09:48:38 ogre ovpn-ogre[6383]: TUN/TAP device tun0 opened
Feb 28 09:48:38 ogre ovpn-ogre[6383]: /sbin/ifconfig tun0 10.0.66.1 pointopoint 10.0.66.2 mtu 1500
Feb 28 09:48:38 ogre ovpn-ogre[6388]: UID set to nobody
Feb 28 09:48:38 ogre ovpn-ogre[6388]: UDPv4 link local (bound): [undef]:53
Feb 28 09:48:38 ogre ovpn-ogre[6388]: UDPv4 link remote: [undef]
Feb 28 09:48:47 ogre ovpn-ogre[6388]: Peer Connection Initiated with 79.47.206.122:62799
Feb 28 09:48:47 ogre ovpn-ogre[6388]: Initialization Sequence Completed
Feb 28 11:28:25 ogre ovpn-ogre[6388]: read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Feb 28 11:28:34 ogre ovpn-ogre[6388]: Inactivity timeout (--ping-restart), restarting
Feb 28 11:28:34 ogre ovpn-ogre[6388]: SIGUSR1[soft,ping-restart] received, process restarting
Feb 28 11:28:36 ogre ovpn-ogre[6388]: Re-using pre-shared static key
Feb 28 11:28:36 ogre ovpn-ogre[6388]: LZO compression initialized
Feb 28 11:28:36 ogre ovpn-ogre[6388]: TCP/UDP: Socket bind failed on local address [undef]:53: Permission denied
Feb 28 11:28:36 ogre ovpn-ogre[6388]: Exiting

If you apt-get install phpmyadmin on Debian/Ubuntu, you will notice the quoted warning message:

Server running with Suhosin. Please refer to documentation for possible issues.

You will get reference and possibile solutions here.

A fast get to achieve a fully working phpmyadmin on a trusted environment, is to enable the simulation mode on the phpmyadmin vhost, editing /etc/apache2/conf.d/phpmyadmin.conf and adding:

php_flag suhosin.simulation On

inside the relevant IfModule directive, for example [IfModule mod_php5.c] if you are using libapache2-mod-php5.

HylaFAX is an enterprise-class system for sending and receiving facsimiles as well as for sending alpha-numeric pages.

The A01-PU3 is an usb PSTN modem that support the CDC ACM standard, and it works great on Linux!

On Debian you can easily setup an Hylafax Server installing it by:

aptitude install hylafax

And configure your fax device with faxaddmodem:

faxaddmodem /dev/ttyACM0

At this point, the faxserver was correctly receiving faxes but the sending was constatly failing due to no carrier errors:

Nov 16 12:18:09 hylafax FaxSend[8506]: SEND FAILED: JOB N DEST XXXXXXX ERR [2] No carrier detected

You should add to /etc/hylafax/config.ttyACM0 for fixing the problem:

ModemResetCmds:         ATX3

You can find other useful information on:
DebianWiki
HylaFax Documentation
HylafaxFax Desktop Clients

On server:

socat tcp-l:54321,reuseaddr,fork file:/dev/ttyS0,nonblock,raw,echo=0,waitlock=/var/run/tty

On client:

while true; do socat pty,link=/dev/vttyS0,raw,echo=0,waitslave tcp:192.168.1.1:54321; done

A lot of fun exporting fax-modem serial line of servers geographically far and use a central hylafax server with multiple virtual modems =D

It’s 3 weeks that I bought a Linksys WAG54G2 wifi adsl router, and I wasn’t very happy with it.
Even with a very low bandwidth allotment for my torrent client, the navigation on every site was very SLOW (~5 sec for http://www.google.it), with the latest firmware (1.00.17) and with default settings.

Today I probably found a solution for the WAG54G2 problems with high latency when using p2p. The problem is probably not the router itself, but it’s poor QoS implementation or its gui frontend.

Let’s look at my actual configuration:

With this QoS configuration, I can happily browse the internet while torrenting. I don’t have any idea why the hell with QoS disabled, the opening of new connections is massively retarded.

For those who aren’t fluent in Linksys web interface, you should go to Applications &
Gaming -> QoS;
Set Internet Bandwidth to Manual (I have a 7mbits DSL, ~8000 should be good, I put 9000)
In Category -> Applications, Add a new application: name web, port range 80 80 on the first line, 443 443 on the second and 53 on the third. On the dropdown select Both, Priority Medium, then Add.
Save settings.
Finish.

If these settings solve your problems, please drop me a comment on this page, thanks!

The new Ubuntu Karmic (9.10) will be release soon and it will greatly increase the support of MacBooks, thanks to the official Ubuntu Mactel Team (https://launchpad.net/mactel-support)

Here are a short list of tips for configuring your Macbook with Ubuntu Karmic.

To change the default behavior of the Fn keys, because I use much more the F1, F2, F3 ecc, than changing brightness of my screen, keyboard, etc.
Added in /etc/rc.local:

echo 2 > /sys/module/hid_apple/parameters/fnmode

The new hid-apple module has native support for keys for changing brightness on screen and keyboard, and also for the integrated light sensor. Unfortunately, hid-apple obey too much to the light sensor, changing every few seconds the brightness without taking care of manual changes to the brightness. In a few words, I cannot manually change the screen brightness because the light sensor reset it every time.
So I decided to reinstall ye good olde pommed to control everything.

sudo aptitude install pommed

For changing settings:

sudo nano /etc/pommed.conf

For mounting the mac hfs+ partition on Ubuntu:
sudo aptitude install hfsprogs
Add to /etc/fstab:
/dev/sda2 /media/mac hfsplus defaults 0 2
Important note: you *MUST* disable journaling on the hfs filesystem, because Linux doesn’t know how to handle the journal. You can disable journaling on the mac volume when you are on MacOsX running in a terminal:

diskutil disableJournal /

I have also changed on my Ubuntu /etc/passwd the UID of my user from 1000 to 501, so I don’t need to use my root account to access my mac home directory. You can also change the mac user UID from mac, using the Account applet in the System Preferences panel (but I don’t have tried yet)

Also remember to add to your sources.list the Medibuntu repository (https://help.ubuntu.com/community/Medibuntu) and Mactel PPA (https://edge.launchpad.net/~mactel-support/+archive/ppa)