Fedora on nagg.eu

Remotely unlock a full disk encrypted Fedora 40 server

Sun, 20 Oct 2024 00:00:00 +0000

What I have been doing in 2020 and before doesn’t seem to work anymore, ence it is time to publish a new episode of the saga: how to remotely unlock a full disk encrypted Linux machine.
dracut-sshd still works perfectly even though the surroundings changed a bit.

First step is instructing dracut to add dracut-sshd into initramfs:

$ sudo dnf install dracut dracut-network openssh
$ git clone https://github.com/gsauthof/dracut-sshd.git
$ cd dracut-sshd
$ sudo cp -ri 46sshd /usr/lib/dracut/modules.d

Configure grub to instruct dracut to add networking to initramfs:

Sony WF-1000XM4 on Linux Fedora 35

Thu, 23 Dec 2021 00:00:00 +0000

Last week I converted myself to wireless earphones.
I don’t consider myself an audiophile, I don’t have any deep knowledge of music but I kinda enjoy listening to it.
Because of this I have had a few decent pairs of headphones, earphones and monitor speakers in my life; they all shared a thing: cables.
Last week I pulled the trigger and bought myself my very first pair of wireless earphones: Sony WF-1000XM4.
The main idea was to use them with the phone and maybe with work issued laptop which is running Windows, I did not even thought they would work with my Linux laptop.
But to my biggest surprise they just work on Linux, no fiddling with bluetoothhcl or btmgmt; just enable BT in Gnome settings, long press for 5 seconds on both earphones to activate pairing mode and wait for them to pair.

Thinkpad T480 firmware update in Linux using fwupd

Sat, 23 Oct 2021 00:00:00 +0000

For the most part I never cared much about upgrading firmware because if it works don’t mess with it is usually my rule.
I also don’t care much about having installed the latest version of Intel “““NSA botnet””” Management Engine, it is a piece of trash anyway so I might as well not have the latest updates.
But since I have some issues with the NVME drive (very slow reads, it is most definitely dying) I figured a system wide firmware upgrade wouldn’t be a bad thing.
The interwebz says the best way to upgrade firmware on Linux is using a tool called fwupd; it basically gives the user access to a massive repository of firmware which are provided and signed by hardware companies themselves.
Dealing with closed source crapware and binary blobs always gives some headhace, of course having fwupd working was not free of any hassle: it downloads everything, gives no error/warning, but after rebooting nothing gets installed.

Wireguard VPN Linux and IOS setup guide

Mon, 04 Jan 2021 00:00:00 +0000

Wireguard is an open source software and communication protocol which aims to provide a simpler and safer alternative to OpenVPN.
Compared to OpenVPN both client and server configuration are much simpler and mantaining a PKI is also not required.
Performance wise Wireguard is also faster than OpenVPN.

SERVER: Debian 10 (Codename Buster)

As of today Wireguard is not included in Debian 10 stable repos, so it is required to enable backports to install it:

LUKS encrypted TGT ISCSI target and initiator

Sat, 26 Dec 2020 00:00:00 +0000

After the CentOS fiasco (good job Redhat/IBM) and since we are more or less in lockdown I decided to invest a couple of days to migrate my home infra from CentOS 7 to Debian 10.
One of my physical machines, which was also CentOS 7 based, is used as ISCSI target.

Debian 10 - Server A.K.A. Target

Install the required packages:

$ sudo apt-get install tgt dkms

Create a device backstore:

Remotely unlock a full disk encrypted Fedora 33 server

Tue, 08 Dec 2020 00:00:00 +0000

Last year I blogged on how to remotely unlock a full disk encrypted Fedora/CentOS server.
The software I used, dracut-crypt-ssh, is not supported anymore and stopped working for me on Fedora 32 and 33.
A quick DDG search pointed me in the right direction and made me find a similar software that accomplishes the same task: dracut-sshd.

$ sudo dnf install dracut dracut-network openssh libblkid-devel gcc
$ git clone https://github.com/gsauthof/dracut-sshd.git
$ cd dracut-sshd
$ sudo cp -ri 46sshd /usr/lib/dracut/modules.d

After compiling and installing dracut-crypt-ssh configure grub to instruct dracut to add networking to initramfs:

Microsoft Teams on Fedora and Wayland with screenshare

Mon, 27 Apr 2020 00:00:00 +0000

Since the whole COVID19 pandemic hoax started a couple of months ago, working from home has become the new hip thing every company brags about on every social media known to humankind.
The first step to be able to call yourself a proper COVID19 ready(tm) company is the ability to bother every employees with just a few mouse clicks.
So here we are, with Microsoft Teams(tm) and a lot of other not very secure and massively bloated software elected as the center of the office life.
Coffee break? XYZ software chatroom. Kick-off meeting? XYZ software chatroom. And so on.
Because of my special snowflake syndrome and my deep hatred for all things Microsoft and especially Windows I always end up making my life a bit harder.
After having used Teams in a Windows 10 VM (after all I paid for a license when I got my latest Thinkpad) for a few weeks, I decided it was time to finally try to make it work on my main OS: Fedora 31.
The catch was also that I wanted to do that more or less without installing any third party non free software.
The OS I use is Fedora 31, which comes with pipewire and xgd-desktop-portal both installed and configured out of the box.
Since using the official closed source Electron crapware client was out of the question, the obvious choice was to make Microsoft Teams work in a regular WEB browser.
The situation is the following:

Disable head parking Western Digital drives

Sun, 04 Aug 2019 00:00:00 +0000

Most Western Digital hard drives’ firmware let the heads park themselves after a certain amount of seconds in case the disk is not actively performing any operation.
This might be useful to keep power consumption under control but is actually harmful for disks that run 24/7 (WD Red for example).
Luckily there is a way to disable head parking, this can be done directly from Linux using a tool called idle3ctl.

qemu/KVM PCI passthrough

Sat, 26 Jan 2019 01:00:00 +0000

PCI passthrough is the process of attaching a PCI-E device directly to a VM; CPU support (namely VT-D for Intel and AMD-V for AMD) and motherboard support (IOMMU) are required for PCI passthrough to work properly.
Hardware configuration used:


AMD Ryzen 1700x
Gigabyte X370 K7
Nvidia Geforce GTX260
32 GiB of RAM and a few HDDs
Fedora 29 as host OS

The system only has a single graphic card because it is normally used as headless compute server for which a GPU is not really required; the graphic card is also very very old Nvidia Geforce GTX260 with a standard non UEFI BIOS.
If using an UEFI enabled graphic card it is probably required to install the OS in UEFI mode using a virtual UEFI BIOS.
This guide assumes you already have a working Windows virtual machine and are familiar with libvirt.
First of all, edit GRUB to enable IOMMU and blacklist nouveau kernel module so that the graphic card is not picked up anymore by the host:

Remotely unlock a full disk encrypted Fedora/CentOS server

Sat, 26 Jan 2019 00:00:00 +0000

The idea here is to be able to power on and unlock a remote Full Disk Encrypted (FDE from now on) server.
I will leave the how “remotely power on” to the reader to figure out and focus on the other part.
The easiest way to accomplish it is by using a program called: dracut-crypt-ssh.


$ yum install dropbear dracut dracut-network openssh libblkid-devel gcc
$ git clone https://github.com/dracut-crypt-ssh/dracut-crypt-ssh.git
$ cd dracut-crypt-ssh
$ ./configure
$ make
$ sudo make install

After compiling and installing dracut-crypt-ssh configure grub to instruct dracut to add networking to initramfs:

Resize QCOW2 disk image

Wed, 05 Dec 2018 00:00:00 +0000

QCOW2 disk images can be easily grown using libvirt command line utils.
Unfortunately it isn’t possible to grow QCOW2 images in-place or online.
First of all, power off the virtual machine, grow the file and make a copy of it:


$ qemu-img resize image.qcow2 +200G
$ cp image.qcow2 image-new.qcow2

Identify the specific partion you intend to grow:


$ virt-filesystems -a image.qcow2 -l
Name Type VFS Label Size Parent
/dev/sda1 filesystem ext4 - 536870912 -
/dev/sda3 filesystem xfs - 45885612000 -

Expand the actual partition:

Intel CPU, Hyper-Threading and Spectre STIBP mitigation

Sat, 17 Nov 2018 00:00:00 +0000

Yesterday I was reading phoronix 0 and phoronix 1 articles on STIBP mitigation impact on CPU performance, since I run a pretty old laptop equiped with a Sandy Bridge CPU I figured that I should do my own tests to see how bad things really are or aren’t.

CPU: Intel Core i3-2310M - 2 cores / 4 threads
Motherboard: Lenovo Thinkpad
RAM: 2x4 GB DDR3 @1333 MHz
HDD: Plextor M5pro

OS: Fedora 29 x86_64 with stock kernels

My benchmark of choice is compiling the Linux kernel (version 4.19.2).
What I do is download the kernel version to /dev/shm ramdisk and compile it using the defconfig configuration while checking how many seconds it takes to complete the task.

Xorg present flip failed

Sat, 17 Nov 2018 00:00:00 +0000

In the last couple of months Xorg has been crashing more or less on a daily basis.
What happens is that while you are there browsing the internet, or certain times even doing literally nothing, Xorg crashes and after a second of black screen the user is sent back to the login page.
Hardware configuration of my machine is:


CPU: AMD Ryzen 7 1700x
Motherboard: Gigabyte X370 K7 - BIOS F23d
RAM: 2x16 GB DDR4
HDD: Samsung 850 Pro
GPU: Nvidia GTX260

Monitor 0: Dell U2412M connected via DVI-D
Monitor 1: Dell U2412M connected via HDMI-DVI cable

OS: Fedora 28 and Fedora 29 x86_64
GPU driver: nouveau, various versions
others: varius versions of Linux, Xorg, mesa, etc

I don’t think having two monitors is the culprit nor using a very old Nvidia graphic card is because a friend of mine runs a completely different system (AMD Radeon RX480, single monitor connected using Display Port) and still suffer from the very same problem.
Upgrading from Fedora 28 to Fedora 29 nor installing updates in a timely manner solved the issue for me; searching on the interwebz also did not yeld any result.
After yet another crash, today I finally decided it was time to investigate the issue.
First thing I noticed is that Xorg log file is literally spammed with the following error:

FreeBSD network performance on KVM/Qemu

Tue, 13 Nov 2018 00:00:00 +0000

Today I red an article that was comparing Fedora 29 and FreeBSD 11.2 network performance in a KVM/Qemu environment.
Since I use KVM/Qemu and also Fedora and Freebsd I powered on a couple of vm and did my own tests.
Results are quite interesting, I expected FreeBSD to be faster but it turns out Fedora 29 actually is.
Host system configuration:


CPU: Ryzen 7 1700x @4 GHz
Motherboard: Gigabyte X370 K7 - BIOS F23d
RAM: 2x16 GB DDR4 @3133 MHz CAS 16
HDD: Some Samsung SSD

Operating systems
Host: Fedora 29 x86_64
Fedora VM0: Fedora 29 X86_64
Fedora VM1: Fedora 29 X86_64
FreeBSD VM0: FreeBSD 11.2 x86_64
FreeBSD VM1: FreeBSD 11.2 x86_64

Virtualization techonology: Qemu+KVM
Linux kernel version: 4.18.17-300.fc29.x86_64

What I did was setup 2 hidentical Fedora 29 virtual machines and 2 hidentical FreeBSD 11.2 virtual machines, every one of them had iperf3 installed on it.

GNU TAR and memory caching

Wed, 10 Oct 2018 18:00:00 +0000

Guess it is time to write my first post using Hugo.
Yesterday I downloaded a torrent consisting of 2 years worth of 4chan posts, the plan was to mess with it and use the data to train a chatbot.
Dealing with big datasets is always fun because even the easiest tasks tend to get complicated, for example extracting the data from a ~3 GB tar.gz compressed archive was a challenge by itself.
Running “tar -xzvf archive.tar.gz” resulted in TAR/the Linux kernel eating the whole available memory to use it as cache, when that was down to ~200 MB of free RAM my workstation started lagging so hard that even Xorg was freezing for a couple of seconds every 20 or so seconds.
To solve the issue what I did was running the following commands:

Remote encrypted backup with iSCSI and LUKS2

Mon, 27 Aug 2018 19:19:08 +0000

The idea here is to have a LUKS2 encrypted volume stored on a remote server that allows authenticated clients to load and decrypt the data without letting the server know what is being written, read and stored.
Keep in mind that this solution is not 100% bulletproof, you still kind of have to trust the backup server because a malicious entity might take multiple snapshots of the encrypted iSCSI LUN and try to crack the encryption.

LUKS2 the right way: Argon2

Tue, 14 Aug 2018 19:27:09 +0000

Version 2 of cryptsetup got a few new fancy options, one of them is the ability to use Argon2 as key derivation function.
Creating a LUKS2 volume with Argon2 as hash function is very easy:

sudo cryptsetup luksFormat -M luks2 --pbkdf argon2id -i 5000 /dev/sdb

Please note that grub still does not support it, so it can’t be used for boot drives.
Once the volume is created, to mount it run:

Generate a secure SSH key

Fri, 10 Aug 2018 14:42:19 +0000

In Fedora, CentOS and probably many other Linux distros ssh-keygen; still defaults to RSA 2048.
People have not yet realized that the newer, and also faster, elliptic curve cryptography is available; even between my peers I still see that many of them are using old and insecure RSA based keys. Since SSH clients support multiple keys transitioning to newer keys can be painless:

create a new elliptic curve key;
do not delete the old RSA key;
once you login into a server swap the old key with the new one.
Generating a new secure SSH key is pretty simple, just open a terminal and run:

ssh-keygen -o -a 256 -t ed25519

Firejail and symlink pointing outside of home directory

Tue, 19 Dec 2017 18:03:27 +0000

I normally move /home/user/Downloads off /home/user to a secondary mechanical drive and then symlink it back to /home/user.
Firejail for security reasons does not allow whitelisting directories residing outside of the home directory, the simplest solution I found is mount Download directory using mount --bind.

sudo mount --bind /mnt/data/Downloads/ /home/user/Downloads

To make the change permanent edit fstab:

cat /etc/fstab
---
/mnt/data/Downloads /home/user/Downloads none bind

Free Suunto Ambit3 from the botnet

Wed, 06 Dec 2017 18:08:55 +0000

Suunto makes some solid sport-watches, problem is that the management software is comprised of a closed source synchronization program (compatible with Windows and OSX only) and some cancerous cloud web interface accessible directly from their website.
Even putting aside my personal aversion for closed source software, it is clear that this approach is retarded because an internet connection is required to be able to download any kind of data from the watch.
What if I don’t have any signal? What if I don’t want to upload my data to Suunto’s servers?
Luckily some good lads reverse engineered the communication protocol used by the watch to speak with the PC synchronization client, and even more, they also wrote an open source Linux compatible tool that can be used to download data from the watch.
This tool is called: Openambit
The version included in Fedora 27 repositories is not up to date and does not support the Ambit3 Run I own, luckily the github version does.

NFS on Fedora

Thu, 20 Jul 2017 20:33:48 +0000

NFS allows to share files and folders over network and is much much faster than samba while using way less resources.
To setup a NFS server on Fedora 26 install:

$ dnf install nfs-utils

Shared directories are listed in the following configuration file:

---
# Syntax
# <path> <ipaddr>(<option>)
/home/user/Public 192.168.0.0/255.255.255.0(ro,sync)

More information can be found here: Fedora NFS administration guide.
In the above example, the the directory ‘/home/user/Public’ can be accessed by every client in the same LAN with read-only permissions.
In case SELinux is active and enforcing rules some further configuration might be required:

Handbrake, compile from source on Fedora 25

Tue, 13 Jun 2017 14:03:27 +0000

Handbrake cannot be installed from default repos nor rpmfusion, to get it on Fedora 25 there are two other options:

use negativo17 third party repository;
compile from source.
The first option is, but that is my opinion, subpar because I don’t trust third party repositories; option two is what is left.
Download the source code from git and install some dependencies:

$ git clone https://github.com/HandBrake/HandBrake.git
$ sudo dnf install dbus-glib-devel gstreamer1-devel gstreamer1-plugins-base-devel intltool libgudev1-devel libnotify-devel webkitgtk3-devel libgudev-devel dbus-glib-devel webkitgtk3-devel gstream-devel libnotify-devel gstreamer1-devel gstreamer1-plugins-base-devel lame-devel opus-devel fribidi-devel libass-devel libtheora-devel x264-devel nasm

Like I do with every other program I like to keep as much up to date as possible, I have a small script to take care of compilation, installation and upgrade processes for me.

Monitor hard disk health status with smartd on Linux

Thu, 02 Feb 2017 10:20:34 +0000

This does not really works, read this: https://nagg.eu/monitor-hard-disk-smart-status-in-python/

First of all install smartmontools, it has the same name on pretty much every distro:

$ emerge -a1 smartmontools

Proceed to edit its configuration file, at the bottom of the file there is a quick explaination of all the available parameters:

cat/etc/smartd.conf
---
DEVICESCAN -H -R 1 -R 5 -R 7 -R 10 -R 11 -R 196 -R 197 -R 199 -R 200 -m user@domain.tld -n standby,10,q

Parameter -H tells smartd to check the result of overall-health self-assesment test which is pretty much useless, -R is used to specify a single SMART attribute, if its value changes a mail is sent to user@domain.tld.
To send emails a MTA must be installed, in centos that is sendmail, in gentoo it is not strictly necessary to have a full fledget MTA installed, nullmailer will suffice.
If it is not already installed:

RawTherapee: compiling from source on Fedora 23

Mon, 13 Jun 2016 21:50:17 +0000

RawTherapee from my experience is by far the best program to manipulate RAF files, it’s demosaic algorithm for Fujifilm X-Trans sensors is astonishingly good.
Too bad that, like for Darktable, the version included in Fedora’s repos is outdated to say the least.
To install from source first install some dependecies:

$ sudo dnf install bzip2-devel cmake exiv2-devel expat-devel fftw-devel gcc-c++ glib2-devel glibmm24-devel gtk3-devel gtkmm30-devel lcms2-devel libcanberra-devel libiptcdata-devel libjpeg-turbo-devel libpng-devel libsigc++20-devel libtiff-devel zlib-devel gtkmm24-devel lensfun-devel

Git clone and install

Darktable: compiling from source on Fedora 23

Sat, 14 May 2016 19:47:08 +0000

Darktable documentation on this matter is somewhat fragmented, so I figure a small how-to on how to install it from source on Fedora 23 could be useful.
The version included in the official repositories is really old (version 1.6.9 as per today) and is missing some important presets for many widely used cameras.
The latest version source code archive can be downloaded from here: https://github.com/darktable-org/darktable/releases.
Before compiling and installing the software the following dependencies must be installed:

mdadm RAID on Linux

Thu, 21 Jan 2016 21:06:19 +0000

Every time I have to setup a software RAID in Linux using mdadm I forget something, this time I am writing it down once and for all (or at least I hope so).
For the sake of simplicity I will use the creation of a RAID1 as example but this very same procedure can be applied for any other kind of RAID.

RAID array creation

1. Partition the drives

This step must be repeated for each drive of the array (/dev/sdb and /dev/sdc in my case).

Defragment XFS file system

Wed, 20 Jan 2016 18:18:18 +0000

XFS just like EXT4 (I wrote a post about it last year) supports online defragmentation, to manage those volumes on CentOS and Fedora xfsprogs package is needed.
Fragmentation level of XFS volumes can be checked with the command:

[root@CentOS ~]$ xfs_db -c frag -r /dev/sdb1
actual 4491, ideal 4006, fragmentation factor 10.80%

To perform online defragmentation of XFS volumes run the following command:

Setting up Vim on Fedora

Sat, 17 Oct 2015 14:34:09 +0000

Since every time I am about to install Vim I forgot how to set it up, set it as default system wide text editor and so on I figure I’ll write it down once and for all.
First of all let’s install Vim, specifically the so called enhanced version which is capable of loading plugins and colorschemes:

[user@Fedora ~]# sudo dnf install vim
### powerline plugin
[user@Fedora ~]# sudo dnf install vim-plugin-powerline

I personally really like molokay colorscheme from tomasr; putting it in the default colorscheme directory does the trick if we want to use it for every user.

Defragment EXT4 file system

Fri, 10 Apr 2015 16:55:03 +0000

EXT4 is usually pretty good at keeping files fragmentation at minimum, but, sometimes, especially if dealing with really huge files, some fragmentation may actually occur.
Luckily EXT4 supports online defragmentation, command fsck displays, among other things, fragmentation percentage:

[root@fedora ~]$ fsck.ext4 -fvn /dev/sda1
e2fsck 1.42.12 (29-Aug-2014)
Warning! /dev/sda1 is mounted.
Warning: skipping journal recovery because doing a read-only filesystem check.
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information

 429 inodes used (1.31%, out of 32768)
 **5 non-contiguous files (1.2%)**
 1 non-contiguous directory (0.2%)
 # of inodes with ind/dind/tind blocks: 0/0/0
 Extent depth histogram: 420
 45161 blocks used (34.46%, out of 131072)
 0 bad blocks
 1 large file

 402 regular files
 17 directories
 0 character device files
 0 block device files
 0 fifos
 0 links
 1 symbolic link (1 fast symbolic link)
 0 sockets
------------
 420 files

The command e4defrag, which is contained in e2fsprogs, can be used to perform online defragmentation of EXT4 volumes.

FLAC+CUE to multiple tracks

Wed, 26 Feb 2014 14:08:25 +0000

Let’s say we have a big single FLAC file we want to split into multiple files, we are on Fedora and we don’t want to use anything but the command line.
First of all:

[root@fedora ~]$ yum install lame ffmpeg shntool cuetools

To split the single FLAC file run:

[user@fedora ~]$ shnsplit -o flac -f file_name.cue -t "%n - %p - %t" file_name.flac

This will produce n single files, -t parameter is used to specify file name format (in this case: track_number – performer – track_name).
To copy metadata from CUE to the single files run:

XScreenSaver and backlight

Tue, 21 Jan 2014 14:57:35 +0000

Long story short: in Fedora 20 (and as far as I remember also 19 and 18) XScreenSaver doesn’t power off the monitor backlight when locking the screen.
Being the lazy ass I am it took like me 2 or 3 years to find the motivation to solve the issue.
It was actually pretty simple, no need to edit some obscure config file or else, in XFCE just click on: Application menu -> Settings -> Screensaver.
A window will appear, select Blank Screen Only in the Mode dropdown menu, then switch to the advanced tab, un-check power Management Enabled and check Quick Power-off in Blank Only Mode.
This is it, now every time the screen locks the monitor backlight will also power off.

Linux Kernel 3.10 and VMware Workstation 9

Sat, 27 Jul 2013 14:11:04 +0000

A new Linux kernel version is released and guess what: VMware Workstation fucked up once again.
The fix posted on the Arch Linux wiki is applicable also to Fedora 19, I’ll post it here for future reference.

$ cd /tmp
$ curl -O http://pkgbuild.com/git/aur-mirror.git/plain/vmware-patch/vmblock-9.0.2-5.0.2-3.10.patch
$ curl -O http://pkgbuild.com/git/aur-mirror.git/plain/vmware-patch/vmnet-9.0.2-5.0.2-3.10.patch
$ cd /usr/lib/vmware/modules/source
# tar -xvf vmblock.tar
# tar -xvf vmnet.tar
# patch -p0 -i /tmp/vmblock-9.0.2-5.0.2-3.10.patch
# patch -p0 -i /tmp/vmnet-9.0.2-5.0.2-3.10.patch
# tar -cf vmblock.tar vmblock-only
# tar -cf vmnet.tar vmnet-only
# rm -r vmblock-only
# rm -r vmnet-only
# vmware-modconfig --console --install-all

For more information: https://wiki.archlinux.org/index.php/VMware#3.10_kernels

Wireshark as unprivileged user

Fri, 07 Jun 2013 01:22:27 +0000

Documentation on the Wireshark wiki seems to not be really up to date, or at least it’s not completely applicable to Fedora 18, so here is what I did to make it work.
After installing Wireshark (and its GUI) with the usual:

yum install wireshark-gnome

It should automatically create a group called wireshark and we are supposed to add our user (mafio in my case) to this group:

usermod -a -G wireshark mafio
newgrp wireshark ### used to force the new settings without having to logout/login

Then issue this last command:

OpenVPN server and CentOS

Sun, 19 May 2013 17:52:52 +0000

OpenVPN is the de facto standard VPN free open source software; it is widely used, tested, well documented and also included in the CentOS repos (EPEL).

.:. Server side configuration

yum install openvpn easy-rsa dnsmasq

When yum is done installing the required packages, copy the sample config file.

cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn

Uncomment/edit the following lines in /etc/openvpn/server.conf:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh4096.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
auth SHA512
cipher AES-256-GCM
#comp-lzo # Disable LZO compression
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log # disable log, optional
;log-append openvpn.log # disable log, optional
user nobody
group nobody

Now, create two folders easy-rsa/keys in /etc/openvpn and copy some files into them:

Logitech G500 and Linux

Wed, 01 May 2013 15:10:47 +0000

Despite not being a gamer at all I see having a decent mouse as an important thing, I spend 10 to 15 hours a day in front of my PC and probably for at least half of the time I’m using the mouse, so I don’t get why I should not have the best input peripherals on the market.
My current mouse is a Logitech G500 (NP 910-001262), of course it being the best mouse on the market is an highly debatable thing since, along side with the keyboard, mouse choice is highly subjective.
G500 is something you love or you hate, starting from the unusual scroll wheel, going to the sensor position to the strange side buttons there are a lot of uncommon things.
This small write-up is not meant to be a review nor a guide, I would like it to be just a bunch of tips from someone who is using a G500 on a Linux box.
First of all: this mouse has no angle snapping, or better, out of the box angle snapping is enabled (Logitech, why? seriously, none like angle snapping) but it can be disabled from drivers.
Obviously drivers are available only for Windows (Logitech…) and I don’t seem to be able to change mouse settings from a virtual machine (VMware Workstation 9), anyway I didn’t put much time on this so it could be doable.
So what I suggest is plug G500 in a physical Windows machine, install drivers and tune the settings, once you are done, save settings on G500 internal memory and plug it in your Linux machine.
Once in Linux, which in my case is Fedora 18 and XFCE as DE, there are still acceleration issues which can be solved quite easily using xinput.
– Someone report that G500 sensor is flawed and it has some kind of built-in acceleration, honestly I don’t see it but could be that I’m just used to it –

Thinkpad E320 and Fedora 17

Tue, 18 Dec 2012 21:05:21 +0000

First of all, forget everything about the myth: Loonix, it just werks. Close to nothing werks out of the box, tho with a good amount of patience and a bit of tinkering there are good chances to make the whole thing working in a decent manner.
First of all, the box I’ve here is a Thinkpad Edge 320 – 12983RG and I’ve installed Fedora 17 x64 with XFCE as DE.
It comes with the integrated Intel HD3000, no discrete graphic card and UMTS module (I didn’t tested if it’s working or not).