2011/08/22

SSH tunneling for a small VPN

Here is a simple script that sets up a simple VPN between two networks using SSH tunneling. You must have root access to a computer on both networks. You must have 2 IP addresses for the remote network. The remote network is assumed to be /24. The script assumes that tun0 is available on both computers. If you don't understand this or you don't have this, you can't use this script.
#!/bin/bash


HOST=$1
LOCAL_IP=$2
REMOTE_IP=$3

eval $(ipcalc --network $LOCAL_IP/24)
if [[ "NETWORK=$NETWORK" != $(ipcalc --network $REMOTE_IP/24) ]] ; then
echo "Local IP ($LOCAL_IP) and remote IP ($REMOTE_IP) must be on the same network" >&2
exit 3
fi

ip route del $NETWORK/24 dev eth0 2>/dev/null
set -e

set -x
ssh -w 0:0 $HOST "
ip link set tun0 up
ip addr add $LOCAL_IP peer $REMOTE_IP/32 dev tun0
arp -sD $REMOTE_IP eth0 pub
echo 1 >/proc/sys/NETWORK/ipv4/ip_forward
echo OK
while true ; do sleep 3600 ; done
" | (
set +x
read OK;
echo "Connected to $HOST: $OK"
ip link set tun0 up
ip addr add $REMOTE_IP peer $LOCAL_IP/32 dev tun0
ip route add $NETWORK/24 via $REMOTE_IP dev tun0

iptables --append FORWARD --in-interface eth0 -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface tun0 -j MASQUERADE
set +e
read -e -p 'Connected' K iptables --delete FORWARD --in-interface eth0 -j ACCEPT
iptables --table nat --delete POSTROUTING --out-interface tun0 -j MASQUERADE
echo "Use ^C to stop background ssh"
)

Note that the script has very little error checking beyond verifying that REMOTE_IP and LOCAL_IP are on the same /24.

The script is executed as vpn-ssh remote-host local-ip remote-ip. For example:
ssh my-client 192.168.100.130 192.168.100.205
192.168.100.130 is now an IP for the local computer. It may be connected to from the remote computer and anything on the remote network. If you set up your routing properly, other computers on the local network may also connect to the remote network also.

To create a tunnel ssh must run as root and must connect as root on the remote side. You should use have public/private keys set up, as allowing password login for root over ssh is a bad idea. Tunneling and root login are often deactivated by default, so you'll have to turn them on.

2011/08/19

Arduino on CentOS 5

So I bit the bullet and bought an Arduino UNO. The packaging should have a label on it "WARNING: BY OPENING THIS PACKAGE YOU RECOGNISE YOU WILL GET NO USEFUL WORK DONE TODAY."



All I wanted was to get one LED to flash. But that requires a avr-cpp-g++, which isn't available for CentOS 5. GRRRR!



So I wasted to much time getting the CentOS 6 SRPMs and getting them to compile. But you may fetch them from my psuedo-repo.

While time was a wasting, a kind soul on IRC sent me a hex file for bitlash which I managed to upload to the board. This allowed me to flash a few LEDs and get on with my work.

Writing code for the Arduino Uno in CentOS 5


RPMs will need from the psuedo-repo
avr-libc-1.7.0-1.noarch.rpm

avr-libc-docs-1.7.0-1.noarch.rpm
avr-binutils-2.20-2.x86_64.rpm
avrdude-5.10-1.x86_64.rpm
avr-gcc-4.5.0-2.x86_64.rpm
avr-gcc-c++-4.5.0-2.x86_64.rpm
gmp-4.3.1-7.x86_64.rpm
gmp-devel-4.3.1-7.x86_64.rpm
gmp-static-4.3.1-7.x86_64.rpm
libmpc-0.8-3.x86_64.rpm
libmpc-devel-0.8-3.x86_64.rpm
mpfr-2.4.1-6.x86_64.rpm
mpfr-devel-2.4.1-6.x86_64.rpm

You will also need arduino-0022.tar.gz, which I installed in /opt/arduino.

Now the IDE works, but it's in Java. Which hates me, hates Linux and I hate Java just as much, just for good measure I also hate IDEs. Working from two tutorials and with some slamming my head into the table, I got it working. The trick was massaging Johan's Makefile into something that worked. I also had to patch /opt/arduino/hardware/arduino/cores/arduino/wiring_private.h.

To start a new project, lets say "blink2"
mkdir blink2

cd blink2
wget http://awale.qc.ca/CentOS/rhel5/Makefile.arduino -O Makefile
wget http://awale.qc.ca/CentOS/rhel5/resetArduino.pl
touch blink2.pde

Now add your code to blink2.pde.

And here is my first Arduino program. It's a 6 LED chaser. It would be more, but I can only find 6 LEDs right now. Pins 13-9 are red, pin 8 is green. The green light stays on twice as long as the others.
#define DELAY 100


int state;
void setup(void) {
int pin;
state = 1;
for(pin=13; pin >=8; pin-- )
pinMode(pin, OUTPUT);
}

void set_state(void) {
int pin;
int mask = 1;
for(pin=13; pin >=8; pin-- ) {
digitalWrite( pin, (state & mask) );
mask <<= 1;
}

}

void loop(void) {

if( state == 1 ) {
state = 3;
}
else {
state = state << 1;
}
/* 0001 1000 = 18 */
/* 0011 0000 = 30 */
if( state == 0x60 ) { /* 0110 0000 = 60 */
state = 0x20;
set_state();
delay( DELAY*4 );
state = 1;
}
/* 0100 0010 = 42 */
else if( state == 0x42 ) {
state = 3;
}
set_state();

delay(DELAY);
}


Now compile and upload it:
make && sudo make upload