OpenVPN Tips And Tricks

Setting up your own VPN server and getting everything working can be a real pain to do. Over the past few months I’ve been off and on trying to get one working. While I had attempted to get other methods, which did not require software to be installed in Windows, to work, I ended up settling on using OpenVPN. Here are a few notes and resources I found useful.

Gentoo Forums :: View topic – Howto Openvpn – The quick easy wayhttp://forums.gentoo.org/viewtopic-t-117709-view-next.htmlI’ve read through a lot of howto’s for openvpn, and a lot of them didn’t seem to work, I could follow them line for line and I kept running into problems. Here is my HOWTO on openvpn, which i find was the simpliest way of setting it up.

I used the above guide to begin my setup of a OpenVPN server on my server running Funtoo (a Gentoo variant). While the guide is pretty good, I have a few notes:

  • The line┬áremote <vpn server ip> 9900 for the Linux client config is wrong, in the example configs the port should always be 9000
  • Since the writing of the guide, easy-rsa has been split off into it’s own package, install it by running emerge -av easy-rsa
  • The directory the easy-rsa files go to has changed, they are now located under /usr/share/easy-rsa/ you will want to copy these somewhere else (e.g. /etc/openvpn/easy-rsa) to prevent them from being overwritten when updating easy-rsa
  • Easy-rsa contains several OpenSSL config files, you’ll either need to update the server.cnf file to match the installed OpenSSL version, or create a symlink with openssl.cnf pointing to the appropriate openssl-.cnf file.
  • If you do not have $OPENSSL defined, you’ll run into issues running ./build-dh. You should be able to edit line 7 of build-dh replacing $OPENSSL with openssl

Beyond this guide, when trying to talk to a Samba server, a few things should be noted:

  • When using a VPN to connect to a network with the Samba server, you will have a IP address in a different network than the Samba server is in (e.g. 192.168.2.0 vs 192.168.10.0). Make sure to add your VPN network to the hosts allow property in your smb.conf.
  • Since Windows Vista, Windows tries to find a gateway to determine if the connected network is a home, office, or public network. You may need to add push "route 0.0.0.0 0.0.0.0 vpn_gateway 999" to your OpenVPN server’s config file.
  • If you want to use the Netbios name to access the Samba server, you will want to place push "dhcp-option WINS <SAMBA_IP_ADDRESS>" (where <SAMBA_IP_ADDRESS> is the IP address of your Samba server) in your OpenVPN server’s config file.

Lastly, you should note that if the network you are VPNing into has a server at the same IP address as the network you are VPNing from, it may be difficult to contact the server on the network you have VPNed into. So, it is probably a good time to move away from using 10.0.0.0, 172.16.0.0, or 192.168.1.0 as your network address.

-John Havlik

[end of transmission, stay tuned]

How to Add li and Other Tags to Breadcrumb Templates

Since Breadcrumb NavXT 4.3.0, all settings that can contain HTML are passed through wp_kses(). With this change, only a basic set of acceptable tags and properties within tags were allowed. Naturally, this restricted users more than they were used to. The restriction wasn’t the biggest problem, the lack of a filter to allow users to add their own tags in to the allowed HTML tag list. However, with Breadcrumb NavXT 4.4, a new filter bcn_allowed_html has been introduced to fix this issue.

The default set of allowed HTML tags in Breadcrumb NavXT 4.4 consists of: <a>, <img>, <span>, <h1>, and <h2>. For the purposes of this guide, let’s assume you don’t want to use the built in bcn_display_list() function to output breadcrumbs wrapped in <li> tags. The reason you would want to do this is if you need additional properties within the tag (Breadcrumb NavXT will by default add a class but that’s it).

In Breadcrumb NavXT 4.4, adding a tag to the allowed HTML list for Breadcrumb NavXT is really easy. Just create a function with one input argument ($allowed_html in this example). Within that function append, using the HTML tag name as the array entry key, assign an array of properties that tag is allowed to have, using the property name as the array entry key and a value of true. Then add your filter function to the ‘bcn_allowed_html’ filter hook. Below is an example of this for the <li> tag with a selection of properties.

function my_bcn_allowed_html($allowed_html)
{
	$allowed_html['li'] = array(
		'title' => true,
		'class' => true,
		'id' => true,
		'dir' => true,
		'align' => true,
		'lang' => true,
		'xml:lang' => true,
		'aria-hidden' => true,
		'data-icon' => true,
		'itemref' => true,
		'itemid' => true,
		'itemprop' => true,
		'itemscope' => true,
		'itemtype' => true
	);
	return $allowed_html;
}
add_filter('bcn_allowed_html', 'my_bcn_allowed_html');

To get started quickly, just copy and paste the above code into a site specific plugin and start playing.

-John Havlik

[end of transmission, stay tuned]

Using ImageMagick to Batch Convert Photos

Back when I posted my photoset from WordCamp Minneapolis 2013, rather than performing any post processing, I just uploaded the full images from my camera’s SD card. Normally, I would open up the Gimp and reduce the resolution by 50% and then crop to a 3:2 or 16:10 ratio depending on what was appropriate for the images. This produces small files that are easy for the server to handle.

Since WordPress generally does a good job generating the image sizes it needs, I didn’t worry about uploading the full, unreduced images. Normally, the end users would never see the full size images, so no harm, right? Wrong. At least if you use Jetpack.

If you use the tiled gallery feature in Jetpack (like I do on this site) you end up using the WordPress.com CDN. Unfortunately, Jetpack tries to load the full image size when caching for the tiled gallery. Trying to pull 50 or so images, at 1 MiB to 2 MiB a piece to cache didn’t work too well. Naturally, Jetpack could do things slightly more intelligently and request for the closest, already existing, image size to be used, but that’s a topic for another day.

To get things to play nicely I needed to reduce the ‘original’ file sizes. Thankfully, Weblogs.us has ImageMagick installed. Thus, fixing the issue was as simple as running:

convert P*.jpg -resize 50% \
-quality 88 \
-set filename:newsize '50_%t' '[filename:newsize].jpg';

Then, after inspecting the results, all that was left to do was to rename the 50_ prefixed files back to the original file name.

-John Havlik

[end of transmission, stay tuned]

Fix Plex Placing Albums into “Various Artists”

Plex is a pretty nifty media server and app for deices such as Roku. However, with a large music library, it can do some goofy things. One of the most annoying is placing albums under the “artist” Various Artists (when they shouldn’t be there).

Case in point, two albums that I ripped from CD ended up in this category. The first was Jay-Z’s The Blueprint 3, and the second was Daft Punk’s Discovery. Neither of these should be under Various Artists. What was the problem? Plex’s media scanner picks up on the Artist ID3 tag. If for a given album there are two or more artists it will throw it in the Various Artists group. The easy solution is to use an ID3 tag editor (EasyTAG and Kid3 are two open source options) to clean up and homogenize the artist field for all tracks in the album.

-John Havlik

[end of transmission, stay tuned]

9 Comments Updated:

vBulletin Style Breadcrumbs for WordPress

vBulletin is a somewhat popular forum software package that has a unique breadcrumb design. Rather than the normal, single lined breadcrumb trail, it drops the current item’s breadcrumb to a second line. It also happen to have two folder icons for flair, but those are trivial to add in with CSS3. Even without CSS3 adding the icons is fairly easy (set as a non-repeating background image).

View Demo
Continue reading