OpenVPN Tips And Tricks

Setting up your own VPN server and getting everything working can be a real pain to do. Over the past few months I’ve been off and on trying to get one working. While I had attempted to get other methods, which did not require software to be installed in Windows, to work, I ended up settling on using OpenVPN. Here are a few notes and resources I found useful.

Gentoo Forums :: View topic – Howto Openvpn – The quick easy wayhttp://forums.gentoo.org/viewtopic-t-117709-view-next.htmlI’ve read through a lot of howto’s for openvpn, and a lot of them didn’t seem to work, I could follow them line for line and I kept running into problems. Here is my HOWTO on openvpn, which i find was the simpliest way of setting it up.

I used the above guide to begin my setup of a OpenVPN server on my server running Funtoo (a Gentoo variant). While the guide is pretty good, I have a few notes:

  • The line¬†remote <vpn server ip> 9900 for the Linux client config is wrong, in the example configs the port should always be 9000
  • Since the writing of the guide, easy-rsa has been split off into it’s own package, install it by running emerge -av easy-rsa
  • The directory the easy-rsa files go to has changed, they are now located under /usr/share/easy-rsa/ you will want to copy these somewhere else (e.g. /etc/openvpn/easy-rsa) to prevent them from being overwritten when updating easy-rsa
  • Easy-rsa contains several OpenSSL config files, you’ll either need to update the server.cnf file to match the installed OpenSSL version, or create a symlink with openssl.cnf pointing to the appropriate openssl-.cnf file.
  • If you do not have $OPENSSL defined, you’ll run into issues running ./build-dh. You should be able to edit line 7 of build-dh replacing $OPENSSL with openssl

Beyond this guide, when trying to talk to a Samba server, a few things should be noted:

  • When using a VPN to connect to a network with the Samba server, you will have a IP address in a different network than the Samba server is in (e.g. 192.168.2.0 vs 192.168.10.0). Make sure to add your VPN network to the hosts allow property in your smb.conf.
  • Since Windows Vista, Windows tries to find a gateway to determine if the connected network is a home, office, or public network. You may need to add push "route 0.0.0.0 0.0.0.0 vpn_gateway 999" to your OpenVPN server’s config file.
  • If you want to use the Netbios name to access the Samba server, you will want to place push "dhcp-option WINS <SAMBA_IP_ADDRESS>" (where <SAMBA_IP_ADDRESS> is the IP address of your Samba server) in your OpenVPN server’s config file.

Lastly, you should note that if the network you are VPNing into has a server at the same IP address as the network you are VPNing from, it may be difficult to contact the server on the network you have VPNed into. So, it is probably a good time to move away from using 10.0.0.0, 172.16.0.0, or 192.168.1.0 as your network address.

-John Havlik

[end of transmission, stay tuned]

Fixed: BSODs Caused by garmnusb.sys in Windows 7

Since Windows 7 was released, I have had intermittent BSODs when plugging my Garmin Forerunner 305 into its USB cradle. The cause of the issue was always garmnusb.sys. A little searching shows that many users are experiencing the same issue. No one had a solution that worked consistently. Sure, you could connect the Forerunner before booting the PC, but that’s quite inconvenient.

A few weeks back, out of curiosity, I tried clicking on the “Update Driver” button for the device within Device Manager. To my surprise, a new driver was available.¬† Garmin released version 2.3.1.0 of the driver back in April.

Since updating to 2.3.1.0, I have not experienced any BSODs on my system. Going from crashing every other time I connected my Forerunner to zero BSODs is a great improvement. Unfortunately, this is something Garmin should have had fixed three years ago, before Windows 7 was released.

-John Havlik

[end of transmission, stay tuned]

Time for Flash to Die

Today some stupid advertisement delivery agency decided to ship a Flash based add that automatically infects your computer with a fake security suite (named “AV Security Suite”). This affects the latest Flash player, regardless of web browser.

Neat, right? Oh, it gets better. AV Security Suite is ransomware, which does not allow you to open any applications that it knows could close it. Great, isn’t it? The seemingly good thing is you can get rid of it using System Restore. Do this by:

  1. Pulling the powerplug to your PC (don’t do a “proper” shutdown or restart).
  2. Boot into safemode. Usually, you need to press and hold the F8 key while booting, and select safemode from the menu. However, if you did not shutdown properly this menu should automatically come up.
  3. Finally, in safemode use System Restore to go back to before the infection happened. Note that Windows 7 users can go strait to restoring using the “Restore Computer” menu item rather than safemode boot.

Going forward, remove Adobe Flash player from your computer. Since Adobe can’t seem to fix this issue, Flash player is not to be trusted (add Adobe Acrobat reader to your untrusted list as well). If you must have Flash player (for any reason) and use Firefox install Flashblock, it could save you time in the future.

-John Havlik

[end of transmission, stay tuned]

Using Harmony Remotes With Intel CIR Recievers

It’s really simple. So simple that I felt like an idiot when I did not get it to work right away. If you have a motherboard from Intel’s Extreme or Media series, you probably have CIR headers (some other manufactures have them as well, but it’s rather hit or miss). CIR is an acronym for Consumer InfraRed, is a standard of sorts that allows us to do fun things like turn on our HTPC with a standard IR remote. Best of all (sort of), it doesn’t require a USB adapter.

Continue reading

Quick Tip: Windows 7 Doesn’t Like Looking into the Future

Over the last week or so, my Windows 7 desktop has intermittently had problems connecting to atomtux. While accessing atomtux via Firefox worked, the Windows file sharing component refused to connect. Occasionally, performing a system restore would fix the issue. However, sometimes it did not help. After a little searching, it looks like the problem was that atomtux’s clock was ahead of my desktop’s (by about 10 minutes). After getting my desktop’s clock back on track (it was falling behind as atomtux synchronizes daily) it once again could access network shares from atomtux.

The moral of the story, if Windows won’t connect to a network share, check your clocks.

-John Havlik

[end of transmission, stay tuned]