StrongVPN PPTP on DD-WRT – Source based routing (improved)

Hi there -

Myself and others have had a problem using the solution that I posted here. It works for a couple of hours, but then stops and requires a reboot to get it running again. I finally took some time to try and figure it out, and found that I needed to modify the IP-UP script to reestablish a couple of things. Here is an update to the original post:

I’m a StrongVPN customer and just today I had a use case that required that I was able to setup the VPN tunnel from my router and only route a specific host down the VPN.

Here is how I did it using these:

• Router running DD-WRT v24-sp2 (08/07/10) std
• StrongVPN account (PPTP)

Do the following on your router:

Services->VPN

• PPTP Client Options: Enable
• Server IP or DNS name: <this is the IP of the VPN server, hostnames DON’T work>
• Remote Subnet: <This is the IP that the YOU receive from the VPN server, to get this first connect on Mac/Win and check what IP you get)
• Remote Subnet Mask: 255.255.255.0
• MPPE Encryption: mppe required,stateless
• MTU: 1450
• MRU: 1450
• NAT: Enable
• Username: <This is your StrongVPN user ID>
• Password: <This is your StrongVPN password>

Setup -> Basic Setup

Under: Network Address Server Settings (DHCP)

• Static DNS 1: 216.131.94.5
• Static DNS 2: 216.131.95.20

Administration -> Commands

• EDIT the INT and SOURCETOROUTE and interface (e.g ppp0) to suit and paste the following to the end of the STARTUP script, then click ‘save startup’. The IP specified in SOURCETOROUTE is the source IP that will be routed via the VPN.

  # Customize PPTPD client
sleep 50
mkdir /tmp/etc/config
echo "#!/bin/sh" > /tmp/pptpd_client/ip-up;
echo "SOURCETOROUTE=192.168.1.119" >> /tmp/pptpd_client/ip-up;
echo "REMOTEIP=\$(ifconfig ppp0 | sed -n 's/.*inet *addr:\([0-9\.]*\).*/\1/p')" >> /tmp/pptpd_client/ip-up;
#echo "ip rule add from \$SOURCETOROUTE table 200" >> /tmp/pptpd_client/ip-up;
echo "/usr/sbin/ip route add default via \$REMOTEIP dev ppp0 table 200" >> /tmp/pptpd_client/ip-up;
echo "/usr/sbin/ip route flush cache" >> /tmp/pptpd_client/ip-up;
echo "touch /tmp/execute-debug" >> /tmp/pptpd_client/ip-up;
echo "/usr/sbin/iptables --table nat --append POSTROUTING --out-interface ppp0 --jump MASQUERADE" >> /tmp/pptpd_client/ip-up;
echo "/usr/sbin/iptables --insert FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu" >> /tmp/pptpd_client/ip-up;
#echo "echo "/tmp/pptpd_client/ip-up - $(date)" >> /tmp/dbvpndebug" >> /tmp/pptpd_client/ip-up;
chmod 777 /tmp/pptpd_client/ip-up;

  Then in the same area, add the following to the FIREWALL script, and once again modify the SOURCETOROUTE and interface as necessary:

  INT=ppp0
  SOURCETOROUTE=192.168.1.119
  echo "sleep 40" > /tmp/firewall_script.sh
  echo "/usr/sbin/iptables --table nat --append POSTROUTING --out-interface $INT --jump MASQUERADE" >> /tmp/firewall_script.sh ;
  echo "/usr/sbin/iptables --insert FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu" >> /tmp/firewall_script.sh ;
  echo "ip rule add from $SOURCETOROUTE table 200" >> /tmp/firewall_script.sh ;
  echo "REMOTEIP=\$(ifconfig ppp0 | sed -n 's/.*inet *addr:\([0-9\.]*\).*/\1/p')" >> /tmp/firewall_script.sh ;
  echo "/usr/sbin/ip route add default via \$REMOTEIP dev ppp0 table 200" >> /tmp/firewall_script.sh ;
  #echo "echo "/tmp/firewall_script.sh - $(date)" >> /tmp/dbvpndebug" >> /tmp/firewall_script.sh ;
  sh /tmp/firewall_script.sh &
  

  Enjoy.

Multibootable USB Drive

Check out how to easily create a multiboot USB drive from this HakTip:

Get YUMI here

“Windows Live Support” – Scam

The other day I received a random call on my home line, when I answered I heard a guy within an Indian accent stating that he was from “Windows Live Support” and that “they had detected some ‘activity’ from my Windows computer”. He was able to address me by my full name, which was concerning at first. Almost immediately I was picking up on some cues that made me rather certain that this was a scam, but I thought I’d play along to see where this goes.

He asked if I was “authorized” to use this computer, which I found a bit of an odd question.. like they’d care if I was… Anyways he proceeded to ask be to start-up the computer and let him know once ready. During the boot up process I could clearly hear that we was in a very busy call centre, and I could hear many other Indian accent voices in the background going through the same process with other potential victims. Sounded like a large operation.

Once the computer was booted up I announced to him that I was ready to proceed.

Directs me to press Windows key + R to bring up the run box, then get Event Viewer open by issuing the “eventvwr” command. In Event viewer he directed me to the “Application” log and asked me to estimate how many red error entries I see… I response “about 50″, and he proceeds to say (in a very scripted fashion)… “Oh! my goodness! your machine is very badly infected and it’s going to break my Mother Operating System” LOL!… I continue to play along. Next up was the “System” log and he again asks that I estimate the quantity of red errors, this time I respond “about 30″, and in exactly the same scripted sentence he says “Oh! my goodness! you’re machine is very badly infected and it’s going to break my Mother Operating System”, by this stage I’m constantly going on mute to have a good laugh, then get my composure and return to the call. I acted like a real sap and agreed with him that my machine must be very badly infected. At each step I pretended to be a computer novice, saying things like “what is the Windows key??”

Next up, it’s back to the “Run” box and this time I need to type “prefetch”. Similar to previous, this time he wanted to know how many files are being displayed… I say “about 20″, then comes the scripted response again: “Oh! my goodness! you’re machine is very badly infected and it’s going to break my Mother Operating System”. This time he adds that I have “Spyware” on my machine, and asks me if I know what it is… I say “no”, then he proceeds to explain that “Spyware is like a Terrorist on your computer”. LOL!

After this he reads be a number: “80041820″ and tells me if I see this somewhere then it’s a bad thing..

Next stop, Right-click My Computer, then go Manage. Then he proceeded to direct me to an area in the ‘Manage’ box that I’ve never had the occasion to use: Index Service -> Query the Catalog. He has me search for “Software Security Services”, which by no surprise gives a result that the services does not exist and a magic error code comes up….. yes, “80041820″. He tells me to compare the error code to the code he gave previously, and I agreed with him that they are the same, then proceeds to summarize everything that has happened and to finally convince me that my machine is boned. So far this has taken a good 20 mins. 20mins spent on building my confidence, impressive.

Now, he directs be to go to the Run box and type in www.support.me – at this point I was not willing to play along further, who knows what’s going on at this site. So instead I decide to figure out what exact information to they have on me, I tell him that I not willing to proceed until he provide some key information about me. He proceeds to read out my full name, phone number (duh!) and physical address… not cool. I press him to provide an identity number for me. He just keeps dodging the question – good thing so I gather that was the extent of the information they had. At this point I tell the guy that I think this is a spam, which he denies with the lame response “How could we use the Windows name in our company name if we where not a Microsoft partner”. Funny. He realizes that he’s not getting very far with me, so hands me to his very well spoken supervisor “Chris”. Chris tries to reassure me that all is good and that I should proceed. I tell him I will not proceed, and he gets rather aggressive asking “Why would I not want to fix my infected computer??!!”. I ask where they are located, he responds: “London”, then if I asked him if he is aware of the DNC (Do Not Call) list law in UK?, he says “Yes”, I say put me on it, then hang up. Like a scam operation would actually adhere to that law, but anyway.

Armed with all this information, I started to do some Googling and found that many people have received such calls. The end game that is operation aims for is to persuade you to purchase some software to “clean up” your machine.

This operation seemed large and pretty well-organized, and it was amazed that they were willing to spend upward of 20 minutes with me on the phone just to build trust/confidence.

Check out this hilarious YouTube video, where I guy recorded some of this:

StrongVPN PPTP on DD-WRT – Source based routing

I’m a StrongVPN customer and just today I had a use case that required that I was able to setup the VPN tunnel from my router and only route a specific host down the VPN.

**Disregard this post – Improved version posted here**

Here is how I did it using these:

• Router running DD-WRT v24-sp2 (08/07/10) std
• StrongVPN account (PPTP)

Do the following on your router:

Services->VPN

• PPTP Client Options: Enable
• Server IP or DNS name: <this is the IP of the VPN server, hostnames DON’T work>
• Remote Subnet: <This is the IP that the YOU receive from the VPN server, to get this first connect on Mac/Win and check what IP you get)
• Remote Subnet Mask: 255.255.255.0
• MPPE Encryption: mppe required,stateless
• MTU: 1450
• MRU: 1450
• NAT: Enable
• Username: <This is your StrongVPN user ID>
• Password: <This is your StrongVPN password>

Setup -> Basic Setup

Under: Network Address Server Settings (DHCP)

• Static DNS 1: 216.131.94.5
• Static DNS 2: 216.131.95.20

Security -> Firewall

• SPI Firewall: Disable

Administration -> Commands

• EDIT the INT and SOURCETOROUTE variables to suite and paste the following, then click ‘save firewall’. The IP specified in SOURCETOROUTE is the source IP that will be routed via the VPN.

  INT=ppp0
  SOURCETOROUTE=192.168.1.119
  echo "sleep 40" > /tmp/firewall_script.sh
  echo "/usr/sbin/iptables --table nat --append POSTROUTING --out-interface $INT --jump MASQUERADE" >>  /tmp/firewall_script.sh ;
  echo "/usr/sbin/iptables --insert FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu" >> /tmp/firewall_script.sh ;
  echo "ip rule add from $SOURCETOROUTE table 200" >> /tmp/firewall_script.sh ;
  echo "REMOTEIP=\$(ifconfig $INT | sed -n 's/.*inet *addr:\([0-9\.]*\).*/\1/p')"  >> /tmp/firewall_script.sh ;
  echo "ip route add default via \$REMOTEIP dev $INT table 200"  >> /tmp/firewall_script.sh ;
  echo "ip route flush cache" >>  /tmp/firewall_script.sh ;
  sh /tmp/firewall_script.sh &
  

• Reboot your router, after which give it about 5mins and give it a try from the machine specified in SOURCETOROUTE

Vignettr – v1.3 – Live on app store

Yes, another update to Vignettr is out! v1.3.

The main addition to v1.3 is presets. As an avid user of Vignettr myself I’ve found that I have a couple of combinations of effects that I reuse often and thought it’d be great if I packaged up some of those into presets where with a quick tap of the preset it does all the adjustments for me. So thats what I did. In this version I’ve included 4 presets:

 

1) Noir: A high contrast monochrome output, much like the Nior style films.
2) Semi-Desat: A med contrast partial desaturation of the image, with a bit of vignette and ND grad filter applied for good measure.
3) Vegetable Lasagne: A warming, partially vintage tone.
4) Yesterday: A low contrast, light orange tinting to give a look much like film camera’s of the 70′s.

 

With all of these presets, once they have been applied that does not stop from you from tweaking each of the usual adjustments (vignette, luminance etc).

The other change is to the user interface… nothing drastic, but some improvements I feel make the app easier to use and more pleasing to the eye. Credit to Patrick Hoesly on flickr for the use of one of his many amazing textures as the backdrop in both the iPhone and iPad versions of Vignettr.

Vignettr – v1.2 – Live on app store

Hi All,
Vignettr 1.2 has just been approved and is now live on the app store.

This version introduces the following new features:

Tint Adjustments

Choose a colour from the palette and apply a tint to the image. The tint can be used to warm or cool and image – or give a bold colour tint. If a white colour is selected for the tint it allows you to progressively desaturate your image depending on the intensity applied.

Screen shot:

Swipe gestures

Using the typical swipe gesture to cycle between the available adjustment modes (Vignette, ND Grad, Letterbox, Luminance and Tint). The swipe can be used in both a left to right and right to left motion.

Vignettr: with native iPad support (awaiting approval)

 

Hi All,

Vignettr 1.1 has just been submitted to the app store for review and approval. There are a couple of little bug fixes, but the big change is now native iPad support! The app is now a universal iPad/iPhone app, those with version 1 get a free upgrade gain iPad support. New customers now get iPhone and an iPad app for just $0.99c.

 

 

 

Whilst we await approval, here are some screenshots:

Wireshark on Mac OS X (Snow Leopard)

Get binary: http://www.wireshark.org/download.html (I got 1.4.2)

• Install .DMG
• Copy the ‘Utilities’ folder from the DMG to /usr/local/bin
• Copy the entire ‘ChmodBPF’ folder to /Library/StartupItems/
• sudo xattr -r -d com.apple.quarantine /Library/StartupItems/ChmodBPF
• sudo chown -R root:wheel /Library/StartupItems/ChmodBPF
• Restart your machine, then it should work.

Vignettr: First review is out

Happy to report that Vignettr has gotten it’s first online hands-on review.

The author from i comme Photo, Le blog de l’iphoneographie contacted me to perform a review. Google translates the name of the blog to “i like photo, The blog iphoneographie”, and looking through the site it definitely seemed like Vignettr would be in good company there. Of course, I was more than happy to oblige.

Scored a decent 4 out of 5. Pretty happy with that. Read for the review yourself in English (translated) or native French.

Suggest that anyone that’s into iphoneography or digital toy camera effects keep an eye on the blog. You can add the RSS feed to Google Reader and get it to auto translate.

Vignettr: Live on app store!

The journey of working on Vignettr on and off for a couple months has reached a major milestone – Version 1 is now available on the app store!

As a keen amateur photographer, I wanted to make app with some of the functions that I personally love within full featured photography work-flow products, like Adobe Lightroom. I aimed to take some of my favourites and make them accessible and easy to use on these portable devices we carry with us every day and make it quick and easy to make appealing enhancements to photos we take on the go.
In the development, the number one design principle for me was to keep the focus of the
users attention on the photo itself, and do my best not to distract with too many or overly complex user interface elements.

Here’s what’s inside Version 1:

Vignetting

This was obviously the source of the app name, and a technique if used on the right image can create some great results. Typically the idea of a vignette effect is to draw the viewers eye towards the subject of the image by darking the image at the edges in a radial gradient fashion. Vignetting is actually an optic flaw that is prevalent in older cameras, and gives a “retro” look and feel.

The app allows you to control the size and intensity of this effect.

Here is an example of some exaggerated vignetting (click for larger size):

ND Grad Filter

Due to the limited Dynamic Range of cameras you’ll often find a situation where in a landscape type photo for example that the foreground of beach, water, mountains etc look good – but the sky is far less blue (or often near white) in the photo compared to what it actually was. The ND Grad filter effect darkens the image gradually from top to bottom which helps to bring out the saturation in the sky.

The app allows you to control the size (top to bottom) and intensity of this effect.

Here is an example, notice the detail and saturation in the sky (click for larger size):

Letterboxing / Border

Letterboxing is an effect often used by photographers to give a cinematic feel to their shots. The idea is you add a band of band to the top and bottom of the image, and less typically on the left and right sides. This same tool in Vignettr can be used to create a basic black border around the image.

The app will allow you to either manipulate the size of the typical letterboxing, or the left and right sides – or you can lock the effect to apply a basic border to the image to the size you prefer.

Here is an example of typical letterboxing (click for larger size):

Luminance

This luminance tool allows you to change the brightness and contrast to you images. This may sound rather predestration, but correctly adjusting the exposure (brightness) and black-point (contrast) of your images can often enhance or add an appealing tonal quality to your image.

Some technical info:

• The app will run on the iPhone, iPod Touch and the iPad (iPhone compatiablity mode).
• As you move the controls to manipulate the effect it will dynamically update the effect, except in the case of the older iPhone 3G and the 1st gen iPod touch
• In most cases you’ll be able to save the manipulated image at it’s original resolution, up to the following limits:
  • iPhone 3G, iPod Touch 1st Gen: 1600px
  • iPhone 3GS, iPod Touch 2nd Gen: 2048px
  • iPhone 4, iPad, iPod Touch 3rd Gen: 2592px
• Vignettr once had a different name but that’s a different story.

Vignettr is on twitter, please do follow for updates, sample shots and use it as a channel for feature requests, bug reports.

Cheers.