chandraonline.net

OpenVPN support is one of the things sorely missing from the iphone. And there is very little information about how one could go about getting OpenVPN working even on a jailbroken iphone. There is iopenvpn.com if you are running 2.x and it costs $29. This post is my attempt to fill this gap with step-by-step instructions on how to get openvpn working for free. But please be forewarned that I am not liable for any problems this might cause your iphone. Having said that, I have followed the instructions given below and have been successful in getting access to resources behind the corporate network using OpenVPN. Before we get started, here are some of the pre-requisites:

• Jailbroken Iphone (I run 3.1.2 jailbroken using Blackrain)
• Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)
• WinSCP (http://winscp.net/eng/download.php or something similar)
• OpenVPN certificates and openvpn configuration file (.ovpn). The certificate should not be password protected if you want to use this through SBSettings toggle. There is instructions to take the password off below. The .ovpn file should be renamed conf.ovpn and should also be pointing to the certificates without any path.

Step-by-Step instructions (Please run these as root by doing su root and entering your password)

• In Cydia: Install Openvpn toggle for SBSettings
• In your windows/mac assemble your certificate, .ovpn files etc into a local directory
• rename your .ovpn file to conf.ovpn and add the following two lines to the end of the file. Here is a sample ovpn file. You need to change the remote host, cert details to yours.


up /var/mobile/Library/OpenVpn/update-resolv-conf
down /var/mobile/Library/OpenVpn/update-resolv-conf


• download the update-resolv-conf
• Open a WinSCP session and copy all the files you assembled locally to /var/mobile/Library/OpenVpn
• In the winscp session edit the /var/mobile/Library/SBSettings/Commands/com.offinf.openvpnup and change as follows:


#!/bin/sh
/bin/rm /var/mobile/Library/SBSettings/Toggles/OpenVpn/OFF
cd /var/mobile/Library/OpenVpn/
"/usr/bin/openvpn-iphone --script-security 2 --config /var/mobile/Library/OpenVpn/conf.ovpn" &


• Open Putty and login to your iphone as root.


$ cd /var/mobile/Library
$ chown -R mobile.mobile OpenVpn
$ cd OpenVpn
$ chmod +x update-resolv-conf
#### If you have a key with password. Remove the password with the command below.
#### You will be asked for the password one last time
#### Important: Leaving your certificate without a key is a security risk. Please turn on passcode lock in your settings
#### This will ensure that if your phone does fall into the wrong hands they cant get into your network.
$ cp my.key my.key.orig
$ openssl rsa -in my.key.orig -out my.key
#### Now test your vpn setup by doing the following:
$ openvpn-iphone --script-security 2 --config conf.ovpn
#### You should see it connecting to your vpn server and setting up routes. Try to use Safari to look at something
#### behind the openvpn server.


• Reboot your phone for the sbsettings toggle changes to take effect
• After reboot, open SBSettings and turn on OpenVpn

Note: For trouble shooting install top from cydia and run top to see if the toggle spawns the openvpn-ip process.

I came across a very cool library in Ruby that allows Web UI testing using OLE automation. One of the problems with running automated tests of Web applications like a end user is the effort it takes to use libraries like Http Unit to setup test cases and execute them as part of your build process. WATIR (pronounced Water) is a ruby library that allows you test you web applications using OLE automation in your windows machine.

This is how it works:

You write unit test cases using WATIR and it actually invokes IE and actually does what a end user would do by entering form data, clicking on links, clicking buttons etc. You can then look at the resulting HTML DOM object and check if the web application did what it is supposed to. This is especially useful for testing multi-page wizard like applications where a lot of data entry is involved.

Here is a Step-by-step on how to install WATIR:

Install Ruby for Windows: http://rubyforge.org/projects/rubyinstaller/ (Look for download link)
Install WATIR: http://rubyforge.org/frs/?group_id=104 (Look for watir 1.4.1.exe)

It is pretty straight forward to create WATIR scripts. But, who wants to write these scripts by hand. You are right, I wouldn’t. Instead you can use WATIR webrecorder, which records all your browser actions as WATIR scripts. All you need to do is record your testing once and then refactor it into a test script.

You can also pass -b switch to the WATIR script and it will not open the IE window and will execute the whole test in a headless mode that is ideal for test suites.

There is also another competing tool called Selenium that uses Javascript to drive tests and works across many browsers. I have not used it. But I have heard more people switch from Selenium to WATIR than the other way around.

It has been long rumored that Google was working on a Calendar service and its finally online for everyone to try. The UI is similar to anything Google : very clean and intutive. I use Yahoo Address book and Calendar today and Y!s UI is not as fresh and snappy as Google’s but it satisfies one of my key requirements : Being able to Sync-up with my Palm Treo 600. Until Google adds a way to sync up with PDAs through a PC or over-the-air, there is no big reason to switch to this service.

I stumbled on a new we based project management system called trac that nicely integrates a bug tracking system, wiki and subversion into one little neat package. Since I have a subverison repository at my ISP, I thought I would give this a try. After following a few step-by-step guides and a few thousand lines of shell command line history, I finally had Trac installed and working on chandraonline.net.

Trac has some weird list of dependencies and installing it in a shared server only makes it worse. But hopefully I will put it to good use building some of my hobby projects.

I deviated quite a bit from the step-by-step guide linked above and hope to document it sometime soon.

So. I was wrong. I admit it. I was wrong about ABC’s Lost. I missed the entire first season and was pretty mad that it won Best drama over 24 last year at the Emmys. Now I know why this show is so loved. Its an awesome piece of writing. I started watching it this season and I loved it so much that I watched the entire first season of Lost on video IPod in a couple of days (yes…couple of days…you have a problem with that??). I was a big fan of X-files and this show is in some ways very similar to that show. If you have never seen it , you should give it a chance.

For the lost fans with IPod, checkout Ryan and Jen’s Lost Transmission podcast at http://www.hawaiiup.com/lost. Its very entertaining.

For anyone who has not heard of Subversion , it is an open-source version control system (very much like CVS but much better) to manage your source code. I had started to play with Ruby on Rails using the RailsIDE and I would hate for my source code to be without version control and much worse just kept in my hard drive. So I wanted to have a version control for my personal projects just like I do at work. And I didn’t want to host this subversion repository in my windows box at home, I would rather keep it at the ISP machine where I host my domain. Sounds simple enough, right?. Wrong!!. I found so little on the net about it that I was compelled to write this down for others who might want to do this . Here is a step-by-step guide on running and connecting to a subversion repository in an ISP account.

Before we get started, there are a few assumptions:

Step 1: Installing subversion server

The following instructions are for a linux machine. Surf to subversion site and look for the latest stable source code package. When I did the install , this is what I ended up using: http://subversion.tigris.org/tarballs/subversion-1.1.4.tar.gz. Now ssh into your account and do the following:


$ cd $HOME;
$ curl -o subversion-1.1.4.tar.gz http://subversion.tigris.org/tarballs/subversion-1.1.4.tar.gz
$ gunzip subversion-1.1.4.tar.gz; tar xvf subversion-1.1.4.tar
$ mv subversion-1.1.4 subversion-1.1.4-dist
$ cd subversion-1.1.4-dist
$ ./configure --prefix=$HOME/subversion-1.1.4
$ make
$ make install
$ cd $HOME; ln -sf subversion-1.1.4 subversion


Thats it. Add $HOME/subversion/bin to your PATH variable and you are all set. Now its time to create a svn repository. I chose to use $HOME/svn as my svn repository.

Now test your subversion install by adding a dummy project to the subversion respository:


cd $HOME;
mkdir projects;
cd projects;

# add the project to subversion
svn import -m "Initial Version" dummy-project file://$HOME/svn/dummy-project


If everything went according to plan, your project is now in subversion.

There is not much use to a subversion server if it can only be accessed locally. There are three ways to front a subversion server to access the repository remotely: using apache webserver (using http://) , using a custom svnserve daemon (using svn:// url scheme) or by tunnelling svn over ssh (svn+ssh://). The first two options are automatically out for a hosted account and the only option is going svn over ssh.

Step 2: Connecting to subversion by tunnelling over ssh (svn+ssh)

This is where I found the least documentation and most difficulty. To connect to the subversion repository you two pieces of software on your client machine : a subversion client (I use tortoise svn) and a ssh client (I recommend Putty) . Install putty and the utilities it comes with preferebly through a windows installer (http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.58-installer.exe). Install Tortoise subversion to c:\TortoiseSVN (The default location in Program Files will create a problem later during ssh configuration).

In order to tunnel svn commands over ssh , you need to be able to ssh to your ISP account without having to give a userid and password every single time the client wants to talk to the server. There is a way to setup a public-private key pair to enable this dialogue without a need for entering a userid and password.


$ ssh-keygen -t dsa -f mykey


You will see two files mykey and mykey.pub, the openssh private and public keys. Now add the contents of mykey.pub to the file $HOME/.ssh/authorized_keys in your shell account. Create the directory and file if you don’t have it already.

Now add the following to the begining of the line you just added to the authorized_keys file. It should look something like this (replace your-home-dir with the right value):

command=”your -home-dir/subversion/bin/svnserve -t -r your -home-dir/svn” ssh-dss AAAA……………

Now move the private key file mykey to the windows machine that you will be connecting to subversion from. Run puttygen.exe, and click the button Load and choose the mykey that you just moved from your shell account . Putty will successfully load it and now you choose the “Save private key” button and save the private key in putty format as mykey.ppl. Save this to c:\TortoiseSVN\bin.

Now run Putty.exe and under Session choose ssh , your host name , in Connection->Data enter your login name, Connection->SSH->Auth section , click the Browse button to choose the private key file. Now choose c:\TortoiseSVN\bin\mykey.ppk. In Session, give it a name like SVNConnection and choose Save. Click the open and you should see the following :

Using username “your-user-name”.
Authenticating with public key “imported-openssh-key”
( success ( 1 2 ( ANONYMOUS EXTERNAL ) ( edit-pipeline ) ) )

This means your ssh connection to subversion is working. Now you just need to get the subversion client (tortoise svn) to use the private key file when connecting to your repository. In the following subversion config file (C:\Documents and Settings\Your-User-Name\Application Data\Subversion\config) look for the section title tunnels:


[tunnels]
### Configure svn protocol tunnel schemes here. By default, only
### the 'ssh' scheme is defined. You can define other schemes to
### be used with 'svn+scheme://hostname/path' URLs. A scheme
### definition is simply a command, optionally prefixed by an
### environment variable name which can override the command if it
### is defined. The command (or environment variable) may contain
### arguments, using standard shell quoting for arguments with
### spaces. The command will be invoked as:
### svnserve -t
### (If the URL includes a username, then the hostname will be
### passed to the tunnel agent as @.) If the
### built-in ssh scheme were not predefined, it could be defined
### as:
# ssh = $SVN_SSH ssh
ssh = C:/TortoiseSVN/bin/TortoisePlink.exe -2 -i C:/TortoiseSVN/bin/mykey.ppk


Now open the Repo-Browser of TortoiseSVN and enter the URL to your dummy project:

svn+ssh://SVNConnection/dummy-project

and you should see the files under dummy-project. If you can’t connect, its probably because you didn’t setup the puTTY session correctly. Verify that you entered all the required information correctly.

You can connect to svn repository from inside RADRails using the following URL (this does not work in TortoiseSVN for some reason):

svn+ssh://your-user-name@your-machine-name/dummy-project

Whoa. I haven’t blogged in a long while now. But since I was off on vacation for a month in November, I have a good excuse. I have some Google desktop hacks to share. Actually I have a hack to share. But its a useful one. I have been using Google desktop for a while now and I have a lot of emails (in archives of course) and files that it indexes. The cache has been eating away so much of my C: space where I can’t do any decent work anymore. So I went registry hunting for a way to move the cache from my c: drive to my external drive (a huge 160 gb). And I actually found a way. Here is how (This is not for the faint of heart. Doing wrong things to your registry might render your machine useless. Consider yourself warned):

shutdown google desktop by right clicking on the tray icon and choosing exit.
start->run and type regedit
In regedit go to My Computer->HKEY_CURRENT_USER->Software->Google->Google Desktop
On the right you will see an entry data_dir. Double click it and change the value data to a directory of your choice.
now start google desktop again and you should see your cache in that directory.


Some words of caution though:

I just finished watching the Emmys. I can’t believe 24 did not receive the best drama series award or the best lead actor. The Emmy voters are seriously LOST (get it?). And to make matters worse they award the best lead actor to James Spader and the best series to Lost. I would have been completely ok with West Wing taking the best drama series if not 24. Since the votes are cast based on one episode of the series , I wonder if a show like 24, which requires you to watch the entire series to appreciate how wonderful it is, will ever win.

But it does not matter whether the show receives an Emmy or not. We are all on your side Jack, when these jokers in hollywood get kidnapped by terrorists, you look the other way .

I have been quiet for a while and Comcast is the sole reason why. For almost two weeks I have been out of internet service at homeh. There was no outage in my area, however, for some strange reason my connection was never on for more than minute or two. It drove me nuts. I spent countless hour reseting the modem, reseting the router, connecting the computer directly etc etc and to no avail . And the jokers who call themselves Customer Service reps were doing me no service. And when the connection was finally on last week, I was off to L.A to attend Microsoft PDC (more details to follow). But purely out of spite (and to punish Comcast for the severe withdrawl symtoms I had for two weeks) I am going to switch to SBC Yahoo DSL. I just got my DSL Modem yesterday, only time will tell if that will work out.

This is one of my pet peeves. There are a lot of sites off late that show up on google’s search when you are looking for stuff but the content itself is not available unless you register or subscribe for the content. During one of my recent searches , I ended up in a page that looked very promising. What ticked me off was that when I clicked to get to that page the search term I used was not anywhere in the visible part of the article. I was told to signup for a monthly online pass if I wanted the rest of the content. Somehow, this did not sit well with me at all. They should either make the content available or not have it be indexed at all. This has happened to me in the past (especially with searches that take me to Experts Exchange) but I never thought twice about it.

When I thought more about how these sites managed to allow the Google robot to index their pages without any subscription but didn’t let me view it, the light bulb when off!. It was simple, they were just looking at the Browser’s user-agent (A HTTP Header that identifies the requesting Browser) to let Google’s robot through but not me. So all I had to do to see this content was pretend to be the Google’s robot.

Changing User-agent in IE is possible but very cumbersome. But I would not recommend it because a lot of other things like windowsupdate , sites that use browser detection instead of object detection in javascript will be very confused. I would instead suggest doing this in firefox (Shame on you if you don’t also have firefox on your desktop). There is a wonderful user agent switcher plugin in firefox that allows you setup your own user-agent. After download and install, restart firefox and go to Tools->User Agent Switcher -> Options -> Options, go to User Agents tab, add a new user agent and set


* Description ==> Google Bot,
* User Agent ==> Googlebot/2.1
* App Name ==> Googlebot
* App version ==> 2.1


Now go to Tools menu and select Tools->User Agent Switcher->Googlebot. If you go back to the same URL I mentioned in this blog above , you will now see the entire article!!. All I do now when I see sites using this technique: I simply switch my user-agent to Googlebot. Some may contend this is borderline hacking, but I am sorry , I think these sites deserve it considering the amount of my time that I have wasted wading through search results because of them.