Thursday, July 12, 2007

Client HTTPS traffic with OpenVPN and redirect-gateway

Recently I set up a simple enough vpn with a gentoo/xenplanet hosted openvpn (howto) to secure my wifi traffic from public locations. The problem described here is quite trivial, but its solution wasn't a found in a quick search, hence this post!

Problem: The redirect-gateway configuration option makes all traffic route through the xenplanet box. iptables based masquerading was used to perform SNAT on traffic from openvpn clients however HTTPS was completely broken! The initial TCP connection would go though but as soon as a the SSL connection was initialised by the client the HTTPS server would immediately close the TCP connection.

Extensive Googlin' turned up very little related to openvpn and the resolution of such an issue, although it has been mentioned a number of times in mailing list entries such as here. I changed tack and searched for NAT issues related to tunnels with iptables, striking gold here with a description of a working NAT setup with a CIPE tunnel.

So to get client HTTPS traffic working with an openvpn and redirect-gateway instead of this:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Use these instead:
iptables -t nat -A POSTROUTING -d 192.168.42.0/255.255.255.0 -j RETURN
iptables -t nat -A POSTROUTING -s 192.168.42.0/255.255.255.0 -j SNAT --to-source EXTERNAL_IP_ADDRESS

Where 192.168.42.0 is the internal address range used by openvpn. Also make sure to keep all other NAT rules such as the one for Related and Established connections present in your configuration!

P.S. This is with a non-bridged configuration, using TCP port 443 and TLS on the server.

Thursday, June 21, 2007

Stereo Bluetooth Profile (A2DP) on Mac OS X Tiger with Jack Audio

The tutorial below is outdated and should not be attempted. 
If you want A2DP, upgrade to Leopard. 

Low latency Stereo Bluetooth Audio is now possible on tiger thanks to Tim Hewett's a2dpcast which uses Jack for recording from the system mixer or indeed any specific coreaudio application.

To use the new system:
  1. Download Jack for Mac OS X from here.
    Make sure to read the documentation on how to install properly on Intel Macs, especially making an Aggreagate Device with "Audio Midi Setup". For the exact proceedure watch the screencast at the bottom of this post.
  2. Download a2dpcast from Tim's website, here.
  3. Extract and copy to /usr/local/bin
  4. From a terminal run
    a2dpcast ADDR
As it's based on the bluetooth code in the previous instructions, please continue to post compatiblity experiences, here.

N.B. The old instructions posted on this blog are now obsolete!

Update: Improved compatibility with new version from Tim with special thanks to Paul Guyot.

Saturday, June 09, 2007

Blogger Template: Digg This button with a custom URL

As expected in migrating over to blogger all my posts have now got slightly different URLs. The question is what to do with posts which have already been dugg with the old URL?

The first step was to set up forwards from my old URLs with Apache 2.2's mod_rewrite.

Then using the instructions posted on ajaxcold, I integrated the "digg this!" button with automatically generated URLs. In the case of old stories I want to be able to specify a URL.
  1. In your Blogger Template (First tick "Expand Widgets"):
    • Below this line (Or anywhere between <head> and </head>):
      <title><data:blog.pageTitle/></title>
    • Add these lines:
      <!-- Digg Url Override // -->
      <script type="'text/javascript'">
      var digg_url_override = null;
      </script>

  2. In the existing "digg this!" button code from ajaxcold's tutorial:
    • Replace the line:
      digg_url = '';
    • With these lines:
      if (digg_url_override === null ) {
      digg_url = '';
      } else {
      digg_url = digg_url_override;
      }
      digg_url_override = null;

Then when (re-)posting a story which needs a custom URL, switch to HTML editor, and at the very start on a single line paste:

<script type="'text/javascript'"> digg_url_override = 'CUSTOM_URL';</script>


Where CUSTOM_URL is the custom URL you want people to keep digging.

Done!

Wednesday, June 06, 2007

List of Working Stereo Headsets

This list is outdated. If you want A2DP, upgrade to Leopard.

Here is a round-up of stereo headsets reported to work with my earlier instructions, however this should be relevant for these instructions.

Reported Working (Intel)
Motorola HT820
Griffin Bluetrip
Plantronics Pulsar 260
Plantronics Pulsar 590A
Jabra BT 620s (1 report of performance problem, Other reports of success)
iMuffs
Sony CMT-HX5BT

Reported Working (PPC)
Jabra BT320s
Bluespoon Spider Stereo

Reported Not Working (Intel)
Sony Ericsson's HBH-DS970
Omiz Combo BT headphone
Motorola S9
Motorola DC800
Jensen WBT212

Reported Not Working* (PPC)
Motorola HT820 (Static Outputted)
Motorola S9 (Static Outputted)

Information Requested
Sony DR-BT20NX

* It seems very likely that any headset that doesn't work on Intel Macs will not work on PPC Macs.

Migrating to Blogger

I've finally found time to moving this site over to blogger, which I've wanted to do since it got tags / category labels. Nasty side effect is the loss of comment date and times, oh well...

Friday, February 23, 2007

Stereo Bluetooth Profile (A2DP) on Mac OS X Tiger

This post is now obsolete, please check out the new instructions which use Jack Audio, here.

Using the following instructions will allow full use of stereo bluetooth headphones on a mac without waiting for Leopard! Unfortunately The audio is delayed by nearly a second because this is such an indirect method.


  1. Install Darwin Ports (Install Guide)

    From http://darwinports.com/

  2. Install Soundflower

    http://www.cycling74.com/products/soundflower
    A restart is required.

  3. Set input and output sound devices to "Soundflower (2ch)"

  4. Install esd

    From a terminal window run:

    sudo port install pkgconfig audiofile esound

  5. Start esd for the first time (It should autostart afterwards):

    esd &


  6. Download bttest02.zip

    This is a GPL A2DP player by bkc based on a2player, available from www.emucamp.com/boukichi/btplay02.zip.

    Download Tim Hewett's modified version that works on both PPC and Intel from here.

    Extract the files and copy bttest and sbcenc to your local bin folder (e.g. /usr/local/bin).

  7. Create a shell script called in your local bin folder called a2dp.sh, replacing HEADSET with your bluetooth headset's device address.

    This address can be obtained in System Preferences -> Bluetooth - Devices, after pairing.

    Place these lines in the shell script:
    #!/bin/sh

    mkfifo /tmp/mixer

    ADDR=HEADSET

    esdrec | sbcenc -z 44 -s 4 -j - | bttest $ADDR -

    rm /tmp/mixer
  8. Run a2dp.sh

The resulting sound quality is at least as good as my Motorola V3x produces. Another thing to note is that if the headset goes out of range it does not reconnect properly.


If you try this with a headset other than the Motorola HT820, please post a comment about your experience. So far there have been some negative reports for Sony Ericsson headsets.

Thanks to bkc for the port! Also this hint was helpful, Create a wireless speaker setup without AirTunes.

Enjoy!

Update: New version of btplay.

Update 2: Added link to install guide.

Update 3: Tweaked instructions to include pkgconfig and starting esd (thanks jon) for the first time.

Update 4: Request for information on experiences with other headsets.

Update 5: Thanks to Tim Hewett this now works on PPC and the shell script has been improved. Confirmed working on Jabra BT320s. As always reports of success or otherwise are greatly appreciated!!