Fedora 19 and override routes with openvpn

Lately, I had an issue with routes, because I wanted to use my VPN connection only for resources on network that I wil connect. Unfortunately in Fedora 19 this option: “Use this connection only for resources on its network” doesn’t work. However there is workaround (from RedHat bugzilla):

Just use this tool (of course as root in CLI):

nm-connection-editor

You will find there this option – just activate it, and it will work.

Changing settings to Your VPN connection under nm-connection-editor will couse that this connection will disappear from Network Manager settings, but It will be accessible from Newtork Manager icon in the upper right corner of Your screen. You will be abble to connect to this VPN through Network Manager applet.

Posted in Uncategorized Tagged with: , , ,

Running openvpn with SELinux on Fedora 19

Lot of people has the same issue with setting up openvpn with SELinux enabled. Follow steps below and You will get it working.

First of all make directory in Your home (it must be .cert):

mkdir ~/.cert

Now copy Your certs into this directory:

cp [path_co_certs]/private_key.key ~/.cert/private_key.key
cp [path_co_certs]/ca.crt ~/.cert/ca.crt
cp [path_co_certs]/private_cert.crt ~/.cert/private_cert.cert

Finally, just configure new VPN connection through Network Manager, choosing correct settings.
It should start, and work like a charm.

Posted in Uncategorized Tagged with: , ,

Fedora 19 and Dell E4300 issues

Recently I’ve installed Fedora 19 on my Dell E4300 laptop. There are some issues with this setup and I will try to reseolve them in this post:

  • scrolling on touchpad doesn’t work

Just paste it in command line:

gsettings set org.gnome.settings-daemon.peripherals.touchpad scroll-method 'edge-scrolling'

After that You should be able to scroll on Your touchpad, however I noticed that scrolling is inverted. So here is next issue:

  • scrolling on touchpad is inverted

Paste it in command line:

gsettings set org.gnome.settings-daemon.peripherals.touchpad natural-scroll 'false'

 

I will update this post with issues I will find, so stay tuned.

Posted in Uncategorized Tagged with: , , ,

Charging iPad connected to USB port on Fedora

When I bought iPad I was confused that it will not charge when connected to USB port in my desktop. Recently I found this software: ipad_charge. As it is said on github it will charge almost all portable apple devices. So I gave it a try and I found out that this software is doing it in the way that I wanted. All You need to install this software on Fedora 18 x86_64 is to compile it. I will show below all the steps to use this software.
First of all You need sources of ipod_charge:

wget https://github.com/mkorenkov/ipad_charge/archive/master.zip

Now we need to unpack it:

unzip master.zip

And compile it:

cd ipad_charge-master
make
sudo make install

And that’s all. Now when You will connect iPad to Your desktop it will start to charge.

Of course You can turn off charging while connected to USB:

ipad_charge --off

And enable charging again:

ipad_charge

I also found out that You can access Your iPad’s (and other apple portable devices) data while charging. So it is very useful software.

Posted in Uncategorized Tagged with: , , ,

iOS jailbreak tool evasi0n on Fedora 18 x86_64

I just wanted to do jailbreak on my iPad3. I’ve grabbed latest version of jailbreak software from evasi0n.com website. Unpacked it, and run, but I’ve got error:

./evasi0n.x86_64: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory

So I’ve digged for a while, and find out that I do not have some libraries, however I’ve installed libssl and libcrypt that are necessary to run this jailbreak software. Unfortunatelly Fedora 18 only have openssl in version 1.0.1. So I had to compile openssl v. 1.0.0. Here are the steps:

wget http://www.openssl.org/source/openssl-1.0.0j.tar.gz
tar -zxfv openssl-1.0.0j.tar.gz
cd openssl-1.0.0j
./config -t
make

After that You will have libssl.so.1.0.0 and libcrypto.so.1.0.0 files in this directory. Now You need to copy those files into proper directory in Your system:

cp libssl.so.1.0.0 /usr/lib64/
cp libcrypto.so.1.0.0 /usr/lib64/

And now evansi0n software is running wihtout any problems.

Posted in Uncategorized Tagged with: , , , , ,

Openvpn revoke / unrevoke certificates

REVOKING
Sometimes You need to revoke access of a client in openvpn. The simpliest way to do this is to revoke certificate. Revoking certificate is almost as simple as clicking enter on a keyboard. To revoke certifikate just go to Your easy_rsa directory and enter following:

source ./vars
./revoke-all [certificate name]

UNREVOKING
Sometimes You need to revoke access of a client in openvpn only temporarily. Revoking access is done in the same way as above. But we need to unrevoke access. Here are the steps to do this.
First of all You need to go to Your easy_rsa directory (or where do You keep Your keys). You will find there index.txt file. Open it with Your favourite text editor. You will find there index of all certificates. Some lines begins with R and some with V. The ones that begins with R are pointing to revoked certificates. To unrevoke certificate just change R to V at the beggining of the line, and remove third column. After that just do:

source ./vars
openssl ca -gencrl -out "crl.pem" -config "$KEY_CONFIG"

After that client should connect to openvpn with no problem.

If You have any questions please leave a comment. I will answer asap.

Posted in Uncategorized Tagged with: , , , , ,

Fedora 18, chrome and jnlp file association

Every time I’ve upgrade or reinstall fedora I have the same issue. Downloaded *.jnlp file with chrome browser will not open (from the bottom of browser) in java. While this file is clicked it will open new tab and will download this file again. I’ve modified a little bit my system so from now on it will open *.jnlp files with oracle javaws. So here are the steps how to do it.

Open terminal and login as root. Then just go to /usr/share/applications and create there a file javaws.desktop. Put those lines in this file:

[Desktop Entry]
Name=Javaws    
Name[pl]=Javaws               
Comment=Javaws                         
Comment[pl]=Javaws                                     
Exec=/usr/bin/javaws %U 
Terminal=false
Type=Application

Save file and go to chrome to download some sample jnlp file. Download it but do not open via browser. Go to place where this file was downloaded and do right click. Then “Open with” -> “Another program” -> “Display another programs” and then just choose Javaws.

From now on You will be able to open *.jnlp files directly from google chrome browser.

Posted in Uncategorized Tagged with: , , , , ,

cacti template to monitor raspberry pi temperature

After very long time I had some time to do smth with my raspberry pi.

I always wanted to have small server in home to monitor all of my network devices in home. Raspberry pi is almost ideal for it. However I cannot run Zabbix on it, because Zabbix is not adopted to such small devices. So I decided to use cacti. After digging google I spotted this link:
Cacti Pi

There is nice tutorial how to intall and optimize cacti to run on raspberry pi. I followed it and after about 15 minutes I had full setup of cacti.
However I wanted to monitor my raspberry pi’s temperature. It can be done from CLI:

/opt/vc/bin/vcgencmd measure_temp

So I’ve writed small script:

#!/usr/bin/perl
 
open(PROCESS, "/opt/vc/bin/vcgencmd measure_temp |");
$avg = <PROCESS>;
close(PROCESS);
 
$avg =~ s/^.*=(\d{2}\.\d)'?C?$//;
 
print "$1";

Here is some edit:

#!/usr/bin/perl
delete @ENV{qw(PATH)};
$ENV{PATH} = "/usr/bin:/bin";
$path = $ENV{'PATH'};
 
open(PROCESS, "/opt/vc/bin/vcgencmd measure_temp |");
$avg = <PROCESS>;
close(PROCESS);
 
$avg =~ s/^.*=(\d{2}\.\d)'?C?$//;
 
print "$1";

And put it to:

/var/www/cacti/scripts/temp_rpi.pl

Of course You need to:

chown pi:users /var/www/cacti/scripts/temp_rpi.pl

After that create new data input method in cacti:

Data input methods

Then added cacti templates and data sources (files to import to cacti 0.8.8a are attached to this post), but graphs didn’t show. After digging google, I’ve found the problem: www-data user must be added to video and plugdev group.

After that You will have nice graphs of temperature on your raspberry pi:
Raspberry pi temperature graph

And that’s all.

Files to import in cacti:
Cacti data template
Cacti graph template

Posted in Uncategorized Tagged with: , ,

raspberrypi has arrived :)

So my Raspberry Pi has arrived. Here are some photos:

And of course I’ve built Lego case for it:

I will put some updates here about my work with Raspberry Pi, but now I am not decided yet what to do with it (home multimedia player, workstation…).

Here is some info about my Raspberry PI:
sq4ind-rpi
So You can see how it is working now…

Maybe I will put my blog on it?? Who knows… stay tuned for updates.

Posted in Uncategorized Tagged with:

dd-wrt – speeding up internet browsing

Recently I have some time to play with my DD-WRT based router. I wanted to speed up internet browsing, so I decided to put on DD-WRT squid and DNSMasq. And here is what I’ve done.

My router config:

Firmware: 

DD-WRT v24-sp2 (08/07/10) mega

Partition layout:

Filesystem Size Used Avail Use% Mounted on
rootfs 5.7M 5.7M 0 100% /
/dev/root 5.7M 5.7M 0 100% /
/dev/mtdblock/4 25M 900K 24M 4% /jffs
/dev/discs/disc0/part1
504M 314M 165M 66% /opt
/dev/sda3 6.8G 1.1G 5.4G 17% /mnt

As You can see I have added extra space by connecting to my router  8GB USB flash drive ( Patriot Xporter XT ), and installed OTRW.

I will not provide specific information how to install squid and DNSMasq (DNSMasq is installed by default), but my settings of those daemons.

So here are the main changes that I’ve done in squid configuration:

http_port 192.168.1.1:3128 transparent
cache_mem 8 MB
maximum_object_size_in_memory 32 KB
cache_dir ufs /mnt/squid/cache 1024 16 256
minimum_object_size 0 KB
maximum_object_size 4 MB

Then I’ve created file:

/opt/etc/rc.firewall

And put in it:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128

So all the traffic to http is redirect to squid cache.

Squid proxy is almost done, but You need to configure above firewall to start up automatically when router starts:

nvram set rc_firewall=/opt/etc/rc.firewall
nvram commit
chmod 755 /opt/etc/rc.firewall

From now on You router will automatically redirect all http traffic through You own squid cache server, what will cause speed improvement while browsing sites in internet.

Despite it was faster I wanted to do it much better, and I started to digging up what is taking too long to load the page, and I realized that DNS queries takes too long, so I decided to use DNSMasq to cach dns queries.

To turn on caching just put

cache-size=2000

In Services->Services->Additional DNSMasq Options box, click Save, and Apply Settings.

It will cache 2000 dns queries in routers memory.

 

Ok, but what I’ve achieved by those modifications:

  • faster DNS queries responses (before modifications: +/- 40ms, after modifications: +/- 1ms)
  • faster page loading (before modifications: +/- 8s, after modifications: +/- 3s – it all depends on site, for example – facebook.com from 34s to 12s)

I will try to do some more modifications to speed up internet browsing with dd-wrt, so stay tuned.

Posted in Uncategorized Tagged with: , ,