Digital Ocean Droplet Private VPN, bugs in Loader.pm and dissapointment

So I finally fixed (sort of) the bug in my script hashtree. There was a “greedy” regexp in Loader.pm that was gobbling up all the white space which led to errors copying files that had multiple spaces.

I don’t think the fix will be ever up streamed to CPAN as it is an old bug, so I may have to find a long term fix. But precisely 0 people besides myself use my script so…

For those interested the bug is here:
https://github.com/ingydotnet/yaml-pm/pull/172/commits/d8737f3458c469d688e7c6224553b6bffd4f51e5
Screenshot_2017-12-01_12-40-49.png

Now my program is working fully I was able to compare all the data on two 800GB hard drives and was sorely disappointed that ext4 hadn’t destroyed any of my data.

I then wiped one hard drive and put ZFS on it and copied the data back.
Screenshot_2017-11-26_10-52-27.png

I also recently setup up a private VPN on my FreeBSD Digital Ocean droplet. The setup was not that difficult and the speed through the VPN is actual in most cases faster than my regular internet – go figure.

The setup up is pretty simple:
1.) install openvpn via “pkg install openvpn”
2.) add the following to /etc/rc.conf by issuing the command:
# sysrc openvpn_enable=”YES”
3.) copy easyrsa files:
# cp -r /usr/local/share/easy-rsa /usr/local/etc/openvpn/easy-rsa

cd to that directory
Initiate the directory:
# ./easyrsa.real init-pki
Create Certificate Authority
# ./easyrsa.real build-ca
Build certificates:
# ./easyrsa.real build-server-full openvpn-server nopass
Check if it worked:
# ./easyrsa.real show-cert openvpn-server

Build client certificate(s):
# ./easyrsa.real build-client-full (name)

Finally generate Diffie Hellman file:
# ./easyrsa.real gen-dh

Make the keys directory:
# mkdir /usr/local/etc/openvpn/keys
Move the keys there:
# cp pki/dh.pem \
pki/ca.crt \
pki/issued/openvpn-server.crt \
pki/private/openvpn-server.key \
/usr/local/etc/openvpn/keys
Move these to the client:
pki/ca.crt
pki/issued/.crt
pki/private/.key
ta.key (if configured with TLS)

4.) add the following to /usr/local/etc/openvpn/openvpn.conf
remote-cert-tls client
port 1194
proto udp
dev tun
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/openvpn-server.crt
key /usr/local/etc/openvpn/keys/openvpn-server.key # This file should be kept secret
dh /usr/local/etc/openvpn/keys/dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS 208.67.222.222”
push “dhcp-option DNS 208.67.220.220”
duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

5.) Secure the directory so its root read/write only:
# chmod -R 700 /usr/local/etc/openvpn
6.) start openvpn:
# service openvpn start
7.) Check /var/log/messages for any errors or warning messages.

Configuring a client is easy. Just copy the files add openvpn enable to rc.conf and add the following to /usr/local/etc/openvpn.conf
client
askpass /usr/local/etc/openvpn/homevpn.pass
dev tun
proto udp
remote fbsd.droplet 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3

You will need to add your password to the file indicated above and add a host entry for your sever in /etc/hosts.

If you run into trouble try these articles:
https://www.digitalocean.com/community/tutorials/how-to-configure-and-connect-to-a-private-openvpn-server-on-freebsd-10-1
https://ramsdenj.com/2016/07/25/openvpn-on-freebsd-10_3.html

If you want to run it on and Android phone all you need to do is put all the files into a single directory (all the keys) and then move openvpn.conf to openvpn.ovpn and select “import from sd card” then click on the openvpn.ovpn file. Make sure all settings in the config file point to the correct names of each file.

2017-12-01 22.53.35.png

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s