Roll Your Own VPN for Private Browsing

About the time I started to traveling to China for work I realized I needed a VPN solution.  For trips abroad it was so that I could actually get to all the web sites that I used to keep in touch with friends and family and also to provide me with a US based IP address if I wanted to be able to watch Netflix or Hulu in the evenings.  In addition to this use, though, I’ve come around to the fact that I’m on open Wifi a lot these days and while more and more companies are using https by default, not all are, and so it’s just easier and safer to make sure everything is sent out over a secure connection while on Wifi.

The first thing I used to do was to just use an SSH based SOCKS proxy that I could run from my command prompt to my server back home.  It worked well enough but it was slow and added a fair amount of latency compared to the direct connection.  Plus, some Flash based scripts wouldn’t use the browser to make their file requests so it wouldn’t go over the proxy all the time.  Annoying.  But the speed was the biggest issue.

I also worked at getting my OpenVPN server working and I did at one point.  Something, however, got screwed up and I couldn’t figure out why it stopped working.  I also lost interest in digging in to OpenVPN configuration inner workings when I found this OpenVPN AMI for Amazon.  Nice admin UI and easy to configure the OpenVPN Mac app client when I use that server.  One weird caveat, Craigslist seems to block most EC2 public IP addresses.  Or at least the few that I received.

I had tried services such as HideMyAss.com but I had read they were having occasional issues with China blocking their IP addresses plus I only needed it occasionally at the time.  They are convenient though and it seemed to work well when I demo’d it.  If you want one and don’t really want to spend the amount of time I did looking into them, just use something like that.

Back to the OpenVPN AMI for Amazon.  That worked really well but it cost about as much as a service like HMA (or more!) above so I started looking around for other solutions .  I tried TunnelBear.  Simple, cute, but omg slow.

And getting to my current solution, I was reading Hacker News and came across this OpenVPN installer for Debian distros.  Combine this with a cheap VPS like Digital Ocean’s droplets and you have a really really easy VPN solution for $5/month that won’t grab enough attention to be blocked or on VPN blacklists.  And it’s fast.  Very fast.  It works with the Mac OpenVPN client really easily and when the installer generates the client config you just copy them to your client machine, import them into the OpenVPN client and away you go.   As long as you can SSH into a box and run a script you can get this going pretty easy.

What’s New?

In my first update in a long time (April of 2012!) I thought I’d go over a few of the tools/technology I’ve been exploring.  These aren’t in any specific order..

AngularJS (http://angularjs.org/)

This has turned in to one of my favorite front-end tools.  Add in Yeoman (http://yeoman.io/) for scaffolding, running tests, managing dependencies, etc. and you have something that makes building front-ends easy.  After using it for a while and then using jQuery again it made me realize how much more fun it is to not have to do direct DOM manipulation for most simple activities.

I did end up learning a lot about CORS because I ended up deploying my Angular apps as standalone HTML5 static applications that then just talked to REST APIs on the backend implemented in Java.  This made development super easy but I did have to dig in to the CORS stuff to make this work well.  Once it was working, though, it was pretty transparent.  That’s another post to go into those details, though.

Arduino (http://www.arduino.cc/)

I picked up a starter kit off of SparkFun to work with my daughter on a few projects to see if it would spark her enjoyment in development.  It turns out that visual feedback ala Python was more her thing but it was still fun to play around with the tools.  I also did some experimentation with this to see about integrating it with RFID tracking tools that I was building for an idea my wife and I had about a possible business startup.  This didn’t end up bearing fruit but that leads me to…

Raspberry Pi (http://www.raspberrypi.org/)

These little devices have been fun to play with.  For the RFID tracking tools I was talking about I ended up getting a USB based RFID sensor that plugged in to the Raspberry Pi and then utilized a small Python based program to read the RFID tags from the USB port and then post it to a REST based API that I had built that was running on a server.  Clients built using AngularJS that I mentioned above would then use a WebSocket to subscribe to these tag events and display them in a browser page that would have been used in a tablet.  I’ll put together a more comprehensive post about this side project later but it ended up being a very cool architecture to support having independent RFID trackers feed events into a centralized bus and have clients subscribe to the trackers they were interested in.

I also used the Raspberry Pi as a media center for our mini-van on long trips but honestly this solution was pretty clunky.  I ended up dropping that in favor of a wireless Seagate drive that our iPads could connect directly to for video content.  That’s for another post as well.

Rails 4 (http://rubyonrails.org/)

I had resisted using Rails for a while.  But I decided to dig in and give it a try on a side project I’m working on at the time.  It’s been mixed so far.  I really like some of the practices that Rails introduces but the “magic” that happens under the covers can be too mysterious at times.  I know that as I get to understand it more this will be less of an issue but coming from the Java world I know all those tips/tricks and exactly how things get from A-Z so I know where to look when things aren’t working right.

I’ve also taken this opportunity to learn more Postgres by using Postgres over MySQL for my database.  So far no real issues.  I’m just getting used to its tools and CLI commands now.

NodeJS (http://nodejs.org/)

Initially I was pretty excited about this project.  Being able to use the same language on the front-end and back-end could lead to a lot of potential benefits.  Plus, with it being event based it seemed liked it could be pretty performant.  In the end I just didn’t get enough enjoyment out of developing server-side apps in this manner.   Granted I was using this a year or so ago and the pace of change was just dizzying.  Finding stable and maintained database drivers was a PITA as well.  For little tools and sites it seemed like it could be pretty fast to develop but in the end I went back to using Java based back-ends and if I really want non-thread based scalability there are plenty of options on the Java stack for that now (Akka, NIO, etc.).

 

No More U-Verse

I figured I’d follow up to my previous post about U-Verse since it’s been a few months and say that I am back on XFinity.  U-Verse just couldn’t make the system work.  Let this be a warning, though, if you are having problems with your signal dropping or “retraining” a lot in the first few weeks, just give it back and don’t bother with letting them try to fix it for a few months.  Basically, they screwed with me for a few months until the fourth tech they had out there was straight with me.   Luckily because of the issue I had and because it was distance related they couldn’t hold me to my one year agreement so I was able to get out of it.

Overall I was pretty disappointed with their technical product.  The wireless receiver was nice and so was the number of HD channels.  XFinity has a highly superior Internet product, however, and that was more important.  AT&T’s customer support was pretty friendly and accommodating, surprisingly.  Although they should be considering the hassle this caused.  In the end, I don’t really see how AT&T will compete in this space. Their U-Verse product is based on VDSL which has some serious distance issues.  I’m not that far from the central box in my neighborhood and yet they still couldn’t even deliver 19Mbps to my door (max!) from which 3-4Mbps would be reserved for television at the minimum.  It gets worse, though.  When the system is “retraining” due to noise your phone goes out.  So if you have an emergency you can’t even call 911!

I do wish XFinity would let me use HBO GO on my XBox 360, though.  For some reason it’s not authorized to do so.  Boo.   If XFinity could provide a wireless receiver similar to how AT&T’s works that would solve the last of my issues.  Oh, and drop the price on 50Mbps service, too.  :-)

 

My first few days with U-Verse

A few days ago I switched to U-Verse from XFinity for a few reasons:

  1. Cost – We get everything we had and then some under Xfinity (aka Comcast) for $10 less a month.  Plus another $300 in gift cards.
  2. Channels – XFinity has been continually removing the number of HBO and other HD channels available to us in the last 6 months.  We used to have 5 or 6 non-Spanish HD HBO channels less than a year ago I think – as of the other day it was 2 maybe.  But then again it’s almost impossible to find them because for some inexplicable reason they decided to spread them out!  With U-Verse there are 12!
  3. PITA factor.  So this isn’t entirely XFinity’s fault but we don’t have a cable jack where we have our main family room tv.  It’s against a load bearing wall with cross-bracing and I don’t feel like paying the cost, if it’s even possible, to have the wall retro-fitted with a cable jack.  So I have to run a cable down the wall from upstairs.  U-G-L-Y.  Enter U-Verse.  They now have a wireless box so that no wires are needed.  Sweeet.
  4. Crappy DVR.  You’d think after like 3 or 4 years we’d get a better DVR from XFinity.  No, same crappy one with limited disk space.  It’s a pig too.  When we were visiting my father-in-law in Chicago I got to play with his U-Verse DVR.  Much faster feel when using it.  Way more responsive.

So how has my experience been?  Well, mostly good.  And much better after tonight.  First a few things that haven’t been as good so far:

  1. Internet speed.  I’m not getting 18 Mbps of data.  The tech advised me I might not.  I’m at the virtual limit distance wise.  He says they’ll bring in a tech to setup a bonded pair to improve signal strength.  I’m guessing that will help.  Basically, due to distance I’ll probably see more noise and that impacts speed.
  2. Crappy router.  It’s a pretty new 2Wire router but the thing is still not very Mac friendly.  At my father-in-laws I had to reset the router every morning or else it’d just stop working with my MacBook Pro until I cycled the AirPort on the laptop.  And I’d have to do that about every 30 minutes once it started.  I had to do that about once a day here or it’d start to get crappy too.  Uggh.  Almost took back Xfinity due to this.   The positive I will say about the 2Wire is that the new version does look pretty nice and its web interface does have some nice stats to provide but that’s about it.  More on my solution below.
  3. The wireless DVR / central DVR architecture seems a little flakey.  I’ve had stutters and drops in the first week.  I’m hoping my solution to the above problem will help this one.

So what do I like?

  1. Channels.  Lots of ‘em.  Lots of HD.  Am pretty sure they use a lower bit-rate than Comcast, though.  The picture doesn’t pop as much but I can live with it.  I’m not as much of a home theater snob as I used to be.
  2. Huge DVR.  I got a newer model that has a 500GB hard drive in it.  It’s good for about 150 or so hours of HD recording.  Sweet.
  3. The web interface for managing my DVR subscriptions.  Again, sweet.

So what about the wireless router problem?  Well, what I wanted to do was just use the U-Verse modem (since it’s VDSL I believe and you can’t just any DSL modem apparently…) and continue to use my trusty D-Link router.  The thing has been rock solid and needs re-booting maybe 2-3 times a year at most.  You can’t really shut-off the U-Verse wireless router and you can’t run it in true bridge mode but you have two other choices basically.  One, you can setup your router on a different sub-net and connect to your router or you can just wire your router in as wireless access point and act as a pass-through.  This thread at the AT&T forums has all the gory details.  I chose the wireless access point option on page 2, post 3 at this link in the thread.

Basically you do the following:

  1. Shut off your DHCP on your router (mine being the D-Link)
  2. Connect my router to the 2Wire with a Cat5 cable from LAN port to LAN port (NOT WAN port on either end).
  3. Set my D-Link to use the static IP address of 192.168.1.10.  I chose this because the 2Wire-3801HGV model that I have seems to default of using the range 192.168.1.64 – 192.168.1.254 so this would insure not having an IP address collision on my network.
  4. Left everything else the same from my previous configuration (SSID, security type, password, etc.)

It just worked basically.   Everything seems more stable since I did this and moved most of the devices on my home network back to the D-Link.

That’s about it.  If things change I’ll post more details.  Hopefully the router configuration above will help someone out.

 

It’s Been a While

I just realized it’s been over a year since I last posted. I’ve been thinking I need to get back to posting about technical things I’m working on either on my own or at work.

Some areas I’ve been spending more time in and that I’ll try to post about are Spring 3.1, especially around the new @Configuration options and how they can impact testing, Mongo for fun data management and document storage, and the figuring out the right workflow for our development team in moving towards Git away from Subversion.

On the work front I’ve been to China twice in the last year with most of my time spent in Shanghai.  I was lucky enough to spend a few days each in Beijing, Hangzhou, and Seoul (took a weekend jaunt over to South Korea on the way home).  I’ve also visited a few customers domestically in New Orleans, East Chicago, Northern Indiana, and North Dallas.  It’s pretty amazing to see how our software is being used to help kids learn.

During this last year we’ve also been working furiously towards moving the company’s delivery from on-premise to on-demand and managing to keep a code base that is almost identical in the process.  It’s been interesting to say the least.  We work towards a lot of automated testing wherever possible.  That’s where some of the changes that are coming as part of Spring 3.1 come in handy.

That’s about it for now on the technical update front.

 

My First iPad Post

It’s been a while since I posted anything here but as I sit here in my sons’ room waiting for them to go to sleep I thought I would put my new iPad to good use. The keyboard is surprisingly easy to use so far.

Work and the kids have kept me pretty busy the last year but I’m hoping to get back to some more technical articles in the near future. I’m doing a lot of coding these days so there are plenty of topics I could spend some time on.

Well, they’re asleep and the cowboys/giants game is on so I’m going to finish watching that now.