Category Archives: computer

StrongSwan Client with Ubuntu 16.04 LTS

So, I’m a regular user of public WLAN hotspots, those of Deutsche Telekom among others. Being the paranoid digital self-defense person I am, I’ve been using a VPN service for quite some time now. I recently noticed that my PPTP client setup stopped working at hotspot locations run by Deutsche Telekom that I regularly use, when it still worked from home or some other hotspots I use. I embarked on a journey to teach my Ubuntu laptop some more VPN protocols. OpenVPN worked like a charm with just installing the obvious packages for network-manager. StrongSwan, however, didn’t cooperate quite as easily, due to Ubuntu 16.04 having packages in its repository which are known to not work with the version of network-manager also in that version.

OK, use the source, Luke …

But rather than compile from source tarball and clutter my system with stuff, I found the repositories for zesty have the versions I need. So, I decided to backport that:

  1. Edit /etc/apt/sources.list
    1. uncomment all deb-src lines and insert one line: deb-src http://de.archive.ubuntu.com/ubuntu/ zesty main restricted universe multiverse
  2. apt-get update
  3. apt-get install build-essential
  4. mkdir strongswan
  5. cd strongswan
  6. apt-get build-dep strongswan
  7. apt-get source strongswan
  8. export DEB_BUILD_OPTIONS=nocheck
  9. dpkg-buildpackage -us -uc
  10. dpkg -i strongswan-nm_5.5.1-1ubuntu3_amd64.deb libstrongswan_5.5.1-1ubuntu3_amd64.deb strongswan-libcharon_5.5.1-1ubuntu3_amd64.deb
  11. cd ..
  12. mkdir nm-strongswan
  13. apt-get build-dep network-manager-strongswan
  14. apt-get source network-manager-strongswan
  15. dpkg-buildpackage -us -uc
  16. dpkg -i network-manager-strongswan_1.4.1-1_amd64.deb

Then configure as per wiki page.

Now, I only need to find out how to trust the VPN provider’s certificate when their IKEv2 configuration howtos all seem to rely on turning certificate verification off.

Advertisements
Tagged , , , ,

Login to Telekom Hotspot on Linux command line

So, my old laptop has been reactivated to a 16.04 LTS ubuntu release. When traveling, I frequently do use the Telekom Hotspot services, and given how I like using the Tor Browser (with some additional plugins just because I’m fed up with all the tracking) there’s a litle issue: I need to log in to a web page to start using the hotspots, but I cannot start browsing with the Tor browser before I have a network connection.

No big deal on a Mac with the wispr stuff to automatically fill out the captive portal pages for you, or at least automatically pop them up in a window separate from your browser. So, what are the options on Linux?

  1. Start firefox, first, log in to the hotspot, shut down firefox again to then start the Tor browser.
  2. Somehow work in a “-new-instance” argument into starting Tor Browser so you can actually do #1 but leave firefox open (which helps with stuff like posting on wordpress.)
  3. Use some entirely other browser unrelated to firefox as your second/first browser to log in to the hotspot
  4. Use a WISPR client like this one (though the page has issues as of writing this), but the whole approach seems like a security issue.
  5. log in to the hotspot on the command line

So, yes … Linux geeks chose option #5:

#!/usr/bin/perl

use strict;
use Term::ReadKey;

my $username;
my $password;

print "username: ";
$username = <>;
chomp $username;

ReadMode ('noecho');
print "password: ";
$password = <>;
chomp $password;
ReadMode ('restore');

print "\n";

system ( "curl 'https://hotspot.t-mobile.net/wlan/rest/login' -H 'Host: hotspot.t-mobile.net' -H 'User-Agent: Mozilla/5.0 (X1
1; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0' -H 'Accept: application/json, text/plain, */*' -H 'Accept-Lang
uage: en-US,en;q=0.5' --compressed -H 'Content-Type: application/json;charset=utf-8' -H 'X-Hash: AjbCkwnbQWKb+eKqFSelsyugcyVt
XiU1ZkUjnqDYhsA=' -H 'Referer: https://hotspot.t-mobile.net/TD/hotspot/Tank_Rast_Petro/en_GB/index.html' -H 'Content-Length: 
57' -H 'Cookie: JSESSIONID=1111D92CBA6C27FE69D13F04F5CD4497.P3; POPUPCHECK=1496237026311; DT_H=NzY5OTk0MTgy' -H 'Connection: 
keep-alive' -d '{\"username\":\"$username\",\"password\":\"$password\"}' ");

Make sure you have the Term::ReadKey module installed. On Xenial you do:

apt install libterm-readkey-perl

Tagged , , ,

Neverwinter Nights on Ubuntu 12.04 64bit with Nvidia

My NWN install doesn’t see as much action as it used to, but I’m still happy I can run it on my somewhat new install of Ubuntu 12.04 LTS 64bit.

  • I solved the too-much-black issue by “export MESA_EXTENSION_OVERRIDE=-GL_NV_vertex_program”
  • Solved the too-much-white issue by using the 310 experimental driver for my NVIDIA Quadro 2000M from the ubuntu-x-swat ppa
  • Solved the non-starting client by removing the package libtxc-dxtn-s2tc0

Given that, my nwn script looks like this:

#!/bin/sh

# This script runs Neverwinter Nights from the current directory

export SDL_MOUSE_RELATIVE=0
export SDL_VIDEO_X11_DGAMOUSE=0

# If you do not wish to use the SDL library included in the package, remove
# ./lib from LD_LIBRARY_PATH
#export LD_LIBRARY_PATH=./lib:./miles:$LD_LIBRARY_PATH
#export LD_LIBRARY_PATH=./miles:/usr/lib/i386-linux-gnu/mesa
export LD_LIBRARY_PATH=./miles:/usr/lib32/nvidia-experimental-310
export SDL_AUDIODRIVER=pulse
export MESA_EXTENSION_OVERRIDE=-GL_NV_vertex_program

./nwmain $@

Tagged , , ,