Using DNSMadeEasy as Dynamic DNS provider on Synology Diskstations

Since Synology (despite requests) still has not added DNS Made Easy as a listed provider (despite listing some really obscure services – go figure!) here is the steps to add a custom provider.

DNS Made Easy Setup

Create a new A-Record

  1. Set the name
  2. Set the IP (initial – any valid IP)
  3. Tick the “Dynamic DNS” tickbox
  4. Enter your chosen Dynamic DNS Password
  5. Save the new record

When saving the record you will see a “Dynamic DNS ID” – note down this number. This will become the hostname on the Synology setup.

Synology Setup

Click “Customize” to add a new DDNS provider

Name: DNSMADEEASY
Query URL
http://cp.dnsmadeeasy.com/servlet/updateip?username=__USERNAME__&password=__PASSWORD__&id=__HOSTNAME__&ip=__MYIP__

Click “Add” to add a new DDNS service

  1. Service Provider: *DNSMADEEASY
  2. Hostname: Dynamic DNS ID from DNS Made Easy
  3. Username/Email: your DNS Made Easy email
  4. Password/Key: your chosen DNSMadeEasy DDNS password

Once you save the new DDNS provider you should see the status to go “Normal” in a green color. This means the update was successful. You should now be able to PING the DNS record or if you log in to DNS Made Easy the IP address should have changed to the external IP of your DiskStation.

SShuttle – quick and temporary VPN over SSH

Every once in a while you find a gem. One of these for me is SShuttle – until now I have not known about this one.

Sometimes you need to quickly forward all your traffic via a remote server quickly. And while you can do all of this manually using OpenSSH it’s not a quick one-step process (https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding). Dynamic SOCKS5 proxies are great if all you need is browser traffic, but there is always software that won’t play ball with SOCKS.

Use-case: I just been trying to get Ubuntu Make to install Eclipse IDE and the local AARNET download mirror is just refusing to cooperate (https://github.com/ubuntu/ubuntu-make/issues/90). A quick forward to a remote VPS fixed the issue without headaches

Install

sudo apt-get install sshuttle

Run

sshuttle -r username@servername.tld 0.0.0.0/0 -vv

That’s all – it sets up routing & iptable rules transparently and removes them after use. Kudos goes to https://github.com/apenwarr – thank you. A VERY useful utility !!!

Source link: https://github.com/apenwarr/sshuttle

Accessing your cloud desktop from Chromebook

One of the main reasons for setting up a cloud desktop is that I tend to use a lot of different devices some of which are not very powerful.

One of my favorite devices of late has been a HP 11 Chromebook. I originally bought it for a new employee and wanted to check myself how this thing stacks up to do day-to-day computing tasks more efficiently than a standard laptop without all the headaches of running Windows (viruses, endless driver installs, bloatware, malware, …). We already have several people at work working exclusively from Chromebooks and they absolutely love them. Long story short – I ended up keeping the Chromebook for myself as it’s an absolutely great secondary device for me. I can carry it with me everywhere (doesn’t weigh much more than a tablet, roughly the same size as a tablet & has a keyboard and is so much more useful than a tablet).

Initially I was using it more as a secondary device, but lately I have been thinking that I will not even take my main notebook at all for travels. The problem with this is that I do (sometimes – very infrequently) need access to software not available on such a limited device.

Accessing your Cloud Desktop via SSH (I know there seem to be people allowing direct VNC access – but that is just asking for trouble) is highly recommended. I also use RSA keys instead of password authentication.

Copy SSH Private Key (generated on desktop and public key added to authorized_keys on the cloud-server) to the Chromebook,

Unfortunately (unless you want to set you Chromebook into developer mode which has all sorts of other downsides) the inbuilt CROSH shell is very limited. However it gives you enough to securely connect to a cloud-server and you can use the whole tool-set from there

crosh> ssh
ssh> host example.com
ssh> user <username>
ssh> key <rsa_key_filename>
ssh> forward 8000:localhost:5901
ssh> connect

You can now use the RealVNC Chrome App to connect to your cloud desktop.

RealVNC

EDIT (2014-11-10): Found a better Chrome Extension which can handle the port forwarding and RSA certificate authentication which will save the config without having to type the commands each time.

Chrome Secure Shell

ChormeOS - Secure Shell

Removing ‘Video Call’ default in Google Calendar

This ‘feature’ has been annoying me for a while and after this has caused some confusion with some of my clients I decided to go and look where to disable this. Why this has been made a system wide default is beyond me.

Rather than in the users Calendar Settings this is actually in the Google Apps Admin Console (https://admin.google.com/)

Console –> Google Apps –> Settings for Calendar –> Sharing Settings

Disable the “Automatically add video calls to events created by a user” setting.

Direct Link: https://admin.google.com/AdminHome?fral=1#AppDetails:service=Calendar&flyout=sharing

Installing Custom ROM on Galaxy S4 International from Ubuntu

Or as an alternative title “Liberating your Galaxy S4 Hardware from Samsung Bloatware”.

Unfortunately there is lots of (ad-infested) blogs and forums with dodgy pieces of information on this topic and I found it pretty hard to get descent concise information. So hopefully this might help some poor Linux User liberate their phone. Whilst this has been tested on a Samsung GT-I9505 S4 International LTE device (JFLTEXX series) it should be applicable to other similar Samsung phones that are not fastboot capable (ie. all but the Galaxy Nexus range).

Samsung Galaxy S4 - gap with dust by Janitors, on Flickr
Creative Commons Attribution 2.0 Generic License  by  Janitors 

NOTE: If you have encrypted your device do yourself a favor and do a factory reset BEFORE you start the process (otherwise you will be stuck in a boot-loop as the encryption key will be gone and the device will not start without it). See note below to recover to stock Samsung image if you need to.

Rooting

This area is the hardest to get decent (Ubuntu relevant) information. However (contrary to some forum entries out there) Heimdall is the most workable solution to use from Ubuntu – binary .deb packages are available from https://bitbucket.org/benjamin_dobell/heimdall/downloads. There is both a commandline package as well as a GUI available for Ubuntu 12.10 and 13.04 as well as other Linux distros.

Note [2014-11-24]: Had to upgrade my daughters S4 Mini and I noticed that Heimdall is now in the default UBUNTU Repositories. You can install simply by ‘sudo apt-get install heimdall-flash‘ now.

Make sure the device has Developer mode enabled

  • Go to Application > Settings.
  • In the upper-right corner of your screen, tap on “More” button.
  • Navigate to the bottom and select About.
  • Tap “Build number” several times until you see a message that says “Developer mode has been enabled“.
  • Tap the Back button and you will see the Developer options menu under the “System” heading, you can now set Developer options.
  • Check the USB debugging box under Developer options and you are ready to use your Samsung Galaxy S4 in debugging mode.

A very big THANK YOU to Benjamin Dobell from Glass Echidna. Can’t comment on the blog – your work is much appreciated.

Flash cf-auto-root images

Download the I9505 images from http://autoroot.chainfire.eu/ and extract.

Boot the device into download mode (Press POWER ON + VOLUME DOWN + HOME simultaneously and then when the green Android appears VOLUME UP)

This part took me a while to get right as there was not a lot of decent information around (NOTE: CASE-sensitive PIT partition name). You also need to have the “–no-reboot” flag as you need to boot straight into recovery as a reboot will revert back to the Samsung recovery image.
heimdall flash --no-reboot --RECOVERY recovery.img --CACHE cache.img.ext4

Reboot manually into Recovery Mode (Press POWER ON + VOLUME UP + HOME simultaneously) and the rooting process should complete.

Install Recovery Image

As per recommendation from the XDA Forums I used PhilZ recovery. The GT-I9505 files are at http://d-h.st/users/philz_touch/?fld_id=16685#files

Extract the recovery.img file from the ZIP and flash the recovery partition

heimdall flash --no-reboot --RECOVERY recovery.img

Install AOSP Google Play Edition

Boot into the Touch Recovery Boot (Press POWER ON + VOLUME UP + HOME simultaneously) and load the following file with

adb sideload 20130629-GoogleEdition.zip

If you are stuck with an error message that reads: error: closed

adb usb

Resources


EDIT (2013-07-23): Google Play Edtion ROM’s did not work for me (no data connection other than WIFI) – would be great to hear if this works for other people with Australian radios. Ended up using PAC Man ROM – https://plus.google.com/communities/103029729817409918322 which appears the most stable AOKP style firmware. So far looks good – no bloat & squishy noises !


EDIT (2013-08-13): Since the PAC Man ROM had problems with audio on some calls I have switched back to an AOSP Google Play Edition ROM. I have in the meantime worked out that the reason the original Google Play Edition install did not work was simply the missing APN settings for Telstra. D’oh!! I am now running the 4.3 S4 Google Edition ROM from: http://forum.xda-developers.com/showthread.php?t=2348272
image

Here is the TELSTRA (Australia) APN Settings:
Name: Telstra Internet
APN: telstra.internet
Proxy:
Port:
Username:
Password:
Server: wap.telstra.com/wap
MMSC: http://mmsc.telstra.com:8002
MMS Proxy: 10.1.1.180
MMS Port: 80
MCC: 505
MNC: 01
Authentication Type: CHAP
APN Type: default,mms


Reverting back to Samsung Stock ROM

If there are no backups you need to download the Stock ROM’s from http://www.samfirmware.com/ or similar site

heimdall flash --no-reboot --RECOVERY recovery.img --BOOT boot.img --SYSTEM system.img.ext4 --CACHE cache.img.ext4 --HIDDEN hidden.img.ext4

Note: you need to boot into recovery mode and do a facory reset to remove device encryption completely.

https://play.google.com/store/apps/details?id=nl.bvgemert.flasher&hl=en
https://play.google.com/store/apps/details?id=eu.chainfire.triangleaway

Chromebook tips to get started

Just got myself (actually it’s for our Office Manager back in OZ) one of these Chromebooks while in Europe (since Google Australia with their absolutely hopeless hardware strategy do not seem to be able to ship any devices – Nexus 4 anyone ?) .

Since the first days turned out to be a bit of a frustrating experience, I thought I share some of the findings as I had a hard time finding much useful info on troubleshooting ChromeOS.

Wireless Connection (WIFI)

Do not use WPA (or for that matter WEP) connections with ChromeOS. I had extreme difficulties browsing webpages on the Chrombook. Some pages would load, some pages would not load at all. There seemed to be no consitency to it as some would load one day, but not another. Somewhere in the Google Groups there seemed to be people reporting issues with wireless connections using WEP. It turned out that the Wireless Modem Router (Telekom Austria supplied Pirelli PBS modem) where I was staying was set to WPA encryption only by default. Once I figured out how to set the unit to WPA2 (which these days should really be the default anyway) things started to actually work consistently. Check the sections below (specially chrome://diagnostics) to see how you can find out what’s going wrong.

However to save some trouble & frustrations, before you do anything make sure your Chrombook connects using WPA2 !

Terminal

CTRL+ALT+T will launch the Chrome Shell which is a slightly odd and very cut-down command line shell. Other than a ‘ping’ utility and some debug tools there really seems to be only the ‘ssh’ command that would be very useful to connect to remote systems. Unfortunately the SSH implementation is quite unusual compared to my normal OpenSSH client.

Poking under the hood

  • Get diagnostic info: chrome://diagnostics/
  • Settings: chrome://chrome/settings/
  • Get hard-disk space: chrome://quota-internals/
  • Bandwidth used: chrome://net-internals/#bandwidth
  • Factory reset the unit: chrome://chrome/settings/factoryResetData
  • Complete listing of ‘chrome’ URL’s: chrome://chrome-urls/

Developer mode

To make some serious mods to the Chromebooks you need to boot into Developer mode. On the Samsung 303C ARM Chromebook this is achieved by holding ESC + Refresh buttons when pushing the power button to turn the unit on. Probably best left alone unless you know what you are doing.

Organisational micro-blogging for all

Having seen more and more articles on the use of micro-blogging tools in educational and corporates settings, I am constantly surprised that one of the most useful options from my point-of-view seems to be constantly overlooked. Micro-blogging is like Twitter, but private to your organisation. It is a great way to capture those more informal internal discussions. It can help distribute useful information (such as links) throughout your organisation or help kick-start conversations.

StatusNet poster

The major advantages of StatusNet as a platform over competing proprietary systems (such as Jammer) are:

  • Ownership of information: you can host StatusNet yourself and StatusNet fully supports DataPortability.org to get your data exported from StatusNet as well.
  • Customisation: since you can host Status.net yourself it is possible to fully customise it to suit your needs.
  • Integration potential: since StatusNet is Open Source software you can easily integrate and build upon it.

To download Status.net head to http://gitorious.org/statusnet/ or try a personal account with Identi.ca. You can also use a cloud-hosted version provided by StatusNet http://status.net/cloud. A Yammer import tool is also available for users looking for a Yammer Alternative.

However being a tool that is private to your organisation does not mean your users will be isolated. There is the ability for your user to connect StatusNet with with their Twitter account should they wish to post messages outside.

Note: this is a cross-posting from my work blog at http://www.brightcookie.com/blog

Offline RSS Reading on Ubuntu

I sometimes have time to read RSS feeds when I have no Internet connection. Granted this is happening less often these days with wireless connectivity pretty much ubiquitous, but I frequently have that need. Most often it’s in an air-plane when you want to catch up on non-essential news and don’t have any connectivity.

This is where Lightread comes in handy. It synchronizes your Google Reader Account with excellent integration into the Ubuntu UI (desktop notification of new items …).

Lightread Screenshot

sudo add-apt-repository ppa:cooperjona/lightread
sudo apt-get update
sudo apt-get install lightread

OpenVPN Install on CentOS 6 Server

I recently had a need to install a VPN service in a OpenVZ container. Since I normally only use Hardware emulating VM’s I ran into quite a few issues in terms of low-level networking support on this Container Virtualisation System. Turns out that you are stuck with a TUN/TAP solution as most services won’t enable PPP services on their infrastructure. Also Ethernet bridging is not available (at least on the service I used) so you’re stuck with NAT IP masquerading. Considering the options I thought best served with using OpenVPN server.

Install Server

yum --enablerepo=epel -y install openvpn

Server configuration

cp /usr/share/doc/openvpn-*/sample-config-files/server.conf /etc/openvpn/
These are the contents of /etc/openvpn/server.conf
local XXX.XXX.XXX.XXX #Server External IP
port 1194
proto udp
dev tun
ca ca.crt
cert SERVER.crt
key SERVER.key #keep file secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8" #using Google Public DNS
push "dhcp-option DNS 8.8.4.4" #using Google Public DNS
keepalive 10 120
comp-lzo
max-clients 5
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3

mkdir -p /etc/openvpn/easy-rsa/keys
cd /etc/openvpn/easy-rsa
cp -rf /usr/share/openvpn/easy-rsa/2.0/* .
vim vars
#Set the country (KEY_COUNTRY)
#state (KEY_PROVINCE)
#locality (KEY_CITY)
#organisation name (KEY_ORG)
#support email (KEY_EMAIL)

Create certificate authority

./vars
./clean-all
./build-ca

The CA key and certificate should not be in the keys directory inside the easy-rsa directory.

Create certificate for the server

./build-key-server NAME_OF_SERVER
Answer the questions and commit the certificate into the database

Create the Diffie Hellman files

These files are used for the actual key exchange to ensure the confidentiality over an insecure channel, aka the Internet. Based on the length of the key used (KEY_SIZE) it may take a while.
./build-dh

Copy crypto files

cd keys/
cp ca.crt SERVER.crt SERVER.key dh1024.pem /etc/openvpn/

Create the certificate for each client

./build-key NOTEBOOK
./build-key MOBILE

Enable IP Forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

NAT Masquerading Setup

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE

Start OpenVPN

/etc/init.d/openvpn start
chkconfig openvpn on

Clients

Ubuntu

apt-get install network-manager-openvpn

Android

FeatVPN: http://www.featvpn.com/

Troubleshooting

  • Ensure that the client settings reflect EXACTLY the server setting (I learned the hard way wasting a lot of time on troubleshooting the fact that routing would not work – turned out to be a client setting ‘comp-lzo’ !)
  • Ensure TUN/TAP services are enabled for your OpenVZ container (http://wiki.openvz.org/VPN_via_the_TUN/TAP_device)
    ERROR: Linux ip link set failed: external program exited with error status: 255

Documentation: http://openvpn.net/howto.html

Installing Poptop (pptpd) VPN Server on CentOS 6

For roaming mobile clients PPTP (Point-to-Point Tunneling Protocol) is still the quickest way to get VPN connections to tunnel traffic over a secure link.

Installation

I always prefer installation via a yum repository as this will ensure patches are applied during regular system updates

sudo rpm --import http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP
sudo rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
sudo yum install ppp pptpd -y

Configuration

Note: replace $USERNAME and $PASSWORD with actual values

IP configuration
echo "localip 192.168.0.1" >> /etc/pptpd.conf
echo "remoteip 192.168.0.100-199" >> /etc/pptpd.conf

DNS configuration
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
echo "ms-dns 4.2.2.1" >> /etc/ppp/options.pptpd

Authentication configuration
echo "$USERNAME pptpd $PASSWORD *" >> /etc/ppp/chap-secrets

Firewall config
service iptables start
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
echo "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" >> /etc/rc.local
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables restart
service iptables save
chkconfig iptables on

Start ppptd
chkconfig pptpd on
service pptpd start