Slow Cruisin’

These days Bikerpapa often needs to doctor computers for the clueless secretaries in a remote site about 300 miles away. It’s too far to drive and too expensive to fly for minute IT problems, so Bikerpapa wants to experiment with a VPN solution that allows him to sit at home and fix things right away for those secretaries when something goes wrong. If certain problems can be taken care that way, then Bikerpapa can save his company some travel expenses. And the secretaries get their problems solved much faster, too. Best of all, Bikerpapa can sit at home and diagnose problems with a good cup of latte in his hand. Slow cruisin’ indeed.

The thought of using VPN occurred to me when the remote site finally got a broadband satellite internet connection last week. After some casual usage, I thought it was still a bit slow compared to normal ADSL in the cities but the speed is probably adequate for VPN sessions consisting of low bandwidth tasks such as firing up ssh shells on remote servers that reside on the remote site’s LAN.

In this guide Bikerpapa sets up a remote client to gateway VPN using Mac OS X Tiger 10.4 and the Linksys RV042 VPN router. Since Bikerpapa has never setup a VPN before, he encountered many pitfalls along the way. Now that I’ve got something basic working, I hope this guide that might be of use to some clueless VPN soul somewhere using the same OS and hardware.

• Hookup the VPN router with a real IP address: the Linksys manual doesn’t mention jack about this, but it is extremely important that the VPN router get a real IP address (i.e. an IP address reachable directly from anywhere on the internet) from the ISP instead of the usual 10.0.1.* or 192.168.1.* address obtained by DHCP from a ADSL/Cable Modem with NAT enabled. If your ISP requires PPPoE to establish a session, make sure it is your VPN router doing the PPPoE connection. This case requires you to have installed your ADSL modem running “Bridge mode” (instead of “Router mode”) beforehand. Of course, you will also need to enter the necessary PPPoE info (username, password) into your VPN router. (Don’t worry about the VPN settings just yet. Read on.)
• Which VPN client on Mac OS X? To establish VPN tunnels between a client computer running Mac OS X, and RV042, you need a VPN client on Mac OS X that is capable of doing either IPsec (not the same thing as L2TP over IPsec) or PPTP, since those are the only two VPN protocols that RV042 supports.
  • PPTP: The good news is that PPTP is supported by Apple in Mac OS X Tiger’s Internet Connect application. The bad news is that to use PPTP your Mac client computer must not be hidden behind a NAT gateway in order for it to work. Also PPTP is less reportedly less secure than IPsec but for the road warrior who is not likely to establish a VPN connection 24/7 it is probably OK.
  • IPsec: VPN Tracker ($90 USD) by equinux supports IPsec. (A 30-day trial version is available.) The good news is that your Mac client can be behind a NAT gateway and still work, thanks to IPSec. The bad news is that VPN Tracker is quite pricey for what it does, but probably because there isn’t much competition out there. (Hint to Mac developers!). But I do want to give equinux credit for simplifying the VPN process; the setup is a snap because equinux provide easy-to-follow setup guides for many different VPN routers.

  Update: IPsec: IP Securitas 3.0 also works, albeit one needs to play around with the setup to get the software working with RV042. Right now the program is in release candidate and the good news is that it is donation-ware. VPN Tracker is much easier to setup and the phase 1/2 negotiation process seems much faster than IP Securitas 3.0. But once IP Securitas connects, it works fine and that is what I recommend for now since it is free. (I do recommend a donation to keep the authors motivated.)

• Setup VPN router and Mac for PPTP: In RV042’s VPN->PPTP Server tab, click on Enable PPTP Server. Then enter a username/password pair below. Afterwards, fire up your Mac client’s Internet Connect program, add a VPN (PPTP) setting and configure the exact same information you just entered in RV042. Remember, your Mac client mustn’t be behind a NAT router for this to work.
• Setup VPN router and Mac for IPsec: Assuming that you are using VPN Tracker, please follow the helpful online guide released by equinux on this subject. If you are using IP Securitas 3.0, you can still follow the VPN Tracker guide to set the RV042, then make the following settings in the software as follows:

  General:
  Remote IPsec Device: remoteserver.ip
Local Side Endpoint Mode: Host
Local Side IP Address:
Remote Side Endpoint Mode: Network
Remote Side Network Address: (e.g.) 192.168.1.0
Remote Side CIDR: 24


  Phase 1:
  Lifetime: 8 hours
DH Group: 768(1)
Encryption: DES
Authentication: MD5
Exchange Mode: Aggressive
Proposal Check: Strict
Nonce Size: 16


  Phase 2:
  Lifetime: 8 hours
PFS Group: 768(1)
Encryption: check DES/3DES/AES 256/AES 192/AES 128
Authentication: check HMAC MD5


  ID:
  Local Identifier: FQDN ( (e.g.) enter "vpntracker" in the blank textbox)
Remote Identifier: Address
Authentication Method: Preshared Key
Preshared Key: (e.g.) secretkey


  DNS:
  Use default values

  Options:
  Check only the following: IPSec DOI / SIT_IDENTITY_ONLY / Initial Contact / Generate Policy / Support Proxy / Request Certificate / NAT-T: Disable

Notes:

• The RV042 features a built-in PPTP server but you need to install the latest firmware. (Firmware version 1.3.7.10 or later.)

Questions:

• Can RV042 reside behind a NAT router and VPN would still work?

This post joins the millions of “Hotmail Sucks” posts. My reasons:

• No tools offered by Hotmail to export contacts into csv or vcard files
• No POP3 email support for non-Microsoft email clients
• No auto-forwarding to another email address

In effect, hotmail.com want to make it difficult for you to switch webmail providers, because the above features make it easy for email users to lessen dependence to just one provider. But it is because of such flexibility that I use Gmail. I want to be able to import and export contacts to and fro my computer to my webmail. I want to download and backup my webmail in my computer. I don’t need it now but there might be a day when I want to enable automatic forwarding of my webmail to another email address. Gmail does all these things, Hotmail doesn’t at all.

On top of that, one can force Gmail to send email in Unicode (UTF-8). For people who write in multiple languages in one email, that is the only way to go. I couldn’t find this setting in Hotmail. So, Hotmail sucks!

Finally took the time out to migrate my spam-laden Movable Type site to wordpress.com. I am also officially out of blogging semi-retirement.

For a while I debated paying Movable Type for their latest version 3.x. The MT 2.6 that I was using for my previous blog was last of the free MT installations and I thought I should at least give their latest paid version a try. But then I am convinced not running my own blog installation for the reasons 1) having to do my own upgrade everytime is not fun anymore, 2) and the time wasted on such drivel can be better spent on family or watching Doraemon DVDs.

And here are the other advantages of WordPress.com:

1. free (for the most part)
2. for the author of the blog, effortless shifting between editing mode and viewing mode in the same browser window
3. dashboard and the posting editor is well designed and thought out; preview in the editing window is great!
4. multiblog, multiuser
5. they upgrade new versions for you, saving you time
6. seems to be effective in dealing with spam comments
7. simple to use, yet feature rich
8. AJAX effects works great on Firefox - like those slick google apps
9. good selection of themes

Happy re-blogging to me!

So biker got his papa a spanking new Apple Powerbook. Biker papa’s been a Windows users for years, his last laptop being an IBM Thinkpad X30 running Windows XP. Biker papa’s most heavily used app in Windows XP is of course Outlook Express 6 (OLE6). To help papa for the email transition, biker found an easy way to migrate papa’s email and address book from OLE6 to Apple Mail 2.0: use Mozilla’s Thunderbird email client as an intermediary.
Read the rest of this entry ?

In the previous post here I blogged about installing linux on my dad’s old Compaq Presario 1810 to use as a mail/web machine. I also mentioned that the system clock kept defaulting back to 1998 if I leave the machine unplugged too long. It’s very annoying to have to adjust the clock every time I boot, and a local service center wanted a whopping $25 to change the CMOS clock battery. $25 can buy me roughly 50 bowls of duck noodles so I decided to see if I could change it myself.
Read the rest of this entry ?

My old man’s Compaq Presario 1810 laptop had been sitting in the storage room for a few years now. A quick boot last week showed that it still boots and LCD is looking fine (testament to Compaq’s sturdy built quality.) Seemed like a waste to give it away, so what to do?

It so happened that I needed a computer just for writing email at the office on days when I am too lazy to lug my Powerbook around. The Compaq boots up to Windoze 98. Time to revive my Linux skills (haven’t touched it for two years after becoming a Mac User.)
Read the rest of this entry ?

Mac OSX includes the popular unix tool cvs for source version control, which is useful for keeping versions of your software (or even writing) project. I have used rcs many years ago and was comfortable with a command line approach, so I decided to try cvs on my Mac. Here’s what I know so far about cvs. (Updates may follow later.)
Read the rest of this entry ?

I have finally found a decent looking blog client for Mac OS X and Movable Type.
Will test it for two weeks and see what happens.

Ecto can be downloaded here.

It’s Slow Cruisin’. Effective Today.

Whew, long day today at school. Looking forward to a nice Japanese dinner with wife and mom.
Read the rest of this entry ?