About Leo Gaggl

ict business owner specialising in mobile learning systems. interests: sustainability, internet of things, ict for development, open innovation, agriculture

OpenVPN – fix issues with DNS server assignment (Synology NAS)

Synology NAS systems are great VPN servers for a home or small office. However if you want to connect to the VPN and route all your traffic through the VPN and be able to browse the internet there are a few things you need to change on the Synology server.

Theoretically you should be able to set these options on the client, but I have not managed to get this to work with Synology and judging by the amount of forum threads a lot of other people had the same problem. If somebody has a better way to fix this I would love to know. I don’t like to manually change these config files as I assume they will be overwritten when making changes to the web-interface.

vi /usr/syno/etc/packages/VPNCenter/openvpn/openvpn.conf

add the following lines.

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"

Please note that the DNS option are Google’s public DNS servers as an example, you probably want to use your ISP’s (the one hosting the Synology server that is) DNS IP’s instead.

Please note that this was tested with Synology DSM version 5.2 only and Ubuntu & Android as the main client OS. Please leave comment for other combinations.

Finding Notebook Hardware for Ubuntu – 2015 Edition

Unfortunately it is still much harder than necessary to find notebook hardware to use with Ubuntu (or other Linux variants). This blog is full of past experiences (some of them quite time-consuming) on finding notebook hardware that will work without too much fiddling. This short note is to document my recent research on that front to help others who want to do the same (as there doesn’t seem to be a lot of good current info around).

There are some vendors that do ship with Ubuntu, however they are generally all based in the US and their pre-sales communications are pretty horrible (I am talking to you ZaReason – still waiting for reply email as well as tweet). Then there is Purism Librem, but unfortunately they have still not shipped their 15″ version and I need a tool now. The jury on this is still out and I don’t really have the time to be a guinea-pig. Maybe next time (as I like what they are doing) …

There was one option from one of the top-tier manufacturers (Dell XPS 13 – Developer Edition) which ships with Ubuntu. But as – per usual – NOT in Australia. However there was a lot of conflicting evidence I found that the Windows Version had some issues with current Ubuntu versions (Dell ship 14.04 LTS – which makes sense from their point).

I ended up buying the Lenovo X1 (3rd Generation) and after the install of Ubuntu I have to say this is the first notebook I just had to plug in the Ubuntu USB (Version 15.04 Vivid Vervet 64bit) and install and everything just worked. No fighting with UEFI firmware, no function keys not working and no issues with sound or other drivers. To be fair – there is one thing I noted (which is irrelevant to me) – the fingerprint reader does need some additional driver installed & configured.

It was also the first notebook I didn’t even bother booting up and create a repair disk first. There is no way I would ever restore something to Windows 8 – however if you are not sure that you will stick with Ubuntu – that’s probably not advisable.

Thank you Lenovo for developing a very decent piece of hardware that just works with Ubuntu ! However I would like to note that the recent Superfish debacle http://support.lenovo.com/us/en/product_security/superfish really left a sour taste and nearly made me take Lenovo off the evaluation list.

Some conversations that might be useful:

https://www.reddit.com/r/Ubuntu/comments/37ukqe/dell_xps_13_vs_lenovo_thinkpad_x1_carbon_3rd_gen/
https://www.reddit.com/r/Ubuntu/comments/37t4re/ubuntu_notebook_hardware_available_in_from/

SShuttle – quick and temporary VPN over SSH

Every once in a while you find a gem. One of these for me is SShuttle – until now I have not known about this one.

Sometimes you need to quickly forward all your traffic via a remote server quickly. And while you can do all of this manually using OpenSSH it’s not a quick one-step process (https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding). Dynamic SOCKS5 proxies are great if all you need is browser traffic, but there is always software that won’t play ball with SOCKS.

Use-case: I just been trying to get Ubuntu Make to install Eclipse IDE and the local AARNET download mirror is just refusing to cooperate (https://github.com/ubuntu/ubuntu-make/issues/90). A quick forward to a remote VPS fixed the issue without headaches

Install

sudo apt-get install sshuttle

Run

sshuttle -r username@servername.tld 0.0.0.0/0 -vv

That’s all – it sets up routing & iptable rules transparently and removes them after use. Kudos goes to https://github.com/apenwarr – thank you. A VERY useful utility !!!

Source link: https://github.com/apenwarr/sshuttle

Installing Ubuntu Phone (Touch) on Nexus 7 LTE

ubuntu phone

Add SDK repository

sudo add-apt-repository ppa:ubuntu-sdk-team/ppa
sudo apt-get update
sudo apt-get install ubuntu-device-flash

Enable USB Debugging on the device

  1. Make sure you have developer mode enabled (see http://developer.android.com/tools/device.html if you are unsure).
  2. Navigate to Settings > Developer options
  3. Enable USB Debugging. When a device is connected, you will be prompted in Android to authorize it.

Unlock Bootloader

adb reboot bootloader
fastboot oem unlock
fastboot reboot

Check that you have the right device

adb shell grep ro.product.name /system/build.prop > mydevicedata \
&& adb shell grep ro.product.device /system/build.prop >> mydevicedata \
&& adb shell grep build.id /system/build.prop >> mydevicedata

ro.product.name=razorg
ro.product.device=deb
ro.build.id=KTU84P

Check which channels are available

ubuntu-device-flash --server="http://system-image.tasemnice.eu" query --list-channels --device=deb

ubuntu-device-flash –server=”http://system-image.tasemnice.eu” query –list-channels –device=deb
ubuntu-touch/ubuntu-rtm/14.09
ubuntu-touch/ubuntu-rtm/14.09-proposed
ubuntu-touch/utopic
ubuntu-touch/utopic-proposed
ubuntu-touch/vivid
ubuntu-touch/vivid-proposed
ubuntu-touch/devel (alias to ubuntu-touch/vivid)
ubuntu-touch/devel-proposed (alias to ubuntu-touch/vivid-proposed)
ubuntu-touch/ubuntu-rtm/devel (alias to ubuntu-touch/ubuntu-rtm/14.09)
ubuntu-touch/ubuntu-rtm/devel-proposed (alias to ubuntu-touch/ubuntu-rtm/14.09-proposed)

In my case I am going for the currently stable ‘ubuntu-touch/vivid’ channel.

Install Ubuntu Touch

ubuntu-device-flash --server="http://system-image.tasemnice.eu" touch --channel="ubuntu-touch/vivid" --bootstrap

References
Ubuntu Devices: https://wiki.ubuntu.com/Touch/Devices

Paperless Office using the Raspberry Pi

This is a follow-up on an older blog using Ubuntu.

r by rosmary, on Flickr
Creative Commons Creative Commons Attribution 2.0 Generic License   by  rosmary 

For this purpose I used a Fujitsu ScanSnap S1300i scanner as I really like the features of this series (full duplex scan as well auto document feeder as well for around $250). It’s document feeder is not a good as the S1500 we have in the office, but very compact and can be powered from USB hub.

Raspberry Pi Prerequisites

Since this will be a purely headless install designed to sit in a corner behind the scanner I am using a Base Raspian (Debian Wheezy) install (I personally like the clean minimal install via https://github.com/debian-pi/raspbian-ua-netinst the best).

apt-get install sudo vim wget wput libusb-dev build-essential git-core

Add non-privileged user account(s)

adduser USERNAME
adduser USERNAME sudo
groupadd scanner
usermod -a -G scanner USERNAME

Install Sane

The version of sane from the Raspbian repos is not working with the Fujitsu ScanJet range and needs to be built from source.

git clone git://git.debian.org/sane/sane-backends.git
cd sane-backends
BACKENDS=epjitsu ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
make install

Install S1300i Driver

You need to get the driver file (‘1300i_0D12.nal’) from the CD that came with the scanner. If you still have access to a CDROM drive that is. :(

mkdir -p /usr/share/sane/epjitsu/
cp 1300i_0D12.nal /usr/share/sane/epjitsu/

Check /etc/sane.d/epjitsu.conf and see if the following line is there (in my case it was already created by sane build).

# Fujitsu S1300i
firmware /usr/share/sane/epjitsu/1300i_0D12.nal
usb 0x04c5 0x128d

sane-find-scanner -q

found USB scanner (vendor=0x04c5 [FUJITSU], product=0x128d [ScanSnap S1300i]) at libusb:001:004
found USB scanner (vendor=0x0424, product=0xec00) at libusb:001:003

scanimage -L

device `epjitsu:libusb:001:004′ is a FUJITSU ScanSnap S1300i scanner

Copy libsane rules from the sane build directory to udev rules.
sudo cp sane-backends/tools/udev/libsane.rules /etc/udev/rules.d/60-libsane.rules

Logout and log in a the non-privileged user account previously created.

If the scanimage -L command works as above you have fully configured the scanner to work under that user account.

Start saned on boot-up

Edit the /etc/rc.local file and add the following line before the ‘0’ line to ensure saned is running as the non-privileged user when you have to reboot.

saned -a USERNAME

Installing Conversion Tools

sudo apt-get install imagemagick bc exactimage pdftk tesseract-ocr tesseract-ocr-eng unpaper

You can add other languages such as tesseract-ocr-deu if you require OCR support for those.

Scan to Repository Script

The script is hosted on Github: https://github.com/leogaggl/misc-scripts/blob/master/scan2repo.sh

#!/bin/bash
# Thanks to Andreas Gohr (http://www.splitbrain.org/) for the initial work
# https://github.com/splitbrain/paper-backup/
OUT_DIR=~/scan
TMP_DIR=`mktemp -d`
FILE_NAME=scan_`date +%Y%m%d-%H%M%S`
LANGUAGE="eng"
echo 'scanning...'
scanimage --resolution 300 \
--batch="$TMP_DIR/scan_%03d.pnm" \
--format=pnm \
--mode Gray \
--source 'ADF Duplex'
echo "Output saved in $TMP_DIR/scan*.pnm"
cd $TMP_DIR
# cut borders
echo 'cutting borders...'
for i in scan_*.pnm; do
mogrify -shave 50x5 "${i}"
done
# check if there is blank pages
echo 'checking for blank pages...'
for f in ./*.pnm; do
unpaper --size "a4" --overwrite "$f" `echo "$f" | sed 's/scan/scan_unpaper/g'`
#need to rename and delete original since newer versions of unpaper can't use same file name
rm -f "$f"
done
# apply text cleaning and convert to tif
echo 'cleaning pages...'
for i in scan_*.pnm; do
echo "${i}"
convert "${i}" -contrast-stretch 1% -level 29%,76% "${i}.tif"
done
# Starting OCR
echo 'doing OCR...'
for i in scan_*.pnm.tif; do
echo "${i}"
tesseract "$i" "$i" -l $LANGUAGE hocr
hocr2pdf -i "$i" -s -o "$i.pdf" < "$i.html"
done
# create PDF
echo 'Converting PDF...'
pdftk *.tif.pdf cat output "$FILE_NAME.pdf"
wput $FILE_NAME.pdf ftp://uid:pwd@scanner.domain:21/Alfresco/scans/
cp $FILE_NAME.pdf $OUT_DIR/
rm -rf $TMP_DIR

Thanks go to Andi Gohr @ Splitbrain for the excellent blog that helped me to get over the sane problems and also gave me some ideas to make the scan script better (as unpaper was not doing such a good job): http://www.splitbrain.org/blog/2014-08/23-paper_backup_1_scanner_setup

Install Ubuntu 14.04 on a Chromebook

There are plenty of sites out there that give advise on this topic, unfortunately most of them are highly ad-infested to the point of being unreadable as well as only containing single bit rather that an overall picture. This is a collection of useful links to source materials as well as steps necessary to install.

Resource Links

Crouton Github: https://github.com/dnschneid/crouton – Thank you David Schneider for the excellent work !!!
Developer Info for Chromebooks: https://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices

Put Cromebook into “developer mode”

  1. Back up any data as the process wipes the system
  2. Create a restore image for Chrome OS (install the Restore Image Chrome Extension for this task)
  3. Enter Developer Mode – hold down ESC and Refresh (F3) keys and press the Power button

Download Crouton Script

Download link for installer: https://raw.githubusercontent.com/dnschneid/crouton/master/installer/crouton

Installing Crouton

CTRL+Alt+t to open Cronos Prompt + type “shell” to enter proper bash shell.

To see the list of supported releases:
sh -e ~/Downloads/crouton -r list
To see a list of the supported desktop envoironments (target names):
sh -e ~/Downloads/crouton -t help
I generally install LXDE on ‘resource-challenged’ devices.

shell
sudo sh -e ~/Downloads/crouton -r RELEASENAME -t TARGETNAME -e

The ‘-e’ at the end is optional to encrypt the chroot. Which is probably a good idea as the Chromebook in developer mode is completely open and allows any user to access. If you do not specify the Release it defaults to Ubuntu 12.04 (precise)

My default install would be:
sudo sh -e ~/Downloads/crouton -r trusty -t lxde -e

Removing Crouton

The proper way to remove the chroot environment created by Crouton is as follows

sudo delete-chroot CHROOTNAME

CHROOTNAME could be ‘precise’ or ‘trusty’ depending on the installed version and can be found by

ls /mnt/stateful_partition/crouton/chroots/

Run Ubuntu

Depending on your installed shell.
sudo startlxde

Replace with ‘startxfce4′ or ‘startkde’ or ‘startunity’ depending on your target release.

CyanogenMod 12 on Sony Xperia Z2

Just a quick update of the previous article on “Sony Xperia Z2 upgrading to CyanogenMod 11“.

One thing is that CM now included the custom recovery and you do not need to download any other custom recoveries !

Download the CM 12 ZIP file for Sony Xperia Z2 (sirius) and extract the ‘boot.img’ file

Download link: https://download.cyanogenmod.org/?device=sirius

Get the device into fastboot (bootloader mode)

fastboot -i 0xfce flash boot boot.img
fastboot reboot

Install CyanogenMod

Choose the “Install zip from sdcard –> Install from sideload” option

adb sideload cm-12-20150219-NIGHTLY-sirius.zip

After the install has finished choose the “Reboot system now” option.

Ubuntu 14.04 Webmin Install from PPA

On remote systems sometimes a web-based tool can be very handy. Webmin is such a tool that has been well maintained for decades. To install quickly on a Ubuntu Server without having to manage dependencies and keeping it updated as part of normal OS update operations installing from a PPA Repo is handy.

sudo echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list
wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add -
#OpenSuse Repo Key
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 977C43A8BA684223
sudo apt-get update
sudo apt-get install webmin

After this you should be able to connect to your webmin instance on port 10000

https://hostname:10000

Security note: I would never allow direct access to Webmin on a remote server but rather tunnel port 10000 over SSH !

Barebone Ubuntu 14.04 Cloud Desktop

Since I have found some issues with my previous LXQT setup in real-life work I decided to fall back to standard Lubuntu for my cloud desktop. As part of this I also switched to TightVNC which seems a lot easier to configure.

Add local user account

adduser USERNAME
adduser USERNAME sudo

Install Lubuntu Desktop

sudo apt-get install --no-install-recommends lubuntu-desktop tightvncserver

TightVNC Configuration

sudo vim /etc/lightdm/lightdm.conf

#
# VNC Server configuration
#
# enabled = True if VNC connections should be allowed
# port = TCP/IP port to listen for connections on
#
[VNCServer]
enabled=true
port=5900
width=1366
height=768
depth=24

sudo /etc/init.d/lightdm restart

Connect to the remote system

ssh -L 5900:localhost:5900 -i /path/to/your/aws/keyfile.pem YOUR.EC2.IP.ADDRESS

tightvnc

 

If you are using a Chromebook then this article might help.

Accessing your cloud desktop from Chromebook

One of the main reasons for setting up a cloud desktop is that I tend to use a lot of different devices some of which are not very powerful.

One of my favorite devices of late has been a HP 11 Chromebook. I originally bought it for a new employee and wanted to check myself how this thing stacks up to do day-to-day computing tasks more efficiently than a standard laptop without all the headaches of running Windows (viruses, endless driver installs, bloatware, malware, …). We already have several people at work working exclusively from Chromebooks and they absolutely love them. Long story short – I ended up keeping the Chromebook for myself as it’s an absolutely great secondary device for me. I can carry it with me everywhere (doesn’t weigh much more than a tablet, roughly the same size as a tablet & has a keyboard and is so much more useful than a tablet).

Initially I was using it more as a secondary device, but lately I have been thinking that I will not even take my main notebook at all for travels. The problem with this is that I do (sometimes – very infrequently) need access to software not available on such a limited device.

Accessing your Cloud Desktop via SSH (I know there seem to be people allowing direct VNC access – but that is just asking for trouble) is highly recommended. I also use RSA keys instead of password authentication.

Copy SSH Private Key (generated on desktop and public key added to authorized_keys on the cloud-server) to the Chromebook,

Unfortunately (unless you want to set you Chromebook into developer mode which has all sorts of other downsides) the inbuilt CROSH shell is very limited. However it gives you enough to securely connect to a cloud-server and you can use the whole tool-set from there

crosh> ssh
ssh> host example.com
ssh> user <username>
ssh> key <rsa_key_filename>
ssh> forward 8000:localhost:5901
ssh> connect

You can now use the RealVNC Chrome App to connect to your cloud desktop.

RealVNC

EDIT (2014-11-10): Found a better Chrome Extension which can handle the port forwarding and RSA certificate authentication which will save the config without having to type the commands each time.

Chrome Secure Shell

ChormeOS - Secure Shell