timdoug's interesting tidbits

Little bits of technical documentation and such. Hopefully helpful.

2014-05-30

Using TLS v1.2 with OpenVPN 2.3.4

It's disabled by default, and if you add e.g. tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 (a TLS v1.2 cipher) to your server config it silently breaks. The solution is to add tls-version-min 1.2 to both the server and client config, and then it works like a charm. OpenVPN 2.3.3 added support for v1.2, so this won't work with anything older than 2.3.3.

[/general] permanent link

2014-04-17

Setting up IPv6 with Sonic.net and an OpenWRT Router

This uses the newer 6rd mechanism instead of the 6in4 tunnels, so other documentation you enounter may inapplicable. I'm using nightly builds; YMMV with stable builds.

  1. Enable "LAN Subport" on the equipment provided by Sonic.net for your OpenWRT router (might work with double NAT, haven't tried)
  2. On your router: opkg update && opkg install 6rd (if it complains about version conflicts, try flashing the most recent build)
  3. Make the wan6 entry in your /etc/config/network look like so:
    config interface 'wan6'
            option proto '6rd'
            option peeraddr '184.23.144.1'
            option ip6prefix '2602:240::'
            option ip6prefixlen '28'
  4. /etc/init.d/networking restart
  5. Disconnect and reconnect your machine, and IPv6 autoconfiguration should be good to go.
Addresses were taken from this post on the Sonic.net forums, and configuration for OpenWRT from here.

[/general] permanent link

2013-03-26

How to install and use Errbit through nginx & Passenger

Capistrano scares the shit out of me. I'd rather know what I'm deploying, rather than rely on some foreign script, thank you very much. To install Errbit and deploy with Passenger through nginx, try this:

git clone https://github.com/errbit/errbit.git
rake errbit:copy_configs
vi config/config.yml # and change hostnames / SMTP settings
vi config/mongoid.yml # and change production mongo settings
echo "Errbit::Application.config.secret_token = '$(bundle exec rake secret)'" > config/initializers/secret_token.rb
RAILS_ENV=production rake assets:precompile
RAILS_ENV=production rake db:mongoid:create_indexes
RAILS_ENV=production rake db:seed
Then add something like the following to your nginx config:
server {
    listen 8080;
    server_name errbit.example.com;
    root /wherever/errbit/public;
    passenger_enabled on;
    rails_env production;
}

[/general] permanent link

2013-01-23

Use tcpdump to download arbitrary Flash videos

I came across an interesting video on the web that I wanted to watch offline, but it played through a Flash application, there were no download links, grabbing the stream by looking through the HTML/DOM was nontrivial, and the youtube-dl mainstay didn't work. tcpdump to the rescue!

  1. tcpdump -v -i <interface> -w output.cap
  2. Load the video up and start playing. Sadly, this has to be done in real-time.
  3. When done, tcpflow -r output.cap
  4. The largest file should be your video; use an editor to strip the HTTP headers from the beginning.
  5. If all goes well, you should have a video.flv. For extra credit, use ffmpeg -i video.flv to see if it's H.264/AAC. If so, use ffmpeg -i video.flv -acodec copy -vcodec copy video.mp4 for lossless container conversion to a standard MPEG-4 Part 14 file.
Thanks to this post for the tip.

[/general] permanent link

2009-06-03

Fun summer projects

So. With a summer ahead of me, there are a few things I want to get into now that I have the time. A list:

[/general] permanent link


© 2006-14 timdoug | email: "me" at this domain
So necessary