Slackerbit.ch

Somehow MT doesn’t ping weblo.gs and weblogs.com anymore when I post a new entry. This is just an entry to see if the problem persists.

Birgit and I went to Ikea today, which was a lot of fun. I could have spent ages in the kitchen utensils part, I had the nagging feeling that I was missing one crucial instrument. But I could not for the life of me figure out, what exactly I was missing.
And I found the most gorgeous shelves for my DVDs, but they are neither in the catalogue, nor on their website. Luckily, a groups.google.com search turned up two pictures of the shelves.
Each holds about 50 DVDs, so with 4 of them, I should have enough space for the near future.

Ever since I set up my wireless LAN at home, I’ve been looking into how to make it more secure. Because WEP is not really secure, I was looking into setting up a VPN. But all the solutions I found (FreeS/WAN, CIPE), were way too complicated for the simple act of creating a secure tunnel between my desktop machine and my laptop.
Enter OpenVPN, a real quick VPN solution. (don’t worry, it can also be made much more complicated)

So, let’s cut straight to how I set things up:

The OpenVPN tarball contains a spec file, so you can build an RPM with a simple rpm -ta openvpn-VERSION.tar.gz. But the spec file links OpenVPN with the LZO compression library. Querying RPMfind finds a prepackaged RPM for Red Hat, which works.

After installing OpenVPN, we need to generate a secret key. The command for that is openvpn --genkey --secret static.key, which will create a file called static.key. This gets copied into the /etc/openvpn directory on both the laptop and the desktop.

The next step is to write the configuration files. First, the configuration for the laptop (laptop.conf):

#
# Sample OpenVPN configuration file for
# using a pre-shared static key.
#
# '#' or ';' may be used to delimit comments.

# Use a dynamic tun device.
dev tun

# Our remote peer
remote 192.168.1.1

# 10.4.0.1 is our local VPN endpoint
# 10.4.0.2 is our remote VPN endpoint
ifconfig 10.4.0.2 10.4.0.1

up /etc/openvpn/laptop.up
# Our pre-shared static key
secret /etc/openvpn/static.key

Important is the line up /etc/openvpn/laptop.up, this tells OpenVPN to call this script, after the tunnel has been established. This script gets called with all kinds of parameters, best check the manpage for details.
We just need one parameter, the correct tun-device. That’s $1, so laptop.up looks like this:

#!/bin/sh

route add default $1

Don’t forget to chmod 755 it.

The desktop configuration looks almost the same, just some changes and switches concerning the IPs:

#
# Sample OpenVPN configuration file for
# using a pre-shared static key.
#
# '#' or ';' may be used to delimit comments.

# Use a dynamic tun device.
dev tun1

# Our remote peer
remote 192.168.1.131

# 10.4.0.1 is our local VPN endpoint
# 10.4.0.2 is our remote VPN endpoint
ifconfig 10.4.0.1 10.4.0.2

# Our pre-shared static key
secret /etc/openvpn/static.key

So, what does all this do?

It creates an encrpyted tunnel between 192.168.1.1 (desktop) and 192.168.1.131 (laptop), using the IPs 10.4.0.1 (desktop) and 10.4.0.2 (laptop). Then on the laptop, it adds a default route to the tunneling device, so all external connections are going through the encrypted link.
Since this is the first time I did this, there might be some kinks in it, so if anybody finds some faults or improvements, please let me know, so I can incorporate them.

Over at Mplayer HQ, there’s a new HOWTO on watching Sorenson-encoded QuickTime movies on Linux without having to use Wine.
I tried it out by downloading all the required files, and it works really good, I was able to watch all those trailer downloads I had lying around on my windows partition.
So except for some games (Total Annihilation, Ascendancy, Dark Reign), I can now do almost anything I need in Linux. Yay!

We tasted the wine cake today, after moving some of Birgit’s stuff to her new appartment. The experiment was a success, and I think, I could have used even more wine. So I will try that the next time

Since the Beaujolais Primeur I bought recently was a little too sour for my tastes, and I did not want to throw it away, I came up with the idea, to just add a little wine to the next chocolate cake I bake. Instead of adding 100 ml milk, I just add 50 ml milk and 50 ml wine. Or something like that.
I think might have overshot the 50 ml wine mark a little, though. But it’s too late, the cake is in the oven now, and so far, it smells quite nice. Updates will follow, as soon as the cake has been tasted.

I tried my first Beaujolais Primeur today, and I have to say…Yuck!
Normally, I like red wines, I have tried a few. But this one, Marquis de Valclair Beaujolais-Villages Primeur, was sour as hell. I would even go so far and say it was vile. It smelled pretty good, but the taste… *shudder*
Even after one glass, I bet there’ll be hell to pay tomorrow morning.

Finally got my server up and running again. And I know why it was all b0rked. When they switched the IP adresses, I configured it wrong. Instead of putting the old IP on the alias interface eth0:1, I put it on eth0:0, which is the real interface, which confused the server quite a bit. And when I wanted to shut the old interface off, I took out the real one with it. Duh!
But now all is fixed thanks to first class phone support from the fine folks at Siemund Online