Feb 282016
 
VW Golf, OBD2, Torque Pro

Since we have a new car (VW Golf 5 GT) which has an OBD2 connector, I was curious what it can do. So I bought myself an el cheapo ELM327 Bluetooth adapter and connect to it via Torque Pro and low and behold, it works and the data it can see and display looks good and matches what either the car dashboard shows or what is common sense.

It’s quite fun to watch the parameters as they change: gas pedal, oil temperature, turbo boost pressure. No real purpose, but technically interesting.

Once an error occurs, it’ll get more interesting: without diagnostic tool all you get is an “yellow motor error” light. Not much you can do here than go to a car repair shop. With software like Torque and OBD2 data, you possibly get the sensor which is either broken or shows bad data.

Feb 282016
 
SoftEther - Part 2

Wanted to put a VPN gateway into a Docker container. Turned out to be difficult since the container needs to accept ESP traffic for IPSec, which I could not make work.

However running a SoftEther VPN server turns out to be easier than expected: Have the binaries, and a vpn_server.config file, and off you go. To create the config file, use the Windows management utility.

On the client side it’s rather simple. Windows client software is neat and straightforward. Linux is not much harder:

# Download softether-vpnclient-v4.19-9599-beta-2015.10.19-linux-arm_eabi-32bit.tar.gz to e.g. /var/tmp/
cd /usr
tar xfv /var/tmp/ softether-vpnclient-v4.19-9599-beta-2015.10.19-linux-arm_eabi-32bit.tar.gz
cd vpnclient
make i_read_and_agree_the_license_agreement
./vpnclient start
./vpncmd
2 (Management of VPN Client)
ENTER (picks localhost)
NicCreate VIRTUALNIC (e.g. box2)
AccountCreate ACCOUNTNAME (e.g. box2)
vpn.domain.org:443 (VPN Server Host Name and Port Number)
VIRTUALHUBNAME (e.g. Box2Hub)
USERNAME (e.g. harald)
box2 (Virtual NIC)
#
AccountPasswordSet ACCOUNTNAME
PASSWORD (password for USERNAME)
PASSWORD (repeat)
standard (standard or Radius)
#
# Autostart:
AccountStartupSet ACCOUNTNAME
# Connect:
AccountConnect ACCOUNTNAME
# Check
AccountStatusGet ACCOUNTNAME

And that’s it. It’ll create a virtual NIC vpn_box2 and whenever you start vpnclient, it’ll create it and connect.

E.g. have this in /etc/rc.local:

( /usr/bin/vpnclient start ; sleep 10 ; ifconfig vpn_box2 192.168.30.51 netmask 255.255.255.0 up ) &

or alternatively if you can take any IP address:

( /usr/vpnclient/vpnclient start ; sleep 10 ; dhclient vpn_box2 ) &

In case of slow connection/computers, increase the 10s delay to more. I use 20s for my AllWinner A20 CPUs.

Feb 252016
 

Let’s Encrypt is a method to get a free signed certificate with the intent of allowing to use end-to-end encryption between the server (web, mail etc.) and the client. Important when you are in an Internet Cafe or HotSpot at an airport.

To get a certificate, you have to proof that you own DNS or the web server for the domain you want to use the certificate for.

There’s a complete documentation about the protocol ACME around it and clients which use it to make this easy for normal users without having to mess with manually created certificates. I used the “le” client:

git clone https://github.com/Neilpang/le
cd le
./le.sh issue dns DOMAIN HOST1_OF_THE_DOMAIN,HOST2_OF_THE_DOMAIN ec-384

DOMAIN is your domain, e.g. studiokubota.com. HOSTS_OF_THE_DOMAIN is a comma separated list of hosts of said domain, e.g. www.studiokubota.com, mail.studiokubota.com etc.

When done, I had to set some TXT records for my domain to confirm that I control the DNS zone I request certificates for. Then about 10min later:

./le.sh renew DOMAIN

confirms everything and creates properly signed certificates in ~/.le/DOMAIN/

Note that the life time of this certificate is relatively short: 3 months, so a renew command needs to be run once per quarter at least.

$ openssl x509 -in studiokubota.com.cer -noout -text 
Certificate: 
    Data: 
        Version: 3 (0x2) 
        Serial Number: 
            xx:xx:2c:8d:6c:a3:06:12:2e:c8:03:3c:91:xx:xx:xx:xx:xx 
    Signature Algorithm: sha256WithRSAEncryption 
        Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X1 
        Validity 
            Not Before: Feb 25 07:40:00 2016 GMT 
            Not After : May 25 07:40:00 2016 GMT
 [...]

To use the key/certificate, do:

cp studiokubota.com.cer /etc/ssl/certs/studiokubota.com.pem
cp studiokubota.com.key /etc/ssl/private/
chown root:root /etc/ssl/certs/studiokubota.com.pem /etc/ssl/private/studiokubota.com.key
chmod go-rwx /etc/ssl/private/studiokubota.com.key
c_rehash

You should now see 2 links to the .pem file in /etc/ssl/certs:

root@docker-3:/etc/ssl/certs# ls -la | grep studiokubota 
lrwxrwxrwx 1 root root     11 Feb 25 12:56 065f4d47.0 -> studiokubota.com.pem 
lrwxrwxrwx 1 root root     11 Feb 25 12:56 446cb3a7.0 -> studiokubota.com.pem 
-rw-r--r-- 1 root root   1578 Feb 25 12:47 studiokubota.com.pem
Feb 102016
 

Looking for a way to make a 128GB SSD be enough for several (at least 7) VMs naturally leads to thin provisioned disks. I did not know that LVM can do this and this seems to be the most efficient as well as fastest was to provision disks for VMs.

A nice summary is here and I follow this closely. Here the steps for a plain Debian 8.3 build:

apt-get install thin-provisioning-tools
lvcreate -L 50G --thinpool tp_vm giga-vg
lvcreate -V 8G --thin -n t_router giga-vg/tp_vm

That’s it. Now giga-vg/t_router is a thin provisioned 8GB volume. To see how full the thin volume pool is:

root@giga:~# lvs 
  LV       VG      Attr       LSize  Pool  Origin Data%  Meta%  Move Log Cpy%Sync Convert 
  root     giga-vg -wi-ao---- 22.00g                                                      
  swap_1   giga-vg -wi-ao----  7.83g                                                      
  t_router giga-vg Vwi-a-tz--  8.00g tp_vm        0.00                                    
  tp_vm    giga-vg twi-aotz-- 50.00g              0.00   0.45