Monthly Archives: December 2013

30c3 Quick VPN setup

The CongressChecklist mentions that a VPN tunnel is a good idea; in fact it is. Here’s a basic OpenVPN recipe. You need the following tools:

  • A server with enough bandwidth to handle the incoming and outgoing bandwidth (I’ve got a root server with 1Gbit/s connectivity at Hetzer, that should do)
  • OpenVPN

The recipe is fairly simple; I use a preshared secret and NAT so that I don’t need a separate IP.

Note: This setup is only suitable for a single device; it doesn’t do DHCP or other fancy stuff.

Step 1: Generate the shared secret

This generates a key to be used as shared secret. You need the same key on both your server and your client(s). Personally, I’ve placed my key in /etc/openvpn/secrets, but you may use any other path as well (AFAIK).

Step 2: Server Configuration

Additionally, we need a NAT rule which applies to the tunnel network (technically, the netmask is too big; but hey, you can fix that later). eth1 is my output interface.

Step 3: Client Config

Step 4: Testing

Start both tunnels. Check the output of both logs; you should see something like this:

Test that you can ping the server’s internal IP from your client:

Verify that you can ping the interwebz:

Verify that you actually route via the tunnel:

Possible solutions for non-working setups (I’ve not tested them and I am not 100% sure that you need those; they’re just ideas)

  • Check that /proc/sys/net/ipv4/ip_forward on your server is set to 1. On the client, this shouldn’t be necessary.
  • Check that /proc/sys/net/ipv4/conf/all/rp_filter is set to 0 on your server.

Step 5: IPv6 Tunneling

You can tunnel IPv6 over OpenVPN as well, but I have neither setup nor tested this. Technically, you could simply use two static IPv6 addresses and route them via the tunnel; however, this requires additional works with routing tables. You could even setup NAT, but that’s not a good idea either.

A better idea might be to use a tunnel broker or miredo, which should simply use the IPv4 tunnel. If you have comments about how to easily setup IPv6 over the tunnel, feel free to comment!

Updates:

  • The MTU was still too big, 1380 didn’t work (yet?) on the congress network. Using 1300 for now
  • I couldn’t get DNS push to work, probably because clients don’t use DHCP for now – I simply created a script which pushes my own nameserver into /etc/resolv.conf

IP Power Strip “Reverse Engineering”

Wöhlke Websteckdose
Image © Wöhlke EDV-Beratung

I recently came across an IP controllable power strip from Wöhlke, which looked quite neat, however, it was way too expensive. They want 199€ for 3 controllable sockets. Reichelt has an IP controllable power strip for only 70€, and there you have 4 sockets including nice LEDs. The one from Reichelt also looks more like a custom designed product, while the Wöhlke one looked more like a product “mashup” (which isn’t a bad idea at all). They even sell a separate board, so my interest was increasing.

I’ve been looking for a nice power strip which I could re-cable for quite some time, but most power strips are designed down to a price, so they do whatever they can to keep it cheap. That’s also the reason why you’ll find so many power strips in a 45° angle – they’re much cheaper to produce.

A cracked open cheap power strip

I’ve cracked a cheap power strip open (literally – most cheap power strips don’t have screws, because they’re bolted down or only clipped together). You can clearly see how the (presumably) copper strips are arranged. If you’d have 90° outlets, you’d have to pay lots more for the copper strips, because they have to be routed in some sort so that they don’t short out.

I realized that the power strip Wöhlke used must be much simpler to modify, so I did a quite long search for power strips and I finally came across a manufacturer where the power strip looks pretty much identical to what Wöhlke uses: the Bachmann Craftsman Power Strip.

 

hwl_awd_cmyk_igel

The Bachmann Craftsman Power Strip
Image © Bachmann

I decided I’d give it a shot, mainly because of curiousity, and ordered the strip. It isn’t a cheap power strip; it costs 19,98€ on Amazon, whereas most cheap 6 port power strips come in the 3-6€ range. When the strip arrived, I realized that I was absolutely right: You can easily open the strip using 4 screws (2 on each side) and an additional one for the cover. They also use some kind of copper strips, which happen to be about 6mm – great for 6,3mm cable lugs. Now it’s easy to understand how Wöhlke (probably) did it – cut the copper bars, and put cable lugs onto there which are fed into their custom board. The case isn’t aluminium, but plastic, but that’s completely okay for the price IMHO.

 

That’s a real nice base for own projects, and you can even get 9 or 12 port ones, and the 12 port is only 36€ – quite a nice price! Of course, you’d have to rip out 2 or 3 plugs to make space for electronics and take care on how you cover the holes, but the problematic part is solved: Getting a base for any power control projects.

More Pics below!

IMG_2540

IMG_2539 IMG_2538 IMG_2535 IMG_2534IMG_2533