for keeping track of my digital experiments

This will get vmware going on your Debian 5 box.

add “contrib non-free” after “main” to the various lines in your /etc/apt/sources.list file

before running the vmware installer, do some dependency installs: apt-get install gcc g++ make perl psmisc linux-headers-`uname -r`

download from: https://www.vmware.com/tryvmware/p/download.php?p=workstation-l. login or register then select your download. I suggest installing via the rpm, in which case: apt-get install alien.

converting the rpm to a deb takes about 15 minutes, but it is easier than installing from a tarball (.tar.gz).
alien --to-deb --scripts [vmware-rpm-name].rpm
after about 1-5 minutes should output a deb file
at which point run the command: dpkg -i [vmware-pkg-name].deb
take another 5-10 minutes to install all the files

start via vmware command, be sure to be connected via vnc or in some sort of X-Window environment.

It is rather problematic accessing resources on my home development cluster when I am in other locations. After witnessing the functionality of my Dad’s work VPN, I figured why not have a whack at a VPN setup. SSH tunneling just does not cut it in some cases. In this walk through, I will be installing OpenVPN on a minimal Debian Linux 4.0 installation on a 1.5GHZ/1GB RAM/12 GB hard drive host node. I tried doing this on a OpenVZ virtual node, and it did not work too well dealing with all of the low level (virtual) hardware calls, linux kernel dependencies, and creating a bridged interface within a bridged interface. Use a physical server!

System Requirements

1. A computer that meets the following minimum system requirments: 300MHZ, 128MB RAM, 2GB HDD
2. Some sort of Linux installation on said computer. I’ll be using Debian Linux so those of you using Ubuntu, Slackware, Mandrake or any other distro with apt-get luckily won’t have to compile from source (too often).
3. Root terminal access to the computer (via ssh or KVM)
4. Knowledge of IPv4 routing in your Local Area Network
5. YOU NEED bridge-utils (apt-get install bridge-util)! Try and get any of this going without this package and your ifconfig setup will implode! It happened to me both times I tried this because I FORGOT!!!

Downloading and Installing OpenVPN

1. Use your built-in repository application. In my case “apt-get install openvpn openssl” and I was good to go. For some reason, even though openssl is required for setting up a secured VPN connection, it wasn’t auto-included. For more information on downloading and installing on RHEL based systems (CentOS, OpenSUSE, Red Hat, Fedora) see the OpenVPN howto.
2. Then determine whether you want to use routed or bridged mode: http://openvpn.net/index.php/documentation/howto.html#vpntype
3. Now copy the contents of “/usr/share/doc/openvpn/examples/easy-rsa/” to some place more accessible and so to keep a backup copy of the original. I moved it to “/etc/openvpn/”.

The setup on the server (needs openssl installed first)

1. Get into the new copy of your “easy-rsa” directory and run the following commands to get your server’s Certificate Authority ready.
   

   . ./vars
./clean-all
./build-ca

   According to the documentation on openvpn.net:

   The only parameter which must be explicitly entered is the Common Name. [...] I used “OpenVPN-CA”.

2. Now build the server key: ./build-key-server server. According to the documentation:
   

   When the Common Name is queried, enter “server”. Two other queries require positive responses, “Sign the certificate? [y/n]” and “1 out of 1 certificate requests certified, commit? [y/n]“.

   Enter “y” for both to continue.

3. Build the various client keys and certificates: ./build-key clientn. Where “n” is a integer.
   

   Remember that for each client, make sure to type the appropriate Common Name when prompted, i.e. “client1″, “client2″, or “client3″. Always use a unique common name for each client.

4. Now execute, “./build-dh“, to build the necessary Diffie-Hellman parameters.
5. To add a further level of security with a HMAC signature, generate a key for tls-auth by running “openvpn --genkey --secret ta.key” while in your new “easy-rsa/keys” directory. See the section in the documentation on Hardening OpenVPN Security.
6. Finally copy the various generated keys and certificates to the various hosts that will be utilizing the virtual private network. See below table obtained from: http://openvpn.net/index.php/documentation/howto.html#pki.
   

   Filename	Needed By	Purpose	Secret
   ca.crt	server + all clients	Root CA certificate	NO
   ca.key	key signing machine only	Root CA key	YES
   dh{n}.pem	server only	Diffie Hellman parameters	NO
   server.crt	server only	Server Certificate	NO
   server.key	server only	Server Key	YES
   client1.crt	client1 only	Client1 Certificate	NO
   client1.key	client1 only	Client1 Key	YES
   client2.crt	client2 only	Client2 Certificate	NO
   client2.key	client2 only	Client2 Key	YES
   client3.crt	client3 only	Client3 Certificate	NO
   client3.key	client3 only	Client3 Key	YES

Configuration Files and the Rest
From here on out the rest of the documentation (on setting up configuration files and running OpenVPN) is pretty self explanatory. I don’t really want to take the time and re-create the end of the tutorial.

For those of you who don’t know about DirecTV2PC … check it out! It’s pretty awesome (if you have a Windows PC and a DirecTV DVR).

Here is what I did to get DirecTV2PC working in my Local Area Network with two HR20 set top boxes.

1. Go to http://www.directv.com/directv2pc and click the Download Beta button on the right side of the page
2. When the pop-up comes up, click Continue to Beta download
3. Click Download Now to download the DirecTV PC Playback Advisor application to see if you pc is up to running the DirecTV2PC application.  Once you finish the download run the installation and then run the application. The application sometimes falsely identifies your system specs. As long as your PC is running Windows XP with Service Pack 2 or Windows Vista with Service Pack 1, a 2Ghz processor, and 512MB ram you should be good to go.
4. If you PC passes the application or you believe it should be able to handle the application according to the rules of thumb  I laid out in the previous step, then enter your name and email on the page and click the Submit button. The DirecTV2PC application download will then start. It is a 32 MB file, but it may take awhile to download. The average speed I rolled for the download was 20kb/sec. It took about 30 minutes to download … atrocious! Once your download completes, you will be sent an activation code to the email you provided earlier. Edit (1/22/2009): You only have to start the download, then you will be emailed an activation code. I put the application up on my data server, and you can download the DirecTV2PC app here. You will get a better download speed than 20kb/sec!
5. Run the installer and fill out the various fields.
6. Now run the application, for the application to properly activate you will need to:
   • be connected to the Internet
   • open TCP port 443 (incoming and outgoing) on your router’s firewall
   • open your PC’s firewall for the DirecTV2PC application (you should be automatically prompted by Windows)
7. If the application still does not activate properly, that means that your ISP’s DNS servers have not updated Cyberlink’s new IPv4 address for the A record activation.cyberlink.com. (Or Cyberlink is jerking around with their IPv4 addresses again … bah!)
   Here is what you do:
   add exactly what is in quotes: “203.73.94.101 activation.cyberlink.com”
   to the file “c:/windows/system32/drivers/etc/hosts” (if your main hard disk drive is lettered “c”)
8. Enjoy your DVR’s movies!