My spare time projects

Jan 30, 2013

Configuring SSH tunneling with DD-WRT and Putty

I was looking for a free VPN solution in order to remotely connect to my home network. The answer seems straight forward: OpenVPN. With Optware the installation is just another piece of cake, however the pain begins afterwards: should I deploy a NAT or a bridged network configuration? I should use another Linux Machine to generate the certificates and copy them do my DD-WRT router. I should install a OpenVPN client on each computer I would like to use to access my network and deploy a certificate for it. Configure networking on the client etc... And on top of it I should have another process running on my router facing already its imitations with his 32 MB RAM memory.

So I say, there should be a better way! And that's SSH tunneling.

In order to configure that I have opened the SSH port on my router, so due to the lovely free Dyndns service I should be able to establish a ssh connection from everywhere in the World. It's a good practice to use a different port than 22, in order to mask the service listening behind. I have chosen mine above 1024, out of the well known port range.

Further on, from DD-WRT GUI, on the Services >> Services tab I have enabled SSH TCP Forwarding as shown below:

Now on the remote PC, the one which I will use from remote in order to access my LAN, I have to set up a Putty connection:

After saving, for the above defined session I went to SSH >> tunnels. The image below shows how to configure the tunneling for http protocol in order to be able to access the GUI from remote.

Be aware that I have the remote GUI administration turned off, and the only port being opened in the firewall is the one used for SSH.

Further on I will use Mozilla Firefox for configuring a proxy, since Mozilla turned out to be the most versatile browser when it comes to proxy configuration. So I configured a Socks v5 local proxy listening on port 8080.

Having this configured, all I need to do is to start a SSH connection to my DD-WRT router and once connected to use Mozilla browser in order to access my router's GUI, as being inside the LAN.

In the same manner, one can configure RDP, in order to access the windows machines inside the LAN

but more about this probably on a future episode.

Jan 21, 2013

Modify Windows default route with a script when connecting to wifi

My corporate network proxy blocks any outgoing ssh connection, therefore in order to access my home network I would need to use the "clean" wireless connection provided by the company for special projects, test or backup scenarios.

Even if my corporate network policy does not specifically prohibit using the corporate network together with a free wireless network, the practice demonstrated that doing so would sooner or later end up with a local network outage. Since I don't have a clue why that might happen I will just take it for granted, or maybe leave you, the networking guys reading my post to provide an answer.

But how to use both corporate network and unfiltered WiFi without causing a local outage affecting around 100 hundred persons?

The answer would be deleting the default route Windows adds when connecting to the wireless network and replacing it with a specific route pointing to my IP address.
I would have loved to be able to do all this from a script which would also enable the wireless connection, but since I was not able to find an easy way to do it, I have developed another plan:

A script will be triggered whenever I use the physical switch on my laptop in order to turn wireless on and automatically connect to the predefined wireless network.

This is pretty easy to achieve in Windows 7: right click on My computer >> select Manage from the drop down list >> go to Task Scheduler >> and select Create Task.

On the General tab, I gave the name of the task :RunWhenWirelessNetworkOn.

On the Triggers tab, select the trigger "On an Event" and choose form the Log dropdown list "Micrhosoft-Windows-NetworlProfile/Operational".

On the actions tab, select the action "Start a program" and provide the path to my script "D:\UserData\***\My Documents\bin\RouteMan.bat". I will list the content of the script a little later.

Last but not least, I don't want the script to run when I connect to each wireless network in this world, but only when I connect to the specific network whose SSID I have selected under tab Condition, from the dropdown list "Start only of the following network connection is available".

Finally hit OK to save the current settings.

Now, let's discuss the script, which should look like this:

@ECHO OFF

ECHO This script will change the wireless connection routing.

set /p runScript=Do you really want to run the script now [y/n]?:

:UINTERACTION

IF "%runScript%"=="y" GOTO ROUTEMAN

IF "%runScript%"=="n" GOTO End

set /p runScript=You need to answer with "y" or "n":

GOTO UINTERACTION

:ROUTEMAN

route delete 0.0.0.0 MASK 0.0.0.0 192.168.1.1

nslookup myaddress.dyndns.org

set /P remoteIP=Please enter remote computer address:

REM add route for myaddress.dyndns.org

route add %remoteIP% mask 255.255.255.255 192.168.1.1

tracert myaddress.dyndns.org

GOTO End

[ later edit for the enhanced version of the script, check the post: Enhanced script to modify the Windows default route ]

Nov 28, 2012

Turn Off the wireless connection on the router as soon as there is no one connected

After developing a script to in order to remotely turn On the wireless on my DD-WRT router, I have thought it would be a good idea if I could turn Off the wireless connection on the router as soon as there is no one connected anymore.

There might be I'm going to forget to turn it off, or maybe to lazy to do it, so anyhow Why not do it automatically?
So I started using the mighty Google and soon found out the answer on the DD-WRT Forum - the whole credit for what I will be doing next goes to those guys.

The script is no more no less than the next, I have just changed the original echo true > with echo `date -u` >> for troubleshooting purposes:

if [ -e /tmp/wlan_idle_check ] && [ -z `wl assoclist` ];
then wl radio off; rm /tmp/wlan_idle_check;
elif [ -z `wl assoclist` ];
then echo `date -u` >> /tmp/wlan_idle_check;
else
rm /tmp/wlan_idle_check; fi;

Next step I just need to go to router's web interface, activate the cron job and place the script preceded by 0,15,30,45 * * * * root
which will make the job run every 15 minutes.

Finally, according to the description available on DD-WRT forum:

- the cron job will be running every 15 minutes;
- If nobody is found online, cron at first writes a temporary file;
- On the next run if still none is there (file exists) it will disable the wlan;
- If someone is online, WLAN will stay enabled.

I have just had the opportunity to test and see it working }:-)

Nov 21, 2012

Remotely turn On/Off DD-WRT WiFi at wish

It happened lately that I've got more and more concerned about the side effects WiFi radiation might have. I didn't find any relevant study which could clearly point out whether there are such effects or not, however I have decided not to take my chance, but do something.

So, having DD-WRT v24-sp2 running on my wonderful D-Link DIR-320 I have configured the Radio Time Restriction in such way it' starting daily at 18:00 (when normally I should be back from work) and runs until 24:00 (when I should be asleep).

Well, that's a first step, but having some clear disadvantages: wireless it's On every day from 18:00 to 24:00 no matter whether it's being used or not, so it's running when it shouldn't be and nor running when it should (e.g.: Saturday morning I might have some needs to use it).

Another way would be to turn Radio Time Restriction Off and use the button SES / AOSS / EZ-SETUP / WPS Button (located on the right side of the router) to turn the radio On and Off, which requires the following configuration on Services tab:

But that shouldn't do it either since my router serves three apartments, therefore only the people living in the apartment where it is located would have access to it, but not the others. And even for them it wouldn't be that easy since since they would need to climb a chair in order to reach the router which is being positioned a round 2,5 meters high.

So the question is, is there a clever way one could turn On DD-WRT WiFi at wish and having it closed when not used? Thanks God, it is!
But in order to achieve it, I would need to use my android phone, with Connectbot installed. THE WHOLE CONCEPT SHOULD WORK AS FOLLOWS:
One should be able to use his Android mobile phone as a remote control in order to turn On Wifi. This should not require advanced skills and should be accomplished with as less taps as possible. The wireless should be turned Off automatically when noticing no one is using it anymore.

So first first of all I would need to create a new user to be used for the remote connection:

root@DD-WRT:~# mkdir /opt/tmp/radio

echo "radio:*:401:10:User,,,:/opt/tmp/radio:/opt/opt/tmp/radio/radion.sh" >> /tmp/etc/passwd

Changing the default console for user radio to /opt/tmp/radio/radion.sh  makes sure the script is being executed when radio logs on and the connection is being closed as soon as the script finishes execution. So, it leaves the user no other option, unless executing the script.

Create the .ssh folder user for ssh key authentication:

mkdir /opt/tmp/radio/.ssh

Create the script which will be used to turn On wifi and save it under the name radion.sh in user's home folder.

#!/opt/bin/bash
echo "Welcome! Initializing procedure..."
# check whether wireless is already on
RADIOSTATE=`sudo wl radio`
if [ "${RADIOSTATE}" = "0x0001" ] ; then
  # if wireless off, starting wireless.
echo "Wireless is: OFF"
sleep 1 #wait one second
  echo "Starting wireless"
#For some unknown reason most run both commands in this order:
sudo wl up ; sudo wl radio on
echo "Wireless is: ON"
sleep 1 #wait one second
echo "Bye bye!"
sleep 2 #wait two seconds
exit;
else
  # if wireless on, it might be a good idea to remotely turn it off.
echo "Wireless is: ON"
sleep 1 #wait one second
  echo "Would you like to turn it OFF?"
  echo "y/n (default is y):"
read TURNOFF
  if [ "${TURNOFF}" = "n" ] ; then
      echo "Wireless will remain: ON"
      sleep 1 #wait one second
      echo "Nothing to do..."
      sleep 1 #wait one second
      echo "Bye bye!"
      sleep 2 #wait two seconds
      exit;
      else
      echo "Wireless will be turned: OFF"
    sudo wl radio off
      sleep 1 #wait one second
      echo "Wireless is: OFF"
      sleep 1 #wait one second
      echo "Bye bye!"
      sleep 2 #wait two seconds
      exit;
fi
fi

Assign user radio as owner of the script:

root@DD-WRT:/opt/tmp/radio# chown radio radion.sh

Grant him execution rights:

root@DD-WRT:/opt/tmp/radio# chmod 544 radion.sh

In order to be able to execute wl command as user radio, insert the following line into the file /opt/etc/sudoers under ## User privilege specification ##:

radio ALL=NOPASSWD: /usr/sbin/wl

Next step is to perform the configuration on Android mobile phone's side.

Install ConnectBot on your Android phone.(https://play.google.com/store/search?q=connectbot)

Define a new connection for the user radio, such as radio@your_host_address:

Go to Manage Pubkeys >> go to Generate and create a new RSA key, 1024 bits, no password.
Save the key, I have saved mine under the name radio.ppk.
Long press on the key and select "Load key on start".
Long press on the key and select "Copy public key".

Using ConnectBot application on your phone, establish a ssh connection to you router using the root user. Once connected create the .ssh directory for the user radio.

root@DD-WRT:mkdir /opt/tmp/radio/.ssh

Create and edit the file storing the authorized keys:

root@DD-WRT: vi /opt/tmp/radio/.ssh/authorized_keys

Press i for vi insert mode.
Paste the public key from your clipboard into the file.
Save the file using the vi sequence esc followed by :x and hit return.

Now one should be able to use the ConnectBot connection previously defined in order to connect and run the script which will automatically turn the wireless On or Off at wish.

CREDITS:
Many thanks to Andrei for his prompt and good advises by the time my Linux skills were threatening to prevent me from finishing the project.

Nov 4, 2010

Integrate the door phone into your asterisk home PBX

I was looking this summer for a door lock system for a residential building with 3 apartments, which could also be extended in the future for the 4th one.

In the same time I was planning to implement an Asterisk based home PBX which would allow internal communication between the three apartments and also provide access to the outside world trough a PSTN line.

Why not mixing the two of them together?
So, little by little I started to build the hypothesis.

Already having:
- wifi SOHO router D-link Dir 320 running DD-WRT v24 mini usb
- one Asus SOHO 8 port switch without management
- FXO line from Romtelecom

First obstacle would be the PSTN gateway. Looking for an affordable SOHO equipment (the enterprise gateways like Mediatrix are way over my budged even If i buy them second hand) I found to Linksys SPA3102 to be close to my needs.

In conjunction I should also decide what phone I should use as a door phone. Looking on the internet, I thought that I've found exactly what I needed: ITS Telecom Door Openers, but the price disseminated me a little bit :( 700$ is way to much!!!

Therefore I went up thinking that Linksys SPA3102 has a spare FXS port, where I could connect one analog phone - from the cost perspective that would be perfect to be placed at the door.

Question is: how can one trigger the door lock with an analog phone connected to a SIP gateway?? The answer I found lately is DTMF. So I have decided to use a DTMF decoder like in the following example: http://www.scribd.com/doc/29306350/HOME-AUTOMATION-USING-PHONE-DTMF-TOUCH-TONE-modified-version. Now initial data is completed and I should start working.

I' ll keep you guys posted.
To be continued...