Access websites restricted to a certain domain or network

Imagine you want to browse a website, that is only available within a certain domain or network, e.g. http://fritz.box from outside your local network. If you manage to have a VPN server running inside the network, you are fine with simply establishing the VPN tunnel (see e.g. RaspberryPi as VPN server). But in the other case, there is a very simple way I just got aware of.

The only prerequisite is a host within the network you have access to via SSH. In my case this is a raspberry pi connected to the router (FritzBox) via ethernet. Let us now assume you want to open the configuration page of your router (http://fritz.box) from your desktop PC at university:

Open a terminal and establish an SSH connection using the -D port option:

ssh -D 12345 user@hostInsideNetwork.de

This will make ssh act as SOCKS server tunneling every connection established to the specified port to the hostInsideNetwork. Remember that rebinding privileged ports needs root level access.

After that configure your browser to use this local bound port as SOCKS proxy:

Now you are able to access websites (e.g. http://fritz.box) within the local network, just as if you were there.

GMail contacts in alpine

I was wondering, if there is a possibility to import all my GoogleMail contacts in alpine. It was easy to figure out that alpine stores contacts per default in a hidden file called .addressbook in the home directory:

~/.addressbook

Each line in this file represents an addressbook entry in three tab-separated columns, like shown in the example below.

nickname (tab) full_name (tab) email-address

Albert_Einstein      Einstein, Prof. Dr. Albert     albert.einstein@patentamt.ch
Werner_Heisenberg    Heisenberg, Prof.Dr. Werner    werner.heisenberg@uni-leipzig.de
Max_Planck           Planck, Prof. Dr. Max          max.planck@uni-berlin.de

...

After some research I found a widely spread example script that makes use of the python module gdata interfacing Google's Data API to query the contacts stored in a GMail account. I modified and extended it to fit my needs in terms of exporting the contacts in alpine conform syntax. You can find the script here (you need the python gdata module as a prerequisite). The scripts takes your GMail address as a command line parameter and asks for your password via python's getpass module. After authentication it queries for all entries in your contacts database and prints the parsed information as lines of text in the right format. To get the contacts into your alpine .addressbook simply run

python gmail2alpine.py  >> .addressbook

I choose the nickname field to be the full name joined with underscores (like in the example above) and ignoring prefixes like "Prof. Dr.", but feel free to edit the corresponding method in the script to your needs.

RaspberryPi as OpenVPN Server

When starting to use your RaspberryPi as a server (e.g. Cloud, Wiki, ... further posts under progress) you may be concerned about the security of your local network. Or imagine the case you want to connect to your home computer or NAS over an unsecured connection, e.g. from a smartphone or via an open WiFi in a cafe. The concept of virtual private network (VPN) tunneling may help to decrease your worries.

This post should be a small tutorial on how to install and configure a small VPN scenario with the RaspberryPi working as the VPN server within your local network.

Imagine a setup like shown below, where you want to connect to your RasPi (or any other host within your local network) from your notebook or mobile phone via an Open WiFi Access Point.

Since your ISP probably won't grant you a static IP address you first need to sign up to a dynamic DNS service provider and configure your router appropriately. Check the previous post on how to do so for the FritzBox 7240.

In my setup "Raspbian Wheezy" is installed as operating system on the Pi so it is easy to get the software packages needed for the OpenVPN server

sudo apt-get install openvpn

This package needs to be installed on both, server and client system.

Server configuration
First of all we need to generate all the keys and certificates on the server. To do so, it is comfortable to use the easy-rsa key-management package based on openssl wich is already part of the OpenVPN installation.

So locate your easy-rsa folder an copy it to your openvpn location:
(For this and most of the following steps you root access)

cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn

Next, edit the the file /etc/openvpn/easy-rsa/vars and change the following lines at the end of the file to your appropriate values:

export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanDiego"
export KEY_ORG="OpenVPN"
export KEY_EMAIL="myemail@mydomain.com"

Now you have to source this file to set the enviroment variables correct:

source /etc/openvpn/easy-rsa/vars

Next, switch to the /etc/openvpn/easy-rsa directory and run the following commands to clean the enviroment and build a new certification-authority:

./clean-all
./build-ca

In the next step, we build the server key, the client key and the Diffie–Hellman key:

./build-key-server server
./build-key client1
./build-dh

This last command may take some few minutes. All generated keys and certificates will be located in /etc/openvpn/easy-ras/keys. You may want to copy them to /etc/openvpn or just leave them there, though they will be removed when running ./clean-all again.

Now it's time for the server configuration file. In /etc/openvpn a basic config file named server.conf should already exist. If not, you can extract it from /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz. Most of the basic settings are already fine, but it's crucial that you set the path for the keys and certificates:

ca ./easy-rsa/keys/ca.crt
cert ./easy-rsa/keys/server.crt
key ./easy-rsa/keys/server.key
dh ./easy-rsa/keys/dh1024.pem

In order to access the full local network (not only the hosts connected to the vpn) you have to insert the following line into the appropriate section in the same file:

push "route 192.168.178.0 255.255.255.0"

(If your local network runs on another IP range you have to change this accordingly)
Furthermore you have to activate IP forwarding by inserting the following line into /etc/sysctl.conf

net.ipv4.ip_forward=1

This is all for the server side. To start the OpenVPN server daemon just run the initialization script:

/etc/init.d/openvpn start   # or 'restart' when it was already running

Router configuration (FritzBox)
Since the RasberryPi is probably not the default gateway of your local network you have to create a static route. To do so, open the FritzBox configuration pages in your browser and navigate to the local network section. Create a static route with the informations given below:

IP-Address 10.8.0.0
Subnetzmaske 255.255.255.0
Gateway 192.168.178.2

(Again, change values appropriate to your setup)
Make also sure that the FritzBox assigns always the same IP address to your RaspberryPi. Last thing you have to do, is to open port 1149 and forward it to 192.168.178.2 (the ip address of the Pi).

Client configuration
Because there are several clients and operating systems out, I will not go into detail here. Basically every client needs the key and certificate files created before:

client1.crt
client1.key
ca.crt

Copy (scp) them from the Pi and configure your client to find them. Every client also needs to know how to reach your local network: Set your dyndns domain or your static IP, if you have one, as the default gateway (domain.dyndns in the above setup).

If Ubuntu is your operating system, you can use the OpenVPN plugin for NetworkManager available in the repositories. Have a look at http://wiki.ubuntuusers.de/OpenVPN for further instructions.

Have fun connecting to your home network in a secure manner!

FritzBox 7240 and Free DynamicDNS

Today I tried to figure out how to connect my FritzBox 7240 to the free dynamic DNS provider dnsdynamic.org. Since it turned out to be a little tricky, you might find this post helpful when you try it on your own.

Because dnsdynamic.org is not listed in the FritzBox' built-in DynDNS provider list, so you have to do the configuration manually. After creating an account on dnsdynamic.org,  log-in and create a free domain. In my case I chose dnsget.org, but it should work with all the other domains too. Afterwards log-in to your FritzBox and switch to the DynDNS section. There you have to choose "Custom" as provider and fill the fields as follows:

• URL: www.dnsdynamic.org/api/?hostname=yourDomainName.dnsget.org
• Domainname: yourDomainName.dnsget.org
• Username: emailAddress@usedOnDnsDynamic.org
• Password: passwordUsedOnDnsDynamic.org

Save your settings and enjoy your dynamic DNS!

URS - Ultrasonic Ranging Sensor - Calibration

In order to get more familiar with the HR-SR04 ultrasonic ranging shield (URS) I tried a calibration today, also examining the maximum range. I used the same setup as during my First Experiences work except for a longer metering rule.

For the calibration I put the sensor in various distances from a 25cm wide target (standard physics book) and started recording data. The farthest point I reached was about 420cm, which is about 80 cm less than what the manufacturers manual says. Probably the reason for this is, that my target was too narrow.

I wrote a little python script for data acquisition and took 50 measurement for each position. A ROOT-based macro did the fitting job and here is what it looks like:

This plot shows the distance measured by URS against the actual position determined with the metering rule. The calibration factors now result from a simple linear fit with

$f(x) = p0 + p1 \cdot x$

The actual values are shown in the box within the diagram. As you can see, there is an offset of about 0.6 cm, which may simply grow from the fact that I have no idea where the manufacturer set the point of origin. These calibration factors must now be used within the Arduino program to improve the measurement

URS - Ultrasonic Ranging Sensor

First Experiences

Today I tried to set up a HC-SR04 ranging shield with my Arduino board. The main principle is easy: The sensor emits short ultrasonic pulses at 40 kHz, that are reflected by the obstacle. These reflections are detected by the receiver and the elapsed time is returned. With the knowledge of the sound velocity one can easily calculate the distance between the sensor and the obstacle.

In more detail, the sensor needs a 5V DC power supply to operate. To start a measurement one has to apply a 10us TTL signal to the trigger pin. Then the transmitter generates 8 ultrasonic pulses at 40kHz. After the reciever detectes the echoed pulses, the elapsed time is returned as the pulse width applied to the signal pin.

For my first tries I used the following setup:

The HC-SR04 is supplied with the 5V DC voltage from the Arduino board. The sensors trigger and signal pins are connected to the Arduinos digital pins 13 and 12 respectively. Since this setup is very simple, the Arduino program is rather self-explanatory and is shown below.

Source Code:

 // Define calibration parameters  
 float v = 0.0343;   // velocity of sound at 20 deg celsius in cm / us  
 float c0 = 0.0;     // constant calibration parameter  
 float c1 = 1.0;     // linear calibration parameter  
    
 // Define Pins  
 int pinPing = 13;  
 int pinSignal = 12;  
   
 void setup() {  
  // Setting Pin-Modes  
  pinMode(pinPing, OUTPUT);  
  pinMode(pinSignal, INPUT);  

  // Initialize serial interface at 9600 bauds  
  Serial.begin(9600);  
   
  // Set initial pin states   
  digitalWrite(pinPing, LOW);  
 }  
    
 void loop() {  
  // Declare local fields  
  long duration;  
    
  // Send Ping  
  delayMicroseconds(2);  
  digitalWrite(pinPing, HIGH);  
  delayMicroseconds(10);  
  digitalWrite(pinPing, LOW);  
    
  duration = pulseIn(pinSignal, HIGH);  
  Serial.println(signalToDistance(duration), DEC);  
  delay(1000);  
 }  
   
 float signalToDistance(long duration) {  
  float uncalDist = duration * v / 2.0;  
  float calDist = c1 * uncalDist + c0;  
  return calDist;  
 }  
   

I used a simple book as an obstacle and a metering rule to compare the the actual distance with the one calculated from the board. The boards response is printed to the serial output and can be observed by the Serial Monitor of the Arduino IDE or any application that may read from serial ports. Although the measurement process was pretty stable, it seems that the built-in calibration is not really accurate. For example the book placed in a distance of 50cm (metering rule) generates an output of 40cm. So the next step will be to recalibrate the measurement and implement calibration parameters. The source code above includes this flexibility already.