StrongSwan Client with Ubuntu 16.04 LTS

So, I’m a regular user of public WLAN hotspots, those of Deutsche Telekom among others. Being the paranoid digital self-defense person I am, I’ve been using a VPN service for quite some time now. I recently noticed that my PPTP client setup stopped working at hotspot locations run by Deutsche Telekom that I regularly use, when it still worked from home or some other hotspots I use. I embarked on a journey to teach my Ubuntu laptop some more VPN protocols. OpenVPN worked like a charm with just installing the obvious packages for network-manager. StrongSwan, however, didn’t cooperate quite as easily, due to Ubuntu 16.04 having packages in its repository which are known to not work with the version of network-manager also in that version.

OK, use the source, Luke …

But rather than compile from source tarball and clutter my system with stuff, I found the repositories for zesty have the versions I need. So, I decided to backport that:

  1. Edit /etc/apt/sources.list
    1. uncomment all deb-src lines and insert one line: deb-src http://de.archive.ubuntu.com/ubuntu/ zesty main restricted universe multiverse
  2. apt-get update
  3. apt-get install build-essential
  4. mkdir strongswan
  5. cd strongswan
  6. apt-get build-dep strongswan
  7. apt-get source strongswan
  8. export DEB_BUILD_OPTIONS=nocheck
  9. dpkg-buildpackage -us -uc
  10. dpkg -i strongswan-nm_5.5.1-1ubuntu3_amd64.deb libstrongswan_5.5.1-1ubuntu3_amd64.deb strongswan-libcharon_5.5.1-1ubuntu3_amd64.deb
  11. cd ..
  12. mkdir nm-strongswan
  13. apt-get build-dep network-manager-strongswan
  14. apt-get source network-manager-strongswan
  15. dpkg-buildpackage -us -uc
  16. dpkg -i network-manager-strongswan_1.4.1-1_amd64.deb

Then configure as per wiki page.

Now, I only need to find out how to trust the VPN provider’s certificate when their IKEv2 configuration howtos all seem to rely on turning certificate verification off.

Advertisements
Tagged , , , ,

Login to Telekom Hotspot on Linux command line

So, my old laptop has been reactivated to a 16.04 LTS ubuntu release. When traveling, I frequently do use the Telekom Hotspot services, and given how I like using the Tor Browser (with some additional plugins just because I’m fed up with all the tracking) there’s a litle issue: I need to log in to a web page to start using the hotspots, but I cannot start browsing with the Tor browser before I have a network connection.

No big deal on a Mac with the wispr stuff to automatically fill out the captive portal pages for you, or at least automatically pop them up in a window separate from your browser. So, what are the options on Linux?

  1. Start firefox, first, log in to the hotspot, shut down firefox again to then start the Tor browser.
  2. Somehow work in a “-new-instance” argument into starting Tor Browser so you can actually do #1 but leave firefox open (which helps with stuff like posting on wordpress.)
  3. Use some entirely other browser unrelated to firefox as your second/first browser to log in to the hotspot
  4. Use a WISPR client like this one (though the page has issues as of writing this), but the whole approach seems like a security issue.
  5. log in to the hotspot on the command line

So, yes … Linux geeks chose option #5:

#!/usr/bin/perl

use strict;
use Term::ReadKey;

my $username;
my $password;

print "username: ";
$username = <>;
chomp $username;

ReadMode ('noecho');
print "password: ";
$password = <>;
chomp $password;
ReadMode ('restore');

print "\n";

system ( "curl 'https://hotspot.t-mobile.net/wlan/rest/login' -H 'Host: hotspot.t-mobile.net' -H 'User-Agent: Mozilla/5.0 (X1
1; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0' -H 'Accept: application/json, text/plain, */*' -H 'Accept-Lang
uage: en-US,en;q=0.5' --compressed -H 'Content-Type: application/json;charset=utf-8' -H 'X-Hash: AjbCkwnbQWKb+eKqFSelsyugcyVt
XiU1ZkUjnqDYhsA=' -H 'Referer: https://hotspot.t-mobile.net/TD/hotspot/Tank_Rast_Petro/en_GB/index.html' -H 'Content-Length: 
57' -H 'Cookie: JSESSIONID=1111D92CBA6C27FE69D13F04F5CD4497.P3; POPUPCHECK=1496237026311; DT_H=NzY5OTk0MTgy' -H 'Connection: 
keep-alive' -d '{\"username\":\"$username\",\"password\":\"$password\"}' ");

Make sure you have the Term::ReadKey module installed. On Xenial you do:

apt install libterm-readkey-perl

Tagged , , ,

Juppy’s Mixtapes (4)

William Shatner’s interpretation of Pulp’s “Common People” totally rocks. Don’t picture Captain Kirk singing, though. Picture Denny Crane from Boston Legal.

Name Artist Album
Forty Six & 2 Tool Aenima
Broken Peace Prong Cleansing
New Noise Refused The Shape Of Punk To Come: A Chimerical Bombation in 12 Bursts
Weck Mich Auf Samy Deluxe Samy Deluxe
Esperanto Freundeskreis Fk 10
Almost Lover (Remix) A Fine Frenzy Almost Lover CDM
Thanatos Soap & Skin Lovetune For Vacuum
Let The Flames Begin Paramore Riot!
Zero The Smashing Pumpkins Mellon Collie And The Infinite Sadness
Hang It Up The Ting Tings Hang It Up – Single
We Are Young Fun Some Nights
Common People William Shatner Has Been
This Must Be It Royksopp Junior
Kyoto Skrillex, feat. Sirah Bangarang EP
Feuer im Maschinenraum Sheep On A Tree Hamburger Schmuddelkinder und Stra├čenrocker lieben anders
Careful Paramore Brand New Eyes
Life In Technicolor II Coldplay
Tagged , , , , , , , , , , , , , , , ,