Feb 25 2017

How to setup VPN Unlimited on pfSense

Category: #generik,#howto,#internet,#koffee,#networking,#root,pfsense —  Juan @ 12:30 

This document describes how to set up VPN Unlimited on an x86 pfSense routing device using OpenVPN. OpenVPN is available, by default, on all installations of pfSense. If you have pfSense installed, you already have OpenVPN installed.

The document is for seasoned IT veterans and, as such, is broken up into 4 easy sections. Section I consists of adding VPN Unlimited certificate to your pfSense router, Section II consists of creating the VPN Tunnel, Section III consists of creating the VPN Interface, and finally. Section IV, the conclusion.

Who and what…

pfSense® software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.

VPN Unlimited is a consumer VPN provider run by the good people at Keep Solid, Inc. Their support teat is great.

Requirements

The following are requirements. Requirement does not mean option. So before proceeding, you must contact and obtain your configuration files (*.ovpn) from VPN Unlimited. If you cannot meet the mandatory requirements, this post is irrelevant and there is no point for you to continue.

  1. An active internet connection
  2. A pfSense routing device with minimum version 2.3.3
  3. An active VPN Unlimited account
  4. *.ovpn configuration file(s)

Sample *.ovpn file

The following example is a configuration file from VPN Unlimited. Please note that certificate authority hash, certificate hash, and private key hash all will be unique in every file, for every server:

client
dev tun
reneg-sec 0
persist-tun
persist-key
ping 5
ping-exit 30
nobind
comp-lzo adaptive
remote-random
ns-cert-type server
route-metric 1
<ca>
-----BEGIN CERTIFICATE-----
rijerhjfajfaljdhfajdshfalkdjshfadjshflakjsdhflakjsdhflajdshfaldj
rijerhjfajfaljdhfajdshfalkdjshfadjshflakjsdhflakjsdhflajdshfaldj
rijerhjfajfaljdhfajdshfalkdjshfadjshflakjsdhflakjsdhflajdshfaldj
rijerhjfajfaljdhfajdshfalkdjshfadjshflakjsdhflakjsdhflajdshfaldj
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
854uygifjhhg0e98y9g84yg9854uygifjhhg0e98y9g84yg9854uygifjhhg0e98
854uygifjhhg0e98y9g84yg9854uygifjhhg0e98y9g84yg9854uygifjhhg0e98
854uygifjhhg0e98y9g84yg9854uygifjhhg0e98y9g84yg9854uygifjhhg0e98
854uygifjhhg0e98y9g84yg9854uygifjhhg0e98y9g84yg9854uygifjhhg0e98
854uygifjhhg0e98y9g84yg9854uygifjhhg0e98y9g84yg9854uygifjhhg0e98
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
936u803usgkjpjvnjkkeyou-y3v9-2i4b2-m093vc,tig045i6ufh-39c68hug,0
936u803usgkjpjvnjkkeyou-y3v9-2i4b2-m093vc,tig045i6ufh-39c68hug,0
936u803usgkjpjvnjkkeyou-y3v9-2i4b2-m093vc,tig045i6ufh-39c68hug,0
936u803usgkjpjvnjkkeyou-y3v9-2i4b2-m093vc,tig045i6ufh-39c68hug,0
936u803usgkjpjvnjkkeyou-y3v9-2i4b2-m093vc,tig045i6ufh-39c68hug,0
-----END PRIVATE KEY-----
</key>
remote server.vpnunlimitedapp.com
proto udp

Start this party…

Are you ready? Let us begin.

kontinue reading…


Feb 04 2017

HOWTO Anonymize Internet Browsing with Squid Proxy server

Category: #generik,#howto,#root —  Juan @ 09:54 

Squid is a caching and forwarding HTTP web proxy.

This post serves only as a reference for anonymizing your internet browsing with Squid. At the time of this post, the stable version of Squid is currently 3.5.x, and as such, this post assumes you have Squid 3.5.x up and running. Please note, this post does not describe complete anonymity since real world public IP addresses will always be preserved and sent to the server. However, you can hide your internal private IP address but that’s a different topic.

In the quest to anonymize browsing habits, I’ve encountered a dozen or so posts incorrectly describing how to configure Squid. Interestingly, it all really boils down to three required options:

Kode  
  1. request_header_access From deny all
  2. request_header_access Referer deny all
  3. request_header_access User-Agent deny all

kontinue reading…

Tags: ,


Feb 02 2017

HOWTO Make TextEdit Open With New File By Default

Category: #apple,#generik,#howto,#osx —  Juan @ 16:03 

For as long as I can remember, every time I opened TextEdit, the application would open to a new file by default. I’m not exactly sure when Apple decided to force TextEdit to open to the file picker dialog but here we are, on MacOS Sierra 10.12.x? I suppose you wouldn’t be here otherwise. Anyways, let’s get to the meat of this post, shall we?

Open up a terminal window and execute the following command

Kode  
defaults write -g NSShowAppCentricOpenPanelInsteadOfUntitledFile -bool false

Fin!

Tags: , ,


Feb 01 2017

Install nano on pfSense

Category: #generik,#howto,#root —  Juan @ 14:35 

For reasons unknown to humanity, installing nano isn’t available from the psSense GUI. Fear not, installing it from the command line is both easily said and done. I’m going to assume you’re an expert user so I will not cover root nor ssh details.

There are two methods to install nano: the first (1) will require root access, done during an SSH terminal session and the second (2) requires you to navigate to Diagnostics -> Command Prompt through the web GUI.

Whichever method you decide, execute the following command:

Kode  
pkg install nano

Fin.

Tags: ,


Feb 01 2017

Add or Modify FreeBSD User and Group Membership

Category: #generik,#howto,#kode,#networking —  Juan @ 10:31 

To add, modify, or remove users on a FreeBSD system, you’ll need to run the pw utility as your system’s root user.

To add an existing user to an existing group under FreeBSD:

Kode  
pw group mod GROUP_NAME -m USERNAME

To create a new user to an existing group under FreeBSD:

Kode  
pw user add NEW_USERNAME -G GROUP_NAME

To verify members of a group:

Kode  
pw groupshow GROUP_NAME

To verify an existing user’s group membership:

Kode  
id USERNAME

Tags: ,


Apr 03 2016

Configure OS X Network Hostname

Category: #apple,#howto,#networking,#osx —  Juan @ 10:56 

The power of OS X allows users to set their computer hostname from command line. This can be useful should you need to set hostname remotely. So, fire up a terminal window, enter root user mode, and follow the next few steps.

Change the FQDN hostname of your Mac (ex: computer.domain.net):

$ scutil --set HostName <new_host_name>

kontinue reading…

Tags: , , , ,


Mar 06 2016

Plex Media Server Ubuntu Linux Configuration

Category: #generik,#howto,#linux,#ubuntu-server —  Juan @ 12:26 

This HOWTO is exclusively for users who manually install Plex Media Server on Ubuntu Server Edition using Plex’s debian package rather than relying on Ubuntu to provide timely updates.

When running Plex Media Server on Linux distributions, it is possible to change the user Plex Media Server runs as and where it stores metadata. To change the startup configuration and context of the systemd service, edit the systemd service file:

/lib/systemd/system/plexmediaserver.service

To change location where Plex Media Server stores metadata files, change the Environment setting for PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR in the plexmediaserver.service file.

You can edit the path within the quotation marks to any directory of your choice. The path and directory you define must exist and must be owned by the Plex Media Server.

The default user that Plex Media Server runs as is plex. To change the user context under which Plex Media Server runs as, change the variables User and Group in the systemd service file. When you change the user and group, remember to change the ownership of your Plex Media Server’s Application Support Dir.

For changing from user plex to some_other_user then remember to run:

$ chown -R some_other_user /var/lib/plexmediaserver

After making any configuration changes, it is important to refresh the systemd subsystem. To refresh the systemd subsystem, run the following command for changes take effect on the next restart/boot.

$ systemctl --system daemon-reload

Next, restart the Plex Media Server service:

$ service plexmediserver restart

NOTE

You can start, stop, restart Plex Media Server as such:

$ service plexmediserver (start|stop|restart)

For reference, here is the default systemd service file:

[Unit]
Description=Plex Media Server for Linux
After=network.target

[Service]
Environment="PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=/var/lib/plexmediaserver/Library/Application Support"
Environment=PLEX_MEDIA_SERVER_HOME=/usr/lib/plexmediaserver
Environment=PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS=6
Environment=PLEX_MEDIA_SERVER_TMPDIR=/tmp
Environment=LD_LIBRARY_PATH=/usr/lib/plexmediaserver
Environment=LC_ALL=en_US.UTF-8
Environment=LANG=en_US.UTF-8
ExecStartPre=/bin/sh -c '/usr/bin/test -d "${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}" || /bin/mkdir -p "${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}"'
ExecStart=/bin/sh -c '/usr/lib/plexmediaserver/Plex\ Media\ Server'
Type=simple
User=plex
Group=plex

[Install]
WantedBy=multi-user.target

This document is based on this article.

Tags: , , ,


Dec 09 2015

HOWTO Disable System Integrity Protection on El Capitan

Category: #apple,#generik,#howto,#osx —  Juan @ 10:13 

Restart your Mac and press the ‘Command + R’ key combinations as soon as you hear the startup chime. This will boot your Mac into Recovery Mode. Once in Recovery Mode, in the Menu bar, click on:

 

Utilities -> Terminal

Type in the following command to disable rootless mode:

Kode  
$ csrutil disable

Restart your Mac for changes to take effect. To check rootless mode, launch Terminal, and type in the following command:

Kode  
$ csrutil status

Either you’ll get an ‘enabled’ or ‘disabled’ message.

Tags:



May 30 2013

HOWTO Remove Power Notification from Sense 5.0

Category: #android,#howto,#yourewelcome —  Juan @ 09:59 

This hack simply disables the Power Saver Notification that appears on HTC Jellybean Sense 5.0 devices.

Kode  
$ adb shell
$ su
$ pm disable com.htc.htcpowermanager/.powersaver.PowerSaverNotificationReceiver

Reboot device when finished. Power Saver Notification should not be disabled in your drawer without disabling Power Saver completely.

The simpler solution would be to download Jmz Power Saver Disabler.

Tags: , , , , ,