VPN using Mac OS X and Linksys RV042

These days Bikerpapa often needs to doctor computers for the clueless secretaries in a remote site about 300 miles away. It’s too far to drive and too expensive to fly for minute IT problems, so Bikerpapa wants to experiment with a VPN solution that allows him to sit at home and fix things right away for those secretaries when something goes wrong. If certain problems can be taken care that way, then Bikerpapa can save his company some travel expenses. And the secretaries get their problems solved much faster, too. Best of all, Bikerpapa can sit at home and diagnose problems with a good cup of latte in his hand. Slow cruisin’ indeed.

The thought of using VPN occurred to me when the remote site finally got a broadband satellite internet connection last week. After some casual usage, I thought it was still a bit slow compared to normal ADSL in the cities but the speed is probably adequate for VPN sessions consisting of low bandwidth tasks such as firing up ssh shells on remote servers that reside on the remote site’s LAN.

In this guide Bikerpapa sets up a remote client to gateway VPN using Mac OS X Tiger 10.4 and the Linksys RV042 VPN router. Since Bikerpapa has never setup a VPN before, he encountered many pitfalls along the way. Now that I’ve got something basic working, I hope this guide that might be of use to some clueless VPN soul somewhere using the same OS and hardware.

• Hookup the VPN router with a real IP address: the Linksys manual doesn’t mention jack about this, but it is extremely important that the VPN router get a real IP address (i.e. an IP address reachable directly from anywhere on the internet) from the ISP instead of the usual 10.0.1.* or 192.168.1.* address obtained by DHCP from a ADSL/Cable Modem with NAT enabled. If your ISP requires PPPoE to establish a session, make sure it is your VPN router doing the PPPoE connection. This case requires you to have installed your ADSL modem running “Bridge mode” (instead of “Router mode”) beforehand. Of course, you will also need to enter the necessary PPPoE info (username, password) into your VPN router. (Don’t worry about the VPN settings just yet. Read on.)
• Which VPN client on Mac OS X? To establish VPN tunnels between a client computer running Mac OS X, and RV042, you need a VPN client on Mac OS X that is capable of doing either IPsec (not the same thing as L2TP over IPsec) or PPTP, since those are the only two VPN protocols that RV042 supports.
  • PPTP: The good news is that PPTP is supported by Apple in Mac OS X Tiger’s Internet Connect application. The bad news is that to use PPTP your Mac client computer must not be hidden behind a NAT gateway in order for it to work. Also PPTP is less reportedly less secure than IPsec but for the road warrior who is not likely to establish a VPN connection 24/7 it is probably OK.
  • IPsec: VPN Tracker ($90 USD) by equinux supports IPsec. (A 30-day trial version is available.) The good news is that your Mac client can be behind a NAT gateway and still work, thanks to IPSec. The bad news is that VPN Tracker is quite pricey for what it does, but probably because there isn’t much competition out there. (Hint to Mac developers!). But I do want to give equinux credit for simplifying the VPN process; the setup is a snap because equinux provide easy-to-follow setup guides for many different VPN routers.

  Update: IPsec: IP Securitas 3.0 also works, albeit one needs to play around with the setup to get the software working with RV042. Right now the program is in release candidate and the good news is that it is donation-ware. VPN Tracker is much easier to setup and the phase 1/2 negotiation process seems much faster than IP Securitas 3.0. But once IP Securitas connects, it works fine and that is what I recommend for now since it is free. (I do recommend a donation to keep the authors motivated.)

• Setup VPN router and Mac for PPTP: In RV042’s VPN->PPTP Server tab, click on Enable PPTP Server. Then enter a username/password pair below. Afterwards, fire up your Mac client’s Internet Connect program, add a VPN (PPTP) setting and configure the exact same information you just entered in RV042. Remember, your Mac client mustn’t be behind a NAT router for this to work.
• Setup VPN router and Mac for IPsec: Assuming that you are using VPN Tracker, please follow the helpful online guide released by equinux on this subject. If you are using IP Securitas 3.0, you can still follow the VPN Tracker guide to set the RV042, then make the following settings in the software as follows:

  General:
  Remote IPsec Device: remoteserver.ip
Local Side Endpoint Mode: Host
Local Side IP Address:
Remote Side Endpoint Mode: Network
Remote Side Network Address: (e.g.) 192.168.1.0
Remote Side CIDR: 24


  Phase 1:
  Lifetime: 8 hours
DH Group: 768(1)
Encryption: DES
Authentication: MD5
Exchange Mode: Aggressive
Proposal Check: Strict
Nonce Size: 16


  Phase 2:
  Lifetime: 8 hours
PFS Group: 768(1)
Encryption: check DES/3DES/AES 256/AES 192/AES 128
Authentication: check HMAC MD5


  ID:
  Local Identifier: FQDN ( (e.g.) enter "vpntracker" in the blank textbox)
Remote Identifier: Address
Authentication Method: Preshared Key
Preshared Key: (e.g.) secretkey


  DNS:
  Use default values

  Options:
  Check only the following: IPSec DOI / SIT_IDENTITY_ONLY / Initial Contact / Generate Policy / Support Proxy / Request Certificate / NAT-T: Disable

Notes:

• The RV042 features a built-in PPTP server but you need to install the latest firmware. (Firmware version 1.3.7.10 or later.)

Questions:

• Can RV042 reside behind a NAT router and VPN would still work?

Fagor CR-1000 Espresso Machine

Fagor CR-1000

The Fagor CR-1000 is a very simple pump-driven espresso machine.

Features

• up to four cups filter holder and glass carafe
• steam nozzle for frothing of milk
• a modal knob selecting whether you want espresso or steam or off
• inexpensive; I paid about $50 USD for it

Verdict
If you love espresso and your home enjoys visits from an occasional espresso-loving guest or two this is just the machine. The unit does not have any high tech programmable features, just a simple modal knob on the right. Turn it one way to have the unit brew espresso (about 5 minutes for 4 cups); turn it the other to froth some milk with the steam nozzle. It will probably outlast those fancy $500+ espresso machines with LCD interfaces and computers.

So far I have run some high-grade Brazilian beans and New Mexico beans through the unit and tasted fine, either as is or in latte form. But I don’t have any other unit to compare it to so I can’t offer any comparison reviews just yet. My upstairs neighbor has an Italian stovetop espresso that I can probably borrow to compare tastes. Eventually I would like to try out a La Pavoni or a Presso though!

The only problem with this unit is its small capacity (4 small cups of espresso at a time). Also, the steam nozzle of CR-1000 is of a bent design so that one cannot use a measuring cup that is too deep, hence limiting the amount of milk that can be frothed each time. If you often make espresso/lattes for more than four people then a bigger unit with the ability to store and grind beans would be a godsend.

Nikon Prime Lenses, Manual Focus

So the Nikon F3 is on my list of tools for a wandering photographer. But a SLR camera body is useless without lenses.

Many people prefer travelling with zoom lenses, because one zoom lens nowadays can double (or even triple) as three prime lenses, thus saving weight and space in their travel bags. The downside for zooms are that they are not great in low light situations because their designs call for a smaller max. aperture. So if one uses films in the ISO 100 to 400 range, handheld speeds of 1/30 sec or less at max. aperture are the norm at around dawn and dusk (the period of the day with most dramatic light), but photos taken at such speeds, handheld, are subject to the dreadful vibrations. One can also use a tripod, except it is a bore to carry.

If you like to take pictures around dusk and dawn but don’t like lugging a tripod, then prime lenses with maximum F2.0 apertures are your best friend. Since I use a F3, which is a manual focus body, I like to pair it up with the following manual (AI-S) Nikkors: 35mm F2.0, and 50mm F1.8. They all have wonderful optics, and are inexpensive and plentiful in the used market, and they all share 52mm filters. Best of all, they are all compact and I won’t get shoulder pain after a day of shooting.

And to round out the wide and medium telephoto ends of my arsenal, I usually take the 24mm F2.8 and 105 F2.5 with me as well. These are less suitable for low light situations due to the smaller max aperture, but they are also lightweight and share 52mm filters.

So here they are:

24mm f2.8

35mm f2.0

50mm f1.4

105mm f2.5

Here is where it gets fun. If I just want to take 3 lenses for street photography, I would choose the 24mm, 50mm and 105mm. If I want to shoot portraits, then I would go for the 50mm, and 105mm. If I only want a lens for a day out but don’t have any subject in mind, I would pick the 35mm. But my ultimate kit for travel photography would be 24mm, 35mm, 50mm and 105mm.

Nikon F3

Nikon F3

I own quite a few cameras, but one that deserves honorable mention here goes to the Nikon F3 as the ultimate camera for wanderlust.

To begin, the F3 – Nikon’s flagship for most of the 80s – is built tough, its controls simple and easy to manipulate (with the exception of the ISO setting when the flash is mounted), and its feature set more than adequate for the travel photographer. It also looks quite good.

You will find a fair share of war stories regarding the durability of the F3 on the internet. Mine is no different; I have dropped it by accident a couple times; as a result, it has a few dents on the body, but that has never stopped it from working. Looking inside, you will find a horizontal-travel cloth-shutter curtain that can be found in Leicas as well. These shutter curtains are known for their reliability, and Nikon F3’s shutter reportedly has a MTBF (mean time between failure) of 150,000 shots. To put things into perspective, if I shoot a roll of film a day it would take about 11 years to reach the MTBF.

The camera – perhaps because it was released in the early 80s – does not get loaded with unnecessary bells and whistles. You get to control the shutter speed, aperture, and focus. Should you need help with exposure you can always shift to the A (aperture-priority) mode in which the camera decides the best shutter speed for the selected aperture. I also use the depth of field preview quite often, which is well-placed and can be activated almost instantly with my middle finger. You will have to advance the film after each shot (using the silky smooth winder shaft). When you finish a roll there is no motor to help you rewind (unless you use the motor drive – which I don’t.) But I consider that a plus because you don’t need to waste battery power and for travel photography it is not important for me to have automatic film rewind.

But what I find best about the F3 is the finder. It’s bright, and offers great eye relief (i.e. my eyes do not need to be touching the eyepiece in order to see the entire screen) and has 100% coverage. Hence the finder makes it quite easy to focus, even with wide angle lenses. Enough cannot be said about the importance of having a good finder; it really makes a difference in my photography. Face it; if a finder stresses your eyes after ten minutes of photo-taking then what are the chances of getting a good picture after that?

All of this in a very manageable size and weight is perhaps what makes the F3 one of the best cameras for traveling. Sure there can be improvements but none that would hinder my photography: the flash socket, should you need to add a flash, is awkwardly placed. My style calls for a spot meter, but thanks to the F3’s 80/20 evaluative algorithm when placed in A mode, it can be used as a rough spot meter with some thinking. Finally, F3’s dependence on batteries may be inconvenient but that’s why I always keep spares. As it is the camera hardly consumes the battery; a pair of LR44 (about $2 to $3 USD) will last me a few months of regular shooting. Keep another pair of backup LR44 and that would cover at least half of year of shooting, if not more.

If I ever had the money I would not mind trying the Leica M viewfinder cameras, known for their quietness and unobtrusiveness but as it is the Nikon is a much cheaper alternative (a nice used F3 body can be found around $500) and Nikon lenses cheaper still than its counterpart (yet not in terms of quality.) Within the Nikon product line itself I find the FM3A – which employs a hybrid electronic mechanical shutter – very attractive for wanderlust but its finder is inferior to the F3 in terms of coverage and eye relief.

If my F3 does give up – however unlikely – you can count on me to buy another F3 to replace it.