Ubiquity EdgeMAX EdgeRouter Lite PPPoE RDS-RCS NAT

So I got a new router to play with .. which looks awesome so far !
Here’s what I did to set up my connection !

configure 
set interfaces eth0 description WAN
set interfaces eth0 pppoe 0 default-route auto
set interfaces eth0 pppoe 0 mtu 1492
set interfaces eth0 pppoe 0 name-server none # you can use 'auto' if you want to use their ns's, I have my own.
set interfaces eth0 pppoe 0 user-id XXXXX
set interfaces eth0 pppoe 0 password XXXXX
set interfaces eth2 description LAN
set interfaces eth2 address 192.168.1.1/24
set firewall options mss-clamp interface-type pppoe
set firewall options mss-clamp mss 1412
set service nat rule 5000 outbound-interface pppoe0
set service nat rule 5000 type masquerade
set system offload ipv4 forwarding enable
set system offload ipv4 pppoe enable # this is the magic word that will offload pppoe from the processor to the ASIC or whatever it is !!!
set system offload ipv6 forwarding enable
set system offload ipv6 pppoe enable
set firewall port-forward lan-interface eth2
set firewall port-forward hairpin-nat enable # this will enable machines in the lan to use the wan to connect back to themselves
set firewall port-forward auto-firewall enable
set firewall port-forward rule 1 description apache
set firewall port-forward rule 1 forward-to address 192.168.1.10
set firewall port-forward rule 1 forward-to port 80
set firewall port-forward rule 1 original-port 80
set firewall port-forward rule 1 protocol tcp
set system host-name somehostname.dyn.com # change this
set system name-server 192.168.1.95 # you don't need this if you use auto on the pppoe connection.
set system time-zone Europe/Bucharest
commit
save

vim justify

So, I got some text that I needed to look pretty, meaning all lines should be 96 chars wide but if more than 10 spaces would be needed to added in each line between words, it should remain the same… SO I looked at column, par, fmt, emacs .. then settled on vim !

mkdir ~/.vim
wget http://ftp.stust.edu.tw/vim/runtime/macros/justify.vim -O ~/.vim/justify.vim
echo "so ~/.vim/justify.vim" >> ~/.vimrc
shift v # this will start visual selection mode
shift g # this will put you at the end of the file
:'<,'>Justify 96 10

image magick tricks

So, I had a couple of hundred images with the same background but people were in it in various places, I wanted to get the “average” background .. basically, getting the people out of the picture.

You need to have multiple pictures of the exact same thing for this to work. Photoshop has a thing called “image statistics” with an option called “median”.

convert *.jpg -evaluate-sequence median OUT.jpg

Then I wanted to remove some black things from the image and just replace them with white. Since there was a lil’ bit of “black-ish” around the black, the -fuzz helped.

convert OUT.jpg -fuzz 18% -fill white -opaque black OUT2.jpg

http proxy ipv4 only for yum

So, I needed a fast way to install dovecot on a centos 7 server in a private network that had access to my own network but not to the internet.

I set up a proxy and then saw that yum wants to use ipv6 here’s what I did

export http_proxy="http://198.51.100.13:3128"
echo 'ip_resolve=4'>> /etc/yum.conf
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
yum update

Download file with PowerShell

So .. I have a windows embedded which doesn’t have internet explorer .. nor explorer shell .. nor any other methods of communicating with the universe ( except the internet itself and ftp ) .. but I had the bright idea to embed powershell !
After a couple of hours of trying to figure out why the heck to my apps keep saying “don’t want to run in DOS mode” .. or not running anything at all ( and weird icons apearing for the app instead of the icon I’d expect it to have ) .. I got to this:

$storageDir = $pwd
$webclient = New-Object System.Net.WebClient
$url = "http://link/to/file"
$file = "$storageDir\myNewFilename.jpg"
$webclient.DownloadFile($url,$file)

I don’t know exactly why the ftp method didn’t work YET ..

Creating a Windows Embedded Standard 7 ISO

So, first step is to get en_windows_embedded_standard_7_sp1_toolkit_x86_dvd_651894.iso ( or whatever is newer .. )
You can get a trial from Windows Embedded Standard 7 HomePage.

After that, you want to follow this Building a Windows Embedded Standard 7 Image DeveloperNetwork Page. What it basically sais is:
– you need to run tap.exe on your windows target machine to get information about the drivers it needs installed !
– get the mpq file it generated
– create your IBW directory ( I generated mine in c:\users\dexter\desktop\embedded7img )

After that, you probably want to do this

"c:\Program Files (x86)\Windows Embedded Standard 7\Tools\AMD64\oscdimg.exe" -n -m -b"C:\users\dexter\desktop\embdedded7img\boot\etfsboot.com" "c:\users\asandu\desktop\embedded7img" "c:\users\asandu\desktop\embedded7img.iso" 

Et voila, you have a windows embdeded 7 bootable iso image.

P.S.: You probably want “Windows Explorer Shell” if you want your familiar desktop instead of the “Command Prompt Shell with Custom Shell Support”

OpenVPN setup with mysql auth and ssl port sharing

So, I decided it was time to prevent some firewalls from blocking my connection to openvpn.
Here’s what I did to share port 443 ( which I already had an apache listening on ) with openvpn !

# Make apache Listen on port 4545 and replace all VirtualHost directives to use that.
emerge net-misc/openvpn app-crypt/easy-rsa sys-auth/pam_mysql
cp -prv /usr/share/easy-rsa ~
cd ~/easy-rsa
cp vars{,.orig}
cat >> vars << _EOF_
export EASY_RSA="`pwd`"
export KEY_DIR="$EASY_RSA/keys"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
export KEY_SIZE=4096
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="US"
export KEY_PROVINCE="FL"
export KEY_CITY="Miami"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="master@myhost.domain"
export KEY_CN=changeme # Common Name (eg, your name or your server's hostname) 
export KEY_NAME=changeme # Name
export KEY_OU=changeme # Organizational Unit Name (eg, section)
_EOF_
source ./vars
./clean_all
./build-ca
./build-key-server server
./build-dh
openvpn --genkey --secret /root/easy-rsa/keys/ta.key
mkdir -p /etc/openvpn/certs
cp -pv ~/easy-rsa/keys/{ca.crt,ca.key,server.crt,server.key,ta.key,dh4096.pem} /etc/openvpn/certs/

cat >> /etc/openvpn/openvpn.conf << _EOF_
dev tun
# use udp .. it performs alot better, this tutorial just uses tcp because it is sharing the port with apache !
proto tcp
local 203.0.113.10 # replace with the ip you want it listening instead of 0.0.0.0
port 443
port-share 127.0.0.1 4545
keepalive 10 120
comp-lzo
user nobody
group nobody
server 192.168.7.0 255.255.255.0
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/server.crt
key /etc/openvpn/certs/server.key
dh /etc/openvpn/certs/dh2048.pem
tls-auth /etc/openvpn/certs/ta.key
#tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA # bettercrypto.org
tls-version-min 1.2 # you can try use tls-cipher see if everything is ok for you, if not, try this.
cipher AES-256-CBC
auth SHA384
verb 5
_EOF_

sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/' /etc/sysctl.conf
sysctl -p
rc-update add openvpn default
/etc/init.d/apache2 restart
/etc/init.d/openvpn restart

# now for the client part, give him this one file
./build-key-pass client
cat >> ~/client.ovpn << _EOF_
client
remote 203.0.113.10
dev tun
# set udp here too if you decided to use that!
proto tcp
port 443
cipher AES-256-CBC
comp-lzo yes
nobind
auth-nocache
script-security 2
persist-key
persist-tun
auth sha384

<ca>
$(cat ~/easy-rsa/keys/ca.crt)
</ca>

<cert>
$(cat ~/easy-rsa/keys/client.crt)
</cert>

<key>
$(cat ~/easy-rsa/keys/client.key)
</key>

<tls-auth>
$(cat ~/easy-rsa/keys/ta.key)
</tls-auth>
_EOF_

Gentoo apache 2.4 and Google’s mod_pagespeed

Here’s how you can get mod_pagespeed on your gentoo box running apache 2.4

emerge rpm
mkdir ~/src
wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm -O ~/src/mod-pagespeed-stable_current_x86_64.rpm  
cd ~/src
cpio ~/src/mod-pagespeed-stable_current_x86_64.rpm | cpio -idmv
cp ~/src/usr/lib64/httpd/modules/mod_pagespeed_ap24.so /usr/lib64/apache2/modules/
cp ~/src/etc/httpd/conf.d/pagespeed.conf /etc/apache2/modules.d/80_mod_pagespeed.conf
cp ~/src/etc/httpd/conf.d/pagespeed_libraries.conf /etc/apache2/modules.d/
mkdir /var/cache/mod_pagespeed/ -p
chown -R apache:apache /var/cache/mod_pagespeed/
# You'll need to have mod_version installed or you'll have to manually set the LoadModule to use the 24.so one.
# You'll also have to replace /usr/lib64/httpd with /usr/lib64/apache2
sed -i 's/\/usr\/lib64\/httpd/\/usr\/lib64\/apache2/' /etc/apache2/modules.d/80_mod_pagespeed.conf 
# Replace the Order and Allow lines with 'Require all granted'
/etc/init.d/apache2 restart

Many thanks go to tantruminv.comfor providing the initial info.

Installing Oracle’s JRE in gentoo

It’s as simple as this:

echo '>=dev-java/oracle-jre-bin-1.7.0.65:1.7 Oracle-BCLA-JavaSE' >> /etc/portage/package.license

wget --no-cookies --no-check-certificate --header "Cookie: oraclelicense=accept-securebackup-cookie" "https://download.oracle.com/otn-pub/java/jdk/7u65-b17/jre-7u65-linux-x64.tar.gz"

mv jre-7u65-linux-x64.tar.gz /usr/portage/distfiles

emerge =dev-java/oracle-jre-bin-1.7.0.65

java-config --list-available-vms # to see the VMS installed

java-config --set-system-vm oracle-jre-bin-1.7

You might have to update the link and version number since it might ( and will probably ) change since I wrote this post.