Chikito Gotchi Mac OS
Main code and data development for pcgen program release - Magotchi/pcgen. See full list on pwnagotchi.ai.
Click here to return to the 'Mount a Linux home dir on a Mac via OpenVPN' hint |
good job aza
we will see us on friday ;)
Hamachi is closed source, and therefore less trustworthy in the eyes of many people.
Why only a Linux home drive?
I use the OpenVPN plugin on my IPCop firewall. It allows for a full network connection to my home network. There is also a redirect gateway setting which will secure all communications through your home network, perfect for Wi-Fi hotspots. The plugin simplifies all the certificate creation and configuration.
I also use tunnelbick as my openVPN gui on the powerbook. It works great, is reliable and secure, lightweight. My vote is for OVPN over Hamachi due to the Open Source nature of it. You can also get GUI's for Linux and Windows.
I am able to connect itunes sharing with MT-Daapd, Remote Desktops, file share on Windows and Linux servers, ssh to any server behind my firewall. Never really thought of this as a hint as most people who are running a Linux server at home have some idea of what they are trying to do.
I think instead of samaba, netatalk would be a better solution.... and a bit more native.
thanx for the tip!
i'll try that out immediately :)
Well, actually samba and AFP (the service provided by netatalk) are equally native to OS X. Now, if you were connecting an OS 9 box, that would be a different story.
If you want speed, samba is the way to go. The AFP protocol sends all kind of metadata (icon positions, file/folder label colors, etc.) usually associated with Mac disks. So while it would seem a little more integrated into a Mac environment, it is slower than samba, which is a far more efficient file sharing protocol. I guess on a home LAN it wouldn't make much difference, but you will really notice it connecting remotely.
1) Got openVPN via darwin ports (sudo port install openvpn2) which was a fight given that the 'lzo2' module was not available in it's normal place.
2) Set everything up verbatim to the openvpn.net instructions (CA authority, certs/keys, etc).
3) Made minimal mods to the example server.conf file provided with openVPN (pointed it to the CA cert/key files).
4) Attempted to launch openvpn with sudo ./openvpn2 /etc/openvpn/server.conf
5) THIS FAILS with:
Wed Aug 16 17:29:32 2006 us=455504 Cannot allocate TUN/TAP dev dynamically
Wed Aug 16 17:29:32 2006 us=455691 Exiting
Now...this same failure appears to turn up on the openVPN discussion group. I am running an Intel MacMini with latest OS 10.4. I did all the openVPN installation with sudo. I've dorked around with the server.conf file, but this doesn't help that problem. I've set dev tun0 and it changed the error message to: Wed Aug 16 17:36:56 2006 us=288472 Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2).
Help?
- Got openVPN via darwin ports command line:
sudo port install openvpn2
. (The 'lzo2' module's site is back up and available, so this should be easier now.) [For newbies, go to and read www.darwinports.org. - Set everything up verbatim to the openvpn.net instructions (CA authority, certs/keys, etc). I went with the one server multiple client setup. I also stuck with the TUN interface and did routing, not bridging. I've tried to understand bridging, but it sounds like a whole level of complexity that involves the firewall/router hardware as well. Too complex for our setup.
- Made only minimal mods to the example server.conf file provided with openVPN (pointed it to the CA cert/key files). I found it handy to create an /etc/openvpn directory and locate the server.conf files there. I put the key files in /etc/openvpn/easy-rsa/keys.
- Attempted to launch openvpn by cd'ing to /opt/local/sbin and running the line
sudo ./openvpn2 /etc/openvpn/server.conf
- If openvpn works for you, then congrats. Otherwise, read on:
- I had the failure: Wed Aug 16 17:29:32 2006 us=455504 Cannot allocate TUN/TAP dev dynamically ----- Wed Aug 16 17:29:32 2006 us=455691 Exiting
- Sounds an awful lot like the TUN/TAP drivers were missing from OS 10.4. The problem being, the only ones I found said they were 'questionable' on an Intel machine and on 10.4. I'm not a fan of 'questionable' low level software.'
- Now...this same failure appears to turn up on the openVPN discussion group. I am running an Intel MacMini with latest OS 10.4. I did all the openVPN installation with sudo. I've dorked around with the server.conf file, but this doesn't help that problem. I've set dev tun0 and it changed the error message to: Wed Aug 16 17:36:56 2006 us=288472 Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2).
- Here is how I got unstuck:
- In desperation, I downloaded and installed the latest release candidate (3.0rc3) of Tunnelblick (www.tunnelblick.net).
- I tried to run Tunnelblick using a server.conf file, but I'm not sure it is intended to run as a server. ???
- Quit Tunnelblick and made sure there was no openvpn process still running that it had started
top -o command
andsudo kill openvpn
- Repeated the step above to start openvpn:
sudo /opt/local/sbin/openvpn2 /etc/openvpn/server.conf
- That's it! It worked!
- Explanation: It turns out Tunnelblick takes care of installiing the TUN/TAP drivers for you. Once those were installed, openvpn2 had no problem running.
- There were some easy steps to finish things out: open the firewall, set up the clients (TunnelBlick for Mac or OpenVPNGUI for PCs) and you've got a working VPN. I've got mac's and PCs vpn'ing into my samba share at anytime and I'm even sleeping well at night.
- Two more things:
- Because I went with the routing interface, OpenVPN clients can't effectively browse the Samba workgroup. They can get to the Samba share by going to 10.8.0.1 but they can't arbitrarily browse around. Does anybody know how to configure Samba or openvpn to handle this better? I've seen some notes, but haven't tried anything yet.
- Contribute $$$ to these projects. I figure that between openVPN, Tunnelblick, OpenVPNGUI and TUN/TAP drivers they have saved me from buying a $300-$800 vpn router. Kick 'em down some paypal funds for their good work.
Pwnagotchi - Deep Reinforcement Learning Instrumenting ...
Hope that helps!!!!Don't forget that the payload in TunnelBlick is a full working version of the 'openvpn' binary. I.E. it is a server as well - it is the config that defines the behaviour.
No need for fink and the issues you would hit with tun/tap interfaces and the lzo library issue.
You only need to follow the instructions on openvpn.net for defining a vpn server when you 'connect' using a server config everything works as expected - I have tested this and it works (I think Angelo should mention this on his site).
Cached
This one looks like quite a lot of effort to me.
What's wrong with MacFUSE + SSHFS ? With MacFusion, mounting of remote filesystems via SSH is just a click away. Especially when no root rights on the remote linux box are available, this hint is a no-go.