• Android: Protecting your network data from local snooping

    There's been a lot of news of late about the likes of NSA and GCHQ passively listening to Internet traffic. The steps in this post won't protect you from such a well resourced attacker, but will prevent others on open wifi networks and your mobile data provider from looking at the content of your phone's network traffic.

    A good example of the data that can easily be collected can be seen in this recent Ars Technica post.

    In this post, we'll be configuring an Android phone to conditionally connect to an OpenVPN server, dependant on whether it's associated with a specific WLAN

  • Automounting Samba Shares over OpenVPN

    So you've got a working OpenVPN setup, but now you want to be able to access the Samba shares hosted on the remote network.

    It's very easy to do manually, but most users don't want to have to learn to map network drives (or shudder use some of that commandline black magic). Thankfully, they don't need to as you can tell OpenVPN to do the legwork for them;

     

  • OpenVPN on CentOS 6

    Setting up OpenVPN is seldom complicated nowadays, but on CentOS it's far more straightforward than I've experienced on most other distro's.

    This documentation details how to install and configure OpenVPN on CentOS 6

  • OpenVPN on CentOS 6 (Updated) - With HMAC

    I've previously documented how to install and configure OpenVPN on CentOS 6, but the steps appear to be outdated.

    In this documentation, we'll (very quickly) detail how to configure OpenVPN on CentOS 6. We're also going to enable TLS Authentication so that OpenVPN won't even respond unless the connecting client provides the right pre-shared key.

    You'll need the EPEL repos installed and enabled.

  • OpenVPN on Debian

    Setting up OpenVPN on Debian is as straight forward as on CentOS, though some of the file locations differ slightly.

    This documentation details how to install and configure OpenVPN on a Debian server.

  • OpenVPN on Windows 2003

    We all know that Microsoft probably couldn't organise an orgy in a brothel, so I'm not sure why I was so surprised that their "Routing and Remote Access" service was interfering with other applications that may wish to add a route (in this case OpenVPN).

    This tutorial will show you how to install and configure OpenVPN on Microsoft Windows 2003 (including Small Business Server).

  • OpenVPN, Network-Manager and max-routes

    Network-manager, simply, sucks. But sometimes you have little choice but to use it.

    Unfortunately, despite a bug being sat idle for some time, Network-manager-openvpn doesn't support various OpenVPN client options such as max-routes. Unfortunately, if your OpenVPN server is pushing more than 100 routes, this is sufficient to prevent you from connecting at all.

    This documentation details a way to work around that limitation. It's dirty and hacky, but so far, is the only solution I've found

  • Usurping the BTHomeHub with a Raspberry Pi: Part 4 - Using a VPN to Tunnel Connections to Specific IPs

    Content Filtering is becoming increasingly popular amongst Politicians, ISPs and generally clueless do-gooders. The problem  is, whatever you think of their motives, it's generally poorly implemented and interferes with the end-users browsing experience, even when it's not supposed to (the image to the right appeared with filtering off! - click to enlarge).

    As we've been Usurping the BTHomeHub with a Raspberry Pi, we're going to take a brief break to implement some useful functionality that the HomeHub didn't provide.

    In this Part, we're going to configure our Raspberry Pi to connect to an OpenVPN server and route some of our traffic over the tunnel - depending on the destination IP (i.e. Split tunnelling). This will allow us to easily bypass the troublesome content filtering, whilst not un-necessarily introducing any latency to any connection that is (for the time being at least) unaffected by the filters.

    Note: We'll be manually specifying the connections that are routed via VPN, so that we can 'whitelist' mistakes such as the EFF and Wikipedia, whilst still being 'protected' against other filtered pages.

    Unless otherwise stated, all commands need to be run as root

  • Usurping the BTHomeHub with a Raspberry Pi: Part 5 - Inbound OpenVPN

    In Part 4 we configured our Raspberry Pi router to maintain a number of OpenVPN tunnels and to route through them selectively. Now we'll look at the steps needed to allow connection to our LAN via OpenVPN. Although helpful, as the HomeHub doesn't provide VPN connectivity, this stage doesn't really count as Usurping the BTHomeHub.

    The steps are almost completely identical to those performed when Installing Open VPN on Debian. We're going to have to NAT connections though, as the HomeHub is a little stupid and we can't add static routes to it (so if we're connected to the VPN and accessing the Internet, it won't know where to route the response packets).

    What we'll do, though, is only NAT if the connection isn't to something on the LAN.