Friday, December 28, 2012
Online elevation profiles (via Google Maps)
A nice free on-line elevation profile generator: http://www.geocontext.org/publ/2010/04/profiler/en/
Monday, December 3, 2012
Mikrotirk L2TP/IPSec configuration (Windows compatible)
/ppp profile
add change-tcp-mss=yes dns-server=192.168.1.254 local-address=172.21.16.254 \
name=VPN-server only-one=no remote-address=VPN-server use-compression=\
default use-encryption=default use-ipv6=no use-mpls=default \
use-vj-compression=default wins-server=192.168.1.3
set 3 change-tcp-mss=yes name=default-encryption only-one=default \
use-compression=default use-encryption=required use-ipv6=no use-mpls=\
default use-vj-compression=default
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=user password=passwd \
profile=VPN-server routes="" service=l2tp
/ip pool
add name=VPN-server ranges=172.21.16.100-172.21.16.200
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=VPN-server enabled=yes \
max-mru=1460 max-mtu=1460 mrru=disabled
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des \
lifetime=30m name=default pfs-group=modp1024
/ip ipsec peer
add address=0.0.0.0/0 auth-method=pre-shared-key comment="COMPANY VPN" \
dh-group=modp1024 disabled=no dpd-interval=2m dpd-maximum-failures=5 \
enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes \
hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes port=\
500 secret=secret_password send-initial-contact=yes
/ip firewall filter
add action=accept chain=input comment="L2TP VPN" disabled=no dst-address=\
xx.xx.xx.xx dst-port=500,4500,1701 protocol=udp
add action=accept chain=input comment="L2TP VPN" disabled=no protocol=ipsec-esp
add action=accept chain=output comment="L2TP VPN" disabled=no dst-address=\
xx.xx.xx.xx dst-port=500,4500,1701 protocol=udp
/system logging
add action=memory disabled=no prefix="" topics=ipsec
add action=memory disabled=no prefix="" topics=radius
Source: http://forum.mikrotik.com/viewtopic.php?f=2&t=65059
add change-tcp-mss=yes dns-server=192.168.1.254 local-address=172.21.16.254 \
name=VPN-server only-one=no remote-address=VPN-server use-compression=\
default use-encryption=default use-ipv6=no use-mpls=default \
use-vj-compression=default wins-server=192.168.1.3
set 3 change-tcp-mss=yes name=default-encryption only-one=default \
use-compression=default use-encryption=required use-ipv6=no use-mpls=\
default use-vj-compression=default
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=user password=passwd \
profile=VPN-server routes="" service=l2tp
/ip pool
add name=VPN-server ranges=172.21.16.100-172.21.16.200
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=VPN-server enabled=yes \
max-mru=1460 max-mtu=1460 mrru=disabled
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des \
lifetime=30m name=default pfs-group=modp1024
/ip ipsec peer
add address=0.0.0.0/0 auth-method=pre-shared-key comment="COMPANY VPN" \
dh-group=modp1024 disabled=no dpd-interval=2m dpd-maximum-failures=5 \
enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes \
hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes port=\
500 secret=secret_password send-initial-contact=yes
/ip firewall filter
add action=accept chain=input comment="L2TP VPN" disabled=no dst-address=\
xx.xx.xx.xx dst-port=500,4500,1701 protocol=udp
add action=accept chain=input comment="L2TP VPN" disabled=no protocol=ipsec-esp
add action=accept chain=output comment="L2TP VPN" disabled=no dst-address=\
xx.xx.xx.xx dst-port=500,4500,1701 protocol=udp
/system logging
add action=memory disabled=no prefix="" topics=ipsec
add action=memory disabled=no prefix="" topics=radius
Source: http://forum.mikrotik.com/viewtopic.php?f=2&t=65059
Tuesday, November 27, 2012
Serving a custom catch-all web page on a private WiFi
Sometimes you would like to publish a specific private web page for your WiFi users. For example, you want to allow the guests in your restaurant to access the on-line version of your menu while using your open WiFi hotspot (and no other internet web page!). It is an easy task with an OpenWRT or DD-WRT router (your web pages still need to be served from a server, not the router itself). This might be known with the keywords catch-all, wildcard, HTTP, DNS.
First we need to make sure we catch all DNS requests and return the IP of our web server for all different domains. The trick is in an additional DNSMasq configuration option (192.168.1.5 is your web server):
address=/#/192.168.1.5
Of course, your DHCP server should give only your DNS as the DNS server to the client. And this is all we need if the router is not connected to internet as any other hacking (e.g. entering a custom DNS server on the client or trying to use a VPN) will have no effect. But you may still enable the HTTP redirect in DD-WRT firmware just to be sure to catch the IP only web requests also.
When all domains are redirected to our IP address we need to instruct the web server to serve the same page for all requests (ignoring the Host header) which is pretty easy and the most common default configuration. But for visual effect you can server your page on myrestaurant.com (it doesn't matter if the domain exists or not as long as you use it only inside your internal network) and force a http redirect to it if a guest is trying to access any other domain (e.g. facebook.com or google.com). A hint for Apache users (others should google for "http redirect 301" and your web server name):
Redirect 301 / http://www.newdomain.com/
Of course it is highly recommended not to use this wireless network for anything else as it will look bogus from users perspective (web pages not loading etc.). Use a firewall or do not connect the router to internet at all.
Resources for DNSMasq configuration:
http://serverfault.com/questions/351108/using-dnsmasq-to-resolve-all-hosts-to-the-same-address
http://www.dd-wrt.com/wiki/index.php/DNSMasq_-_DNS_for_your_local_network_-_HOWTO
http://coolaj86.info/articles/redirect-domains-and-dns-using-dd-wrt.html
WARNING: this guide is not yet tested but in theory it should work. This warning will be removed when I actually test it (or get a confirmation that it works).
First we need to make sure we catch all DNS requests and return the IP of our web server for all different domains. The trick is in an additional DNSMasq configuration option (192.168.1.5 is your web server):
address=/#/192.168.1.5
Of course, your DHCP server should give only your DNS as the DNS server to the client. And this is all we need if the router is not connected to internet as any other hacking (e.g. entering a custom DNS server on the client or trying to use a VPN) will have no effect. But you may still enable the HTTP redirect in DD-WRT firmware just to be sure to catch the IP only web requests also.
When all domains are redirected to our IP address we need to instruct the web server to serve the same page for all requests (ignoring the Host header) which is pretty easy and the most common default configuration. But for visual effect you can server your page on myrestaurant.com (it doesn't matter if the domain exists or not as long as you use it only inside your internal network) and force a http redirect to it if a guest is trying to access any other domain (e.g. facebook.com or google.com). A hint for Apache users (others should google for "http redirect 301" and your web server name):
Redirect 301 / http://www.newdomain.com/
Of course it is highly recommended not to use this wireless network for anything else as it will look bogus from users perspective (web pages not loading etc.). Use a firewall or do not connect the router to internet at all.
Resources for DNSMasq configuration:
http://serverfault.com/questions/351108/using-dnsmasq-to-resolve-all-hosts-to-the-same-address
http://www.dd-wrt.com/wiki/index.php/DNSMasq_-_DNS_for_your_local_network_-_HOWTO
http://coolaj86.info/articles/redirect-domains-and-dns-using-dd-wrt.html
WARNING: this guide is not yet tested but in theory it should work. This warning will be removed when I actually test it (or get a confirmation that it works).
Monday, October 1, 2012
AirCam power usage
Specifications for:
AirCam is 2.4 Watts Maximum.
Actual Measurement:
12.06 Volts x 0.157 Amps = 1.89342 Watts
Ambient Temperature 19.3 Degrees Celsius and a cable length of 2 metres.
Specifications for:
AirCam Dome is 3.5 Watts Maximum.
Actual Measurement:
12.06 Volts x 0.151 Amps = 1.8821 Watts
Ambient Temperature 19.5 Degrees Celsius and a cable length of 2 metres.
Source: http://forum.ubnt.com/showthread.php?p=326727
AirCam is 2.4 Watts Maximum.
Actual Measurement:
12.06 Volts x 0.157 Amps = 1.89342 Watts
Ambient Temperature 19.3 Degrees Celsius and a cable length of 2 metres.
Specifications for:
AirCam Dome is 3.5 Watts Maximum.
Actual Measurement:
12.06 Volts x 0.151 Amps = 1.8821 Watts
Ambient Temperature 19.5 Degrees Celsius and a cable length of 2 metres.
Source: http://forum.ubnt.com/showthread.php?p=326727
Thursday, August 30, 2012
Fog photography
A nice tutorial on fog photography, how to make the best of it. Not avoiding or removing it but taking it as an advantage. http://www.cambridgeincolour.com/tutorials/fog-photography.htm
Thursday, February 16, 2012
Ubiquiti AirCam serial console boot
The price-performance HD camera from Ubiquiti has a serial console where you can access the operating system (Linux). Pins for the console are not present on the PCB so you have to solder them by yourself - it should be an easy task as the pins are 100mils and are located on the edge of PCB. But be careful and remember, you are doing it on your own responsibility! And soldering on PCB definitely voids your warranty.
To cut this story short, the console pins use TTL 3.3V levels so you need an TTL-RS232 signal level converter (Max, Nokia cable, CP2102 USB adapter etc.). The console parameters are 38400-8-none-1. Have fun!
The console output:
MP SPI-NOR Bootstrap v0.2
Boot image offset: 0x6000. Booting Image .....
0567Will set the following freq...
PLL1: 800 MHz, PLL2: 540 MHz, CPU freq: 540 MHz, AHB freq: 270 MHz, DDR freq: 800 MHz
go...
*********************************************
Please input Space to run Linux
Please input ESC to run UBOOT
Please input . to run burn-in
Otherwise, system will run Linux after 5 sec
*********************************************
Load image from SPI-NOR offset 0xa6000 to sdram 0x4000000
Jump 0x4000000
U-Boot 2008.10-svn8779 (Apr 19 2011 - 18:25:15)
DRAM: 128 MB
Manufacturer ID : 0018
Device ID : 009F
Device Code 2 : 0018
Flash: 0 kB
*** Warning - bad CRC, using default environment
flash no default environment
In: serial
Out: serial
Err: serial
Net: FTMAC110#0
Reset button is not active.
SF: Got idcode c2 20 17
Hit any key to stop autoboot: 0
## Starting application at 0x04000000 ...
Uncompressing Linux... done, booting the kernel.
Linux version 2.6.28 (buildd@builder) (gcc version 4.5.2 (Linaro GCC 4.5-2011.02-0) ) #1 PREEMPT Fri Nov 25 17:54:59 EET 2011
CPU: FA626TE [66056261] revision 1 (ARMv5TE), cr=0000797f
CPU: VIPT aliasing data cache, VIPT aliasing instruction cache
Machine: Faraday GM8126
Warning: bad configuration page, trying to continue
Memory policy: ECC disabled, Data cache writeback
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 32512
Kernel command line: mem=128M console=uart,shift,2,io,0xF9830000,38400 init=/init root=/dev/mtdblock2 rootfstype=squashfs
Early serial console at I/O port 0xf9830000 (options '38400', shift 2)
console [uart0] enabled
PID hash table entries: 512 (order: 9, 2048 bytes)
IC: GM8128 MP
GM Clock: CPU = 540 MHz, AHBCLK = 270 MHz, PLL1CLK = 800 MHz, PLL2CLK = 540 MHz
console handover: boot [uart0] -> real [ttyS0]
Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
Memory: 128MB = 128MB total
Memory: 126904KB available (2442K code, 283K data, 108K init)
Calibrating delay loop... 534.52 BogoMIPS (lpj=267264)
Mount-cache hash table entries: 512
CPU: Testing write buffer coherency: ok
net_namespace: 652 bytes
Fmem: node 0 is online, alloc pages = 20480(active pages = 32768)
high_memory:0xc8000000, VM Start:0xc8800000, End:0xe0000000
NET: Registered protocol family 16
PMU: Mapped at 0xf9900000
pmu_get_cpu_clk:203 <fclk_mode=2, pll2_out=540000000>
Attach GM AHB-DMA Driver
SCSI subsystem initialized
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 4096 (order: 3, 32768 bytes)
TCP bind hash table entries: 4096 (order: 2, 16384 bytes)
TCP: Hash tables configured (established 4096 bind 4096)
TCP reno registered
NET: Registered protocol family 1
Video Timer(timer3) Max 31000ms in 0xf9720840 HZ.
squashfs: version 4.0 (2009/01/31) Phillip Lougher
msgmni has been set to 248
io scheduler noop registered
io scheduler anticipatory registered (default)
io scheduler deadline registered
io scheduler cfq registered
probe ftgpio010.0 OK!!, at c8808000
probe ftgpio010.1 OK!!, at c880c000
probe ftgpio010.2 OK!!, at c8810000
Serial: 8250/16550 driver 4 ports, IRQ sharing disabled
serial8250: ttyS0 at I/O 0xf9830000 (irq = 9) is a 16550A
serial8250: ttyS1 at I/O 0xf9840000 (irq = 10) is a 16550A
serial8250: ttyS2 at I/O 0xf9880000 (irq = 21) is a 16550A
serial8250: ttyS3 at I/O 0xf9890000 (irq = 22) is a 16550A
brd: module loaded
PPP generic driver version 2.4.2
NET: Registered protocol family 24
Linux video capture interface: v2.00
Driver 'sd' needs updating - please use bus_type methods
Driver 'sr' needs updating - please use bus_type methods
Creating 5 MTD partitions on "wb_spi_flash":
0x00000000-0x000e0000 : "boot"
0x000e0000-0x00200000 : "kernel"
0x00200000-0x007b0000 : "rootfs"
0x007b0000-0x007f0000 : "cfg"
0x007f0000-0x00800000 : "eeprom"
Probe FTSSP010 SPI Controller at 0x98200000 (irq 6)
mice: PS/2 mouse device common for all mice
i2c /dev entries driver
ftiic010 ftiic010.0: irq 18, mapped at c8818000
Advanced Linux Sound Architecture Driver Version 1.0.18rc3.
ALSA device list:
No soundcards found.
TCP cubic registered
NET: Registered protocol family 10
lo: Disabled Privacy Extensions
IPv6 over IPv4 tunneling driver
sit0: Disabled Privacy Extensions
NET: Registered protocol family 17
802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
All bugs added by David S. Miller <davem@redhat.com>
VFS: Mounted root (squashfs filesystem) readonly.
Freeing init memory: 108K
Please be patient, while OpenWrt loads ...
...mounts done
...filesystem init done
...base ok
...update ok
...symlinks ok
...httpd ok
...detect ok
...video ok
...running /sbin/init
init started: BusyBox v1.18.4 (2011-11-25 17:48:51 EET)
Please press Enter to activate this console.
To cut this story short, the console pins use TTL 3.3V levels so you need an TTL-RS232 signal level converter (Max, Nokia cable, CP2102 USB adapter etc.). The console parameters are 38400-8-none-1. Have fun!
The console output:
MP SPI-NOR Bootstrap v0.2
Boot image offset: 0x6000. Booting Image .....
0567Will set the following freq...
PLL1: 800 MHz, PLL2: 540 MHz, CPU freq: 540 MHz, AHB freq: 270 MHz, DDR freq: 800 MHz
go...
*********************************************
Please input Space to run Linux
Please input ESC to run UBOOT
Please input . to run burn-in
Otherwise, system will run Linux after 5 sec
*********************************************
Load image from SPI-NOR offset 0xa6000 to sdram 0x4000000
Jump 0x4000000
U-Boot 2008.10-svn8779 (Apr 19 2011 - 18:25:15)
DRAM: 128 MB
Manufacturer ID : 0018
Device ID : 009F
Device Code 2 : 0018
Flash: 0 kB
*** Warning - bad CRC, using default environment
flash no default environment
In: serial
Out: serial
Err: serial
Net: FTMAC110#0
Reset button is not active.
SF: Got idcode c2 20 17
Hit any key to stop autoboot: 0
## Starting application at 0x04000000 ...
Uncompressing Linux... done, booting the kernel.
Linux version 2.6.28 (buildd@builder) (gcc version 4.5.2 (Linaro GCC 4.5-2011.02-0) ) #1 PREEMPT Fri Nov 25 17:54:59 EET 2011
CPU: FA626TE [66056261] revision 1 (ARMv5TE), cr=0000797f
CPU: VIPT aliasing data cache, VIPT aliasing instruction cache
Machine: Faraday GM8126
Warning: bad configuration page, trying to continue
Memory policy: ECC disabled, Data cache writeback
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 32512
Kernel command line: mem=128M console=uart,shift,2,io,0xF9830000,38400 init=/init root=/dev/mtdblock2 rootfstype=squashfs
Early serial console at I/O port 0xf9830000 (options '38400', shift 2)
console [uart0] enabled
PID hash table entries: 512 (order: 9, 2048 bytes)
IC: GM8128 MP
GM Clock: CPU = 540 MHz, AHBCLK = 270 MHz, PLL1CLK = 800 MHz, PLL2CLK = 540 MHz
console handover: boot [uart0] -> real [ttyS0]
Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
Memory: 128MB = 128MB total
Memory: 126904KB available (2442K code, 283K data, 108K init)
Calibrating delay loop... 534.52 BogoMIPS (lpj=267264)
Mount-cache hash table entries: 512
CPU: Testing write buffer coherency: ok
net_namespace: 652 bytes
Fmem: node 0 is online, alloc pages = 20480(active pages = 32768)
high_memory:0xc8000000, VM Start:0xc8800000, End:0xe0000000
NET: Registered protocol family 16
PMU: Mapped at 0xf9900000
pmu_get_cpu_clk:203 <fclk_mode=2, pll2_out=540000000>
Attach GM AHB-DMA Driver
SCSI subsystem initialized
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 4096 (order: 3, 32768 bytes)
TCP bind hash table entries: 4096 (order: 2, 16384 bytes)
TCP: Hash tables configured (established 4096 bind 4096)
TCP reno registered
NET: Registered protocol family 1
Video Timer(timer3) Max 31000ms in 0xf9720840 HZ.
squashfs: version 4.0 (2009/01/31) Phillip Lougher
msgmni has been set to 248
io scheduler noop registered
io scheduler anticipatory registered (default)
io scheduler deadline registered
io scheduler cfq registered
probe ftgpio010.0 OK!!, at c8808000
probe ftgpio010.1 OK!!, at c880c000
probe ftgpio010.2 OK!!, at c8810000
Serial: 8250/16550 driver 4 ports, IRQ sharing disabled
serial8250: ttyS0 at I/O 0xf9830000 (irq = 9) is a 16550A
serial8250: ttyS1 at I/O 0xf9840000 (irq = 10) is a 16550A
serial8250: ttyS2 at I/O 0xf9880000 (irq = 21) is a 16550A
serial8250: ttyS3 at I/O 0xf9890000 (irq = 22) is a 16550A
brd: module loaded
PPP generic driver version 2.4.2
NET: Registered protocol family 24
Linux video capture interface: v2.00
Driver 'sd' needs updating - please use bus_type methods
Driver 'sr' needs updating - please use bus_type methods
Creating 5 MTD partitions on "wb_spi_flash":
0x00000000-0x000e0000 : "boot"
0x000e0000-0x00200000 : "kernel"
0x00200000-0x007b0000 : "rootfs"
0x007b0000-0x007f0000 : "cfg"
0x007f0000-0x00800000 : "eeprom"
Probe FTSSP010 SPI Controller at 0x98200000 (irq 6)
mice: PS/2 mouse device common for all mice
i2c /dev entries driver
ftiic010 ftiic010.0: irq 18, mapped at c8818000
Advanced Linux Sound Architecture Driver Version 1.0.18rc3.
ALSA device list:
No soundcards found.
TCP cubic registered
NET: Registered protocol family 10
lo: Disabled Privacy Extensions
IPv6 over IPv4 tunneling driver
sit0: Disabled Privacy Extensions
NET: Registered protocol family 17
802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
All bugs added by David S. Miller <davem@redhat.com>
VFS: Mounted root (squashfs filesystem) readonly.
Freeing init memory: 108K
Please be patient, while OpenWrt loads ...
...mounts done
...filesystem init done
...base ok
...update ok
...symlinks ok
...httpd ok
...detect ok
...video ok
...running /sbin/init
init started: BusyBox v1.18.4 (2011-11-25 17:48:51 EET)
Please press Enter to activate this console.
Subscribe to:
Posts (Atom)