Share internet connection with Airport on Mac

Posted on by
Reply

# note: this is based on Mac OS X v10.6.8 , YMMV

enable Internet Sharing

  1. go to System Preferences ->Sharing
  2. click the “lock sign” and type your password to enable system preference to make changes
  3. click on text “Internet Sharing”(not the checkbox)
  4. choose “Ethernet” as “Share your connection from” and check “AirPort” inside “To computers using”
  5. Set wireless detail in “AirPort Options…”
  6. check the checkbox for Internet Sharing and click “start”

NOTE1: You might need Fix Disk Permissions in “Disk Utility” for the boot disk.
NOTE2: You might need do following if the Internet sharing icon(a fan shape with upward arrow inside) is NOT shown on menu bar
* disable Internet sharing
* disconnect any existing Wifi connection at AirPort(make sure it’s grey – not connected)
* sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/bootps.plist
* enable Internet sharing

NOTE3:On client side, if your device cannot get an IP assigned automatically, you might need manually setup IP/Gatway/DNS based on IP of Mac AirPort(use command “ifconfig en1″ to check AirPort IP)

For example, if Mac AirPort has an IP of 10.0.2.1, then the client can be set with following

IP/net mask: 10.0.2.2/255.255.255.0
Gateway: 10.0.2.1
DNS:10.0.2.1

Finally, connect both your Mac and client device to the ad-hoc wireless network.

Generate self-signed CA, and sign server/client certificates with openssl

Posted on by
Reply
# to check
openssl rsa -noout -text -in x.key
openssl req -noout -text -in x.csr
openssl x509 -noout -text -in x.crt

# gen CA key and self-sign it
CA_KEY=ca.key
CA_CRT=ca.crt
openssl genrsa -des3 -out $CA_KEY 4096
openssl req -new -x509 -days 3650 -key $CA_KEY -out $CA_CRT

# gen server key, request and cert
SERVER_NAME=www.master.com
SERVER_KEY_SEC=${SERVER_NAME}.key.sec
SERVER_KEY=${SERVER_NAME}.key
SERVER_CSR=${SERVER_NAME}.csr
SERVER_CRT=${SERVER_NAME}.crt
openssl genrsa -des3 -out $SERVER_KEY_SEC 2048
openssl rsa -in $SERVER_KEY_SEC -out $SERVER_KEY
openssl req -new -key $SERVER_KEY -out $SERVER_CSR
openssl x509 -req -days 365 -in $SERVER_CSR -CA $CA_CRT -CAkey $CA_KEY -out $SERVER_CRT -CAcreateserial

# gen client key, request and cert
CLIENT_NAME=master
CLIENT_KEY=${CLIENT_NAME}.key
CLIENT_CSR=${CLIENT_NAME}.csr
CLIENT_CRT=${CLIENT_NAME}.crt
CLIENT_P12=${CLIENT_NAME}.p12
openssl genrsa -des3 -out $CLIENT_KEY 2048
openssl req -new -key $CLIENT_KEY -out $CLIENT_CSR
openssl x509 -req -days 365 -in $CLIENT_CSR -CA $CA_CRT -CAkey $CA_KEY -out $CLIENT_CRT -CAcreateserial
openssl pkcs12 -export -in $CLIENT_CRT -inkey $CLIENT_KEY -out $CLIENT_P12

A bash script to generate strong password

Posted on by
2

This is a quick helper script to generate “strong” password.

It will give you 10 passwords, where each password contains at least one character for each of following sets.

SET_UPPER=’ABCDEFGHIJKLMNOPQRSTUVWXYZ’
SET_LOWER=’abcdefghijklmnopqrstuvwxyz’
SET_PUNC=’~!@#$%^&*()_+-=;:,.?/’
SET_DIGIT=’0123456789′

Here’s the simple script.

#!/bin/bash
# ----------------------------------------------------------------------------
# All rights reserved Copyright by Jian Yang
# ----------------------------------------------------------------------------

SET_UPPER='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
SET_LOWER='abcdefghijklmnopqrstuvwxyz'
SET_PUNC='~!@#$%^&*()_+-=;:,.?/'
SET_DIGIT='0123456789'
ALL_SET="${SET_UPPER}${SET_LOWER}${SET_PUNC}${SET_DIGIT}"

LENGTH=8
COUNT=10

get_char_from_set() {
s=$1
l=${#s}
r=`expr $RANDOM % $l`
echo ${s:$r:1}
}

gen_passwd() {
char[0]=`get_char_from_set $SET_UPPER`
char[1]=`get_char_from_set $SET_LOWER`
char[2]=`get_char_from_set $SET_PUNC`
char[3]=`get_char_from_set $SET_DIGIT`
char[4]=`get_char_from_set $ALL_SET`
char[5]=`get_char_from_set $ALL_SET`
char[6]=`get_char_from_set $ALL_SET`
char[7]=`get_char_from_set $ALL_SET`

for ((i=0;i<$LENGTH;i++)); do
j=`expr $RANDOM % $LENGTH`
x=${char[$i]}; char[$i]=${char[$j]};char[$j]=$x
done

echo "${char[@]}" | tr -d ' '
}

for ((c=0;c<$COUNT;c++))
do
gen_passwd
done

Configure SMTP AUTH in Sendmail to relay to external SMTP server

Posted on by
1

Assume you have following

SMTP server: smtp.gmail.com
Account: hehe@gmail.com
Password: hehe123

1) Add following to /etc/mail/sendmail.mc

define(`SMART_HOST',`smtp.gmail.com')dnl
define(`RELAY_MAILER_ARGS',`TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS',`TCP $h 587')dnl
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl
define(`confCACERT',`/etc/ssl/certs/ca-certificates.crt')
define(`confCRL',`/etc/ssl/certs/ca-certificates.crt')
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl

2) Prepare /etc/mail/authinfo

cd /etc/mail
echo AuthInfo:smtp.gmail.com "U:hehe@gmail.com" "P:hehe123" "M:PLAIN" > authinfo
chmod 0640 authinfo
makemap -r hash authinfo < authinfo

3) Generate sendmail.cf and restart sendmail

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/init.d/sendmail restart

Setup OpenVPN from HTC Desire HD to Ubuntu VPS

Posted on by
33

Prerequisites

/dev/tun or /dev/net/tun is available

# ls -l /dev/tun /dev/net/tun
crw-rw-rw- 1 root root 10, 200 Nov 17  2009 /dev/net/tun
crw-rw-rw- 1 root root 10, 200 Nov 17  2009 /dev/tun

Server Side – Ubuntu VPS

1) install openvpn

sudo apt-get install openvpn

2) generate keys/certs in /etc/openvpn/rsa

cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/rsa
# Be careful,first line is different from rest
. vars
./clean-all
./build-ca
./build-key-server server
./build-key client
...
./build-dh

3) prepare server config

$ cat /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca keys/ca.crt
cert rsa/keys/server.crt
key rsa/keys/server.key  # This file should be kept secret
dh rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
daemon
persist-key
persist-tun
status openvpn-status.log
verb 1

4) Enable ip forward
# immediately

echo 1 > /proc/sys/net/ipv4/ip_forward

# permanently

sed -i -e '/ip_forward/ s/.*/net.ipv4.ip_forward=1/' /etc/sysctl.conf

5) SNAT VPN traffic to external

iptables -t nat -A POSTROUTING -j SNAT -s 10.8.0.0/24 --to-source external-IP

Client Side – HTC Desire HD

1) download and install “OpenVPN Settings” from Android Market
2) download openvpn binary and push to DHD

wget https://github.com/downloads/fries/android-external-openvpn/openvpn-static-2.1.1.bz2
bzip -d openvpn-static-2.1.1.bz2
adb push openvpn-static-2.1.1 /sdcard/openvpn-static-2.1.1

3) setup openvpn binary on DHD

adb shell
su
mydsk=`mount | grep system | awk '{print $1}'`
mount -o rw,remount $mydsk /system
cp -f /sdcard/openvpn-static-2.1.1 /system/bin/openvpn
mkdir /sdcard/xbin/bb/
ln -s busybox /sdcard/xbin/bb/ifconfig
ln -s busybox /sdcard/xbin/bb/route
mount -o ro,remount $mydsk /system

3) prepare client keys/certs
Get following files from server and put them in /sdcard/openvpn/keys
ca.crt
client.crt
client.key
4) prepare client config

cat /sdcard/openvpn/client.conf
client
dev tun
proto udp
remote <em>your-vps-address</em> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca keys/ca.crt
cert keys/client.crt
key keys/client.key
ns-cert-type server
comp-lzo
verb 1

Usage

1) Start OpenVPN Settings
You should see a checkbox of “client.conf” under “OpenVPN configurations”
2) Enable Menu->Advanced->Fix HTC Routes
3) Enable client.conf
4) Enable FixDNS
Voila!

Setup PPTPD on ubuntu VPS

Posted on by
7

1) sudo apt-get install pptpd ppp iptables
2) cat /etc/pptpd.conf

option /etc/ppp/pptpd-options
logwtmp
localip 192.168.19.1
remoteip 192.168.19.234-238,192.168.19.245

3) cat /etc/ppp/pptpd-options

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 4.4.4.4
lock
nobsdcomp
noipx
mtu 1490
mru 1490

4) cat /etc/ppp/chap-secrets

hehe    pptpd   password    *

5) enable ip_forward
6) setup iptables rule for MASQUERADE

iptables -t nat -A POSTROUTING -j SNAT -s 192.168.19.0/24 -o venet0 --to-source your_public_ip

Configure SMTP AUTH(using Cyrus-SASL) in Postfix Mail Server

Posted on by
1

Configure Postfix

By default, Postfix SMTP server uses the Cyrus SASL implementation.

/etc/postfix/main.cf:
# enable SMTP AUTH by any SASL, just add
smtpd_sasl_auth_enable = yes
# enable support non-standard client like OUTLOOK 2003
broken_sasl_auth_clients = yes
# enable support non-standard client like OUTLOOK 2003
smtpd_sasl_security_options = noanonymous
# enable SASL-authenticated SMTP clients to send mail to remote destinations
smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
# default authentication domain
smtpd_sasl_local_domain = example.com

# TLS
smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

For TLS certificates preparation, click here

Configure Cyrus-SASL

configure Cyrus-SASL to use saslauthd service with authentication by system shadow

/etc/sasl2/smtpd.conf:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

NOTE: make sure saslauthd is started with “shadow”

grep shadow /etc/init.d/saslauthd
/etc/init.d/saslauthd restart

Access HTC Desire HD by ADB shell on Linux

Posted on by
2

1) Download SDK from http://developer.android.com

2) Install SDK as root on Linux

3) Run tools/android found in SDK to install platform-tools

4) Enable Debug USB in DHD and connect it via USB cable

5) Run platform-tools/adb shell on Linux and allow root access on DHD

6) Run “ash” to get autocompletion and history