Into.the.Void.

Problematic Configuration:
OpenVPN server config:
dev tun
port 1194
proto udp
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
persist-key
persist-tun
server 10.8.0.0 255.255.255.0
keepalive 10 30
client-to-client
comp-lzo
ifconfig-pool-persist ipp.txt
status /etc/openvpn/openvpn-status.log
verb 3
push "redirect-gateway"


OpenVPN client config:
dev tun
client
proto udp
persist-tun
persist-key
resolv-retry infinite
mute-replay-warnings
remote REMOTE.HOST 1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client1.crt
key /etc/openvpn/client1.key
comp-lzo
verb 3


The problem:
Using the above config files I continuously got errors like this on the server syslog:

May 1 00:00:00 hostname ovpn-openvpn[22563]: client1/X.Y.Z.W:1194 MULTI: bad source address from client [10.10.1.11], packet dropped

where X.Y.Z.W is my public IP and 10.10.1.11 is the Lan IP of the machine that makes the connection to the openvpn server.

The solution:
OpenVPN server config:
dev tun
port 1194
proto udp
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
persist-key
persist-tun
server 10.8.0.0 255.255.255.0
keepalive 10 30
client-to-client
comp-lzo
ifconfig-pool-persist ipp.txt
status /etc/openvpn/openvpn-status.log
verb 3
push "redirect-gateway"
client-config-dir ccd
route 10.10.1.0 255.255.255.0


Then I created the /etc/openvpn/ccd/ dir and put inside a file named client1 with the following contents:
# cat /etc/openvpn/ccd/client1
iroute 10.10.1.0 255.255.255.0


Client configuration stays the same.

All should be fine now and in your server logs you will now see entries like this:

May 1 00:00:00 hostname ovpn-openvpn[27096]: client1/X.Y.Z.W:1194 MULTI: Learn: 10.10.1.11 -> client1/X.Y.Z.W:1194

Hint: If you want your clients to be able to access the internet through the VPN tunnel you _must_ create NAT.
a typical config on a debian acting as the OpenVPN server:
# cat /etc/network/interfaces
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address A.B.C.D
netmask 255.255.255.0
gateway A.B.C.E
network A.B.C.0
broadcast A.B.C.255
post-up iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.1/24 -j MASQUERADE
post-up echo 1 > /proc/sys/net/ipv4/ip_forward


Filed by kargig at 11:49 under Encryption,Internet,Linux,Networking,Privacy
33 Comments | 126,896 views

Σήμερα το μεσημέρι βρίσκω στην εξώπορτα της πολυκατοικίας ένα ειδοποιητήριο της ACS.

Έχω κάνει blur τον αριθμό του πακέτου και το όνομα…

Όπως κάποιος θα παρατηρεί, το ειδοποιητήριο αναφέρει επάνω του:

“Παρακαλούμε όπως επικοινωνήσετε μαζί μας στο ανωτέρω τηλέφωνο για την παραλαβή το ταχύτερο δυνατόν.”

Αν βλέπει κανείς τηλέφωνο επάνω στο ειδοποιητήριο να μου το πει και μένα…
Ανοίγω Firefox, πηγαίνω στο site της ACS, click στο “Καταστήματα” και εμφανίζεται ένας ωραιότατος χάρτης σε Flash. Clickety click στο νομό, ανοίγει νέα σελίδα με κανένα κατάστημα…Clickety click σε άλλο νομό, τα ίδια… ξανά click στο δικό μου νομό…πάλι τίποτα. Βλέπω ένα link “εργαλείο αναζήτησης”..το χρησιμοποιώ, βρίσκω το τηλέφωνο του καταστήματος και τηλεφωνώ

– Γεια σας, τηλεφωνώ σχετικά με μία παραλαβή. Στο ειδοποιητήριο αναφέρει ότι προβλέπονται 3 προσπάθειες παράδοσης. Πότε μπορείτε να το φέρετε ξανά το δέμα ?
– Αύριο.
– Μπορώ να έρθω να το παραλάβω μόνος μου σήμερα ? Και αν ναι, μέχρι τι ώρα είστε ανοιχτά ?
– Ναι, μπορείτε. Είμαστε ανοιχτά μέχρι τις 19:30.

Η ώρα ήταν ήδη 17:00 οπότε αποφασίζω να πάω προς το μαγαζί. Παίρνω την ταυτότητά μου αλλά ξεχνάω το ειδοποιητήριο σπίτι. Φτάνω εκεί, μπαίνω μέσα και ήταν μια υπάλληλος:

– Τι θα θέλατε ?
– Έχω λάβει μια ειδοποίηση για ένα δέμα.
– Έχετε το ειδοποιητήριο μαζί σας ?
– Όχι, το ξέχασα..
– Το όνομά σας ?
– ΧΧΧ…
– Μισό λεπτό…
(το ψάχνει για 20-30 δευτερόλεπτα, βρίσκει το δέμα και το φέρνει)
– Μένετε στην οδό ΥΥΥ ?
– Ναί, ΥΥΥ αριθμός ΖΖΖ.
– Βάλτε ολόκληρο το ονομά σας και υπογράψτε εδώ…
(συμπληρώνω τα στοιχεία μου και υπογράφω)
– Ορίστε (μου δίνει το δέμα)

και έτσι έφυγα από την ACS με ένα δέμα χωρίς να μου ζητηθεί καν ταυτότητα.

Θα μπορούσε κάποιος πολύ άνετα να πάρει το χαρτάκι από την πόρτα της πολυκατοικίας, το οποίο αναφέρει το όνομα του παραλήπτη, να πάει στην ACS και να πάρει το δέμα μου χωρίς εγώ να πάρω χαμπάρι. Δεν θα έπρεπε να με είχε πάρει τηλέφωνο κάποιος από την ACS αφού δεν με βρήκαν σπίτι για να με ειδοποιήσουν για την αποτυχημένη παραλαβή ? Πραγματική ασφάλεια…

Filed by kargig at 00:06 under General,Greek,Privacy
3 Comments | 11,972 views

Ένα post για το πώς πήγε το πρώτο OpenCoffee event στα Ιωάννινα υπάρχει στο: http://opencoffee.gr/2008/05/13/opencoffee-ioannina-i-minute/

Filed by kargig at 17:19 under General,Greek,Internet
No Comments | 5,434 views

There’s an ebuild for jailkit version 2.3 on sunrise overlay. Unfortunately it has a bug that can cause severe headaches. It patches your /etc/shells in a VERY wrong way so that you can easily end up _only_ with /usr/sbin/jk_chrootsh inside /etc/shells. This can lock you out of your machine!

This behaviour is due to a patch that comes with the ebuild named: jailkit-2.3-destdir.patch.
In order to fix this behavior, I’ve patched the patch so that it works as it should. Now it just adds “/usr/sbin/jk_chrootsh” under all the previous shells you had in your /etc/shells file.

Full File: jailkit-2.3-destdir.patch
Patched File: jailkit-2.3-destdir.patch.patch (wonderfull name :P)

Filed by kargig at 20:05 under Gentoo,Linux
No Comments | 3,741 views

Κατά τη διάρκεια του Fosscomm που έγινε στην Αθήνα στις 21-22/03 συζητήσαμε με τον Γιώργο Τζιραλή την πιθανότητα διενέργιας ενός Open Coffee στα Γιάννενα. Μετά από μερικές ημέρες συννενοήσεων πλέον μπορούμε να ανακοινώσουμε πως την Παρασκευή 9 Μαΐου θα διοργανωθεί στα Γιάννενα ένα Open Coffee “event” στο καφέ “Θυμωμένο Πορτραίτο”.

Περισσότερες λεπτομέρειες για το τι είναι το Open Coffee καθώς και για παλιότερα events μπορείτε να διαβάσετε στο site του Open Coffee.

Μακάρι να πάει καλά και να έρθει αρκετός κόσμος. Είναι μια καλή ευκαιρία για κάποιον να ακούσει και να ανταλλάξει καινούργιες ιδέες καθώς και να γνωρίσει κόσμο με κοινά ενδιαφέροντα. Θα τα πούμε εκεί!

Filed by kargig at 12:25 under General,Greek
No Comments | 4,896 views

Since I am not using bash but zsh, I had to modify the notorious command to suit me:
% cat .zsh_history| awk '{a[$1]++ } END{for(i in a){print a[i] " " i}}'| sort -rn|head
404 vim
363 mv
295 cd
226 ls
209 scp
189 rm
176 dig
170 mplayer
164 eix
163 svn


Filed by kargig at 17:54 under Internet,Linux
No Comments | 3,172 views

*UPDATED με ώρα/μέρος*

Την Τετάρτη 23 Απριλίου του 2008 στη Θεσσαλονίκη θα διεξαχθεί συνάντηση για συλλογή/ανταλλαγή υπογραφών σε pgp/gpg κλειδιά. Για τη συμμετοχή σας θα χρειαστείτε κάποιο επίσημο έγγραφο που να πιστοποιεί την ταυτότητα που αντιστοιχεί στο κλειδί σας, και αρκετά αντίγραφα από το ψηφιακό δακτυλικό αποτύπωμα του κλειδιού σας και του ονόματός σας γραμμένα σε χαρτί.

Περισσότερες πληροφορίες για τη διαδικασία που θα ακολουθηθεί (Informal Method Party) υπάρχουν εδώ.

Το ακριβές μέρος και η ώρα θα ανακοινωθούν μέσα τις επόμενες μέρες.
Το meeting θα γίνει μάλλον σε cafe της πόλης ώστε να μπορέσουμε να συζητήσουμε και να γνωριστούμε καλύτερα.

Όσοι πιθανώς ενδιαφέρονται ας κάνουν ένα comment εδώ ή στο blog του Πάτροκλου για να μετράμε συμμετοχές έστω και στο περίπου.

*Update*
Ημερομηνία συνάντησης: Τετάρτη 23/04/2008
Ώρα: 16:30
Μέρος: Καμάρα Θεσσαλονίκης

Filed by kargig at 11:25 under General,Greek,Internet,Linux,Privacy
No Comments | 6,368 views

*updated*
one word: _amazing_.

The first thing someone notices is the speed difference. It is BIG.
Just take a look at the following 2 graphs from the same machine and judge on your own:

Baselayout: 1.12.11.1

Baselayout: 2.0.0

55->29 seconds!!!! Impressive!

Machine specs described here: http://www.void.gr/kargig/blog/2007/08/16/iloog-706-on-sony-vaio-pcg-sr21k/

I haven’t done any thorough tests on it yet, but I will certainly do. Great job roy marples! Thans a lot!

Tip: to get bootchart working when you have baselayout-2 installed add: init=/sbin/bootchartd to your kernel line in grub. Else you will face problems getting it to work.

*UPDATE*
Baselayout: 2.0.0 with kernel 2.6.24 + running prelink.

25 Seconds!! that’s less than 50% of the original 55seconds boot process!

Filed by kargig at 02:07 under Gentoo,Linux
6 Comments | 11,050 views

Aggelos Orfanakos, one of the two greek gentoo developers, has created a google map where every gentoo user in Greece can place his coordinates so we can easily spot each other and maybe “create” a community, do some meetings and have some fun 🙂

You are all welcome to join!

Gentoo Users in Greece

Filed by kargig at 13:19 under General,Gentoo,Internet,Linux
No Comments | 7,196 views

While fooling around on the net today I bumped into QR codes. I had seen them on some contact cards and some websites before, but I didn’t really pay any attention back then.

Creating a code is easy, there are a bunch of ways to do it. Nokia has a generator offering two modes, Datamatrix (default) and QR (look at the bottom of the page): http://mobilecodes.nokia.com/create.jsp.

Reading the code is quite easy too. You just need a code reader for your mobile phone. Nokia’s reader couldn’t work on my Nokia N70 but Kaywa Reader worked just fine. Go the their site, login with bugmenot and download the reader for your own mobile phone.

Then just play with it.

Here’s how it looks like:

Weird(?) thing is that I couldn’t find any applications for linux (open source if possible) to able to “ocr” the images and provide output of the code inside them. Do you know any ?

Filed by kargig at 01:03 under General,Internet,Linux
No Comments | 3,897 views

In one of my previous posts (titled: It’s official: Western Digital hates me and I hate them too) I described how 3 Western Digital drives I owned crashed in 2 months.

Last week I left the city I live to go to Athens, Greece where fosscomm was taking place. When I returned I checked the logs of my machines and in one of them I found this:


hdi: lost interrupt
hdi: status error: status=0x51 { DriveReady SeekComplete Error }
hdi: status error: error=0x04 { DriveStatusError }
ide: failed opcode was: unknown
hdi: no DRQ after issuing MULTWRITE_EXT
hdi: status error: status=0x51 { DriveReady SeekComplete Error }
hdi: status error: error=0x04 { DriveStatusError }
ide: failed opcode was: unknown
hdi: no DRQ after issuing MULTWRITE_EXT
hdi: status error: status=0x51 { DriveReady SeekComplete Error }
hdi: status error: error=0x04 { DriveStatusError }
ide: failed opcode was: unknown
hdi: no DRQ after issuing MULTWRITE_EXT
hdi: status error: status=0x51 { DriveReady SeekComplete Error }
hdi: status error: error=0x04 { DriveStatusError }
ide: failed opcode was: unknown
pdc202xx_new: Primary channel reset.
hdi: no DRQ after issuing MULTWRITE_EXT
ide4: reset: success
hdi: dma_timer_expiry: dma status == 0x21
hdi: DMA timeout error
hdi: dma timeout error: status=0x80 { Busy }
ide: failed opcode was: unknown
hdi: DMA disabled
pdc202xx_new: Primary channel reset.
ide4: reset: success
hdi: lost interrupt
md: super_written gets error=-5, uptodate=0
raid5: Disk failure on hdi1, disabling device. Operation continuing on 5 devices


This the fourth crashed WD drive in 2 months! It’s not an april fool’s joke.. it’s still 31st of March..


Model Family: Western Digital Caviar SE family
Device Model: WDC WD2000JB-55GVA0
Serial Number: WD-WCALL1025118


Of course it’s out of warranty. Again.

As Fuzz said, this whole thing must be a logic timebomb planted inside WD disks years ago to force us move to SSD drives.

I’m getting pretty tired of it though…

Filed by kargig at 18:57 under General,Linux
No Comments | 3,653 views

Since sotiris asked, here’s a recent desktop screenshot.

Ok it’s not so recent (12/Nov/2007)…but it hasn’t changed at all since then 😛

It’s Fluxbox with ROX Desktop and of course it’s Gentoo! 😀

Interested in what comzeradd, agorf and Charmed[] have for desktop ?

Filed by kargig at 23:44 under General,Linux
2 Comments | 4,107 views

About a month ago one of the hard disks in my PC started showing DMA errors on syslog. It was a Western Digital WD1200JB with manufacture date: 13 MAR 2002. Luckily on that disk I only kept temporary data like downloads, some music and videos, and some pretty old backups. As soon as I saw the DMA errors on syslog I placed a spare 200Gb drive on the box and tried to rsync all data to it. I saved most of the needed data but I lost some of my old backups. The case is that I didn’t really know what was inside them, there were some directories named like: “/Backups/OLD/foobar/backup_older/random_crap”. I guess it was crap after all. I never needed anything from inside that directories for at least the last couple years.

2 weeks ago I returned from a trip to Athens. I checked my mails where I get reports from ossec on various servers I manage. One of these mails reported that a RAID5 array with 6x200Gb disks was degraded due to a hard disk failure. Yes, it was a Western Digital, again. Model Number:WD2000JB, manufacture date: 26 AUG 2004. I had another 200Gb drive at home where I keep my backups. Since I couldn’t afford the risk of not having a spare disk for my home backups, I bought a Seagate ST3500320AS. Since the new disk was 500Gb I copied all my data from the “spare” 200Gb disk and also made a full backup of my boot disk which is 120Gb. I then replaced the faulty 200Gb on the server with the “spare” 200Gb drive I had at home.

On Thursday I came back from an one-week trip, this time to my hometown. All was fine until Friday noon. Then I tried to open a text file inside my home dir (which is a seperate partition on my boot disk) that I keep some random notes and the machine started crawling. I couldn’t open the file. I tried to copy the file to another disk without success. I only got some beautiful I/O errors on the terminal and DMA errors on the syslog. Guess what! The disk was a Western Digital 1200JB with manufacture date: 14 DEC 2001. Under different circumstances I would cry at my bad luck…but the only thing I could do was laugh. I couldn’t stop laughing about this mess. I placed the 500Gb Seagate on a external USB case and started to rsync the root dir on top of my 2 weeks ago rsync. A couple of files couldn’t be read from the boot disk but they were already on the “backup” so I saved everything. Since I had no spare disk left at home I went out and bought another hard disk. I couldn’t find any 250 or 320Gb Seagate drives so I bought another 500Gb Seagate ST3500320AS. What was funny was that the salesman at the local store tried to convince me to buy a Western Digital 320Gb without success of course, I wonder why…
I placed the new 500Gb disk in my box, booted iloog, partitioned the disk and rsync-ed my data from the “old” 500Gb disk to the new.

YES, I am using smartctl/smartd on all of my boxes even at home. Smartctl was not showing ANY errors at all before the first DMA errors appeared on syslog. I am regularly testing all my disks with smartctl’s tests: short, long and conveyance (where it’s supported)

The first disk is in complete unusable form right now. I tried partitioning it and formatting it but it moans painfully when it is accessed. It currently shows more than 100 S.M.A.R.T. errors. It’s dead.
The second one has about 4-5 S.M.A.R.T. errors logged. It doesn’t make any strange noises when operating but I haven’t extensively tested it yet. It surely cannot be trusted…
The third disk has bad sectors and about 20 S.M.A.R.T. errors. Most of them were “created” during the check for bad blocks process and every time a bad arrea is accessed more errors are added to the log. During operation it makes an annoying sound which is like scratching metal parts against each other.
Funny thing is what smartcl reports for all disks, even for the first one:

SMART overall-health self-assessment test result: PASSED

I am well aware that all disks were over their guarantee (3 years), that’s why I was keeping backups (of important stuff) over separate disks, but I don’t think I’ll be buying any Western Digital drives in the near future…I need some time to get over this month of crashes…

Any other Western Digital haters out there ?

Filed by kargig at 18:02 under General,Linux
9 Comments | 6,084 views

All software companies make errors.

A great deal of those companies correct these errors as soon as someone finds them.
A few companies correct them as soon as they can. But that can sometimes take months.
One company not only does it not correct the errors it makes, it tries to standardize them.

It’s not about how big or small an error is…it’s about the attitude.

Filed by kargig at 16:54 under General,Internet
No Comments | 2,952 views

A new version of iloog (iloog-8.02) is finally ready after 4 months since our last release (iloog-7.10). This new version does not bring tons of new features but it’s much more polished and robust than the previous one and has quite a few bugs squashed.

Some of the changes include:

• Patched 2.6.22 kernel against the recent local root exploit
• QT4 support! QT programmers will certainly like this new addition
• Removed some bloated programs and replaced them with some lighter ones (eg graveman instead of K3B)
• Added another IDE, glade!
• Added Pascal compiler (gpc)
• Support for new revision control software like git and mercurial
• Added support for via and sis graphics drivers in Xorg
• Some iloog tools got a dialog interface
• Added some programs by greek developers like: indywiki, jIPFire, pluto, pysmssend and QGRUBEditor
• New Tango icons for the desktop
• Some minor changes to Fluxbox’s menu and theme

Of course there are also the usual updates to all the included programs to their most recent stable versions plus the addition of more than 50 new packages.
We’ve also written down some crude information on iloog’s wiki about the process of “installing” iloog to a hard disk. The process is _NOT_ automatic and whoever tries it must be very careful before executing anything. Read more at the wiki: Install iloog

I would like to thank comzeradd, Fuzz and Ulv and all the other people who helped to test iloog-8.02. A special thanks goes again to cyberarch.gr for all their help with graphics (they prepared the new iloog website too!) 🙂

Some screenshots:

You can find more screenshots of iloog-8.02 at ILUG’s flickr gallery: iloog-8.02 at flickr

Download links at iloog’s site: www.ilug.gr/iloog/

A slightly modified version of iloog-8.02 is also included in the greek LinuxFormat’s DVD on Issue 20 (March-April 2008) which will be out on 04 March 2008. Go and buy it!

Filed by kargig at 21:55 under Gentoo,Linux
2 Comments | 6,512 views