lukas.imhttps://lukas.im/2020-01-30T01:14:00+01:00Selling dehydrated2020-01-30T01:14:00+01:002020-01-30T01:14:00+01:00Lukas Schauertag:lukas.im,2020-01-30:/2020/01/30/selling-dehydrated/index.html<p>TLDR: dehydrated will move, the license will <strong>NOT</strong> change, and I will still take care of the project
<br /><br />
A few days ago I was approached by Julian from <a href="https://apilayer.com/">apilayer</a> who told me that they wanted to buy dehydrated as a project and that they would even like to pay me to continue working on it.
<br /><br />
They made an acceptable offer and after a good night's sleep I agreed.</p><p>TLDR: dehydrated will move, the license will <strong>NOT</strong> change, and I will still take care of the project</p>
<p>A few days ago I was approached by Julian from <a href="https://apilayer.com/">apilayer</a> who told me that they wanted to buy dehydrated as a project and that they would even like to pay me to continue working on it.
At first I thought it was a joke, but Julians profile seemed legit and after a few messages it was clear they really wanted to have my project.</p>
<p>They made an acceptable offer and after a good night's sleep I agreed.</p>
<p>It still feels a bit wrong to hand over this project I have been working on over the last few years, but as I'll effectively stay in charge of the project it made the decision a lot easier.</p>
<p>The following statement has been given by apilayer about this purchase:</p>
<blockquote>
<p>As a highly developer focused company, apilayer has committed to use part of it’s profits to sponsor open source projects,
both as support for the developer community and to generate uplift for our brands.
We‘d like to welcome Lukas and the dehydrated community to our portfolio and are looking forward to support the project long-term."</p>
</blockquote>
<p>As I didn't want a companies project in my personal GitHub account we decided to move it to a new namespace:</p>
<p>New versions of dehydrated will from now on be maintained at <a href="https://github.com/dehydrated-io/dehydrated">github.com/dehydrated-io/dehydrated</a>.</p>
<p>Being paid will obviously be a great reason to invest more time into dehydrated and this will definitively accelerate my work on dehydrated, which in the last few months was a bit slow, but not stale:</p>
<p>I was already working on a new testing-system to make sure that new commits don't break compatibility with especially older systems and there are a few changes towards <a href="https://tools.ietf.org/html/rfc8555">RFC8555</a>-compliance.
When these tasks are done the next big task on my long list will be better documentation, which I actually wanted to do since a long time ago and was actually the reason I registered the dehydrated.de/io Domains.</p>
<p>Other than that nothing should change for anybody. Dehydrated will stay as free (as in freedom and as in free beer) as always, you can use it for whatever you want. It will stay under the MIT-License.</p>
<p>Thank you for the support over the last few years, especially to the people who sent me small gifts along the way (which you can still do :P), but also for all the people reporting bugs and sending in fixes.
And of course thanks to apilayer for this great opportunity!</p>
<p>Let's make the next few years even better ;)</p>Reinstall Debian over serial console2016-03-26T00:26:00+01:002016-03-26T00:26:00+01:00Lukas Schauertag:lukas.im,2016-03-26:/2016/03/26/reinstall-debian-over-serial-console/index.html<p>I ordered an SC2016 at online.net yesterday, and wanted to reinstall it with encrypted rootfs.</p>
<p>All my other servers had KVM consoles and possibilities to mount CD images, but this one only had a serial console and a rescue system,
so I had to be a little bit creative.</p>
<p>I ordered an SC2016 at online.net yesterday, and wanted to reinstall it with encrypted rootfs.</p>
<p>All my other servers had KVM consoles and possibilities to mount CD images, but this one only had a serial console and a rescue system,
so I had to be a little bit creative.</p>
<p>In the end the solution was to download the netboot image, load it with kexec and boot into that minimal system,
after that I was able to continue the installation normally via the serial console.</p>
<div class="highlight"><pre><span></span><code><span class="n">apt</span><span class="o">-</span><span class="n">get</span><span class="w"> </span><span class="n">install</span><span class="w"> </span><span class="n">kexec</span><span class="o">-</span><span class="n">tools</span>
<span class="n">wget</span><span class="w"> </span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">ftp</span><span class="o">.</span><span class="n">fr</span><span class="o">.</span><span class="n">debian</span><span class="o">.</span><span class="n">org</span><span class="o">/</span><span class="n">debian</span><span class="o">/</span><span class="n">dists</span><span class="o">/</span><span class="n">jessie</span><span class="o">/</span><span class="n">main</span><span class="o">/</span><span class="n">installer</span><span class="o">-</span><span class="n">amd64</span><span class="o">/</span><span class="n">current</span><span class="o">/</span><span class="n">images</span><span class="o">/</span><span class="n">netboot</span><span class="o">/</span><span class="n">netboot</span><span class="o">.</span><span class="n">tar</span><span class="o">.</span><span class="n">gz</span>
<span class="n">tar</span><span class="w"> </span><span class="n">xvf</span><span class="w"> </span><span class="n">netboot</span><span class="o">.</span><span class="n">tar</span><span class="o">.</span><span class="n">gz</span>
<span class="n">kexec</span><span class="w"> </span><span class="o">--</span><span class="nb">load</span><span class="w"> </span><span class="o">--</span><span class="n">initrd</span><span class="o">=</span><span class="n">debian</span><span class="o">-</span><span class="n">installer</span><span class="o">/</span><span class="n">amd64</span><span class="o">/</span><span class="n">initrd</span><span class="o">.</span><span class="n">gz</span><span class="w"> </span><span class="n">debian</span><span class="o">-</span><span class="n">installer</span><span class="o">/</span><span class="n">amd64</span><span class="o">/</span><span class="n">linux</span><span class="w"> </span><span class="o">--</span><span class="n">append</span><span class="o">=</span><span class="s2">"console=ttyS1,9600"</span>
<span class="n">kexec</span><span class="w"> </span><span class="o">-</span><span class="n">e</span>
</code></pre></div>
<p><img alt="Debian installer language selection" src="https://lukas.im/2016/03/26/reinstall-debian-over-serial-console/images/thumbnails/1024x_/installer.png"></p>
<h2>End of installation</h2>
<p>At the end of the installation there is one more thing to do.
First open a shell (by going back when it says it finished, and selecting the option to open a shell) and mount virtual paths into target:</p>
<div class="highlight"><pre><span></span><code>mount --bind /dev /target/dev
mount --bind /sys /target/sys
mount --bind /proc /target/proc
</code></pre></div>
<p>Now edit <code>/target/etc/default/grub</code>, replace <code>GRUB_CMDLINE_LINUX=""</code> with <code>GRUB_CMDLINE_LINUX="console=ttyS1,9600"</code>.</p>
<p>After editing the file chroot into target filesystem and update grub config:</p>
<div class="highlight"><pre><span></span><code>chroot /target /bin/bash
update-grub # in chroot
</code></pre></div>
<p>If you want to you could also instruct grub to use the serial console,
but in my case it did that automatically and if it ever stops working
i'll just fix it using the rescue mode.</p>ASRock C2750D4I Fan-Control2016-02-21T00:04:00+01:002016-02-21T00:04:00+01:00Lukas Schauertag:lukas.im,2016-02-21:/2016/02/21/asrock-c2750d4i-fan-control/index.html<p>Just a quick note on how to reconfigure fan speeds on an ASRock C2750D4I (and similar) board without rebooting into BIOS.</p>
<p>Just a quick note on how to reconfigure fan speeds on an ASRock C2750D4I (and similar) board without rebooting into BIOS.</p>
<p>Changes made this way should be kept over reboots but will be lost on powercycle (stored in volatile IPMI memory).</p>
<div class="highlight"><pre><span></span><code><span class="n">ipmitool</span><span class="w"> </span><span class="n">raw</span><span class="w"> </span><span class="mh">0x3a</span><span class="w"> </span><span class="mh">0x01</span><span class="w"> </span><span class="mi">0</span><span class="n">x</span><span class="p">(</span><span class="n">AA</span><span class="p">)</span><span class="w"> </span><span class="mi">0</span><span class="n">x</span><span class="p">(</span><span class="n">BB</span><span class="p">)</span><span class="w"> </span><span class="mi">0</span><span class="n">x</span><span class="p">(</span><span class="n">CC</span><span class="p">)</span><span class="w"> </span><span class="mi">0</span><span class="n">x</span><span class="p">(</span><span class="n">DD</span><span class="p">)</span><span class="w"> </span><span class="mi">0</span><span class="n">x</span><span class="p">(</span><span class="n">EE</span><span class="p">)</span><span class="w"> </span><span class="mi">0</span><span class="n">x</span><span class="p">(</span><span class="n">FF</span><span class="p">)</span><span class="w"> </span><span class="mh">0x00</span><span class="w"> </span><span class="mh">0x00</span>
<span class="n">AA</span><span class="p">:</span><span class="w"> </span><span class="n">CPU_FAN1</span>
<span class="n">BB</span><span class="p">:</span><span class="w"> </span><span class="n">CPU_FAN2</span>
<span class="n">CC</span><span class="p">:</span><span class="w"> </span><span class="n">REAR_FAN1</span>
<span class="n">DD</span><span class="p">:</span><span class="w"> </span><span class="n">REAR_FAN2</span>
<span class="n">EE</span><span class="p">:</span><span class="w"> </span><span class="n">FRNT_FAN1</span>
<span class="n">FF</span><span class="p">:</span><span class="w"> </span><span class="n">FRNT_FAN2</span>
<span class="mh">0x00</span><span class="w"> </span><span class="n">smart</span><span class="w"> </span><span class="n">fan</span><span class="p">(</span><span class="n">bios</span><span class="w"> </span><span class="n">configured</span><span class="p">)</span>
<span class="mh">0x01</span><span class="w"> </span><span class="n">stoped</span><span class="w"> </span><span class="n">fan</span>
<span class="mh">0x02</span><span class="w"> </span><span class="n">lower</span><span class="w"> </span><span class="n">rpm</span><span class="w"> </span><span class="n">value</span>
<span class="o">......</span><span class="w"> </span>
<span class="mh">0x64</span><span class="w"> </span><span class="nb">max</span><span class="w"> </span><span class="n">rpm</span><span class="w"> </span><span class="n">value</span>
</code></pre></div>Configuring EdgeRouter for internet over PPTP (Part 2)2016-02-20T23:47:00+01:002016-02-20T23:47:00+01:00Lukas Schauertag:lukas.im,2016-02-20:/2016/02/20/edgerouter-internet-pptp-part2/index.html<p>In the last post I showed you how to configure an Ubiquiti EdgeRouter to use kernelmode PPTP.</p>
<p>This post will be a continuation on the general config, showing how to set up the local network.</p>
<p>In the last post I showed you how to configure an Ubiquiti EdgeRouter to use kernelmode PPTP.</p>
<p>This post will be a continuation on the general config, showing how to set up the local network.</p>
<p>Parts of this post may be specific to the configuration for Studierendenwerk Bonn, but most should work everywhere.</p>
<p>Also this probably isn't complete, I just wanted to provice a little insight for people figuring out how to use these devices.</p>
<h3>Local Network: br0</h3>
<p>For my local network I want to use a bridge, so this is how I have configured it:</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="p">@</span><span class="n">ubnt</span><span class="o">:~</span><span class="n">$</span><span class="w"> </span><span class="n">configure</span>
<span class="p">[</span><span class="n">edit</span><span class="p">]</span>
<span class="n">ubnt</span><span class="p">@</span><span class="n">ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">edit</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">bridge</span><span class="w"> </span><span class="n">br0</span>
<span class="p">[</span><span class="n">edit</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">bridge</span><span class="w"> </span><span class="n">br0</span><span class="p">]</span>
<span class="n">ubnt</span><span class="p">@</span><span class="n">ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="mf">10.25.11.1</span><span class="o">/</span><span class="mi">24</span>
<span class="p">[</span><span class="n">edit</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">bridge</span><span class="w"> </span><span class="n">br0</span><span class="p">]</span>
<span class="n">ubnt</span><span class="p">@</span><span class="n">ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="mi">2</span><span class="n">a00</span><span class="o">:</span><span class="mi">5</span><span class="n">ba0</span><span class="o">:</span><span class="mi">8000</span><span class="o">:</span><span class="mf">9e5</span><span class="n">b</span><span class="o">::</span><span class="mi">1</span><span class="o">/</span><span class="mi">64</span>
<span class="p">[</span><span class="n">edit</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">bridge</span><span class="w"> </span><span class="n">br0</span><span class="p">]</span>
<span class="n">ubnt</span><span class="p">@</span><span class="n">ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="s">"Local Network"</span>
<span class="p">[</span><span class="n">edit</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">bridge</span><span class="w"> </span><span class="n">br0</span><span class="p">]</span>
<span class="n">ubnt</span><span class="p">@</span><span class="n">ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">up</span>
<span class="p">[</span><span class="n">edit</span><span class="w"> </span><span class="n">interfaces</span><span class="p">]</span>
<span class="n">ubnt</span><span class="p">@</span><span class="n">ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">edit</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="n">eth0</span>
<span class="p">[</span><span class="n">edit</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="n">eth0</span><span class="p">]</span>
<span class="n">ubnt</span><span class="p">@</span><span class="n">ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">delete</span><span class="w"> </span><span class="n">address</span>
<span class="p">[</span><span class="n">edit</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="n">eth0</span><span class="p">]</span>
<span class="n">ubnt</span><span class="p">@</span><span class="n">ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">set</span><span class="w"> </span><span class="n">bridge</span><span class="o">-</span><span class="n">group</span><span class="w"> </span><span class="n">bridge</span><span class="w"> </span><span class="n">br0</span>
<span class="p">[</span><span class="n">edit</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="n">eth0</span><span class="p">]</span>
<span class="n">ubnt</span><span class="p">@</span><span class="n">ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">commit</span>
<span class="p">[</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="n">eth0</span><span class="w"> </span><span class="n">bridge</span><span class="o">-</span><span class="n">group</span><span class="w"> </span><span class="p">]</span>
<span class="n">Adding</span><span class="w"> </span><span class="n">interface</span><span class="w"> </span><span class="n">eth0</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">bridge</span><span class="w"> </span><span class="n">br0</span>
<span class="p">[</span><span class="n">edit</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="n">eth0</span><span class="p">]</span>
<span class="n">ubnt</span><span class="p">@</span><span class="n">ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">save</span>
<span class="n">Saving</span><span class="w"> </span><span class="n">configuration</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="err">'</span><span class="o">/</span><span class="n">config</span><span class="o">/</span><span class="n">config</span><span class="p">.</span><span class="n">boot</span><span class="err">'</span><span class="p">...</span>
<span class="n">Done</span>
</code></pre></div>
<h3>DNS</h3>
<p>Enable DNS forwarding on the router:</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">configure</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">dns</span><span class="w"> </span><span class="n">forwarding</span><span class="w"> </span><span class="n">listen</span><span class="o">-</span><span class="k">on</span><span class="w"> </span><span class="n">br0</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">commit</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">save</span>
<span class="n">Saving</span><span class="w"> </span><span class="n">configuration</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="s1">'/config/config.boot'</span><span class="p">...</span>
<span class="n">Done</span>
</code></pre></div>
<h3>IPv4</h3>
<h4>DHCP server on br0</h4>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">configure</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">edit</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">dhcp</span><span class="o">-</span><span class="n">server</span><span class="w"> </span><span class="n">shared</span><span class="o">-</span><span class="n">network</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="n">LAN</span>
<span class="o">[</span><span class="n">edit service dhcp-server shared-network-name LAN</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">subnet</span><span class="w"> </span><span class="mf">10.25.11.0</span><span class="o">/</span><span class="mi">24</span>
<span class="o">[</span><span class="n">edit service dhcp-server shared-network-name LAN</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">edit</span><span class="w"> </span><span class="n">subnet</span><span class="w"> </span><span class="mf">10.25.11.0</span><span class="o">/</span><span class="mi">24</span>
<span class="o">[</span><span class="n">edit service dhcp-server shared-network-name LAN subnet 10.25.11.0/24</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="k">start</span><span class="w"> </span><span class="mf">10.25.11.100</span><span class="w"> </span><span class="n">stop</span><span class="w"> </span><span class="mf">10.25.11.200</span>
<span class="o">[</span><span class="n">edit service dhcp-server shared-network-name LAN subnet 10.25.11.0/24</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="k">default</span><span class="o">-</span><span class="n">router</span><span class="w"> </span><span class="mf">10.25.11.1</span>
<span class="o">[</span><span class="n">edit service dhcp-server shared-network-name LAN subnet 10.25.11.0/24</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">dns</span><span class="o">-</span><span class="n">server</span><span class="w"> </span><span class="mf">10.25.11.1</span>
<span class="o">[</span><span class="n">edit service dhcp-server shared-network-name LAN subnet 10.25.11.0/24</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="k">domain</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="n">ip</span>
<span class="o">[</span><span class="n">edit service dhcp-server shared-network-name LAN subnet 10.25.11.0/24</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">commit</span>
<span class="o">[</span><span class="n"> service dhcp-server </span><span class="o">]</span>
<span class="n">Starting</span><span class="w"> </span><span class="n">DHCP</span><span class="w"> </span><span class="n">server</span><span class="w"> </span><span class="n">daemon</span><span class="p">...</span>
<span class="o">[</span><span class="n">edit service dhcp-server shared-network-name LAN subnet 10.25.11.0/24</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">save</span>
<span class="n">Saving</span><span class="w"> </span><span class="n">configuration</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="s1">'/config/config.boot'</span><span class="p">...</span>
<span class="n">Done</span>
</code></pre></div>
<h4>Firewall</h4>
<p>This is a lot of config, so I'll just give you the export of the config, you'll have to type the commands yourself:</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">show</span><span class="w"> </span><span class="n">firewall</span><span class="w"> </span><span class="n">name</span>
<span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">LAN_IN</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">default</span><span class="o">-</span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Local network to internet"</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">STW_IN</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">default</span><span class="o">-</span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"STW to local network"</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow established/related connections"</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">established</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="n">related</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Drop invalid packets"</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">invalid</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">STW_LOCAL</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">default</span><span class="o">-</span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"STW to router"</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow established/related connections"</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">established</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="n">related</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Drop invalid packets"</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">invalid</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Drop some ports, just to be sure they never get exposed."</span>
<span class="w"> </span><span class="n">destination</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">port</span><span class="w"> </span><span class="mi">21</span><span class="p">,</span><span class="mi">22</span><span class="p">,</span><span class="mi">23</span><span class="p">,</span><span class="mi">80</span><span class="p">,</span><span class="mi">443</span><span class="p">,</span><span class="mi">843</span><span class="p">,</span><span class="mi">3389</span><span class="p">,</span><span class="mi">5631</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="n">tcp</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow icmp echo-requests"</span>
<span class="w"> </span><span class="n">icmp</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">type</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="n">echo</span><span class="o">-</span><span class="n">request</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="n">icmp</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow DHCP"</span>
<span class="w"> </span><span class="n">destination</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">port</span><span class="w"> </span><span class="mi">67</span><span class="p">,</span><span class="mi">68</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="n">udp</span>
<span class="w"> </span><span class="n">source</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="mf">192.168.128.1</span><span class="o">-</span><span class="mf">192.168.128.3</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">STW_WAN_IN</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">default</span><span class="o">-</span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Internet to local network"</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow established/related connections"</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">established</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="n">related</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Drop invalid packets"</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">invalid</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">STW_WAN_LOCAL</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">default</span><span class="o">-</span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Internet to router"</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow established/related connections"</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">established</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="n">related</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Drop invalid packets"</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">invalid</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Drop some ports, just to be sure they never get exposed."</span>
<span class="w"> </span><span class="n">destination</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">port</span><span class="w"> </span><span class="mi">21</span><span class="p">,</span><span class="mi">22</span><span class="p">,</span><span class="mi">23</span><span class="p">,</span><span class="mi">80</span><span class="p">,</span><span class="mi">443</span><span class="p">,</span><span class="mi">843</span><span class="p">,</span><span class="mi">3389</span><span class="p">,</span><span class="mi">5631</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="n">tcp</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow icmp echo-requests"</span>
<span class="w"> </span><span class="n">icmp</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">type</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="n">echo</span><span class="o">-</span><span class="n">request</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="n">icmp</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
</code></pre></div>
<p>To enable these rules:</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">configure</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">bridge</span><span class="w"> </span><span class="n">br0</span><span class="w"> </span><span class="n">firewall</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">LAN_IN</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">pptp</span><span class="o">-</span><span class="n">client</span><span class="w"> </span><span class="n">pptpc0</span><span class="w"> </span><span class="n">firewall</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">STW_WAN_IN</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">pptp</span><span class="o">-</span><span class="n">client</span><span class="w"> </span><span class="n">pptpc0</span><span class="w"> </span><span class="n">firewall</span><span class="w"> </span><span class="k">local</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">STW_WAN_LOCAL</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="n">eth1</span><span class="w"> </span><span class="n">firewall</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">STW_IN</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="n">eth1</span><span class="w"> </span><span class="n">firewall</span><span class="w"> </span><span class="k">local</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">STW_LOCAL</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">commit</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">save</span>
<span class="n">Saving</span><span class="w"> </span><span class="n">configuration</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="s1">'/config/config.boot'</span><span class="p">...</span>
<span class="n">Done</span>
</code></pre></div>
<h4>NAT</h4>
<p>To enable NAT set the following configuration:</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">configure</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">edit</span><span class="w"> </span><span class="n">service</span><span class="w"> </span><span class="n">nat</span><span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">5000</span>
<span class="o">[</span><span class="n">edit service nat rule 5000</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="o">[</span><span class="n">edit service nat rule 5000</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">outbound</span><span class="o">-</span><span class="n">interface</span><span class="w"> </span><span class="n">pptpc0</span>
<span class="o">[</span><span class="n">edit service nat rule 5000</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="n">masquerade</span>
<span class="o">[</span><span class="n">edit service nat rule 5000</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="ow">all</span>
<span class="o">[</span><span class="n">edit service nat rule 5000</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">up</span>
<span class="o">[</span><span class="n">edit service nat</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">edit</span><span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">5001</span>
<span class="o">[</span><span class="n">edit service nat rule 5001</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="o">[</span><span class="n">edit service nat rule 5001</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">outbound</span><span class="o">-</span><span class="n">interface</span><span class="w"> </span><span class="n">eth1</span>
<span class="o">[</span><span class="n">edit service nat rule 5001</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="n">masquerade</span>
<span class="o">[</span><span class="n">edit service nat rule 5001</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="ow">all</span>
<span class="o">[</span><span class="n">edit service nat rule 5001</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">commit</span>
<span class="o">[</span><span class="n">edit service nat rule 5001</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">save</span>
<span class="n">Saving</span><span class="w"> </span><span class="n">configuration</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="s1">'/config/config.boot'</span><span class="p">...</span>
<span class="n">Done</span>
</code></pre></div>
<p>At this point you should be able to connect to the internet on your local network.
The internal network (between your PPTP server and your router) should also be rechable.</p>
<h3>IPv6</h3>
<h4>Router Advertisements on br0</h4>
<p>For IPv6 we want to enable router advertisements:</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">configure</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">edit</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">bridge</span><span class="w"> </span><span class="n">br0</span>
<span class="o">[</span><span class="n">edit interfaces bridge br0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">ipv6</span><span class="w"> </span><span class="n">router</span><span class="o">-</span><span class="n">advert</span><span class="w"> </span><span class="k">prefix</span><span class="w"> </span><span class="mi">2</span><span class="nl">a00</span><span class="p">:</span><span class="mi">5</span><span class="nl">ba0</span><span class="p">:</span><span class="mi">8000</span><span class="err">:</span><span class="mf">9e5</span><span class="nl">b</span><span class="p">:</span><span class="err">:</span><span class="o">/</span><span class="mi">64</span>
<span class="o">[</span><span class="n">edit interfaces bridge br0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">ipv6</span><span class="w"> </span><span class="n">router</span><span class="o">-</span><span class="n">advert</span><span class="w"> </span><span class="n">send</span><span class="o">-</span><span class="n">advert</span><span class="w"> </span><span class="k">true</span>
<span class="o">[</span><span class="n">edit interfaces bridge br0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">ipv6</span><span class="w"> </span><span class="n">router</span><span class="o">-</span><span class="n">advert</span><span class="w"> </span><span class="n">name</span><span class="o">-</span><span class="n">server</span><span class="w"> </span><span class="mi">2</span><span class="nl">a00</span><span class="p">:</span><span class="mi">5</span><span class="nl">ba0</span><span class="p">:</span><span class="mi">8000</span><span class="err">:</span><span class="mf">9e5</span><span class="nl">b</span><span class="p">:</span><span class="err">:</span><span class="mi">1</span>
<span class="o">[</span><span class="n">edit interfaces bridge br0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">commit</span>
<span class="o">[</span><span class="n"> interfaces bridge br0 ipv6 router-advert </span><span class="o">]</span>
<span class="n">Re</span><span class="o">-</span><span class="n">generating</span><span class="w"> </span><span class="n">radvd</span><span class="w"> </span><span class="n">config</span><span class="w"> </span><span class="k">file</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">interface</span><span class="w"> </span><span class="n">br0</span><span class="p">...</span>
<span class="n">Starting</span><span class="w"> </span><span class="n">radvd</span><span class="p">...</span>
<span class="n">Starting</span><span class="w"> </span><span class="nl">radvd</span><span class="p">:</span><span class="w"> </span><span class="n">radvd</span><span class="p">.</span>
<span class="o">[</span><span class="n">edit interfaces bridge br0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">save</span>
<span class="n">Saving</span><span class="w"> </span><span class="n">configuration</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="s1">'/config/config.boot'</span><span class="p">...</span>
<span class="n">Done</span>
</code></pre></div>
<h4>Firewall</h4>
<p>Again, a lot of configuration, here just the export:</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">show</span><span class="w"> </span><span class="n">firewall</span><span class="w"> </span><span class="n">ipv6</span><span class="o">-</span><span class="n">name</span>
<span class="w"> </span><span class="n">ipv6</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="n">LAN6_IN</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">default</span><span class="o">-</span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="n">ipv6</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="n">STW6_IN</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">default</span><span class="o">-</span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"STW to local network (IPv6)"</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow established/related connections"</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">established</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="n">related</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Drop invalid packets"</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">invalid</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow ICMPv6 echo-requests"</span>
<span class="w"> </span><span class="n">icmpv6</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="n">echo</span><span class="o">-</span><span class="n">request</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="n">icmpv6</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow incoming SSH connections on various ports"</span>
<span class="w"> </span><span class="n">destination</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">port</span><span class="w"> </span><span class="mi">22</span><span class="p">,</span><span class="mi">222</span><span class="p">,</span><span class="mi">2222</span><span class="p">,</span><span class="mi">1337</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="n">tcp</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="n">ipv6</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="n">STW6_LOCAL</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">default</span><span class="o">-</span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"STW to router (IPv6)"</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow established/related connections"</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">established</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="n">related</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Drop invalid packets"</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">invalid</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow ICMPv6 echo-requests"</span>
<span class="w"> </span><span class="n">icmpv6</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="n">echo</span><span class="o">-</span><span class="n">request</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="n">icmpv6</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="n">ipv6</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="n">STW_WAN6_IN</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">default</span><span class="o">-</span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Internet to local network (IPv6)"</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow established/related connections"</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">established</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="n">related</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Drop invalid packets"</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">invalid</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow ICMPv6 echo-requests"</span>
<span class="w"> </span><span class="n">icmpv6</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="n">echo</span><span class="o">-</span><span class="n">request</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="n">icmpv6</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow incoming SSH connections on various ports"</span>
<span class="w"> </span><span class="n">destination</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">port</span><span class="w"> </span><span class="mi">22</span><span class="p">,</span><span class="mi">222</span><span class="p">,</span><span class="mi">2222</span><span class="p">,</span><span class="mi">1337</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="n">tcp</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="n">ipv6</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="n">STW_WAN6_LOCAL</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">default</span><span class="o">-</span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Internet to router (IPv6)"</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow established/related connections"</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">established</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="n">related</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="k">drop</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Drop invalid packets"</span>
<span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">invalid</span><span class="w"> </span><span class="n">enable</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow ICMPv6 echo-requests"</span>
<span class="w"> </span><span class="n">icmpv6</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="n">echo</span><span class="o">-</span><span class="n">request</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="n">icmpv6</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="k">rule</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="k">action</span><span class="w"> </span><span class="n">accept</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"Allow router advertisements"</span>
<span class="w"> </span><span class="n">icmpv6</span><span class="w"> </span><span class="err">{</span>
<span class="w"> </span><span class="n">type</span><span class="w"> </span><span class="n">router</span><span class="o">-</span><span class="n">advertisement</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="nf">log</span><span class="w"> </span><span class="n">disable</span>
<span class="w"> </span><span class="n">protocol</span><span class="w"> </span><span class="n">icmpv6</span>
<span class="w"> </span><span class="err">}</span>
<span class="w"> </span><span class="err">}</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
</code></pre></div>
<p>To enable that config:</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">bridge</span><span class="w"> </span><span class="n">br0</span><span class="w"> </span><span class="n">firewall</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">ipv6</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="n">LAN6_IN</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="n">eth1</span><span class="w"> </span><span class="n">firewall</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">ipv6</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="n">STW6_IN</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="n">eth1</span><span class="w"> </span><span class="n">firewall</span><span class="w"> </span><span class="k">local</span><span class="w"> </span><span class="n">ipv6</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="n">STW6_LOCAL</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">pptp</span><span class="o">-</span><span class="n">client</span><span class="w"> </span><span class="n">pptpc0</span><span class="w"> </span><span class="n">firewall</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="n">ipv6</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="n">STW_WAN6_IN</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">pptp</span><span class="o">-</span><span class="n">client</span><span class="w"> </span><span class="n">pptpc0</span><span class="w"> </span><span class="n">firewall</span><span class="w"> </span><span class="k">local</span><span class="w"> </span><span class="n">ipv6</span><span class="o">-</span><span class="n">name</span><span class="w"> </span><span class="n">STW_WAN6_LOCAL</span>
</code></pre></div>Fast PPTP client on Ubiquiti EdgeRouter (+ basic config for STW Bonn)2016-02-13T22:00:00+01:002016-02-13T22:00:00+01:00Lukas Schauertag:lukas.im,2016-02-13:/2016/02/13/edgerouter-fast-pptp/index.html<p>I'm currently living in a building of Studierendenwerk Bonn and for our internet connection we have to use a PPTP client.</p>
<p>As a big fan of the Ubiquiti EdgeMax series of routers I wanted to use my EdgeRouter PoE for this,
but there is a problem: PPTP on EdgeMax devices is running in Userland, and it is slow, very very slow.
Of my 100Mbit/s connection i was only able to get around 12Mbit/s, this is not good.</p>
<p>Unfortunately Ubiquiti doesn't see improving this as a priority, so I'll have to fix it myself.
Here is a tutorial on how to configure PPTP on EdgeMax devices to run with the pptp kernel module.</p>
<p>I'm currently living in a building of Studierendenwerk Bonn and for our internet connection we have to use a PPTP client.</p>
<p>As a big fan of the Ubiquiti EdgeMax series of routers I wanted to use my EdgeRouter PoE for this,
but there is a problem: PPTP on EdgeMax devices is running in Userland, and it is slow, very very slow.
Of my 100Mbit/s connection i was only able to get around 12Mbit/s, this is not good.</p>
<p>Unfortunately Ubiquiti doesn't see improving this as a priority, so I'll have to fix it myself.
Here is a tutorial on how to configure PPTP on EdgeMax devices to run with the pptp kernel module.</p>
<h3>Important note</h3>
<p>Sadly while actually improving the performance a lot, the finished result of this howto is not really what I would call "production-ready".</p>
<p>Some of the problems:</p>
<ul>
<li>Packet loss (on my custom Debian based router and on openwrt which both use the same software this issue doesn't occure)</li>
<li>Firmware-Updates will remove some of the changes, requiring you to reapply them</li>
<li>Firmware-Updates may at some point have an updated pppd version, you'll have to find the correct header files again</li>
<li>Installing the required packages (further down) updates some essential system packages, which may at some point result in a (soft-)bricked router...</li>
</ul>
<p>Also unrelated to the changes:</p>
<ul>
<li>IPv6 on PPTP seems to be broken a little bit in EdgeMax firmware right now... it sets <code>forwarding=1</code> but leaves <code>accept_ra=1</code>, which should be <code>accept_ra=2</code>...</li>
</ul>
<h3>DHCP on eth1</h3>
<p>First step to get this working is to just enable DHCP (client) on eth1, to get a connection to the intranet:</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">configure</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">edit</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">ethernet</span><span class="w"> </span><span class="n">eth1</span>
<span class="o">[</span><span class="n">edit interfaces ethernet eth1</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="n">dhcp</span>
<span class="o">[</span><span class="n">edit interfaces ethernet eth1</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"STW Intranet"</span>
<span class="o">[</span><span class="n">edit interfaces ethernet eth1</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">dhcp</span><span class="o">-</span><span class="n">options</span><span class="w"> </span><span class="k">default</span><span class="o">-</span><span class="n">route</span><span class="w"> </span><span class="k">no</span><span class="o">-</span><span class="k">update</span>
<span class="o">[</span><span class="n">edit interfaces ethernet eth1</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">commit</span>
<span class="o">[</span><span class="n"> interfaces ethernet eth1 address dhcp </span><span class="o">]</span>
<span class="n">Starting</span><span class="w"> </span><span class="n">DHCP</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="n">eth1</span><span class="w"> </span><span class="p">...</span>
<span class="o">[</span><span class="n">edit interfaces ethernet eth1</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">save</span>
<span class="n">Saving</span><span class="w"> </span><span class="n">configuration</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="s1">'/config/config.boot'</span><span class="p">...</span>
<span class="n">Done</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">exit</span>
</code></pre></div>
<p>Also set up a route for the internal network:</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">protocols</span><span class="w"> </span><span class="k">static</span><span class="w"> </span><span class="n">route</span><span class="w"> </span><span class="mf">192.168.0.0</span><span class="o">/</span><span class="mi">16</span><span class="w"> </span><span class="k">next</span><span class="o">-</span><span class="n">hop</span><span class="w"> </span><span class="mf">192.168.128.1</span>
</code></pre></div>
<p>Check that it is working by running <code>show interfaces ethernet eth1</code> (outside of config mode).
It should look like this:</p>
<div class="highlight"><pre><span></span><code>eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 24:a4:3c:05:6c:90 brd ff:ff:ff:ff:ff:ff
inet 192.168.128.250/24 brd 192.168.128.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::26a4:3cff:fe05:6c90/64 scope link
valid_lft forever preferred_lft forever
Description: STW Intranet
RX: bytes packets errors dropped overrun mcast
1978 19 0 0 0 0
TX: bytes packets errors dropped carrier collisions
1134 7 0 0 0 0
</code></pre></div>
<p>At this point I rebooted my router to make sure that my route overrides were exactly as they should be.</p>
<h3>PPTP configuration</h3>
<p>After this just normally configure your PPTP connection:</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">configure</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">edit</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">pptp</span><span class="o">-</span><span class="n">client</span><span class="w"> </span><span class="n">pptpc0</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">server</span><span class="o">-</span><span class="n">ip</span><span class="w"> </span><span class="n">vpn</span><span class="p">.</span><span class="n">stw</span><span class="o">-</span><span class="n">bonn</span><span class="p">.</span><span class="n">de</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="k">user</span><span class="o">-</span><span class="n">id</span><span class="w"> </span><span class="n">z</span><span class="o">[</span><span class="n">...</span><span class="o">]</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="o">[</span><span class="n">...</span><span class="o">]</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="k">default</span><span class="o">-</span><span class="n">route</span><span class="w"> </span><span class="n">auto</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="ss">"STW VPN"</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">ipv6</span><span class="w"> </span><span class="n">enable</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">ipv6</span><span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="n">autoconf</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">mtu</span><span class="w"> </span><span class="mi">1486</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">commit</span>
<span class="o">[</span><span class="n"> interfaces pptp-client pptpc0 ipv6 address autoconf </span><span class="o">]</span>
<span class="n">Address</span><span class="w"> </span><span class="n">auto</span><span class="o">-</span><span class="n">configuration</span><span class="w"> </span><span class="n">will</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">enabled</span><span class="w"> </span><span class="k">when</span><span class="w"> </span><span class="n">interface</span><span class="w"> </span><span class="n">comes</span><span class="w"> </span><span class="n">up</span><span class="p">.</span>
<span class="o">[</span><span class="n"> interfaces pptp-client pptpc0 ipv6 dup-addr-detect-transmits 1 </span><span class="o">]</span>
<span class="n">Will</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">dup_addr_detect_transmits</span><span class="w"> </span><span class="k">when</span><span class="w"> </span><span class="n">pptpc0</span><span class="w"> </span><span class="n">comes</span><span class="w"> </span><span class="n">up</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
</code></pre></div>
<p>Again verify that everything is working to this point by running <code>show interfaces pptp-client pptpc0</code> (again outside of config mode).
It should look like this:</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">show</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">pptp</span><span class="o">-</span><span class="n">client</span><span class="w"> </span><span class="n">pptpc0</span>
<span class="nl">pptpc0</span><span class="p">:</span><span class="w"> </span><span class="o"><</span><span class="n">POINTOPOINT</span><span class="p">,</span><span class="n">MULTICAST</span><span class="p">,</span><span class="n">NOARP</span><span class="p">,</span><span class="n">UP</span><span class="p">,</span><span class="n">LOWER_UP</span><span class="o">></span><span class="w"> </span><span class="n">mtu</span><span class="w"> </span><span class="mi">1486</span><span class="w"> </span><span class="n">qdisc</span><span class="w"> </span><span class="n">pfifo_fast</span><span class="w"> </span><span class="k">state</span><span class="w"> </span><span class="k">UNKNOWN</span><span class="w"> </span><span class="n">qlen</span><span class="w"> </span><span class="mi">100</span>
<span class="w"> </span><span class="n">link</span><span class="o">/</span><span class="n">ppp</span>
<span class="w"> </span><span class="n">inet</span><span class="w"> </span><span class="mf">212.201.70.162</span><span class="w"> </span><span class="n">peer</span><span class="w"> </span><span class="mf">192.168.1.31</span><span class="o">/</span><span class="mi">32</span><span class="w"> </span><span class="k">scope</span><span class="w"> </span><span class="k">global</span><span class="w"> </span><span class="n">pptpc0</span>
<span class="w"> </span><span class="n">valid_lft</span><span class="w"> </span><span class="n">forever</span><span class="w"> </span><span class="n">preferred_lft</span><span class="w"> </span><span class="n">forever</span>
<span class="w"> </span><span class="nl">RX</span><span class="p">:</span><span class="w"> </span><span class="n">bytes</span><span class="w"> </span><span class="n">packets</span><span class="w"> </span><span class="n">errors</span><span class="w"> </span><span class="n">dropped</span><span class="w"> </span><span class="n">overrun</span><span class="w"> </span><span class="n">mcast</span>
<span class="w"> </span><span class="mi">3312</span><span class="w"> </span><span class="mi">46</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="mi">0</span>
<span class="w"> </span><span class="nl">TX</span><span class="p">:</span><span class="w"> </span><span class="n">bytes</span><span class="w"> </span><span class="n">packets</span><span class="w"> </span><span class="n">errors</span><span class="w"> </span><span class="n">dropped</span><span class="w"> </span><span class="n">carrier</span><span class="w"> </span><span class="n">collisions</span>
<span class="w"> </span><span class="mi">186</span><span class="w"> </span><span class="mi">10</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="mi">0</span>
</code></pre></div>
<p>At this point you should be able to ping the outside world from the router.</p>
<h3>PPTP in Kernel</h3>
<p>Now this is where it gets a bit ugly. We have to change quite a lot of stuff...</p>
<h4>Kernel module</h4>
<p>First we need to get root access: <code>sudo -s</code>.</p>
<p>Try loading the pptp kernel module with <code>modprobe pptp</code>, and add loading it to rc.local by running <code>echo -e '#!/bin/sh -e\nmodprobe pptp\nexit 0' > /etc/rc.local</code>.</p>
<h4>Add Debian repository</h4>
<p>We need to compile a different client, so we need to install some tools.
For this we first add a debian repository.</p>
<p>Go back to config mode and set up the repository:</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="k">system</span><span class="w"> </span><span class="n">package</span><span class="w"> </span><span class="n">repository</span><span class="w"> </span><span class="n">debian</span><span class="w"> </span><span class="n">url</span><span class="w"> </span><span class="nl">http</span><span class="p">:</span><span class="o">//</span><span class="n">ftp</span><span class="p">.</span><span class="n">stw</span><span class="o">-</span><span class="n">bonn</span><span class="p">.</span><span class="n">de</span><span class="o">/</span><span class="n">debian</span><span class="o">/</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="k">system</span><span class="w"> </span><span class="n">package</span><span class="w"> </span><span class="n">repository</span><span class="w"> </span><span class="n">debian</span><span class="w"> </span><span class="n">distribution</span><span class="w"> </span><span class="n">jessie</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="k">system</span><span class="w"> </span><span class="n">package</span><span class="w"> </span><span class="n">repository</span><span class="w"> </span><span class="n">debian</span><span class="w"> </span><span class="n">components</span><span class="w"> </span><span class="ss">"main"</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">commit</span>
<span class="o">[</span><span class="n"> system package repository debian </span><span class="o">]</span>
<span class="n">Adding</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">entry</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">apt</span><span class="o">/</span><span class="n">sources</span><span class="p">.</span><span class="n">list</span><span class="p">...</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">save</span>
<span class="n">Saving</span><span class="w"> </span><span class="n">configuration</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="s1">'/config/config.boot'</span><span class="p">...</span>
<span class="n">Done</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">exit</span>
</code></pre></div>
<p>After this go back to a root shell and run <code>apt-get update</code>.</p>
<h4>Install packages</h4>
<p>Install required packages: <code>apt-get install gcc g++ make cmake</code></p>
<p>If you get some questions while installing answer <code>Restart services during package upgrades without asking?</code> with <code>no</code> and on the question what to restart just press enter.</p>
<h4>Get ppp headers</h4>
<p>We can't install ppp-dev the normal way since (at least the Ubiquiti-modified) vyatta comes with its own (kinda outdated...) pppd,
and apt would basically try uninstalling vyatta because of this... that's not good.</p>
<p>As a workaround we download and extract an archived package manually:</p>
<div class="highlight"><pre><span></span><code>vbash-4.1# cd /config/user-data
vbash-4.1# mkdir ppp-dev
vbash-4.1# cd ppp-dev
vbash-4.1# curl -LO http://archive.debian.org/debian-archive/backports.org/pool/main/p/ppp/ppp-dev_2.4.4rel-1bpo1_all.deb
vbash-4.1# ar x ppp-dev_2.4.4rel-1bpo1_all.deb
vbash-4.1# rm control.tar.gz debian-binary ppp-dev_2.4.4rel-1bpo1_all.deb
vbash-4.1# gzip -d data.tar.gz
vbash-4.1# tar xf data.tar
vbash-4.1# cp -Ra usr /
</code></pre></div>
<h4>Build accel-pptp</h4>
<p>Now with everything in place we can build accel-pptp:</p>
<div class="highlight"><pre><span></span><code>vbash-4.1# cd /config/user-data
vbash-4.1# curl -Lso accel-pptp.tar.gz https://github.com/winterheart/accel-pptp/archive/master.tar.gz
vbash-4.1# tar xf accel-pptp.tar.gz
vbash-4.1# rm accel-pptp.tar.gz
vbash-4.1# cd accel-pptp-master/
vbash-4.1# mkdir build
vbash-4.1# cd build
vbash-4.1# cmake -DPPP_PREFIX_DIR=/usr ../
vbash-4.1# make
vbash-4.1# make install
vbash-4.1# mv /usr/lib/pppd/2.4.4/pptp.so /usr/lib/pppd/pptp.so
</code></pre></div>
<h4>Modify vyatta to use accel-pptp instead of pptp-linux</h4>
<p>Run this and hope for the best:</p>
<div class="highlight"><pre><span></span><code><span class="n">vbash</span><span class="o">-</span><span class="mf">4.1</span><span class="err">#</span><span class="w"> </span><span class="n">cat</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">vyatta</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">vyatta</span><span class="o">-</span><span class="n">cfg</span><span class="o">/</span><span class="n">templates</span><span class="o">/</span><span class="n">interfaces</span><span class="o">/</span><span class="n">pptp</span><span class="o">-</span><span class="n">client</span><span class="o">/</span><span class="n">node</span><span class="p">.</span><span class="n">tag</span><span class="o">/</span><span class="n">server</span><span class="o">-</span><span class="n">ip</span><span class="o">/</span><span class="n">node</span><span class="p">.</span><span class="n">def</span><span class="w"> </span><span class="o"><<</span><span class="w"> </span><span class="n">EOF</span>
<span class="nl">type</span><span class="p">:</span><span class="w"> </span><span class="n">txt</span>
<span class="nl">help</span><span class="p">:</span><span class="w"> </span><span class="n">Remote</span><span class="w"> </span><span class="n">IP</span><span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="ow">or</span><span class="w"> </span><span class="n">hostname</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">this</span><span class="w"> </span><span class="n">tunnel</span><span class="w"> </span><span class="o">[</span><span class="n">REQUIRED</span><span class="o">]</span>
<span class="nl">syntax</span><span class="p">:</span><span class="nl">expression</span><span class="p">:</span><span class="w"> </span><span class="n">pattern</span><span class="w"> </span><span class="err">\$</span><span class="nf">VAR</span><span class="p">(</span><span class="err">@</span><span class="p">)</span><span class="w"> </span><span class="ss">"^[[:alnum:]][-.[:alnum:]]*[[:alnum:]]\$"</span>
<span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="ss">"Invalid server \$VAR(@)"</span>
<span class="k">update</span><span class="err">:</span><span class="w"> </span><span class="n">sudo</span><span class="w"> </span><span class="n">sed</span><span class="w"> </span><span class="o">-</span><span class="n">i</span><span class="w"> </span><span class="o">-</span><span class="n">e</span><span class="w"> </span><span class="s1">'/^pty/d'</span><span class="w"> </span><span class="o">-</span><span class="n">e</span><span class="w"> </span><span class="s1">'/^plugin pptp.so/d'</span><span class="w"> </span><span class="o">-</span><span class="n">e</span><span class="w"> </span><span class="s1">'/^pptp_server/d'</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">ppp</span><span class="o">/</span><span class="n">peers</span><span class="o">/</span><span class="err">\$</span><span class="nf">VAR</span><span class="p">(..</span><span class="o">/</span><span class="err">@</span><span class="p">)</span>
<span class="w"> </span><span class="n">sudo</span><span class="w"> </span><span class="n">sh</span><span class="w"> </span><span class="o">-</span><span class="n">c</span><span class="w"> </span><span class="ss">"echo plugin pptp.so >> /etc/ppp/peers/\$VAR(../@)"</span>
<span class="w"> </span><span class="n">sudo</span><span class="w"> </span><span class="n">sh</span><span class="w"> </span><span class="o">-</span><span class="n">c</span><span class="w"> </span><span class="ss">"echo pptp_server \$VAR(@) >> /etc/ppp/peers/\$VAR(../@)"</span>
<span class="k">delete</span><span class="err">:</span><span class="w"> </span><span class="n">sudo</span><span class="w"> </span><span class="n">sed</span><span class="w"> </span><span class="o">-</span><span class="n">i</span><span class="w"> </span><span class="o">-</span><span class="n">e</span><span class="w"> </span><span class="s1">'/^pty/d'</span><span class="w"> </span><span class="o">-</span><span class="n">e</span><span class="w"> </span><span class="s1">'/^plugin pptp.so/d'</span><span class="w"> </span><span class="o">-</span><span class="n">e</span><span class="w"> </span><span class="s1">'/^pptp_server/d'</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">ppp</span><span class="o">/</span><span class="n">peers</span><span class="o">/</span><span class="err">$</span><span class="nf">VAR</span><span class="p">(..</span><span class="o">/</span><span class="err">@</span><span class="p">)</span>
<span class="n">EOF</span>
</code></pre></div>
<p>It replaces the definitions on how to generate the server-ip part of the pptp client config.</p>
<h4>Regenerate ppp client config</h4>
<p>To regenerate the ppp client config the easiest way is go into config mode, change a few settings, commit, change them back.</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">configure</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="n">edit</span><span class="w"> </span><span class="n">interfaces</span><span class="w"> </span><span class="n">pptp</span><span class="o">-</span><span class="n">client</span><span class="w"> </span><span class="n">pptpc0</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">server</span><span class="o">-</span><span class="n">ip</span><span class="w"> </span><span class="mf">127.0.0.1</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">commit</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">server</span><span class="o">-</span><span class="n">ip</span><span class="w"> </span><span class="n">vpn</span><span class="p">.</span><span class="n">stw</span><span class="o">-</span><span class="n">bonn</span><span class="p">.</span><span class="n">de</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">commit</span>
<span class="o">[</span><span class="n">edit interfaces pptp-client pptpc0</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">save</span>
<span class="n">Saving</span><span class="w"> </span><span class="n">configuration</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="s1">'/config/config.boot'</span><span class="p">...</span>
<span class="n">Done</span>
<span class="o">[</span><span class="n">edit</span><span class="o">]</span>
<span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">#</span><span class="w"> </span><span class="k">exit</span>
</code></pre></div>
<p>You can verify that it worked by looking at the client config.
This is how it should look:</p>
<div class="highlight"><pre><span></span><code><span class="n">ubnt</span><span class="nv">@ubnt</span><span class="err">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="n">tail</span><span class="w"> </span><span class="o">-</span><span class="n">n2</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">ppp</span><span class="o">/</span><span class="n">peers</span><span class="o">/</span><span class="n">pptpc0</span>
<span class="n">plugin</span><span class="w"> </span><span class="n">pptp</span><span class="p">.</span><span class="n">so</span>
<span class="n">pptp_server</span><span class="w"> </span><span class="n">vpn</span><span class="p">.</span><span class="n">stw</span><span class="o">-</span><span class="n">bonn</span><span class="p">.</span><span class="n">de</span>
</code></pre></div>
<h4>Troubleshooting</h4>
<p>If you ever run into a problem and need internet access to get something working you have to remove the <code>plugin pptp.so</code> and <code>pptp_server vpn.stw-bonn.de</code> lines and add <code>pty "/usr/sbin/pptp vpn.stw-bonn.de --nolaunchpppd"</code> to <code>/etc/ppp/peers/pptpc0</code>.</p>
<h3>IPv6 workaround</h3>
<p>We need a workaround to enable IPv6 on the pptp client interface:</p>
<div class="highlight"><pre><span></span><code><span class="nx">ubnt</span><span class="err">@</span><span class="nx">ubnt</span><span class="p">:</span><span class="o">~</span><span class="err">$</span><span class="w"> </span><span class="nx">sudo</span><span class="w"> </span><span class="o">-</span><span class="nx">s</span>
<span class="nx">vbash</span><span class="o">-</span><span class="m m-Double">4.1</span><span class="err">#</span><span class="w"> </span><span class="nx">mkdir</span><span class="w"> </span><span class="o">-</span><span class="nx">p</span><span class="w"> </span><span class="o">/</span><span class="nx">config</span><span class="o">/</span><span class="nx">scripts</span><span class="o">/</span><span class="nx">ppp</span><span class="o">/</span><span class="nx">ip</span><span class="o">-</span><span class="nx">up</span><span class="p">.</span><span class="nx">d</span>
<span class="nx">vbash</span><span class="o">-</span><span class="m m-Double">4.1</span><span class="err">#</span><span class="w"> </span><span class="nx">cat</span><span class="w"> </span><span class="p">></span><span class="w"> </span><span class="o">/</span><span class="nx">config</span><span class="o">/</span><span class="nx">scripts</span><span class="o">/</span><span class="nx">ppp</span><span class="o">/</span><span class="nx">ip</span><span class="o">-</span><span class="nx">up</span><span class="p">.</span><span class="nx">d</span><span class="o">/</span><span class="nx">autoconf</span><span class="p">.</span><span class="nx">sh</span><span class="w"> </span><span class="o"><<</span><span class="w"> </span><span class="nx">EOF</span>
<span class="err">#</span><span class="p">!</span><span class="o">/</span><span class="nx">bin</span><span class="o">/</span><span class="nx">bash</span>
<span class="nx">sysctl</span><span class="w"> </span><span class="o">-</span><span class="nx">w</span><span class="w"> </span><span class="nx">net</span><span class="p">.</span><span class="nx">ipv6</span><span class="p">.</span><span class="nx">conf</span><span class="p">.</span><span class="nx">pptpc0</span><span class="p">.</span><span class="nx">autoconf</span><span class="p">=</span><span class="mi">2</span>
<span class="nx">sysctl</span><span class="w"> </span><span class="o">-</span><span class="nx">w</span><span class="w"> </span><span class="nx">net</span><span class="p">.</span><span class="nx">ipv6</span><span class="p">.</span><span class="nx">conf</span><span class="p">.</span><span class="nx">pptpc0</span><span class="p">.</span><span class="nx">accept_ra</span><span class="p">=</span><span class="mi">2</span>
<span class="nx">ip</span><span class="w"> </span><span class="o">-</span><span class="mi">6</span><span class="w"> </span><span class="kd">addr</span><span class="w"> </span><span class="nx">flush</span><span class="w"> </span><span class="nx">dev</span><span class="w"> </span><span class="nx">pptpc0</span>
<span class="nx">ip</span><span class="w"> </span><span class="o">-</span><span class="mi">6</span><span class="w"> </span><span class="kd">addr</span><span class="w"> </span><span class="nx">add</span><span class="w"> </span><span class="err">\$</span><span class="p">(</span><span class="nx">ip</span><span class="w"> </span><span class="o">-</span><span class="mi">6</span><span class="w"> </span><span class="kd">addr</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="nx">eth1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">grep</span><span class="w"> </span><span class="nx">fe80</span><span class="o">::</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">awk</span><span class="w"> </span><span class="err">'</span><span class="p">{</span><span class="nx">print</span><span class="w"> </span><span class="err">\$</span><span class="mi">2</span><span class="p">}</span><span class="err">'</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">awk</span><span class="w"> </span><span class="o">-</span><span class="nx">F</span><span class="w"> </span><span class="sc">':'</span><span class="w"> </span><span class="err">'</span><span class="p">{</span><span class="nx">print</span><span class="w"> </span><span class="err">\$</span><span class="mi">1</span><span class="s">"::"</span><span class="mi">1337</span><span class="s">":"</span><span class="err">\$</span><span class="mi">4</span><span class="s">":"</span><span class="err">\$</span><span class="mi">5</span><span class="s">":"</span><span class="err">\$</span><span class="mi">6</span><span class="p">}</span><span class="err">'</span><span class="p">)</span><span class="w"> </span><span class="nx">dev</span><span class="w"> </span><span class="nx">pptpc0</span>
<span class="nx">EOF</span>
<span class="nx">vbash</span><span class="o">-</span><span class="m m-Double">4.1</span><span class="err">#</span><span class="w"> </span><span class="nx">chmod</span><span class="w"> </span><span class="nx">a</span><span class="o">+</span><span class="nx">x</span><span class="w"> </span><span class="o">/</span><span class="nx">config</span><span class="o">/</span><span class="nx">scripts</span><span class="o">/</span><span class="nx">ppp</span><span class="o">/</span><span class="nx">ip</span><span class="o">-</span><span class="nx">up</span><span class="p">.</span><span class="nx">d</span><span class="o">/</span><span class="nx">autoconf</span><span class="p">.</span><span class="nx">sh</span>
</code></pre></div>
<p>This sets the appropriate system configuration to allow autoconf on forwarding devices and adds a link local address (derived from eth1 address) to the pptp client interface.</p>
<h3>Nearly Done</h3>
<p>You now should have pptp working in your kernel, making it a lot faster.</p>
<p>But: You are not yet finished configuring your router! You'll need to configure your local network and you'll need to define firewall rules!</p>letsencrypt.sh2016-02-10T12:49:00+01:002016-02-10T12:49:00+01:00Lukas Schauertag:lukas.im,2016-02-10:/2016/02/10/letsencryptsh/index.html<p>Trusted SSL certificates used to cost money, but in the past companies like StartCom already started to hand out domain-verified certificates for free,
but now we have Let's Encrypt, which takes a different approach.</p>
<p>Trusted SSL certificates used to cost money, but in the past companies like StartCom already started to hand out domain-verified certificates for free,
but now we have Let's Encrypt, which takes a different approach.</p>
<h3>How it used to work in the past</h3>
<p>Getting one of those certificates usually involved signing up for an account,
starting a domain verification by letting StartCom send you a pin to an email address associated with your domain,
starting the signing process by either letting startcom generate a key for you or uploading a CSR,
waiting a few minutes to hours until your certificate got signed,
installing the certificate on your server, looking at tons of forum entries to exactly know which CA certificates to include in your certificate chain,
and just like that, you had your site available over trusted https! Yay! \o/</p>
<h3>Let's Encrypt!</h3>
<p>Let's Encrypt takes a different approach.</p>
<p>Instead of you having to do all these manual steps it was designed to be nearly fully automatic.
The whole process from registering an account to getting your domain signed only takes a few seconds.<br>
It also can install the certificate for you, no more hassle trying to figure out which files to use!</p>
<p>Isn't that great?! Yay! \o/</p>
<h3>Well... kinda... but.</h3>
<p>The official client is great if you are just getting started setting up a server,
having a simple webserver configuration and absolutely nothing writing to your config files.
In a lot of automated and/or more complex setups this will fail.</p>
<p>Not so great, but okay, with some additional parameters it basically allows you to work around this.</p>
<h3>curl | sh...ish</h3>
<p>A different problem (at least for me) was the approach of how this updates itself.
Every time you run the official client it looks for a newer version of itself and may also install some python modules into it's virtualenv.
It mostly doesn't use your package manager, and it downloads and runs code (intended to run as root!) automatically, which is kinda bad.</p>
<p>You can install all the requirements manually and set it up to now download stuff, but that's kinda annoying.</p>
<h3>No space left on device</h3>
<p>Another problem is the size of the requirements.
The client is written in python, requiring you to basically install python and all the other requirements,
which is quite big, and may result in a few problems on some systems that just don't have much space.</p>
<p>Think of a tiny ARM-based linux board with 1G nand (or even smaller, like 128MB in a router or something similar).
You really don't want that stuff on there.</p>
<p>This is where <a href="https://github.com/lukas2511/letsencrypt.sh">letsencrypt.sh</a> comes in.</p>
<h3><a href="https://github.com/lukas2511/letsencrypt.sh">letsencrypt.sh</a></h3>
<p>I was reading <a href="https://news.ycombinator.com">Hacker News</a> when I found a link to a <a href="https://github.com/diafygi/acme-tiny">very tiny python based client</a> for letsencrypt.</p>
<p>Reading the script I noticed that most of the important stuff was just wrapped around the openssl binary,
and when it comes to wrapping stuff around a binary what do I think of? My shell of course!</p>
<p>I started with a very simple proof of concept, basically being just able to send a request to Boulder (the server-side of ACME, the protocol used by Let's Encrypt).<br>
This initial step was basically just trying to register an account key with Let's Encrypt, and after that worked I started expanding the script,
and finally pushed a first version to GitHub.</p>
<p>This first version was very simple, it generated a key and signing-request, created the files needed for domain verification, and finally received the certificate from Boulder.
Nothing too complicated, but well... There was little to no error handling, it was working, but if something went wrong you could easily have erased your certificate...
Not so great...</p>
<p>But that was fixed, there is a lot more error handling, also old certificates and keys are not deleted, just a symlink gets changed,
so if anything still goes wrong you can easily go back to the last working state.</p>
<p>It now also works on BSD and with ZSH instead of just GNU/Linux and Bash.</p>
<p>People started adding a lot of features to letsencrypt.sh:</p>
<ul>
<li>certificate revocation (thanks to <a href="https://github.com/germeier">germeier</a>)</li>
<li>expiration checks (thanks to <a href="https://github.com/tralafiti">tralafiti</a>)</li>
<li>domain name config change detection (thanks to <a href="https://github.com/germeier">germeier</a>)</li>
<li>DNS-01 verification (thanks to <a href="https://github.com/germeier">germeier</a>)</li>
<li>support for Elliptic Curve Cryptography (thanks to <a href="https://github.com/germeier">germeier</a>)</li>
<li>signing of custom CSRs (thanks to <a href="https://github.com/nielslaukens">nielslaukens</a>)</li>
<li>custom hooks at a lot of places inside letsencrypt.sh (initial implementation thanks to <a href="https://github.com/rudis">rudis</a>)</li>
</ul>
<p>What started as a simple proof of concept is now basically a fully fledged client for Let's Encrypt (or any other ACME server).</p>
<p>Also thanks to all the other people who contributed to this project up to now or in the future!
Have a look at the <a href="https://github.com/lukas2511/letsencrypt.sh/graphs/contributors">contributors graph</a> to see who else worked on this.</p>Replace broken USB-Stick in Ubiquiti EdgeMax routers2016-01-25T19:48:00+01:002016-01-25T19:48:00+01:00Lukas Schauertag:lukas.im,2016-01-25:/2016/01/25/replace-broken-usb-stick-in-ubiquiti-edgemax-routers/index.html<p>In this blog post I'm going to explain how to replace a broken USB-stick in Ubiquiti EdgeMax Routers or in this case the Ubiquiti EdgeMax EdgeRouter-POE.
This guide can also be used to recover from a failed firmware update.</p>
<p>First thing you have to do is to get a new …</p><p>In this blog post I'm going to explain how to replace a broken USB-stick in Ubiquiti EdgeMax Routers or in this case the Ubiquiti EdgeMax EdgeRouter-POE.
This guide can also be used to recover from a failed firmware update.</p>
<p>First thing you have to do is to get a new USB-stick.
The stick has to be very slim (basically not wider than the USB-port itself).
Also you have to be a bit careful as the EdgeMax routers are very picky about the stick in use, if your stick takes too long to be recognized by the system it won't boot.
I used an Kingston DataTraveler DTSE9H 8GB USB-stick, which seems to work fine, I think you need at least 4GB for the stick to work as that is the size of the original USB-stick.</p>
<p>To take the EdgeRouter apart take out the screws on the back (you don't need to remove the ground-screw-terminal) and slide the cover from the router.</p>
<p>Internally it looks like this (the stick is on the right-hand side):
<img alt="ER-POE internals" src="https://lukas.im/2016/01/25/replace-broken-usb-stick-in-ubiquiti-edgemax-routers/images/thumbnails/1024x_/er-poe-internals.jpg"></p>
<p>To prepare your stick format it with FAT32 using an MBR partition scheme.</p>
<p><img alt="OSX Disk-Utility format dialog" src="https://lukas.im/2016/01/25/replace-broken-usb-stick-in-ubiquiti-edgemax-routers/images/thumbnails/1024x_/diskutility.png"></p>
<p>After formatting the stick go to <a href="http://packages.vyos.net/tools/emrk/0.9c/">http://packages.vyos.net/tools/emrk/0.9c/</a> and download <code>emrk-0.9c.bin</code>.
Copy that file on the stick, eject it and plug it into the internal USB-socket of your router.</p>
<p>Plug a console cable into your router and connect the first network port of the router to your network.
Open a serial terminal on your computer and connect power to the router.</p>
<p>You should see something like this:
<img alt="Bootloader prompt with USB info" src="https://lukas.im/2016/01/25/replace-broken-usb-stick-in-ubiquiti-edgemax-routers/images/thumbnails/1024x_/bootloader.png"></p>
<p>The <code>vmlinux.64</code> error is normal, it is shown because the stick doesn't contain EdgeOS yet.
Take a good look at the USB section, it should show your USB stick.
If you get any errors or warnings about USB devices the router will not (always) boot!
It may also be a good idea to power-cycle the router a few times just to make sure it recognizes the stick every single time.</p>
<p>After these "debug" messages you are dropped to a bootloader shell.
We want to load <code>emrk-0.9c.bin</code> from the stick so we run <code>fatload usb 0 $loadaddr emrk-0.9c.bin</code>.
It should print a few dots followed by a message like <code>15665511 bytes read</code> and shouldn't display any errors.
When this is done we can boot into that image by executing <code>bootoctlinux $loadaddr</code>.
It should now start booting a very minimal Linux (rescue) system, will ask you to accept the disclaimer and you need to configure a network connection (I used DHCP).
The router will need internet access for the next step to work!</p>
<p>In the rescue-system we type <code>emrk-reinstall</code> for a full reformat and reinstall of EdgeOS on the stick.
It will ask for an EdgeOS download URL. For ER-lite and ER-POE that URL is (at the time of writing this) <code>http://dl.ubnt.com/firmwares/edgemax/v1.7.0/ER-e100.v1.7.0.4783374.tar</code>. You can get that URL from the Firmware Download page on https://ubnt.com.</p>
<p>The whole reinstall process while look like this:
<img alt="Log of installation process" src="https://lukas.im/2016/01/25/replace-broken-usb-stick-in-ubiquiti-edgemax-routers/images/thumbnails/1024x_/emrk-reinstall.png"></p>
<p>After this disconnect your network cable (to avoid conflicts) and type <code>reboot</code>.
I'd suggest not to disconnect power at this point, as that may corrupt the newly created filesystems as they may not have been completely written to the stick yet). After the reboot it should be fine.</p>
<p>It should now boot EdgeOS from the new stick.
The default login will be <code>ubnt</code> as both username and password.</p>Hide process list from users2014-07-22T15:48:00+02:002014-07-22T15:48:00+02:00Lukas Schauertag:lukas.im,2014-07-22:/2014/07/22/hidepid/index.html<p>If you have multiple users on a single machine every user can normally see all running processes, their own, other users processes and even system processes.
Sometimes people append sensitive data like passwords to a command, and since you can see the process list you'll also get that password, which …</p><p>If you have multiple users on a single machine every user can normally see all running processes, their own, other users processes and even system processes.
Sometimes people append sensitive data like passwords to a command, and since you can see the process list you'll also get that password, which isn't good.</p>
<p>One solution would be to teach all your users to never ever do this, as if that would work...
Also sometimes you may not even do this yourself but an installer script could download a piece of software with the product serial as parameter of the URL or something similar.</p>
<p>The better solution is to hide processes the user isn't controlling.</p>
<p>To do this temporarily you can run <code>mount -o remount,hidepid=2 /proc</code>, which will remount <code>/proc</code> (the directory containing all process information) with the <code>hidepid</code> parameter which will control what a user can see.
As root you'll continue seeing all processes.</p>
<p>To get this as a permanent setting you can alter <code>/etc/fstab</code> to have a line for <code>/proc</code> looking something like this:</p>
<div class="highlight"><pre><span></span><code><span class="k">proc</span><span class="w"> </span><span class="o">/</span><span class="nv">proc</span><span class="w"> </span><span class="nv">proc</span><span class="w"> </span><span class="nv">defaults</span><span class="p">,</span><span class="nv">hidepid</span><span class="o">=</span><span class="mi">2</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="mi">0</span>
</code></pre></div>
<p><a href="https://www.kernel.org/doc/Documentation/filesystems/proc.txt">Here</a> under "4.1 Mount options" you can find a few more details.
There also is an option to allow a group to see all processes which could be useful if you have non-root admin accounts.</p>dpkg-divert2014-07-15T01:07:00+02:002014-07-15T01:07:00+02:00Lukas Schauertag:lukas.im,2014-07-15:/2014/07/15/dpkg-divert/index.html<p>Just a short note for myself...</p>
<p>To move a dpkg-managed file out of the way:</p>
<div class="highlight"><pre><span></span><code>dpkg-divert<span class="w"> </span>--rename<span class="w"> </span>--divert<span class="w"> </span>/usr/share/initramfs-tools/dropbear.original<span class="w"> </span>/usr/share/initramfs-tools/scripts/init-premount/dropbear
</code></pre></div>
<p>Copy and edit original.</p>
<div class="highlight"><pre><span></span><code>cp<span class="w"> </span>/usr/share/initramfs-tools/dropbear.original<span class="w"> </span>/usr/share/initramfs-tools/scripts/init-premount/dropbear
ed<span class="w"> </span>/usr/share/initramfs-tools/scripts …</code></pre></div><p>Just a short note for myself...</p>
<p>To move a dpkg-managed file out of the way:</p>
<div class="highlight"><pre><span></span><code>dpkg-divert<span class="w"> </span>--rename<span class="w"> </span>--divert<span class="w"> </span>/usr/share/initramfs-tools/dropbear.original<span class="w"> </span>/usr/share/initramfs-tools/scripts/init-premount/dropbear
</code></pre></div>
<p>Copy and edit original.</p>
<div class="highlight"><pre><span></span><code>cp<span class="w"> </span>/usr/share/initramfs-tools/dropbear.original<span class="w"> </span>/usr/share/initramfs-tools/scripts/init-premount/dropbear
ed<span class="w"> </span>/usr/share/initramfs-tools/scripts/init-premount/dropbear
</code></pre></div>Power over Ethernet on Raspberry Pi2014-07-13T23:50:00+02:002014-07-13T23:50:00+02:00Lukas Schauertag:lukas.im,2014-07-13:/2014/07/13/poe-on-raspberry-pi/index.html<p>I have a few devices that support (passive) power-over-ethernet, and I quite like that as I don't need a power supply for every single device filling up my power strip and I even can mount devices further away where there is no power available.</p>
<p>The Raspberry Pi board normally has …</p><p>I have a few devices that support (passive) power-over-ethernet, and I quite like that as I don't need a power supply for every single device filling up my power strip and I even can mount devices further away where there is no power available.</p>
<p>The Raspberry Pi board normally has two ways of getting power: You can either connect a Micro-USB cable, or you can use the GPIO headers to inject power.</p>
<p>I don't like using both of these methods.
Most (cheap) Micro-USB cables I used didn't carry enough power to reliably power the Raspberry Pi, and with GPIO headers you have to connect wires to it every single time (or build a chunky breakout board with a 5V power socket or something).</p>
<p>Since I did have a few switch-mode power supplies laying around that were able to convert down from 24V (my passive-POE voltage) to 5V without any problems I decided to mount one of those inside a Raspberry Pi and connect it to the unused power-carrying pins of the ethernet socket.</p>
<h2>Power over Ethernet</h2>
<p>The first thing I needed to do was to actually get to the connections carrying power over the network cable, but that wasn't that easy because the Raspberry Pi is using an RJ45 socket with internal magnetics, so there is no power on the pins on the board! I needed to open and modify that socket.</p>
<p>I carefully pried it open, cut away a piece of plastic and was able to see the 8 pins of the <em>actual</em> RJ45 socket in front of the magnetics.</p>
<p>From left to right those pins are: GND, GND, DATA, 24V, 24V, DATA, DATA, DATA</p>
<p>I connected both ground and 24V pins and attached pieces of wire.</p>
<p><img alt="Inside of RJ45 socket" src="https://lukas.im/2014/07/13/poe-on-raspberry-pi/images/thumbnails/1024x_/socket.jpg"></p>
<h2>Power Supply 24V -> 5V</h2>
<p>So... the "tiny" power supply I had wasn't that tiny after all, it didn't fit nicely into the case I wanted to use, so I had to desolder the Micro-USB socket and the filtering cap. I also needed to desolder and move the 3.3V regulator and naturally I destroyed it while doing that and had to replace it.</p>
<p><img alt="What have I done..." src="https://lukas.im/2014/07/13/poe-on-raspberry-pi/images/thumbnails/1024x_/inside.jpg"></p>DIY IP-KVM2014-06-01T01:07:00+02:002016-01-26T00:00:00+01:00Lukas Schauertag:lukas.im,2014-06-01:/2014/06/01/diy-ip-kvm/index.html<p><em>Note: This is a slightly updated version of the old blogpost (re-written on 2016/01/25).</em></p>
<p>I really like IP-KVMs. They are great devices that allow you to directly connect to and control your computer from basically anywhere in the world, even if your system crashed or your network card …</p><p><em>Note: This is a slightly updated version of the old blogpost (re-written on 2016/01/25).</em></p>
<p>I really like IP-KVMs. They are great devices that allow you to directly connect to and control your computer from basically anywhere in the world, even if your system crashed or your network card died.
Also you can access the bios settings and raid configuration utilities which wouldn't be possible with normal remote-desktop tools.</p>
<p>Some of there devices also have a possibility to attach "virtual media" to your device, essentially allowing you to boot your remote system off an iso image on your local system, giving you a lot of possibilities to reinstall or rescue an operating system.</p>
<p>There are quite a few IP-KVMs on the market, but they are quite expensive (cheap ones starting at over 250€), and they often run outdated and insecure (custom) software.
Also these devices often need Java or Flash for their client software, which is an absolute no-go for me. These tools also often have problems with keyboard layouts, mouse positioning/acceleration and are very slow (low fps and ultra slow speed for virtual media).</p>
<p>It's okay(ish) for rescuing a system, but it's far from good.</p>
<p>So... the plan is to build an IP-KVM myself, keeping price relatively low while having a better user experience than commercial devices.</p>
<h2>Hardware</h2>
<ul>
<li><a href="http://www.amazon.de/gp/product/B00HCM7KO8?linkCode=wey&tag=devurando-21">OLinuXino A20 Micro</a> ~65€</li>
<li><a href="http://www.amazon.de/gp/product/B003U0PHC8?linkCode=wey&tag=devurando-21">VGA zu S-Video Konverter</a> ~20€</li>
<li><a href="http://www.amazon.de/gp/product/B0015HXRLQ?linkCode=wey&tag=devurando-21">S-Video Grabber</a> ~11€</li>
<li><a href="http://www.amazon.de/gp/product/B00GGCNBAC?linkCode=wey&tag=devurando-21">STM32F4-Discovery</a> ~18€</li>
</ul>
<p>In total with required cables and SD-Card around 150€.</p>
<p>With a few changes in hardware selection the price probably can be under 100€.</p>
<h3>OLinuXino</h3>
<p>The OLinuXino A20 Micro is used as the heart of this device.
It controls the video-streaming, keyboard inputs and as it supports USB-OTG it can emulate a USB-connected cd/dvd-drive using a normal ISO file.</p>
<p>Alternatively you can use OLinuXino-Lime(2), Beaglebone Black or similar devices, but if you want to use it as virtual media you need a board with USB-OTG, so that wouldn't work with e.g. a Raspberry Pi.</p>
<p>I originally wanted to use my Beaglebone Black for this experiment, but I accidentally shorted out some Pins and fried my board... Meh.</p>
<h3>VGA -> S-Video -> USB</h3>
<p>How do we get a video signal into the device? Well, over USB of course!</p>
<p>I started looking for VGA to USB devices, and I actually found a few, but they were horribly expensive... More expensive than commercial IP-KVM solutions... That's no good.</p>
<p>So we need a workaround...</p>
<p>Quality doesn't really matter as all we need is to be able to read some text and navigate some menus, after all this is just for installing and configuring an OS, and not really anything else. Don't expect ultra fluid low-latency HD graphics for gaming :'D</p>
<p>So... the idea is: People want to connect notebooks and computers to their TVs. What do (almost all) TVs have? S-Video and composite inputs!
So these adapters (VGA->S-Video) are quite cheap, you can grab one for 20€ on Amazon (or quite a bit cheaper directly from China).</p>
<p>I also had a DVB-T stick with S-Video input laying around that I bought for around 80€ a few years back, so I knew that there are cheap(ish) devices for capturing S-Video.
After looking around I found a few USB devices capable of capturing S-Video.
I decided on one that was available for just 11€ on Amazon. There was a cheaper one, which probably would also have worked, but it didn't have any reviews. Directly from China these devices are probably even cheaper.</p>
<p>After trying this out I was quite amazed about the picture quality. I expected far worse.
Only problem I noticed was that sometimes the VGA adapter stops working, but power-cycling always helped, so maybe adding a reset-functionality would solve this problem (components like a mosfet or relay and some other stuff would only be a few euros and could be controlled by the OLinuXino).</p>
<p>As I didn't like having all these cables laying around I decided to combine the capture-stick and the adapter into one device, which now looks like this:</p>
<p><img alt="VGA to USB converter" src="https://lukas.im/2014/06/01/diy-ip-kvm/images/thumbnails/1024x_/vga_to_usb.jpg"></p>
<h3>STM32F4-Discovery</h3>
<p>I found it quite hard to get a combined usb-device running with the old Linux kernel version I was running back when originally writing this blog post, so I decided to use an STM32F4-Discovery as U(S)ART controlled USB keyboard.</p>
<p>At the point of re-writing this post (mostly for translation purposes) the Linux mainline kernel has support for USB-OTG on A20 SoCs, and therefore newer USB-OTG functionality can be used, which should make it actually quite easy to combine HID and virtual media, basically getting rid completely of the STM32F4 in this build.</p>
<p>I may actually try to get this running in the near future. Also I'll probably rewrite most of the software I already had.</p>
<h2>Software</h2>
<h3>Linux Kernel</h3>
<p>Back when writing this post originally it was best to use the <a href="https://github.com/linux-sunxi/linux-sunxi">linux-sunxi</a>-kernel on A20 based boards, but nowadays all required features are in linux-mainline and if you want to try to build this yourself you should go with that.</p>
<p>If you want to use the sunxi kernel for whatever reason you'll need to install some backports to get some newer capture devices running.
These can be found on <a href="http://linuxtv.org">linuxtv.org</a>.</p>
<p>I have a <a href="https://github.com/lukas2511/linux-sunxi">very outdated fork</a> which contains some patches to get these backports to compile and also includes AUFS which I wanted back in the day... no idea why.</p>
<p>To build a Debian package with the kernel, media modules and kernel headers I put together a <a href="https://github.com/lukas2511/olinuxino-a20-micro/tree/master/kernel">small buildsystem</a>.
No idea if that still works.</p>
<h3>Video-Streaming...</h3>
<p>...is one of the most complicating things I've ever tried to do on a computer.</p>
<p>I tried tools like <a href="http://sourceforge.net/p/mjpg-streamer/code/HEAD/tree/mjpg-streamer/">mjpg-streamer</a> (wrong colors and high lag),
some cgi-scripts for capturing single MJPG-frames (memory leak, only 1 client/browser or it would fail),
and I tried some other pieces of software, but all failed eventually, except for <a href="https://www.videolan.org">VLC</a>...</p>
<p>Nobody on the internet seems to want to stream Video from <code>/dev/video0</code> to a browser with low(ish) latency... It was quite some work to get VLC working as intended, and it was especially annoying that the version of VLC without X bindings in the Debian repository wasn't compiled with ffmpeg-encoder-support, so I had to install the full package with all X requirements it had.</p>
<p>So, after all this, here is the magic command that actually worked:</p>
<div class="highlight"><pre><span></span><code><span class="ch">#!/bin/sh</span>
vlc<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>-I<span class="w"> </span>dummy<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>--control<span class="w"> </span>dummy<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>--no-disable-screensaver<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>v4l:///dev/video0<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>:v4l2-standard<span class="o">=</span>NTSC_M<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>:v4l2-input<span class="o">=</span><span class="m">4</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>:v4l2-fps<span class="o">=</span><span class="m">0</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>:no-v4l2-use-libv4l2<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>:v4l2-controls-reset<span class="w"> </span><span class="se">\</span>
<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>:live-caching<span class="o">=</span><span class="m">100</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>:sout<span class="o">=</span><span class="c1">#transcode{vcodec=MJPG,width=720,height=480,vb=40000,scale=1,acodec=none,venc=ffmpeg{strict=1}}:http{mux=mpjpeg,dst=127.0.0.1:8080/video.mjpg} \</span>
<span class="w"> </span>:sout-keep<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>--sout-ffmpeg-qscale<span class="o">=</span><span class="m">1</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>--sout-http-mime<span class="o">=</span><span class="s2">"multipart/x-mixed-replace;boundary=--7b3cc56e5f51db803f790dad720ed50a"</span>
</code></pre></div>
<p>If I'd do this again I'd probably take a (brief) look at gstreamer.</p>
<h3>USB CD/DVD-Drive</h3>
<div class="highlight"><pre><span></span><code>modprobe<span class="w"> </span>g_mass_storage<span class="w"> </span><span class="nv">stall</span><span class="o">=</span><span class="m">0</span><span class="w"> </span><span class="nv">cdrom</span><span class="o">=</span><span class="m">1</span><span class="w"> </span><span class="nv">removable</span><span class="o">=</span><span class="m">1</span><span class="w"> </span><span class="nv">nofua</span><span class="o">=</span><span class="m">1</span>
<span class="nb">echo</span><span class="w"> </span>/tmp/debian.iso<span class="w"> </span>><span class="w"> </span>/sys/devices/platform/sw_usb_udc/gadget/lun0/file
</code></pre></div>
<p>Done. It's really that easy.
Don't forget the <code>stall=0</code> or your kernel will... stall.</p>
<p>This may be a tiny bit more complicated if you want to combine it with a HID device, but not really much harder.</p>
<h3>Webinterface</h3>
<p>The webinterface is a tiny python-script using flask and some client-side javascript.</p>
<p>I don't have the code anymore but here is what it was basically doing:</p>
<ul>
<li>Generated a list of ISO-files, providing a selection (including "None") which ISO should be mounted and showing which ISO was currently in use. It basically controls <code>lun0/file</code>.</li>
<li>It received <code>keyDown</code> and <code>keyUp</code> events, translated the keycodes according to the <strike>configured</strike> hardcoded keyboard layout (this was a bit of a pain to figure out, I now see why pre-build IP-KVMs have problems with this), and sent them over U(S)ART to the STM32F4-Discovery board, which translated it into USB-HID keyboard commands.</li>
<li>It also had the capability to drive a GPIO pin to reset the STM32F4, and I wanted to have another pin to reset the VGA->S-Video adapter, but i never got around to build that.</li>
</ul>
<h3>Reverse-Proxy</h3>
<p>I'm using <a href="http://nginx.org">nginx</a> as reverse-proxy to combine the webinterface and mjpg-stream into one page and also to add SSL and authentication.
This was a lot easier than writing this as custom code in the webinterface script.</p>
<p>Here is the important part of the nginx config:</p>
<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="nx">auth_basic</span><span class="w"> </span><span class="s">"KaputtKVM"</span><span class="p">;</span>
<span class="w"> </span><span class="nx">auth_basic_user_file</span><span class="w"> </span><span class="o">/</span><span class="nx">etc</span><span class="o">/</span><span class="nx">nginx</span><span class="o">/</span><span class="nx">htpasswd</span><span class="p">;</span>
<span class="w"> </span><span class="nx">default_type</span><span class="w"> </span><span class="nx">application</span><span class="o">/</span><span class="nx">octet</span><span class="o">-</span><span class="nx">stream</span><span class="p">;</span>
<span class="w"> </span><span class="nx">upstream</span><span class="w"> </span><span class="nx">kaputtkvm</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nx">server</span><span class="w"> </span><span class="m m-Double">127.0.0.1</span><span class="p">:</span><span class="mi">5000</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="nx">upstream</span><span class="w"> </span><span class="nx">videostream</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nx">server</span><span class="w"> </span><span class="m m-Double">127.0.0.1</span><span class="p">:</span><span class="mi">8080</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">[</span><span class="o">...</span><span class="p">]</span>
<span class="w"> </span><span class="nx">location</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nx">proxy_pass</span><span class="w"> </span><span class="nx">http</span><span class="p">:</span><span class="c1">//kaputtkvm;</span>
<span class="w"> </span><span class="nx">proxy_next_upstream</span><span class="w"> </span><span class="nx">error</span><span class="w"> </span><span class="nx">timeout</span><span class="w"> </span><span class="nx">invalid_header</span><span class="w"> </span><span class="nx">http_500</span><span class="w"> </span><span class="nx">http_502</span><span class="w"> </span><span class="nx">http_503</span><span class="w"> </span><span class="nx">http_504</span><span class="p">;</span>
<span class="w"> </span><span class="nx">proxy_redirect</span><span class="w"> </span><span class="nx">off</span><span class="p">;</span>
<span class="w"> </span><span class="nx">proxy_buffering</span><span class="w"> </span><span class="nx">off</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="nx">location</span><span class="w"> </span><span class="o">/</span><span class="nx">video</span><span class="p">.</span><span class="nx">mjpg</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nx">proxy_pass</span><span class="w"> </span><span class="nx">http</span><span class="p">:</span><span class="c1">//videostream;</span>
<span class="w"> </span><span class="nx">proxy_next_upstream</span><span class="w"> </span><span class="nx">error</span><span class="w"> </span><span class="nx">timeout</span><span class="w"> </span><span class="nx">invalid_header</span><span class="w"> </span><span class="nx">http_500</span><span class="w"> </span><span class="nx">http_502</span><span class="w"> </span><span class="nx">http_503</span><span class="w"> </span><span class="nx">http_504</span><span class="p">;</span>
<span class="w"> </span><span class="nx">proxy_redirect</span><span class="w"> </span><span class="nx">off</span><span class="p">;</span>
<span class="w"> </span><span class="nx">proxy_buffering</span><span class="w"> </span><span class="nx">off</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">[</span><span class="o">...</span><span class="p">]</span>
</code></pre></div>
<h2>STM32-USB-Keyboard Firmware</h2>
<p>...wasn't that much fun either.</p>
<p>I build a <a href="http://libopencm3.org">libopencm3</a> based <a href="https://github.com/lukas2511/STM32-USB-Keyboard">Firmware for the STM32F4-Discovery</a> which acts as an U(S)ART controlled USB keyboard.</p>
<p>The firmware was working quite good, but had some problems, especially USB resets weren't really recognized, which sometimes resulted in problems using it in bios.</p>
<p>As I already stated a few times nowadays it's probably better to just do this on the OLinuXino board as well, but that wasn't possible when I first wrote this stuff.</p>🇩🇪 Fledermaus-Lichtschranken-Fail2014-05-27T05:57:00+02:002014-05-27T05:57:00+02:00Lukas Schauertag:lukas.im,2014-05-27:/2014/05/27/fledermaus-lichtschranken-fail/index.html<p>Nur kurz am Rande: Der Fledermauslichtschrankenaufbau hat uns über knapp einen Monat wunderbar Daten geliefert, danach fielen jedoch nach und nach die Sensoren aus.</p>
<p>Das Problem: Wildbienen. Die Tiere scheinen sich wohl im Infrarot-Licht wohl zu fühlen... naja... das Experiment ist jetzt auf jeden Fall abgebrochen.</p>Resize CoreOS rootfs2014-04-07T19:27:00+02:002014-04-07T19:27:00+02:00Lukas Schauertag:lukas.im,2014-04-07:/2014/04/07/resize-coreos-rootfs/index.html<p>I was playing around with <a href="https://coreos.com">CoreOS</a> in the last few days and i had a problem that the "installer" only created a 3GB GPT-label, with the problem that the backup header wasn't at the end of my disk but at the end of this 3GB section, so I couldn't just …</p><p>I was playing around with <a href="https://coreos.com">CoreOS</a> in the last few days and i had a problem that the "installer" only created a 3GB GPT-label, with the problem that the backup header wasn't at the end of my disk but at the end of this 3GB section, so I couldn't just resize my rootfs to the full disk.</p>
<p>To resize the <code>ROOT</code>-filesystem we'll have to move this backup data to the end of the disk:</p>
<div class="highlight"><pre><span></span><code><span class="nt">localhost</span><span class="w"> </span><span class="nt">core</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="nt">gdisk</span><span class="w"> </span><span class="o">/</span><span class="nt">dev</span><span class="o">/</span><span class="nt">sda</span>
<span class="nt">GPT</span><span class="w"> </span><span class="nt">fdisk</span><span class="w"> </span><span class="o">(</span><span class="nt">gdisk</span><span class="o">)</span><span class="w"> </span><span class="nt">version</span><span class="w"> </span><span class="nt">0</span><span class="p">.</span><span class="nc">8</span><span class="p">.</span><span class="nc">6</span>
<span class="nt">Partition</span><span class="w"> </span><span class="nt">table</span><span class="w"> </span><span class="nt">scan</span><span class="o">:</span>
<span class="w"> </span><span class="nt">MBR</span><span class="o">:</span><span class="w"> </span><span class="nt">protective</span>
<span class="w"> </span><span class="nt">BSD</span><span class="o">:</span><span class="w"> </span><span class="nt">not</span><span class="w"> </span><span class="nt">present</span>
<span class="w"> </span><span class="nt">APM</span><span class="o">:</span><span class="w"> </span><span class="nt">not</span><span class="w"> </span><span class="nt">present</span>
<span class="w"> </span><span class="nt">GPT</span><span class="o">:</span><span class="w"> </span><span class="nt">present</span>
<span class="nt">Found</span><span class="w"> </span><span class="nt">valid</span><span class="w"> </span><span class="nt">GPT</span><span class="w"> </span><span class="nt">with</span><span class="w"> </span><span class="nt">protective</span><span class="w"> </span><span class="nt">MBR</span><span class="o">;</span><span class="w"> </span><span class="nt">using</span><span class="w"> </span><span class="nt">GPT</span><span class="o">.</span>
<span class="nt">Command</span><span class="w"> </span><span class="o">(?</span><span class="w"> </span><span class="nt">for</span><span class="w"> </span><span class="nt">help</span><span class="o">):</span><span class="w"> </span><span class="nt">x</span>
<span class="nt">Expert</span><span class="w"> </span><span class="nt">command</span><span class="w"> </span><span class="o">(?</span><span class="w"> </span><span class="nt">for</span><span class="w"> </span><span class="nt">help</span><span class="o">):</span><span class="w"> </span><span class="nt">e</span>
<span class="nt">Relocating</span><span class="w"> </span><span class="nt">backup</span><span class="w"> </span><span class="nt">data</span><span class="w"> </span><span class="nt">structures</span><span class="w"> </span><span class="nt">to</span><span class="w"> </span><span class="nt">the</span><span class="w"> </span><span class="nt">end</span><span class="w"> </span><span class="nt">of</span><span class="w"> </span><span class="nt">the</span><span class="w"> </span><span class="nt">disk</span>
<span class="nt">Expert</span><span class="w"> </span><span class="nt">command</span><span class="w"> </span><span class="o">(?</span><span class="w"> </span><span class="nt">for</span><span class="w"> </span><span class="nt">help</span><span class="o">):</span><span class="w"> </span><span class="nt">m</span>
<span class="nt">Command</span><span class="w"> </span><span class="o">(?</span><span class="w"> </span><span class="nt">for</span><span class="w"> </span><span class="nt">help</span><span class="o">):</span><span class="w"> </span><span class="nt">w</span>
<span class="nt">Final</span><span class="w"> </span><span class="nt">checks</span><span class="w"> </span><span class="nt">complete</span><span class="o">.</span><span class="w"> </span><span class="nt">About</span><span class="w"> </span><span class="nt">to</span><span class="w"> </span><span class="nt">write</span><span class="w"> </span><span class="nt">GPT</span><span class="w"> </span><span class="nt">data</span><span class="o">.</span><span class="w"> </span><span class="nt">THIS</span><span class="w"> </span><span class="nt">WILL</span><span class="w"> </span><span class="nt">OVERWRITE</span><span class="w"> </span><span class="nt">EXISTING</span>
<span class="nt">PARTITIONS</span><span class="o">!!</span>
<span class="nt">Do</span><span class="w"> </span><span class="nt">you</span><span class="w"> </span><span class="nt">want</span><span class="w"> </span><span class="nt">to</span><span class="w"> </span><span class="nt">proceed</span><span class="o">?</span><span class="w"> </span><span class="o">(</span><span class="nt">Y</span><span class="o">/</span><span class="nt">N</span><span class="o">):</span><span class="w"> </span><span class="nt">Y</span>
<span class="nt">OK</span><span class="o">;</span><span class="w"> </span><span class="nt">writing</span><span class="w"> </span><span class="nt">new</span><span class="w"> </span><span class="nt">GUID</span><span class="w"> </span><span class="nt">partition</span><span class="w"> </span><span class="nt">table</span><span class="w"> </span><span class="o">(</span><span class="nt">GPT</span><span class="o">)</span><span class="w"> </span><span class="nt">to</span><span class="w"> </span><span class="o">/</span><span class="nt">dev</span><span class="o">/</span><span class="nt">sda</span><span class="o">.</span>
<span class="nt">Warning</span><span class="o">:</span><span class="w"> </span><span class="nt">The</span><span class="w"> </span><span class="nt">kernel</span><span class="w"> </span><span class="nt">is</span><span class="w"> </span><span class="nt">still</span><span class="w"> </span><span class="nt">using</span><span class="w"> </span><span class="nt">the</span><span class="w"> </span><span class="nt">old</span><span class="w"> </span><span class="nt">partition</span><span class="w"> </span><span class="nt">table</span><span class="o">.</span>
<span class="nt">The</span><span class="w"> </span><span class="nt">new</span><span class="w"> </span><span class="nt">table</span><span class="w"> </span><span class="nt">will</span><span class="w"> </span><span class="nt">be</span><span class="w"> </span><span class="nt">used</span><span class="w"> </span><span class="nt">at</span><span class="w"> </span><span class="nt">the</span><span class="w"> </span><span class="nt">next</span><span class="w"> </span><span class="nt">reboot</span><span class="o">.</span>
<span class="nt">The</span><span class="w"> </span><span class="nt">operation</span><span class="w"> </span><span class="nt">has</span><span class="w"> </span><span class="nt">completed</span><span class="w"> </span><span class="nt">successfully</span><span class="o">.</span>
<span class="nt">localhost</span><span class="w"> </span><span class="nt">core</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="nt">reboot</span>
</code></pre></div>
<p>After a reboot we open gdisk again, delete the <code>ROOT</code>-partition and recreate it with the same starting sector and the default end sector (which normally is the highest possible value).
Partition type should be FFFF.</p>
<div class="highlight"><pre><span></span><code><span class="nx">localhost</span><span class="w"> </span><span class="nx">core</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="nx">gdisk</span><span class="w"> </span><span class="o">/</span><span class="nx">dev</span><span class="o">/</span><span class="nx">sda</span>
<span class="nx">GPT</span><span class="w"> </span><span class="nx">fdisk</span><span class="w"> </span><span class="p">(</span><span class="nx">gdisk</span><span class="p">)</span><span class="w"> </span><span class="nx">version</span><span class="w"> </span><span class="m m-Double">0.8.6</span>
<span class="nx">Partition</span><span class="w"> </span><span class="nx">table</span><span class="w"> </span><span class="nx">scan</span><span class="p">:</span>
<span class="w"> </span><span class="nx">MBR</span><span class="p">:</span><span class="w"> </span><span class="nx">protective</span>
<span class="w"> </span><span class="nx">BSD</span><span class="p">:</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="nx">present</span>
<span class="w"> </span><span class="nx">APM</span><span class="p">:</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="nx">present</span>
<span class="w"> </span><span class="nx">GPT</span><span class="p">:</span><span class="w"> </span><span class="nx">present</span>
<span class="nx">Found</span><span class="w"> </span><span class="nx">valid</span><span class="w"> </span><span class="nx">GPT</span><span class="w"> </span><span class="nx">with</span><span class="w"> </span><span class="nx">protective</span><span class="w"> </span><span class="nx">MBR</span><span class="p">;</span><span class="w"> </span><span class="nx">using</span><span class="w"> </span><span class="nx">GPT</span><span class="p">.</span>
<span class="nx">Command</span><span class="w"> </span><span class="p">(?</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="nx">help</span><span class="p">):</span><span class="w"> </span><span class="nx">p</span>
<span class="nx">Disk</span><span class="w"> </span><span class="o">/</span><span class="nx">dev</span><span class="o">/</span><span class="nx">sda</span><span class="p">:</span><span class="w"> </span><span class="mi">234441648</span><span class="w"> </span><span class="nx">sectors</span><span class="p">,</span><span class="w"> </span><span class="m m-Double">111.8</span><span class="w"> </span><span class="nx">GiB</span>
<span class="nx">Logical</span><span class="w"> </span><span class="nx">sector</span><span class="w"> </span><span class="nx">size</span><span class="p">:</span><span class="w"> </span><span class="mi">512</span><span class="w"> </span><span class="nx">bytes</span>
<span class="nx">Disk</span><span class="w"> </span><span class="nx">identifier</span><span class="w"> </span><span class="p">(</span><span class="nx">GUID</span><span class="p">):</span><span class="w"> </span><span class="mi">83</span><span class="nx">A877DF</span><span class="o">-</span><span class="mi">4</span><span class="nx">A87</span><span class="o">-</span><span class="mi">1</span><span class="nx">E4A</span><span class="o">-</span><span class="nx">B413</span><span class="o">-</span><span class="nx">BEABFD879D68</span>
<span class="nx">Partition</span><span class="w"> </span><span class="nx">table</span><span class="w"> </span><span class="nx">holds</span><span class="w"> </span><span class="nx">up</span><span class="w"> </span><span class="nx">to</span><span class="w"> </span><span class="mi">128</span><span class="w"> </span><span class="nx">entries</span>
<span class="nx">First</span><span class="w"> </span><span class="nx">usable</span><span class="w"> </span><span class="nx">sector</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="mi">34</span><span class="p">,</span><span class="w"> </span><span class="nx">last</span><span class="w"> </span><span class="nx">usable</span><span class="w"> </span><span class="nx">sector</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="mi">234441614</span>
<span class="nx">Partitions</span><span class="w"> </span><span class="nx">will</span><span class="w"> </span><span class="nx">be</span><span class="w"> </span><span class="nx">aligned</span><span class="w"> </span><span class="nx">on</span><span class="w"> </span><span class="mi">2048</span><span class="o">-</span><span class="nx">sector</span><span class="w"> </span><span class="nx">boundaries</span>
<span class="nx">Total</span><span class="w"> </span><span class="nx">free</span><span class="w"> </span><span class="nx">space</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="mi">228543341</span><span class="w"> </span><span class="nx">sectors</span><span class="w"> </span><span class="p">(</span><span class="m m-Double">109.0</span><span class="w"> </span><span class="nx">GiB</span><span class="p">)</span>
<span class="nx">Number</span><span class="w"> </span><span class="nx">Start</span><span class="w"> </span><span class="p">(</span><span class="nx">sector</span><span class="p">)</span><span class="w"> </span><span class="nx">End</span><span class="w"> </span><span class="p">(</span><span class="nx">sector</span><span class="p">)</span><span class="w"> </span><span class="nx">Size</span><span class="w"> </span><span class="nx">Code</span><span class="w"> </span><span class="nx">Name</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="mi">2048</span><span class="w"> </span><span class="mi">264191</span><span class="w"> </span><span class="m m-Double">128.0</span><span class="w"> </span><span class="nx">MiB</span><span class="w"> </span><span class="nx">EF00</span><span class="w"> </span><span class="nx">EFI</span><span class="o">-</span><span class="nx">SYSTEM</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="mi">2361344</span><span class="w"> </span><span class="mi">2492415</span><span class="w"> </span><span class="m m-Double">64.0</span><span class="w"> </span><span class="nx">MiB</span><span class="w"> </span><span class="nx">FFFF</span><span class="w"> </span><span class="nx">BOOT</span><span class="o">-</span><span class="nx">B</span>
<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="mi">264192</span><span class="w"> </span><span class="mi">2361343</span><span class="w"> </span><span class="m m-Double">1024.0</span><span class="w"> </span><span class="nx">MiB</span><span class="w"> </span><span class="nx">FFFF</span><span class="w"> </span><span class="nx">USR</span><span class="o">-</span><span class="nx">A</span>
<span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="mi">2492416</span><span class="w"> </span><span class="mi">4589567</span><span class="w"> </span><span class="m m-Double">1024.0</span><span class="w"> </span><span class="nx">MiB</span><span class="w"> </span><span class="nx">FFFF</span><span class="w"> </span><span class="nx">USR</span><span class="o">-</span><span class="nx">B</span>
<span class="w"> </span><span class="mi">6</span><span class="w"> </span><span class="mi">4589568</span><span class="w"> </span><span class="mi">4851711</span><span class="w"> </span><span class="m m-Double">128.0</span><span class="w"> </span><span class="nx">MiB</span><span class="w"> </span><span class="mi">8300</span><span class="w"> </span><span class="nx">OEM</span>
<span class="w"> </span><span class="mi">9</span><span class="w"> </span><span class="mi">4851712</span><span class="w"> </span><span class="mi">5900287</span><span class="w"> </span><span class="m m-Double">512.0</span><span class="w"> </span><span class="nx">MiB</span><span class="w"> </span><span class="nx">FFFF</span><span class="w"> </span><span class="nx">ROOT</span>
<span class="nx">Command</span><span class="w"> </span><span class="p">(?</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="nx">help</span><span class="p">):</span><span class="w"> </span><span class="nx">d</span>
<span class="nx">Partition</span><span class="w"> </span><span class="nx">number</span><span class="w"> </span><span class="p">(</span><span class="mi">1</span><span class="o">-</span><span class="mi">9</span><span class="p">):</span><span class="w"> </span><span class="mi">9</span>
<span class="nx">Command</span><span class="w"> </span><span class="p">(?</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="nx">help</span><span class="p">):</span><span class="w"> </span><span class="nx">n</span>
<span class="nx">Partition</span><span class="w"> </span><span class="nx">number</span><span class="w"> </span><span class="p">(</span><span class="mi">5</span><span class="o">-</span><span class="mi">128</span><span class="p">,</span><span class="w"> </span><span class="k">default</span><span class="w"> </span><span class="mi">5</span><span class="p">):</span><span class="w"> </span><span class="mi">9</span>
<span class="nx">First</span><span class="w"> </span><span class="nx">sector</span><span class="w"> </span><span class="p">(</span><span class="mi">34</span><span class="o">-</span><span class="mi">234441614</span><span class="p">,</span><span class="w"> </span><span class="k">default</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="mi">4851712</span><span class="p">)</span><span class="w"> </span><span class="k">or</span><span class="w"> </span><span class="p">{</span><span class="o">+-</span><span class="p">}</span><span class="nx">size</span><span class="p">{</span><span class="nx">KMGTP</span><span class="p">}:</span><span class="w"> </span><span class="mi">4851712</span>
<span class="nx">Last</span><span class="w"> </span><span class="nx">sector</span><span class="w"> </span><span class="p">(</span><span class="mi">4851712</span><span class="o">-</span><span class="mi">234441614</span><span class="p">,</span><span class="w"> </span><span class="k">default</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="mi">234441614</span><span class="p">)</span><span class="w"> </span><span class="k">or</span><span class="w"> </span><span class="p">{</span><span class="o">+-</span><span class="p">}</span><span class="nx">size</span><span class="p">{</span><span class="nx">KMGTP</span><span class="p">}:</span>
<span class="nx">Current</span><span class="w"> </span><span class="k">type</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="err">'</span><span class="nx">Linux</span><span class="w"> </span><span class="nx">filesystem</span><span class="err">'</span>
<span class="nx">Hex</span><span class="w"> </span><span class="nx">code</span><span class="w"> </span><span class="k">or</span><span class="w"> </span><span class="nx">GUID</span><span class="w"> </span><span class="p">(</span><span class="nx">L</span><span class="w"> </span><span class="nx">to</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="nx">codes</span><span class="p">,</span><span class="w"> </span><span class="nx">Enter</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="mi">8300</span><span class="p">):</span><span class="w"> </span><span class="nx">FFFF</span>
<span class="nx">Exact</span><span class="w"> </span><span class="k">type</span><span class="w"> </span><span class="k">match</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="nx">found</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="k">type</span><span class="w"> </span><span class="nx">code</span><span class="w"> </span><span class="nx">FFFF</span><span class="p">;</span><span class="w"> </span><span class="nx">assigning</span><span class="w"> </span><span class="k">type</span><span class="w"> </span><span class="nx">code</span><span class="w"> </span><span class="k">for</span>
<span class="err">'</span><span class="nx">Linux</span><span class="w"> </span><span class="nx">filesystem</span><span class="err">'</span>
<span class="nx">Changed</span><span class="w"> </span><span class="k">type</span><span class="w"> </span><span class="nx">of</span><span class="w"> </span><span class="nx">partition</span><span class="w"> </span><span class="nx">to</span><span class="w"> </span><span class="err">'</span><span class="nx">Linux</span><span class="w"> </span><span class="nx">filesystem</span><span class="err">'</span>
<span class="nx">Command</span><span class="w"> </span><span class="p">(?</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="nx">help</span><span class="p">):</span><span class="w"> </span><span class="nx">w</span>
<span class="nx">Final</span><span class="w"> </span><span class="nx">checks</span><span class="w"> </span><span class="nx">complete</span><span class="p">.</span><span class="w"> </span><span class="nx">About</span><span class="w"> </span><span class="nx">to</span><span class="w"> </span><span class="nx">write</span><span class="w"> </span><span class="nx">GPT</span><span class="w"> </span><span class="nx">data</span><span class="p">.</span><span class="w"> </span><span class="nx">THIS</span><span class="w"> </span><span class="nx">WILL</span><span class="w"> </span><span class="nx">OVERWRITE</span><span class="w"> </span><span class="nx">EXISTING</span>
<span class="nx">PARTITIONS</span><span class="p">!!</span>
<span class="nx">Do</span><span class="w"> </span><span class="nx">you</span><span class="w"> </span><span class="nx">want</span><span class="w"> </span><span class="nx">to</span><span class="w"> </span><span class="nx">proceed</span><span class="p">?</span><span class="w"> </span><span class="p">(</span><span class="nx">Y</span><span class="o">/</span><span class="nx">N</span><span class="p">):</span><span class="w"> </span><span class="nx">Y</span>
<span class="nx">OK</span><span class="p">;</span><span class="w"> </span><span class="nx">writing</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">GUID</span><span class="w"> </span><span class="nx">partition</span><span class="w"> </span><span class="nx">table</span><span class="w"> </span><span class="p">(</span><span class="nx">GPT</span><span class="p">)</span><span class="w"> </span><span class="nx">to</span><span class="w"> </span><span class="o">/</span><span class="nx">dev</span><span class="o">/</span><span class="nx">sda</span><span class="p">.</span>
<span class="nx">Warning</span><span class="p">:</span><span class="w"> </span><span class="nx">The</span><span class="w"> </span><span class="nx">kernel</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="nx">still</span><span class="w"> </span><span class="nx">using</span><span class="w"> </span><span class="nx">the</span><span class="w"> </span><span class="nx">old</span><span class="w"> </span><span class="nx">partition</span><span class="w"> </span><span class="nx">table</span><span class="p">.</span>
<span class="nx">The</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">table</span><span class="w"> </span><span class="nx">will</span><span class="w"> </span><span class="nx">be</span><span class="w"> </span><span class="nx">used</span><span class="w"> </span><span class="nx">at</span><span class="w"> </span><span class="nx">the</span><span class="w"> </span><span class="nx">next</span><span class="w"> </span><span class="nx">reboot</span><span class="p">.</span>
<span class="nx">The</span><span class="w"> </span><span class="nx">operation</span><span class="w"> </span><span class="nx">has</span><span class="w"> </span><span class="nx">completed</span><span class="w"> </span><span class="nx">successfully</span><span class="p">.</span>
<span class="nx">localhost</span><span class="w"> </span><span class="nx">core</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="nx">reboot</span>
</code></pre></div>
<p>After another reboot we now can resize the btrfs filesystem to the whole partition:</p>
<div class="highlight"><pre><span></span><code>localhost<span class="w"> </span>core<span class="w"> </span><span class="c1"># btrfs filesystem resize max /</span>
Resize<span class="w"> </span><span class="s1">'/'</span><span class="w"> </span>of<span class="w"> </span><span class="s1">'max'</span>
</code></pre></div>
<p>Using <code>df -h /</code> should now show the new size:</p>
<div class="highlight"><pre><span></span><code>localhost core # df -h /
Filesystem Size Used Avail Use% Mounted on
/dev/sda9 110G 537M 109G 1% /
</code></pre></div>Outgoing IPv6-address2014-04-07T17:27:00+02:002014-04-07T17:27:00+02:00Lukas Schauertag:lukas.im,2014-04-07:/2014/04/07/outgoing-ipv6-address/index.html<p>On my server I have multiple IPv6 addresses, but I want to define that all outgoing connections should always use one specific address.</p>
<p>On Linux there is an option to mark an IPv6 address as "deprecated", you can do that by setting the address parameter <code>preferred_lft</code> to <code>0</code>. After that …</p><p>On my server I have multiple IPv6 addresses, but I want to define that all outgoing connections should always use one specific address.</p>
<p>On Linux there is an option to mark an IPv6 address as "deprecated", you can do that by setting the address parameter <code>preferred_lft</code> to <code>0</code>. After that the address is still reachable, and you can still respond over it, but Linux will newer use it for new outgoing connections.</p>
<p>My network config now looks like this:</p>
<div class="highlight"><pre><span></span><code><span class="kt">auto</span><span class="w"> </span><span class="mi">6</span><span class="nx">in4</span>
<span class="nx">iface</span><span class="w"> </span><span class="mi">6</span><span class="nx">in4</span><span class="w"> </span><span class="nx">inet6</span><span class="w"> </span><span class="nx">v4tunnel</span>
<span class="w"> </span><span class="nx">address</span><span class="w"> </span><span class="mi">2001</span><span class="p">:</span><span class="mi">4</span><span class="nx">dd0</span><span class="p">:</span><span class="nx">ff00</span><span class="p">:</span><span class="mi">189</span><span class="nx">b</span><span class="o">::</span><span class="mi">2</span>
<span class="w"> </span><span class="nx">netmask</span><span class="w"> </span><span class="mi">64</span>
<span class="w"> </span><span class="nx">endpoint</span><span class="w"> </span><span class="m m-Double">78.35.24.124</span>
<span class="w"> </span><span class="nx">gateway</span><span class="w"> </span><span class="mi">2001</span><span class="p">:</span><span class="mi">4</span><span class="nx">dd0</span><span class="p">:</span><span class="nx">ff00</span><span class="p">:</span><span class="mi">189</span><span class="nx">b</span><span class="o">::</span><span class="mi">1</span>
<span class="w"> </span><span class="nx">up</span><span class="w"> </span><span class="nx">ip</span><span class="w"> </span><span class="o">-</span><span class="mi">6</span><span class="w"> </span><span class="kd">addr</span><span class="w"> </span><span class="nx">add</span><span class="w"> </span><span class="mi">2001</span><span class="p">:</span><span class="mi">4</span><span class="nx">dd0</span><span class="p">:</span><span class="nx">ff00</span><span class="p">:</span><span class="mi">989</span><span class="nx">b</span><span class="o">::</span><span class="mi">1</span><span class="o">/</span><span class="mi">64</span><span class="w"> </span><span class="nx">dev</span><span class="w"> </span><span class="mi">6</span><span class="nx">in4</span><span class="w"> </span><span class="nx">preferred_lft</span><span class="w"> </span><span class="mi">1</span>
<span class="w"> </span><span class="nx">up</span><span class="w"> </span><span class="nx">ip</span><span class="w"> </span><span class="o">-</span><span class="mi">6</span><span class="w"> </span><span class="kd">addr</span><span class="w"> </span><span class="nx">change</span><span class="w"> </span><span class="mi">2001</span><span class="p">:</span><span class="mi">4</span><span class="nx">dd0</span><span class="p">:</span><span class="nx">ff00</span><span class="p">:</span><span class="mi">189</span><span class="nx">b</span><span class="o">::</span><span class="mi">2</span><span class="w"> </span><span class="nx">dev</span><span class="w"> </span><span class="mi">6</span><span class="nx">in4</span><span class="w"> </span><span class="nx">preferred_lft</span><span class="w"> </span><span class="mi">0</span>
<span class="w"> </span><span class="nx">down</span><span class="w"> </span><span class="nx">ip</span><span class="w"> </span><span class="o">-</span><span class="mi">6</span><span class="w"> </span><span class="kd">addr</span><span class="w"> </span><span class="nx">del</span><span class="w"> </span><span class="mi">2001</span><span class="p">:</span><span class="mi">4</span><span class="nx">dd0</span><span class="p">:</span><span class="nx">ff00</span><span class="p">:</span><span class="mi">989</span><span class="nx">b</span><span class="o">::</span><span class="mi">1</span><span class="o">/</span><span class="mi">64</span><span class="w"> </span><span class="nx">dev</span><span class="w"> </span><span class="mi">6</span><span class="nx">in4</span>
</code></pre></div>
<p>This creates a 6in4 device, sets the IPv6 address that SixXs assigned my tunnel, and afterwards runs the commands which marks the original address as "deprecated" and adds a new one from the subnet I get routed to the original address.</p>
<p>Now the server can be reached over both addresses, but any outgoing connections will come from <code>2001:4dd0:ff00:989b::1</code>.</p>🇩🇪 Fledermaus Lichtschranke2014-03-14T17:20:00+01:002014-03-14T17:20:00+01:00Lukas Schauertag:lukas.im,2014-03-14:/2014/03/14/fledermaus-lichtschranke/index.html<p>Eine Lichtschrankeninstallation zur Überwachung von Fledermausbewegungen an einem Quartier</p>
<p>Software: <a href="https://github.com/lukas2511/FlederSchranke">https://github.com/lukas2511/FlederSchranke</a> (<a href="https://github.com/lukas2511/FlederSchranke/wiki/Installationsanleitung">Installationsanleitung</a>)</p>
<p>Eine Lichtschrankeninstallation zur Überwachung von Fledermausbewegungen an einem Quartier</p>
<p>Software: <a href="https://github.com/lukas2511/FlederSchranke">https://github.com/lukas2511/FlederSchranke</a> (<a href="https://github.com/lukas2511/FlederSchranke/wiki/Installationsanleitung">Installationsanleitung</a>)</p>
<h2>Idee</h2>
<p><img alt="Blick in die Röhre(n)" src="https://lukas.im/2014/03/14/fledermaus-lichtschranke/images/thumbnails/1024x_/2013-05-28_23-33-01_hdr.jpg"></p>
<p>Anfang dieses Jahres hat mich Martin vom Bonner Arbeitskreis für Fledermausschutz <a href="http://www.der-baff.de/">BAFF</a> angeschrieben und mich um Hilfe bei einigen Projekten gebeten um die Bewegungen von Fledermäusen nachvollziehen zu können.</p>
<p>Konkreter ging es in der ersten Mail um eine Lichtschranke, welche an einem Dachbodenfenster montiert werden soll, und dort Aufzeichnen sollte zu welchen Uhrzeiten und zu welchen ungefähren Massen die Fledermäuse ihr Quartier verlassen und betreten.</p>
<p>Martin hatte schon die ersten Ideen und kam beim ersten Treffen mit einem Arduino Mega, einem Ethernet Shield, ein paar Infrarot LEDs und einigen sündhaft teuren Infrarot-Sensoren an. Leider war diese Zusammenstellung an Hardware für den Anwendungsfall nicht wirklich vollständig, und durch die Sensoren auch unnötig teuer.</p>
<h2>Lichtschranke</h2>
<h3>Typ 1 - Dreieck</h3>
<p><img alt="Erster Prototyp" src="https://lukas.im/2014/03/14/fledermaus-lichtschranke/images/thumbnails/1024x_/2013-04-21_03-05-06_hdr-1.jpg"></p>
<p>Nach einigem hin und her hatten wir uns geeinigt wie wir die Lichtschranken umsetzen wollten: Es sollten jeweils zwölf IR-Leds und IR-Transistoren gegenüber gesetzt werden, und das ganze dann noch eine Ebene in die Tiefe gezogen werden, so dass es insgesamt 24 Lichtschranken ergibt.</p>
<p>Die LEDs und Transistoren sind in kleine Aluminiumröhrchen montiert um Störungen durch Licht von aussen zu vermeiden, bieten aber auch eine große Hilfe beim ausrichten der einzelnen Teile, welche sich als kniffliger erwies als zunächst gedacht. Falls möglich wollen wir bei einer weiteren Version des Lichtschrankenaufbaus auf einem Metallrahmen setzen, wir befürchten dass sich das Holz womöglich verziehen könnte, was die Lichtschranken unbrauchbar macht.</p>
<p>Die Transistoren haben in unserem Aufbau einen 10kOhm Pull-Up, und die LEDs einen 220Ohm Vorwiderstand. Solang der Transistor das Licht der LED sieht wird die Signalleitung auf 0 gezogen, bei Unterbrechung des Strahls wird die Signalleitung durch den Pull-Up auf 5V gezogen, und kann von unserer Elektronik eingelesen werden.</p>
<h3>Typ 2 - Rechteck</h3>
<p><img alt="Zweite Lichtschranke" src="https://lukas.im/2014/03/14/fledermaus-lichtschranke/images/thumbnails/1024x_/fllogger_mayen_01.jpg"></p>
<p>Wir haben zum Testen unserer Elektronik eine Lichtschranke in einem anderen Format gebaut, um diese hinter einer gekauften Rahmen aus einem anderen Projekt zu testen und nachher die Daten zu vergleichen.<br>
Die Technik ist hier exakt die gleiche.</p>
<h2>Elektronik</h2>
<h3>Versuch 1 - Raspberry Pi</h3>
<p><img alt="Elektroschrott der irgendwie Lichtschranken gesteuert hat" src="https://lukas.im/2014/03/14/fledermaus-lichtschranke/images/thumbnails/1024x_/2013-06-13_20-50-28_hdr.jpg"></p>
<p>Unser Aufbau für den ersten Prototypen besteht aus dem bereits erwähnten Arduino Mega, einem Raspberry Pi, einem 3G-Stick für das Hochladen von Logdateien und die Kontrolle von aussen, sowie einem modifizerten USB-Hub bei dem sich die einzelnen Ports aus- und anschalten lassen.<br>
Zusätzlich hat der 3G-Stick noch sein eigenes Relais, so wie einen fetten Kondensator bekommen, da er doch beim einschalten relativ viel Strom zieht, und die Elektronik teilweise beim einschalten des Sticks abgestürzt ist.</p>
<p>Ausserdem befindet sich in der Box ein <a href="http://www.elv.de/usb-wetterdaten-empfaenger-usb-wde1-komplettbausatz.html">Funk-Wetterdatenlogger</a>, da man auch gucken wollte wie sich das Verhalten der Fledermäuse zu bestimmten Wettersituationen verändert.</p>
<p>Auf dem Arduino läuft ein simples Sketch, welches die Signalleitungen der Transistoren einzeln einliest, und bei Veränderung ein Signal über die USB-Verbindung an das Raspberry Pi gibt.<br>
In dem Signal steht welche Lichtschranke sich wie verändert hat, und es ist ein Timestamp (über die micros()-Funktion realisiert) angefügt.<br>
Damit die Zahl der Mikrosekunden nicht überläuft wird das Arduino alle 30 Minuten automatisch rebootet, und gibt an das Raspberry Pi zurück dass es wieder bei 0 anfängt zu zählen.</p>
<p>Auf dem Raspberry Pi laufen zwei Python Scripts, <a href="http://mintakaconciencia.net/squares/umtskeeper/">UMTSkeeper</a>, ein OpenVPN-Client, und ein kleiner Watchdog.</p>
<p>Der Watchdog sorgt dafür dass UMTSkeeper gestartet wird und wartet darauf dass eine Verbindung aufgebaut ist. Sobald eine Verbindung zum Internet verfügbar ist, wird mit ntpdate die Uhrzeit aus dem Netz gezogen, und kurz darauf sowohl NTPd als auch der OpenVPN-Client gestartet.</p>
<p>Das VPN bietet uns eine Möglichkeit von aussen auf das Raspberry Pi zuzugreifen, ohne ginge es nicht, da es im Mobilfunk natürlich hinter einem NAT hängt.</p>
<p>Die Python Scripts loggen relativ simpel die eingehenden Daten mit absoluten Timestamp auf eine seperate Partition der SD-Karte.</p>
<p>Ein Server greift in regelmäßigen Abständen (wenn möglich) auf das Raspberry Pi zu, und zieht sich mittels rsync alle Logs, und löscht die alten Logs von der SD-Karte um Platz zu sparen.</p>
<p>Leider stürzt der Kram regelmäßig ab und reisst SD-Karten mit in den Tod...</p>
<h3>Versuch 2 - BeagleBone</h3>
<p><img alt="BeagleBone und Arduino in einer Box, gefüllt mit Heißkleber" src="https://lukas.im/2014/03/14/fledermaus-lichtschranke/images/thumbnails/1024x_/2014-02-28_05-30-07-1.jpg"></p>
<p>Wir hatten während unserer Tests immer wieder Probleme mit Raspberry Pis im Dauerbetrieb, ausserdem ist die Kombination aus Arduino Mega, Raspberry Pi und USB-Hub doch relativ teuer.</p>
<p>In meinem Regal habe ich dann das BeagleBone Black wiederentdeckt, welches ich mir "damals" kurz nachdem es verfügbar war gekauft habe. Das BeagleBone Black ist um einiges Robuster als das Raspberry Pi, das alte BeagleBone White lief bereits mehrere Monate als Temperaturlogger an meiner Heizung, ohne dass mir irgendwelche Fehler aufgefallen wären.
Es hat genug GPIO-Pins um die Lichtschranken direkt auszuwerten, und es lässt sich auch viel leichter um z.B. eine Echtzeituhr erweitern.</p>
<p>Zusätzlich besitzt das BeagleBone Black eine schnellere CPU (jedoch langsamere GPU, welche wir aber sowieso nicht benötigen), wodurch uns evtl. ermöglicht wird sogar die Auswertung vor Ort vorzunehmen, und/oder Log-Dateien während des Betriebs stärker zu komprimieren (beim Raspberry-Pi gab es bei hoher CPU-Auslastung teilweise Stabilitäts-Probleme).</p>
<p>~~Demnächst wollen wir eine Platine zusammenlöten die auf das BeagleBone Black gesteckt werden soll, dann werde ich diese Seite erweitern.~~<br>
Leider haben wir wegen Zeitdrucks keine Gelegenheit mehr gehabt das Beaglebone selbst als I/O Device zu nutzen, sondern haben es letzenendes einfach als Ersatz für das Raspberry Pi verwendet, womit auch der USB-Hub nicht mehr benötigt wurde, und die Box mit der Elektronik jetzt einigermaßen übersichtlich geworden ist.</p>
<h2>Bilder</h2>
<p>Hier noch ein paar weitere Bilder:</p>
<p><img alt="Raspberry Pi Elektronik ausserhalb der Box" src="https://lukas.im/2014/03/14/fledermaus-lichtschranke/images/thumbnails/1024x_/2013-05-29_00-00-09_hdr.jpg"></p>
<p><img alt="Mit Heißkleber befestigte Kühlkörper auf Raspberry Pi, 5 Sterne, Gerne wieder" src="https://lukas.im/2014/03/14/fledermaus-lichtschranke/images/thumbnails/1024x_/2013-06-04_04-19-45_hdr.jpg"></p>
<p><img alt="Anschlüsse an der Seite der Box (Video – Zur Statusprüfung, Strom und SD-Karten Slot)" src="https://lukas.im/2014/03/14/fledermaus-lichtschranke/images/thumbnails/1024x_/2013-06-13_21-58-23_hdr.jpg"></p>
<p><img alt="Fertige erste Lichtschranke" src="https://lukas.im/2014/03/14/fledermaus-lichtschranke/images/thumbnails/1024x_/2014-03-08_05-07-13.jpg"></p>Wordclock2013-11-21T00:00:00+01:002016-01-26T00:00:00+01:00Lukas Schauertag:lukas.im,2013-11-21:/2013/11/21/wordclock/index.html<p>A few months ago somebody used the lasercutter at <a href="http://dingfabrik.de/">Dingfabrik</a> to cut a box for a clock that shows time using words.
I liked the idea so I asked for a box, and I got one.</p>
<p>Now... originally this should've been a birthday present for my dad, but the controller …</p><p>A few months ago somebody used the lasercutter at <a href="http://dingfabrik.de/">Dingfabrik</a> to cut a box for a clock that shows time using words.
I liked the idea so I asked for a box, and I got one.</p>
<p>Now... originally this should've been a birthday present for my dad, but the controller I built had some problems and I had no time™ and other stuff happened so yea...
I basically finished this about a year later... but hey, it works!</p>
<h2>Hardware (Version 1)</h2>
<p><img alt="AVR based hardware" src="https://lukas.im/2013/11/21/wordclock/images/thumbnails/1024x_/avr.jpg"></p>
<p>The controller is based around an ATMega1284P, a small RTC and a DCF77 receiver.</p>
<p>The LEDs for the clock are separated into two sections, the upper half and the lower half.</p>
<p>LEDs for each word are connected, so for each word only 1 pin has to be controlled (with few exceptions).
There even are some times of the day on which the display can be static because only the upper half is used, this time period could be used to sync time using the DCF77 receiver... but I never implemented that.
I tried, but I think the receiver I build into this thing was actually broken.</p>
<p>Since I kinda forgot to add resistors the hardware behaved a bit... weird. Some operations in software made the controller freeze, others just did nothing.
I eventually got it to work, but only for a few days at a time. After a few more fixes it worked weeks at a time.
I kinda started hating this thing, so I didn't bother trying to fix it anymore.</p>
<h2>Software Update (for HW Version 1)</h2>
<p>About a year later I started a rewrite of the firmware, mostly because I found the old code and thought to myself that it could be implemented a lot better. So I did that.</p>
<p>After the rewrite the clock worked quite reliable. It ran for months at a time and just crashed a few times in quite a long time.</p>
<p>Then I optimized the firmware again to reduce flicker and delays so the LEDs would be a bit brighter... that was not a good idea. After a few more months the ATMega just died.</p>
<p>So, if you ever want to control a bunch of LEDs... include resistors.</p>
<h2>Hardware (Version 2 - 2015 Update)</h2>
<p><img alt="Tiny STM32 board" src="https://lukas.im/2013/11/21/wordclock/images/thumbnails/1024x_/stm32.jpg"></p>
<p>The clock was basically sitting in a corner of my room for a few months after the ATMega broke, I kinda didn't want to fix it, but after a bit of time my dad asked my if I'm ever going to repair it.</p>
<p>At that time I was experimenting with STM32 chips, and I just bought a few cheap boards from eBay, so I thought this would be a great project, especially to test out the new boards.</p>
<p>So, I rebuild the hardware around a small stm32f103c8t6 based board, actually used resistors this time(!), and started working on the software.</p>
<h2>Software (for HW Version 2)</h2>
<p>First of: you can find the software <a href="https://github.com/lukas2511/wortuhr">here</a>.</p>
<p>I first implemented just driving the display, then I started implementing code to use the in-chip real-time-clock, and it worked beautifully!</p>
<p>With the old hardware every time I needed to set time (for whatever reason it got lost) I had to use an ISP to flash a firmware setting the time and afterwards flash the old firmware back to the device, that was kinda annoying and I wanted to have a better solution.</p>
<p>Since I also wanted to do more stuff with USB i set for the task of implementing a very simple USB device, using libusb in a tiny python script to set the time, and after a few hours of swearing it actually worked!</p>
<p>The new hard- and software are now running very stable, the clock never ever crashed since i finished the firmware, which at the point of writing this blogpost-update was about 10 months ago.</p>
<p>One problem remains, the RTC drifts slowly (not a perfect quartz), so from time to time I need to correct it.
It is actually possible to implement code to add a minute every few weeks or so, but measuring the drift over time is a bit troublesome as I'm not at home most of the time and since the clock only shows time in 5 minute intervals anyway it's not really a big problem to just set it twice a year or so.</p>Kobo Mini Telnet/FTP Server2013-01-01T22:02:00+01:002013-01-01T22:02:00+01:00Lukas Schauertag:lukas.im,2013-01-01:/2013/01/01/kobo-mini-telnet-ftp-server/index.html<p>I recently bought a Kobo Mini ebook reader because I wanted to play around with the e-ink display.
To do that I obviously needed a shell on the device, and here I'll describe how I got that.</p>
<p>There are basically two ways to get the (already built-in) telnet- and ftp-server …</p><p>I recently bought a Kobo Mini ebook reader because I wanted to play around with the e-ink display.
To do that I obviously needed a shell on the device, and here I'll describe how I got that.</p>
<p>There are basically two ways to get the (already built-in) telnet- and ftp-server to start.
One way is to open up the Kobo Mini, take out it's internal MicroSD card, mount that on a Linux computer, and modify some scripts.
The other way it to build a fake update package.</p>
<p>I choose the way of opening the device and accessing the root filesystem directly.</p>
<p>To actually use the telnet-server we need pseudo-shells, and for that we need to create an init-script that mounts <code>/dev/pts</code> on the device.
So I created <code>/etc/init.d/rcS2</code> (like other people on the internet did) and filled it with the following little code snippet:</p>
<div class="highlight"><pre><span></span><code><span class="ch">#!/bin/sh</span>
<span class="c1"># /etc/init.d/rcS2</span>
mkdir<span class="w"> </span>-p<span class="w"> </span>/dev/pts
mount<span class="w"> </span>-t<span class="w"> </span>devpts<span class="w"> </span>devpts<span class="w"> </span>/dev/pts
</code></pre></div>
<p>The file should be executable, so <code>chmod a+x etc/init.d/rcS2</code> and we are good to go.</p>
<p>Next we need to actually get the telnet server to start, for that we modify <code>/etc/inetd.conf</code> and add the following lines:</p>
<div class="highlight"><pre><span></span><code><span class="mf">21</span><span class="w"> </span><span class="n">stream</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="n">nowait</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">busybox</span><span class="w"> </span><span class="n">ftpd</span><span class="w"> </span><span class="o">-</span><span class="n">w</span><span class="w"> </span><span class="o">-</span><span class="n">S</span><span class="w"> </span><span class="o">/</span>
<span class="mf">23</span><span class="w"> </span><span class="n">stream</span><span class="w"> </span><span class="n">tcp</span><span class="w"> </span><span class="n">nowait</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">busybox</span><span class="w"> </span><span class="n">telnetd</span><span class="w"> </span><span class="o">-</span><span class="n">i</span>
</code></pre></div>
<p>To get our init-script and inetd to run we also need to append some lines to <code>/etc/inittab</code>:</p>
<div class="highlight"><pre><span></span><code>::sysinit:/etc/init.d/rcS2
::respawn:/usr/sbin/inetd -f /etc/inetd.conf
</code></pre></div>
<p>If you want to go the route with the fake update package you'll have to put all these new and modified files into a gzip compressed tar-file and put it as <code>.kobo/KoboRoot.tgz</code> on the device.
Keep in mind that you will need the original content of <code>/etc/inittab</code>, so you may need to extract that from an official firmware update or get it from somewhere else on the internet.</p>
<p>After putting the MicroSD back into my Kobo Mini i started it up and ran the Webbrowser to start the wifi connection.
After all that telnet was finally reachable, and I could login with user <code>root</code> without a password (probably a bad idea to do this on a public wifi network...).</p>
<p>On the shell you can run <code>killall nickel</code> to get rid of the original eBook-software (until next reboot), which also disables the automatic disconnect of the wifi connection (which will obviously drain your battery).</p>Change Windows 7 SATA driver mode from AHCI to RAID (Intel Chipset)2012-10-25T17:46:00+02:002012-10-25T17:46:00+02:00Lukas Schauertag:lukas.im,2012-10-25:/2012/10/25/change-windows-7-sata-driver-mode-from-ahci-to-raid-intel-chipset/index.html<p>I wanted to use a Intel Rapid Storage controller in "RAID" mode, but Windows 7 didn't like me changing that option and refused to boot, just showing me a very generic bsod.</p>
<p>After quite some time I found a solution:</p>
<p>First start from the installer disc and go to recovery …</p><p>I wanted to use a Intel Rapid Storage controller in "RAID" mode, but Windows 7 didn't like me changing that option and refused to boot, just showing me a very generic bsod.</p>
<p>After quite some time I found a solution:</p>
<p>First start from the installer disc and go to recovery options, open a command prompt.</p>
<p>Look for the system drive, on my system it was just drive C, so typing <code>c:</code> changed the current directory to the base directory on that drive.</p>
<p>Next load the registry: <code>reg load HKLM\TempSys C:\Windows\System32\SYSTEM</code></p>
<p>Now you can run <code>regedit.exe</code>, go to <code>HKEY_LOCAL_MACHINE\TempSys</code>, and look in the control sets in there for <code>iaStorV</code> directories.
In all <code>iaStorV</code> directories change the option <code>Start</code> from <code>3</code> to <code>0</code>.</p>
<p>After modifying the registry you need to unload it: <code>reg unload HKLM\TempSys</code></p>
<p>Reboot and just hope it works.</p>Mac App: Wineskin Winery2012-08-04T19:21:00+02:002012-08-04T19:21:00+02:00Lukas Schauertag:lukas.im,2012-08-04:/2012/08/04/mac-app-wineskin-winery/index.html<p>Sometimes there is the need to run a piece of Windows software, and if you don't have Windows running on your system you will need a workaround. Solutions are using a virtual machine with Windows or using wine, which can sometimes be a bit annoying.</p>
<p>As a mac user there …</p><p>Sometimes there is the need to run a piece of Windows software, and if you don't have Windows running on your system you will need a workaround. Solutions are using a virtual machine with Windows or using wine, which can sometimes be a bit annoying.</p>
<p>As a mac user there is a solution that makes wine a bit more comfortable: <a href="http://wineskin.urgesoftware.com/tiki-index.php">Wineskin Winery</a>
It's (obviously) based on <a href="https://winehq.org">wine</a> and bundles Windows programs as Mac apps, including a fancy Icon in your Dock while it is running!</p>
<p style="float: right;">
<img src="https://lukas.im/2012/08/04/mac-app-wineskin-winery/images/thumbnails/1024x_/winery.png" />
</p>
<p>When you first start Wineskin you have to download a wine version.
That can be done in just three clicks, just take the suggested (newest stable) version.
If you know that the application you want to bundle is working best under an older wine version you can select that instead (e.g. Warcraft III had problems in the past the reappeared from time to time in newer versions, but this should be solved by now).</p>
<p>You'll also need to update the wrapper, which can be done with a click on the Update button.</p>
<p>Now you are ready to create your first wrapper. Click on the button to create a new blank wrapper, and it will ask you for the name of the application you want to install.
On newer versions of wine you'll also be asked if you want to install mono (open .NET implementation) and gecko (IE-like HTML rendering library). I'd suggest to do that, as most Windows software needs one or even both of those libraries.</p>
<p>After the wrapper is created just start it as if it was a normal app. You'll get a menu that asks you what you want to do, you can install software from a setup executable, copy over existing files, or do advanced configuration. If your installer asks for a target location make sure to select a location under C:\.</p>
<p>When everything installed without problems you'll get a dialog asking you for the executable of the program you just installed (e.g. putty.exe), and you'll have the option to set an app icon.
You can also do some advanced stuff like opening regedit to set some options (e.g. for Warcraft III you may want to enable OpenGL rendering and maybe window-mode).</p>
<p>After this the app is build. If you want to make some changes at a later point you can right-click the app, select "Show Package Contents", and open the Wineskin app you'll find inside.
This can be useful if e.g. you want to install an expansion pack for a game.</p>
<p>All these bundles are normally written to a location under <code>/Users/$username/Applications/Wineskin</code>, but you can move and copy them without any problems.
I even copied a few apps over to another mac and they worked fine.</p>
<p>The only downside I see with Wineskin is the size of the bundles you create. As every bundle contains wine, the wineskin wrapper software, a few Windows libraries and temporary files and of course the software you installed those apps can get quite big.
My putty wrapper had a size of 350MB, where putty itself only takes around 0.5MB... yea... but since this only is for the rare case that you may need to run a Windows application and you'll only have very few of those I guess it's okay.</p>