Educating the world

Our blog has over 10,000 readers a month

Installing OpenVPN Client on MacOs Mountain Lion

January 18th, 2013

There are several OpenVPN clients for MacOS but the most popular one is Tunnelblick. At the time of writing the latest stable version is 3.2.8 but there is a red health warning saying that it’s not recommended for OS X 10.8 ("Mountain Lion"), where as the previous stable version 3.3beta21b version is. Yeh, weird that!

Version 3.3beta21b had one problem with launching the VPN tunnel, it couldn’t find the configurations specified in the .opvn configuration file. First we’all go through how to install it and then how to get around the bug with launching it.

  1. Your VPN administrator will have given you a zip file containing your OpenVPN configuration. It will have a name like
    yourname-12345.zip.
  2. Finder will automatically unpack it and create a folder called
    yourname-12345
  3. Go to Tunnelblick’s download page:
    http://code.google.com/p/tunnelblick/wiki/DownloadsEntry
    and download Tunnelblick 3.3beta21b.
  4. Launch the download.
  5. Double-click the Tunnelblick.app icon.
  6. Click I have configuration files.
  7. Click OpenVPN Configuration(s).
  8. Click Open Private Configuration Folder.
  9. The Finder will open.
  10. Drag the youname-12345 configuration folder to the same place where you see the Launch Tunnelblick icon.
  11. Click Done.
  12. Click Do not check for a change.
  13. Click Don’t check for automatic updates. The latest version is not compatible with Mountain Lion so we don’t want your Mac to automatically install it!

If you go up to the greyed out tunnel icon next to the time on the menu bar and click it you can select yourname-12345->Connect <VPN name>. It will pop up a message saying:

Warning!
Tunnelblick was unable to start OpenVPN to connect yourname-12345/<VPN name>. For details, see the OpenVPN log in the VPN Details… window

Click the greyed out tunnel icon again and select VPN Details. For the sake of those people googling (searching) for a solution here is the error message from the log to bring you in!

2013-01-18 00:49:41 *Tunnelblick: OS X 10.6.8; Tunnelblick 3.3beta21b (build 3114.3185)
2013-01-18 00:49:41 *Tunnelblick: Attempting connection with yourname-12345/vpn-name; Set nameserver = 1; monitoring connection
2013-01-18 00:49:41 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start yourname-12345/vpn-name.ovpn 1337 1 0 0 0 49 -atADGNWradsgnw
2013-01-18 00:49:42 *Tunnelblick:

Could not start OpenVPN (openvpnstart returned with status #242)

Contents of the openvpnstart log:

OpenVPN returned with status 1, errno = 2:
No such file or directory

Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3-alpha1/openvpn
–cd
/Users/username/Library/Application Support/Tunnelblick/Configurations
–daemon
–management
127.0.0.1
1337
–config
/Users/username/Library/Application Support/Tunnelblick/Configurations/yourname-12345/vpn-name.ovpn
–log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Syourname-SLibrary-SApplication Support-STunnelblick-SConfigurations-Syourname-12345-Sclient–vpn-name.ovpn.1_0_0_0_49.1337.openvpn.log
–management-query-passwords
–management-hold
–script-security
2
–up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atADGNWradsgnw
–down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atADGNWradsgnw
–up-restart
–route-pre-down
/Applications/Tunnelblick.app/Contents/Resources/client.route-pre-down.tunnelblick.sh -m -w -d -atADGNWradsgnw

Contents of the OpenVPN log:

Options error: –ca fails with ‘ca.crt’: No such file or directory
Options error: –cert fails with ‘yourname-12345.crt’: No such file or directory
Options error: –key fails with ‘yourname-12345.key’: No such file or directory
Options error: Please correct these errors.
Use –help for more information.

More details may be in the Console Log’s “All Messages”

Now the fix.

  1. Open a Finder window and go to:
    /Users/username/Library/Application Support/Tunnelblick/Configurations/yourname-12345
  2. Edit the file vpn-name.ovpn
  3. At the bottom of the file you will see the following lines:

    ca ca.crt
    key yourname-12345.key
    cert yourname-12345.crt

  4. The launcher was complaining that it couldn’t find the files so there is something wrong with how the software is working out which directory to look in.
  5. You must change the lines to include the full path to the file.

    ca “/Users/username/Library/Application Support/Tunnelblick/Configurations/yourname-12345/ca.crt”
    key “/Users/username/Library/Application Support/Tunnelblick/Configurations/yourname-12345/yourname-12345.key”
    cert “/Users/username/Library/Application Support/Tunnelblick/Configurations/yourname-12345/yourname-12345.crt”

  6. After the change, it doesn’t matter what the application thinks is the configuration directory as we are using the absolute path to the files instead of a relative one.
  7. Go up to the greyed out tunnel icon and select
    yourname-12345->Connect <VPN name>.
  8. And hay presto, you’re in.

Cloning a VirtualBox machine running CentOS causes network interfaces to fail

January 11th, 2013

When you clone a VirtualBox machine in order to create a new virtual machine (as opposed to creating a back up of an existing machine) then you must check Reinitialize the MAC address of all network cards and use the Full clone type to make sure that the original and the clone don’t share any resources.

After booting the new (freshly) cloned machine you will notice that all the network interfaces are down. Trying to raise them gives you the following:

[root@myhost ~]# ifup eth0
Device eth0 does not seem to be present, delaying initialization.
[root@myhost ~]# ifup eth1
/sbin/ifup: configuration for eth1 not found.
Usage: ifup <device name>

When Linux boots the clone image for the first time it sees the new MAC address. It compares it with the MAC address it has saved for eth0 and realises that they are different. In order to avoid a conflict (in case the old network card comes back), Linux creates a new interface called eth1.

We are running VirtualBox (2.4.6) and don’t have network cards in the virtual machine. We just want it to be the same as the original machine without a lot of faff.

  1. Edit the NIC cache:

    vi /etc/udev/rules.d/70-persistent-net.rules

  2. Delete the line where NAME="eth0″
  3. Find the line with NAME="eth1″ and change eth1 to eth0
  4. Save file
  5. Edit the new interface file:

    vi /etc/sysconfig/network-scripts/ifcfg-eth0

  6. Strip out everything but the bare minimum:

    DEVICE="eth0″
    BOOTPROTO="dhcp”
    ONBOOT="yes”

  7. Save file, then reboot:

    reboot

The virtual machine will come back with eth0 raised and a brand new IP address.

If I didn’t know any better I’d say someone is trying to recreate the behaviour that Windows has if you clone it. Each clone of a windows system remembers all the MAC addresses and names of previous NICs but what it means is that when you clone a system and update the drivers then all your names change back to the default plus one. for example if you rename your “Local Area Connection” to “outbound-if” and clone the system when it boots up on a different host with a slightly different firmware revision or different NIC then when the cloned system boots up, “outbound-if” will not be there “Local Area Connection 2″ will be there instead. You can’t change the device name to “outbound-if” because that name is taken by the system. There is no way to change this.

I think the idea is that those settings are tied to the MAC address (hardware). So when the hardware changes you get a default configuration as standard. In my experience I’ve never had to add extra settings and my hardware changes have always been like-for-like. It has always been a nightmare that has taken ages to fix.

What does Omnishambles mean?

January 5th, 2013

The Oxford Dictionaries UK Word of the Year 2012 was awarded to a word popularised in the BBC2 satirical policial comedy In The Thick Of It. It hasn’t been accepted into the dictionary yet. They have to wait a few years to see if it will take to the language or just get dropped.

Most of the dictionary sites don’t list it because it isn’t really a word yet like tnetennba. There aren’t many definitions that were as descriptive as the one given in the OED’s YouTube clip.

Omnishambles is used to mean any kind of situation which has been mis-managed or mis-handled and is characterised by a series of blunders.

It has derivatives for example omnishamblic.

    It also has one off or sometimes humorous coinages:
  • romnishambles - Mitt Romney’s gaff about not thinking that London was ready to successfully host the 2012 Olympics.
  • omnivorshambles - talking about the proposed badger cull in England and Wales.
  • scomnishambles - talking about Scotland’s place in the E.U. should it become an independent country.

Being in IT I’ve seen plenty of projects go belly up through poor management and mis-handling on all fronts. There have even been a few you might of heard of like the NHS fiasco. If this word had been around in 2007, I think it would have been used to describe this project. Every aspect of this project failed, and they are still dealing with the blunders.

I think this word will be used A LOT !

Free Hydrogen and Oxygen for the World

January 4th, 2013

The trouble with splitting Hydrogen and Oxygen from water is that it takes a lot of energy. This means making Hydrogen fuel cells for cars is not sustainable. Luckily those clever boffins at the Weizmann Institute lead by Prof. David Milstein have developed a brand new way to use photosynthesis to split the water.

Unlimited free Hydrogen and Oxygen, think about how that will change the world? Their will be no need for oil. Make the fuel cells small enough and we could see batteries full of water. You could refill your car from the tap or even more importantly from the rain. Imagine that! In the United Kingdom we’ed never have to stop for “water” again.

According to the Royal Institution’s 2012 Christmas Lectures the scientists have only got it to work with ultraviolet light. The catalyst metals to speed up the process may even be re-generated just by boiling it in water!

When Edison was looking for a material to put in his light bulbs, he went through hundreds of different substances looking for one which could take the current required to heat up and glow without oxidising. He tried everything from his own hair to cotton to gold before finding tungsten. There is a world wide effort to find the correct catalyst metal compound that will allow photosynthesis to work in normal day light. There are a few more variables this time but we’ll get it eventually. I can’t wait to stick it to The [Oil] Man and for the time when I never have to talk to a car mechanic.

You can read more about it here. You’d better put your chemistry head on though!

http://www.sciencedaily.com/releases/2009/04/090406102555.htm
http://www.weizmann.ac.il/Organic_Chemistry/milstein.shtml

Plesk update causes makewhatis to fail

November 7th, 2012

During the Plesk 10.4 update the installer tries to “clean up” your platform. “Clean up” is Plesk code for “Break". The update deletes everything in /var/cache. While this area is reserved for caching, most of the applications that use it don’t expect their directory structure (that they created on installation) to disappear from under them. This was the case for the /etc/cron.daily/makewhatis.cron cron program which runs makewhatis which requires the directory /var/cache/man.

/etc/cron.daily/makewhatis.cron:

/usr/sbin/makewhatis: line 388: /var/cache/man/whatis: No such file or directory
chmod: cannot access `/var/cache/man/whatis’: No such file or directory
/usr/sbin/makewhatis: line 388: /var/cache/man/whatis: No such file or directory
chmod: cannot access `/var/cache/man/whatis’: No such file or directory
/usr/sbin/makewhatis: line 388: /var/cache/man/whatis: No such file or directory
chmod: cannot access `/var/cache/man/whatis’: No such file or directory
/usr/sbin/makewhatis: line 388: /var/cache/man/whatis: No such file or directory
chmod: cannot access `/var/cache/man/whatis’: No such file or directory

There are a couple of ways to fix this but the majority will possibly get overridden on the next update if Plesk doesn’t address this issue, which they probably won’t because they usually don’t!

The simplest thing to do is create the missing folder branch and check it is still there after the next update.

Log in to your Plesk server and issue the following command:

mkdir /var/cache/man

More Plesk fixes are available on Fixing problems caused by updating Plesk