jason schaefer . com

  • Wireguard VPN on VyOS

    The commands vary depending on the version of VyOS. These instructions are for the rolling release 1.3.0 ssh to your router and start from the run terminal vyos@myGW:~$ and begin with generating keys generate wireguard default-keypair This creates the public and private keys that will automatically be used by wireguard /config/auth/wireguard/default/private.key and public.key You can…

  • Wireguard VPN server on OpenWRT

    Wireguard VPN server on OpenWRT

    Wireguard is a wonderfully superior VPN. Its simple, fast, lightweight, modern, GPL licensed and very secure. Read more at Wireguard.com Here is the setup: 10.11.13.0/24 is the home lan subnet with 10.11.13.1 as the OpenWRT gateway/router (v19.07.4).172.21.13.0/24 is a public vlan that we will setup to route over the vpn.10.11.14.0/24 is the wireguard subnet with…

  • Installing Nextcloud v22 on Debian v11 (buster) using Redis

    This is a concise tutorial, it is not meant to be a hand holding step by step guide. Please comment or contact me if you find errors. Prerequisites:Setup a domain/sub domain with an A record to the ip of the server or a CNAME to a “dynamic DNS” hostname. I recommend https://freedns.afraid.org.The server needs to…

  • Setup x11vnc server with systemd auto start up

    The reason I use x11vnc is that it connects to the existing graphical session. Most other vnc servers will spawn an entirely new graphical session. While that is super cool, I don’t want that feature. This is for remote support, where I want the user and the supporter to share the same session. I use…

  • Setup VLAN on OpenWRT using hardware that has no switch ports

    The new versions of OpenWRT (18 and newer) have the ability to add vlan interfaces directly from LuCI (web gui). You can now skip the manual editing of the /etc/config/network file. Using 802.1q in OpenWRT is very difficult when working on a device that doesn’t have a built-in switch or the when the switch chipset…

  • Migrating SMSSecure (Silence) keys and texts

    For those unfamiliar: SMSSecure (now called Silence) is a text messaging application that supports encryption. It has exceptional integration on your phone and will handle your non-encrypted friends acquaintances texts as well. https://smssecure.org I recommend using fdroid to install it. F-droid is a Free Software repository for Android. https://f-droid.org UPDATE: You can now export an…

  • Encrypting /home directory and decrypting on login with pam_mount

    Instead of encrypting your entire drive and operating system you can encrypt just the data that matters, /home/ Full disk encryption (FDE) vs. data only /home/ + swap – FDE cannot survive a remote reboot because it asks for the password before the system is fully running. – FDE is more secure in the sense…

  • Flashing om1p with stock openwrt

    I have many open-mesh OM1P units laying around from failed wireless projects. Needless to say I’m not a big fan of open-mesh and have some other projects in mind for this hardware. It was a painful process but well worth it. Now I have nice little OpenWRT units for any hacking pleasure. I have made…

  • OpenVPN on VyOS

    OpenVPN Client/Server Implemenation ==== key signing ==== You can host the certificate authority on the vyos device itself. This is obviously not as secure as hosting it on a separate system. If someone was to get into the vyos they would have access to all your keys and would be able to sign new keys…

  • Apache, MySQL and WordPress install script

    After lots of laborious manual installs and much motivation from my buddy Damian of Mindshare, I decided to write a little script to quickly install and setup a typical environment for WordPress. This script does the following: – install apache, php and mysql – activate typical apache modules – create directories – download and un-tar…

  • OpenVPN on the OpenWRT

    This outlines a typical VPN implementation with server, clients and routing. Using Attitude Adjustment 12.09. Although, this should work on any new version of OpenWRT. Last tested on version 17. Start by ssh’ing into the router and installing packages. root@myWRT:~# opkg update root@myWRT:~# opkg install openvpn-openssl openvpn-easy-rsa Create a “openvpnconfig” directory under config and move…

  • OpenWRT, Access Point only config. LAN and PUBLIC wireless on an existing subnet

    In this scenario we will be implementing a openWRT as a wireless access point only. One wireless essid will be LAN accessible and the other will be segregated from the LAN but able to access the WAN. The openWRT in this example will not be the gateway to the network. Another device is the gateway…

  • OpenWRT setting up a public wireless access that is firewalled from the LAN

    In this post I will outline how to use zones to create public firewalled networks. A device that can bring up multiple interfaces per radio is very attractive here. One essid for private wireless and another for open public wireless. The Atheros ath9k chipsets are very well supported in this regard because they are free…

  • Setup PPTP server using OpenWRT

    DON”T USE PPTP ITS INSECURE!! USE OPENVPN or WIREGUARD INSTEAD.  TUTORIALS -> http://jasonschaefer.com/openvpn-on-the-openwrt https://jasonschaefer.com/wireguard-vpn-on-openwrt/ That said, if you want to setup pptp on the openwrt here is a guide. The router is Backfire 10.03.1 at address 192.168.11.1/24. This configuration will setup the PPtP VPN server and it should be pointed out that its not a…

  • Public Key Authentication in OpenWRT using dropbear sshd

    UPDATE: The easiest way to do this is through the web interface (LuCI). System -> Administration -> SSH-Keys. Paste your public key (~/.ssh/id_rsa.pub) and click “Add key” I’ve been using so many openwrt devices lately I wanted to setup my public ssh key on each device so I can auto login. Also, I can setup…

  • SpamAssassin training and spam cleanup script

    Spam is a constant battle as it is ever changing and always creeping into your Inbox. Spam wrangling is only effective with proper training, SpamAssassin does a decent job out-of-the-box but needs users input to truly be effective. This script will run SpamAssassin’s built in sa-learn tool against users known spam and known ham. With…

  • Simple tracking of top memory users over time

    I have a Dreamhost VPS account and have been running out of memory and experiencing the dreaded forced reboots dh impose. I found it difficult to identify the offending sites that take up all that memory on my server. Every time I login and run top it was too late or I would find a…

  • Backup Scripts in bash and batch

    Here is a bash script that I use to do simple and transparent backups of all sorts of data. I use it primarily to backup to multiple external hard drives, plugged in via USB. It uses regular mount or gnome volume manager. It also sends logs via email using “mail” and a local MTA like…

  • Random Tech Notes

    Here are some random notes that I find useful. I also tend to forget and use as reference. == LINKS == iproute2 cheat sheet by dmbaturin http://baturin.org/docs/iproute2/ The MTU/MSS calculator, encapcalc Speedtests The BEST -> http://www.dslreports.com/speedtest https://www.speedtest.net http://compari.tech/speed SpeedOf.Me bandwidthplace.com data transfer calculator http://techinternets.com/copy_calc [] Vim reference :e filename (open filename) :q! (quit, don’t save)…

  • Installing OpenVPN client on Windows

    These are the manual instructions for installing and configuring OpenVPN client. After having many problems over the years with openvpn gui breaking, I have devised a reliable work around. Create the following batch script, name it something like ovpnConnect.bat, and right click to “Run as Administrator”. This does require the openvpn gui from openvpn.net to…

  • * Creating a custom wordlist for john the ripper

    I wanted a larger wordlist than the default /usr/share/john/password.lst, with only 3115 words. Openwall sells a really great wordlist, but if you don’t need anything that fancy you can follow these instructions. The apt-get bit is debian specific. I will install dictionaries and then concatenate them all into one file, remove duplicates, lower case and…

  • Flashing a BIOS update using only free tools (FreeDOS, etc)

    The wonderful world of motherboard BIOS updates, is still old fashioned. Updates are often still built for Microsoft Windows environments. Those of us who don’t have MS Windows, DOS, a floppy drive, an install of Windows 98 to create a bootable floppy, or cheesy Pâté for that matter ….. Here is a way one can…

  • Transition away from MBR to GPT booting

    Recently, I was installing debian on a new server and grub2 would not install gave me this error: “This GPT partition label has no BIOS Boot Partition; embedding won’t be possible! grub-setup: error: Embedding is not possible, but this is required when the root device is on a RAID array or LVM volume.” Of course,…

  • Thunderbird & Lightning | contacts, calendar, mail syncing for gmail

    . Automatic email setup add-on: Gmail IMAP Account Setup THUNDERBIRD VERSION 3 HAS NATIVE SUPPORT FOR GMAIL. Manual email instructions: Setup Thunderbird according to gmail’s imap instructions At the bottom of gmail’s instructions you will see “recommended settings“. Don’t follow the first recommendation, regarding deleting. Instead of actually (permanently) deleting email we can have it…

  • Spoof MAC address in Windows or gnu/linux

    start -> run -> regedit make a backup, if you want. goto: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318} look through the list of subkeys (0000, 0001, etc) DriverDesc keyword will tell you which network adapter. For example, “NVIDIA nForce Networking Controller” when you find it, right click and add -> new -> string value new keyword: Value Name: = NetworkAddress…

  • Free Wireless in Santa Fe, NM

    Here is a list of free wireless spots in Santa Fe. I’m sure I will miss some or make errors, please let me know. I don’t list locations that use a password, as it irritates me when people inconvenience patrons for some ignorant reason. * Santa Fe Baking Company (one of the first and best…

  • Linux-Libre and Realtime patch

    I wanted to share some notes on patching the Linux Libre kernel with realtime capabilities. The Linux-Libre project pulls out all the un-free bits from standard Linux. Contrary to popular belief, Linux has many non-free parts, small binary or obfuscated pieces of code for various hardware. I have a Lenovo T61 laptop. I removed the…

  • Silverlight (Microsoft) and Moonlight (Novell) Digital Restrictions Management frustrations

    Moonlight is a Free implementation of Microsoft Silverlight. Its a Mono project, http://www.mono-project.com/Moonlight. I have read rumors that 2.0 will have support for Netflix. I went to install the 2.0 dev (currently 1.99.5). Logged into netflix and was denied. I was confused because moonlights dev website says that 1.99.5 is complete except for bug testing…

  • OpenWRT, firewall to block public wireless users from private lan behind wan

    The updated and more flexible way to do this is outlined here. It also requires updated hardware. The wrt54gl only supports openwrt v10 (backfire). I would like to add that despite the wrt54gl literally being ancient, its still a rock solid device today. Of course, only if openwrt is installed! A while ago Second Street…

Got any book recommendations?

Get In Touch