6 Comments

openVPN on Ubuntu, fixing import errors

October 22nd, 2017

You can run into trouble importing an .ovpn config file in Ubuntu, while the same file is imported without any problem in Android.

Somehow when there are unknown or not-supported sections in the config file, importing in Ubuntu will fail with this rather obscure error:

The file 'vpn.ovpn' could not be read or does not contain recognized VPN connection information

Error: the plugin does not support import capability.

The solution is to manually edit the openvpn.ovpn file in a text editor and fix it.

In my case the openvpn.ovpn config file suffered from 2 problems:

  • connections were double defined
  • a <dh> tag was includes, which shouldn’t be in a client file

Fixing the openvpn.ovpn file import

Following these steps will fix the import of openvpn.ovpn config files in Ubuntu 16.04 LTS. Open the openvp.ovpn in a text-editor.

  1. Delete the complete <dh> tag.
  2. When you have multiple <connection> tags, it won’t import. Remove the TCP connection tag completely:
    <connection>
    remote <ip> 443 tcp-client
    </connection
  3. The edit the remaining connection tag by removing the surrounding tags, simply unXML it.
    <connection>
    remote <ip> 1194 udp
    </connection>
    to
    remote <ip> 1194 udp

Save your file and import it.

  1. Edit connections
  2. Add
  3. Scroll down
  4. Import a saved vpn connection
  5. create
  6. Select the edited openvpn.ovpn file
  7. Done!

Explanation

The Diffie Hellman Parameters are only needed for the server, so this is a bug in  the openvpn server that creates the client config file. Still the import script should skip this setting instead of choking on it.

Then the multiple connection issue: Most openvpn servers will accept connections over UPD (preferred setting), but will offer a fallback over TCP when the client is behind a firewall that doesn’t allow UDP. This will happen now and then. The TCP port is the same as the https port, so that port is always open. It seems the network manager doesn’t allow multiple connection setup, although it can use a TCP connection. If you need TCP as a fallback just setup two connections:

  1. OpenVPN UDP
  2. OpenVPN TCP

And choose what you need in your network settings, this is probably the best solution. And actually easier then changing method inside the the profile settings, like you should do in Android.

You probably need to replace tcp-client with tcp, and remove the connection tag:

remote <ip> 443 tcp

Happy and safe networking!

Posted in privacy, Webtechnology | 6 Comments

1 Comment

Wi-Fi WPA2 Krack Attacks already fixed in Ubuntu 16.04 LTS

October 16th, 2017

This day had some shocking news in the morning. All Wi-Fi devices were unsafe! A serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks was discovered by a Belgian security researcher.

In particular Linux and Android devices were vulnerable.

Bad news. But Ubuntu rolled out a patch and fixed the vulnerability already today.

So running this commands will make your device safe again:

sudo apt update
sudo apt upgrade

Before the update:

wpasupplicant/xenial,now 2.4-0ubuntu6 amd64 [installed]
 client support for WPA and WPA2 (IEEE 802.11i)

After the update of today:

wpasupplicant/xenial-security,now 2.4-0ubuntu6.2 amd64 [installed]
 client support for WPA and WPA2 (IEEE 802.11i)

Changelog for the update

 wpa (2.4-0ubuntu6.2) xenial-security; urgency=medium
 * SECURITY UPDATE: Multiple issues in WPA protocol
 - debian/patches/2017-1/*.patch: Add patches from Debian stretch
 - CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
 CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,
 CVE-2017-13088
 * SECURITY UPDATE: Denial of service issues
 - debian/patches/2016-1/*.patch: Add patches from Debian stretch
 - CVE-2016-4476
 - CVE-2016-4477
 * This package does _not_ contain the changes from 2.4-0ubuntu6.1 in
 xenial-proposed.

So, it’s safe to say, software including open source software is not without faults, but at least open source software can be fixed fast, and patches can be rolled out to all devices the same day.

Happily running Ubuntu!

I would love to run Linux on my Phone.

Posted in Webtechnology | 1 Comment

No Comments

How to run Firefox headless and make a screenshot

{}
 October 8th, 2017

Coincidence or not since version 57 Firefox supports a headless mode. Chromium also introduced this feature at version 57.

firefox --headless --screenshot shot.png https://dev.webonomic.nl

Will run  without GUI and put a screenshot in your working directory called shot.png. If you omit to specify the a filename, the default is screenshot.png.

Since Firefox stable is now at version 56, you’ll need Firefox-developer for now to get this working.

Another nice thing is the format of the screenshot that is created. For width it will take the device-width, the resolution of your desktop, but it will render a full website, 100% height, sot it will output the layout-viewport, not just the visual viewport.

To get the visual-output you need to set the window size option:

firefox-developer --headless --window-size 360,640 --screenshot https://dev.webonomic.nl

This will create a responsive layout (mobile phone Galaxy S5 dimensions) for this website.

For the moment only the  png format seems to be supported. If you try saving to a screenshot.jpg file you’ll end up with a png file called screenshot.jpg

User-agent Firefox –headless

Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

this is actually the same User-Agent as manually running Firefox as a browser. I take that as a plus; if we want the Internet of Things (IoT), it should be a democratic Internet of Things.

 

 

Posted in Webtechnology | No Comments

11 Comments

Connecting to a Raspberry Pi Zero with just an USB cable (II)

{}
 October 2nd, 2017

This tutorial assumes you’re using Raspbian Strectch, and a Linux (16.04LTS) laptop, but it should also work on Raspbian Jesse for the Zero and any Linux Laptop. So it’s for everybody. Nearly every laptop can run Linux freely, (that’s not the case with Windows (Microsoft) or MacOS/OSX (Apple) that’s paid and not free software). You can always run Linux in a virtual machine, if you’re afraid to dump proprietary stuff or install Linux side a side.

In part 1 we explained how you can connect to a Raspberry Zero computer with an ordinary USB cable to power, connect (SSH) and provide internet access for the Pi with higher speeds than most WIFI connections.

That’s all been made possible with the smart USB OTG functionality that enables the Pi Zero to switch USB host/device mode and mimic an ethernet device (or webcam, or keyboard).

We showed you how to connect from a Linux laptop to the Pi by setting the connection type to Link-Local only. Read the rest of this entry »

Posted in raspberrypi, Webtechnology | 11 Comments

5 Comments

Connecting to a Raspberry Pi Zero with just an USB cable (I)

{,}
 October 2nd, 2017

The goal of this post is to explain how you can power, connect  and share internet with your Raspberry Pi Zero from your laptop with just one USB cable. After you’ve set it up correctly, connect the cable, let the Pi boot,  ssh to your Pi with this simple command ssh pi0 or update your pi with this oneliner ssh pi0 "sudo apt update && sudo apt dist-upgrade -y".Your Raspberry Pi Zero will have internet access over USB with higher speeds than most WIFI connections. Read the rest of this entry »

Posted in raspberrypi | 5 Comments

No Comments

Running browsers headless

April 26th, 2017

A headless computer is a computer running without a monitor or a display server, much like an internet server.

Running browsers headless means extra options to automate testing of websites and web apps. Chromium (on which Google Chrome is based) on Linux is able to run headless since version 57, but Ubuntu now already offers version 58.

How to run Chromium headless

chromium-browser --headless https://dev.webonomic.nl

At the moment `–headless` mode uses a different user-agent then normal mode.

user-agent headless mode chromium

"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/58.0.3029.81 HeadlessChrome/58.0.3029.81 Safari/537.36"

user-agent normal mode chromium

"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/58.0.3029.81 Chrome/58.0.3029.81 Safari/537.36"

Run Chromium with different user-agent

chromium-browser --user-agent "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" --headless https://dev.webonomic.nl

This should work but it doesn’t (anymore). This cli switch must have been removed. Poorly documented.

Apparently Google doesn’t want to give you the opportunity to imitate a normal chrome with a headless chrome.

What about Firefox

As it seems, headless isn’t yet supported for Firefox, but developers are working on it.

Posted in Webtechnology | No Comments

Older Entries
Newer Entries