Page 3 of 28
- A 48" long, 1" diameter pipe
- Two 12" long 2x6s
- Two 6" long 2x6s
- Six 4" long 3/8" bolts
- Six 3/8" nuts
- Twelve flat washers
- Eight 2.5" long wood screws
- Construction adhesive
Rafter Pull-Up Bar
I quite enjoy exercising and, ever since I did parkour, I’ve really liked body weight movements. I don’t do much in the way of parkour any more, but I do CrossFit religiously, which features a lot of pull-ups. I’ve got a doorway pull-up bar which is superb for just getting going in the morning; since they’re only $25, I think everyone should have (and use) one. While having a pull-up bar inside the house is great, I do most of my real workouts in my garage–with easy access to running (the street), box jumps (wall in my back yard), and a barbell, I can do many different WODs. For WODs that involve pull-ups, I’ve been doing them on the rafters in the garage. While this works, the rafters are a bit too high to get to easily and they really strain my grip. I’m all for the workout being difficult, but I don’t always want it to be training for climbing. To that end, I built a pull-up bar this weekend.
It’s a pretty simple affair, largely based upon this instructional video. The pull-up bar runs perpendicular to a pair of rafters that are 4 feet apart, hanging a few inches below the bottom of the rafters. In my garage, the rafters are 2x6, which seem to be plenty sturdy enough even when I kip & do muscle-ups over the bar.
The materials I used for the bar:
The only prep beyond cutting the wood is drilling the holes for the bar in the larger 2x6 pieces. Note that a 1" diameter bar has a 1" interior diameter, so you need a larger drill bit than 1"; I used a 1¼" bit which was still slightly small, but worked with a bit of extra drill action. Once the bar holes are drilled, I made the holes for the 3/8" bolts on the opposite half of the 2x6, and corresponding holes in the rafters where the bar was to be mounted. My standard procedure for woodworking is to supplement my lackluster skill with adhesive, so I applied some construction adhesive with my caulk gun between the 2x6 and the rafter and then bolted it in place.
With the supports bolted in place, I slipped the bar itself through the holes and quickly discovered the need for something more. The bar itself is 48 inches long, and the space between my rafters is also 48 inches. Since I put the supports inside a pair of rafters, the bar was nicely flush with the outside of the supports, but this also meant it would only take a couple of inches of lateral movement for it to fall out. The solution is to cap fashion caps using some more 2x6 and secure it with wood screws.
Parallel Processing in PHP
Though not a first choice for long-running processes, many web shops end up writing daemons or batch processing scripts in PHP. As business grows, the need to process records more quickly to deal with traffic becomes an issue. Often times, the processing is limited by something other than raw processing power–network latency and database query times being the usual slowdowns. When this is the case, the easiest way to increase throughput is with multiprocessing: multiple children that spread the time waiting so as the fully utilize the processing power available.
To this end, I have created a simple framework for managing child/worker multiprocessing in PHP. Like other high-level interpreted languages, the most straightforward way to spin things up is using fork(2) to create new processes. While not as Hardcore and Awesome as the lightweight threads that other languages provide, OS-level process creation isn’t a huge hindrance if you code for it: make the child processes long running so as to mitigate the startup cost.
The framework is part of the Team Lazer Beez Open Source project–you can find it in the utility package. The entire thing is simple enough to fit in a single class, gosUtility_Parallel, the basics of which can be credited to chaos’ post on Stack Overflow.
Using the library is simple–extend gosUtilityParallel and override the doWorkChildImpl() method:
// Include the Genius config file
require
once dirname(dirname(FILE)) .'/Core/testConfig.inc.php';
class Minimal extends gosUtilityParallel { protected function doWorkChildImpl() { gosUtilityParallel::$logger->debug($this->workerID . " started"); usleep(2000000);
1 2 3 4 5 6 7 | gosUtility_Parallel::$logger->debug($this->workerID . " doing work");
usleep(2000000);
gosUtility_Parallel::$logger->info($this->workerID . " finishing");
exit(1);
return;
}
|
}
This class creates simple workers that print a couple of debug messages with some sleeping in between, and then announce that they are done working. Now you can instantiate the class with a single argument: the number of children to run. gosUtility_Parallel will take care of all the details.
// Make with the go $minimal = new Minimal(2); $minimal->go();
If children exit with a non-zero status, the parent will spin up a replacement. The parent will continue to run until all children have exited normally, or it gets INT (say, ctrl+c) or TERM (the default signal sent by kill(1)), in which case it will pass that signal on to the children, ensure they shut down, and then end itself. gosUtility_Parallel provides ample logging information; running the above produces the following output:
INFO - Started worker 0 (pid 42093) DEBUG - 0 started INFO - Started worker 1 (pid 42094) DEBUG - 1 started DEBUG - 0 doing work DEBUG - Checking worker 0 (pid 42093) DEBUG - Checking worker 1 (pid 42094) DEBUG - 1 doing work INFO - 0 finishing INFO - 1 finishing DEBUG - Checking worker 0 (pid 42093) INFO - Worker 0 (pid 42093) exited normally DEBUG - Checking worker 1 (pid 42094) INFO - Worker 1 (pid 42094) exited normally
gosUtility_Parallel provides a number of overrideable methods whose names explain their purpose: parentSetup(), parentCleanup(), and childCleanup(). Children can also get their $workerID and the $maxWorkers number making processing based upon modular division trivial. The example parallel class in the distribution demonstrates some of these features:
// Include the Genius config file
require_once dirname(dirname(__FILE__)) .'/Core/testConfig.inc.php';
class Par extends gosUtility_Parallel {
public function __construct($maxWorkers) {
parent::__construct($maxWorkers);
// Redefine the logger
gosUtility_Parallel::$logger = Log5PHP_Manager::getLogger('gosParallel.Par');
}
protected function doWorkChildImpl() {
gosUtility_Parallel::$logger->debug($this->workerID . " started");
// Run until told not to
global $run;
while ($run) {
gosUtility_Parallel::$logger->debug($this->workerID . " doing work.");
usleep(2000000);
if ($this->workerID == 0 && rand(0,10) == 7) {
gosUtility_Parallel::$logger->info($this->workerID . " returning");
return;
}
}
}
protected function parentCleanup() {
gosUtility_Parallel::$logger->debug("Parent cleaning up");
}
protected function childCleanup() {
gosUtility_Parallel::$logger->debug($this->workerID . " cleaning up");
}
}
The example above runs out-of-the-box (provided your PHP was built with --enable-pcntl, so I encourage you to download the source and take it for a test drive.
Incidently, if you’re in the Perl world you can just use Parallel::ForkManager and be on your way.
Learning About Nutrition
{% img right http://dinomite.net/images/posts/gopaleo.jpg 400 400 “Go Paleo” %} I have learned a lot about nutrition in the past few years, mainly fueled by my interest in fitness. Once I got beyond run-of-the-mill Globo Gym workouts by delving into truly challenging fitness like parkour and CrossFit, it became apparent that I would need to match exercise with proper nutrition in order to excel. Note: if you don’t give a shit about what I’ve done and just want to learn about nutrition, head to the bottom.
In The Beginning, There Was Parkour
Training at Primal Fitness was the first time I came across folks who offered dietary advice that wasn’t focused on weight loss–something I haven’t ever been interested in or needed. Right in line with the nature of the parkour community at the time, the focus of nutrition was pretty loose: eat more protein and less sugar. Like any athlete trying to build muscle, eating more protein than that on a standard American diet (SAD) is mostly a no brainer. Weight lifting folks long ago figured out that protein was essential to building muscle, and in recent years it’s common knowledge since we all see Bros downing their protein powder. Less sugar has almost always been generally accepted as good nutrition advice…at least until it was pushed out by the blind fear of fat…but I’m getting ahead of myself.
The Next Level: CrossFit
I picked up CrossFit from hanging out at Primal Fitness, and largely as a way to get better at parkour. Parkour involves lots of short distance sprinting with long distance running and a large amount of gymnastic strength & jumping. What better to train such a diverse set of skills than the general purpose fitness focus of CrossFit? Indeed, Primal is also a CrossFit box in addition to being the first facility in the US with such a focus on Parkour. What does CrossFit have to say about nutrition? Quite a bit, and it’s a significant part of the famous World-Class Fitness in 100 Words:
Eat meat and vegetables, nuts and seeds, some fruit, little starch and no sugar. Keep intake to levels that will support exercise but not body fat. Practice and train major lifts: Deadlift, clean, squat, presses, C&J, and snatch. Similarly, master the basics of gymnastics: pull-ups, dips, rope climb, push-ups, sit-ups, presses to handstand, pirouettes, flips, splits, and holds. Bike, run, swim, row, etc, hard and fast. Five or six days per week mix these elements in as many combinations and patterns as creativity will allow. Routine is the enemy. Keep workouts short and intense. Regularly learn and play new sports.
Enter The Zone
The main dietary message from CrossFit HQ is that The Zone Diet is the best set of guiding principals for optimum nutrition. As much as it may seem on the face of it, this isn’t just some marketing cross-promotion crap–much like CrossFit you don’t need to buy anything to eat Zone. The basic tenet is that your meals should all be made up of 40% energy (calories) provided by carbohydrates, 30% by protein, and 30% by fat (the food pyramid advises about 55:20:25). Zone prescribes that the carbohydrates you eat be of the low-glycemic index variety: vegetables, whole grains, whole fruit, though some argue that this is offered as secondary to the macronutrient ratio that is the center of Zone.
I gave Zone a solid try while doing CrossFit on my own in 2009 and really liked it–when I managed to stick to the relatively low carbohydrate formula for even a few days I had much more stable energy throughout the day and felt ready to tackle the workout of the day whether I decided to do it first thing in the morning or late in the evening. For a couple of years, I more-or-less followed the Zone and was pretty happy. When I moved back to DC, I started CrossFitting at Potomac CrossFit right around the time they were starting a Paleo Challenge, which encourages people to give a strict paleo diet a try for 30 days. While I didn’t participate in the challenge, I figured it was worth reading up on paleo and giving it a try since I had heard so much about it in the CrossFit community.
Where I End Up: Paleo
I picked up Robb Wolf’s book, The Paleo Solution and, after initially being off-put by the self-help, anecdotal nature at the beginning of the book, I was impressed with the scientific information and references provided later. Over the week I read the book I quickly moved from “I’ll give this paleo thing a bit of a try” to “I will only eat grass-fed beef and organic broccoli cooked in coconut oil”. I found it so convincing in part because of the science, but also the back-to-basics origin for the ideas on nutrition. As anyone who has read widely on modern nutritionism knows, the dietary advice offerings in the past 50 years have done nothing to make Americans or Westerners in general any healthier. Things like margarine are pushed as healthier replacements only to later find that partially hydrogenated fats are supremely deadly.
Paleo starts by saying, “Nutrition is so complex we haven’t come close to understanding it enough scientifically to offer complete dietary advice.” Instead, paleo nutrition bases the nutrition guidelines on what we evolved to eat, that is the foods that sustained humans for the hundreds of thousands of years prior to the rise of agriculture. Since we have arguably evolved very little since the products of agriculture (grains, legumes) became the central part of our diet, about 10,000 years ago, looking back to what our evolution had us eating seems a very good start. We need not attempt to reenact the caveman lifestyle, but we can use the diets of our evolutionary ancestors as a logical framework for making nutrition choices in the modern world.
In so many words, that is my nutritional journey–I am now a complete paleo convert. After trying it for a month, I was absolutely hooked and, a lot like CrossFit, I now try to tell everyone I meet about how awesome this paleo thing is. In addition to never suffering from blood sugar fluctuation induced unhappiness I am also not only ready to tackle workouts whenever, but reading to absolutely own them. Beyond that, the dietary guidelines of paleo fall in line with a wide set of evidence showing that modern diets are wrong in so many ways I really believe that eating this way makes me greatly healthier overall.
Information on Nutrition
The original point of this post was not to just tell my story of nutritional discovery, but to let others know what they should read to understand nutrition. I never like to just tell people what they should eat, because that makes me just another guy hocking advice that Really Will Make Everything Better! Instead, I want to give folks the information to make their own decision–and I think the evidence points so strongly in one direction that anyone who does read up on it will be in the same camp that I’m in.
If you’re just getting interested in nutrition, then these are the articles you should read. If you don’t care about nutrition, I would encourage you to at least read those by Michael Pollan: they paint a pretty grim picture of the food supply in the United States
- Unhappy Meals - Michael Pollan
- Power Steer - Michael Pollan
- What if It’s All Been a Big Fat Lie - Gary Taubes
- Principles of Healthy Diets - Weston A Price Foundation
For those who want to know more, a good next step is to check out some documentaries:
- Fathead (2009) - A response to Super Size Me that effectively presents the flaws of the lipid hypothesis
- King Corn (2007) - On the American industrialized food system
To really understand what nutrition is about, book reading is in order:
- Why We Get Fat - A much longer version of the Gary Taubes article above explaining the history & details of modern nutrition advice
- The Omnivore’s Dilemma - Michael Pollan’s book that introduced nutritionism and its failings, and describes the industrial food system in detail, contrasting it with local agriculture
- In Defense of Food - More on food & nutritionism. This is where “Eat food. Not too much. Mostly plants” comes from
- The Vegetarian Myth - A very striking and thorough tearing apart of every angle of vegetarianism written by a former long-time vegan
If you really want to have a thorough understanding of the lipid hypothesis, Gary Taubes wrote another book that is basically Why We Get Fat with even more scientific evidence and why the calories in-calories out model for obesity doesn’t work entitled Good Calories, Bad Calories.
To get an idea of this whole Paleo thing that I have fallen in love with check out these things, in order of brevity (read: depth):
- Whole 9’s The Paleo Pitch
- Robb Wolf’s Paleo Overview
- Fit Bomb’s What Is Paleo?
- The Paleo Solution - Robb Wolf’s book on the paleo diet (which I reviewed on Cool Tools)
- The Paleo Diet - Dr. Loren Cordain, another big name in the paleo community
- The Primal Blueprint - I haven’t read Mark Sisson’s book, but I do read his very good blog
Building an Olympic Lifting Platform
CrossFit got me started on Olympic lifting and it is now one of my favorite things that I do in the exercise realm. The tools needed for CrossFit are few and generally inexpensive, but Oly lifting does require some significant outlay if you plan on doing it at home. One of the things you need is a platform upon which to perform lifts–it’s important to have a stable, flat surface to stand on, and have the ability to drop weights. Before going through with building a platform I dumped a light bar on my brick patio and the back yard, both of which left marks. It was time for me to build a platform.
The basic arrangement of a platform is simple: a sufficiently wide patch of wood to stand on flanked by rubber to absorb dropped weights. There are a handful of notes on building platforms online, most of which suggest two base layers made from full sheets of ¾" plywood topped with a third half-sheet of ¾" plywood with horestall mats on either side. Simple enough, but these instructions also usually state that the resulting device cannot be lifted by on person alone. I wanted to have the ability to at least flip my platform on end by myself to get it out of the way, so I took a different route. To keep the weight more reasonable, I used 3/8" (11/32" at your local lumber yard) plywood and reduced the fore to aft dimension from 8 feet to 6, making for an 8 foot wide by 6 foot long platform. In practice, this is plenty of space to perform lifts, even if you’re doing some real speed as part of a CrossFit workout.
Materials:
- Two 6x8 foot sheets of cheap 11/32 plywood
- Two 4x6 foot sheets of cheap 11/32 plywood
- One 4x6 foot sheet of nice 11/32 plywood
- Construction adhesive
- 150 ¾ inch wood screws
Assembly is a very simple affair:
- Lay the 6x8 sheets with their long edges side by side (photo)
- Apply construction adhesive to half of 6x8 sheet pair and top with one of the 4x6 sheets
- Drill & screw edges every 6 to 10 inches, and put screws all over the interior as well–it’s OK to put screws anywhere, as you won’t be standing on this portion
- Top with weights to ensure layers bond evenly (photo)
- Apply adhesive to other half, top with remaining 4x6 sheet, and repeat screwing process
- Test fit 4x6 piece of nice plywood in the center of the previously assembled parts and mark edges
- Apply adhesive to the platform between marks, lay nice plywood down and secure with screws along front & back (4 foot) edges only
- Put a crapton of weights on top to ensure your platform comes out flat
- Once everything is dry, give it a coat of deck sealant to make it waterproof
The end result is a platform that can (just barely) be dragged by one person. If I were doing this whole thing again, I’d take one more foot off of each dimension, making for a 5 by 7 foot platform and saving significant weight in the process. I think this would sill leave enough room for any sort of lifting.
Watching iPad Applications
Shortly after the release of The Daily, Andy Baio created The Daily: Indexed and, more importantly, described how he created that index in a blog post. The crux of his reverse engineering of The Daily app was Charles, which he describes how to use in the aforementioned blog post. Since reading that post, I’ve wanted to explore a number of applications on my iPad and iPhone to see what they’re really doing when they cause the network indicator to spin.
First things first, I setup Charles and started up Reeder, an RSS feed reader that integrates tightly with Google Reader. My main interest was to see when it actually marked posts as read–I often read in short spurts on my iPhone, which results in pulling up a post only to switch out of Reeder or lock my phone seconds later. Sometimes the posts would be marked read if I pulled up Google Reader, but sometimes they were still marked unread. Was this a network latency problem when the phone was using 3G/Edge internet, or was it Reeder doing some fanciness with when it marked posts read?
I didn’t get to my goal right away because the first thing I noticed upon starting up Reeder is that it hits the original blog for every single one of the feeds that I subscribed to in Google Reader. As someone who hasn’t cleaned up a number of blogs that don’t post anymore, this was a few hundred feeds. I shouldn’t have been surprised by this, as it doesn’t really make sense for Google to pull all of the content for all of those blogs and package it up for my convenience.
Getting back to my initial focus, Reeder attempts to mark a post read as soon as you open a post–any failure of a post being marked read is because the network was slow or inoperative at the time you were reading. Reeder periodically refreshes all of your feeds, as indicated by the spinning icon on the iPad or the replaced battery display on the iPhone, but it actually spends much longer doing this than the icon’s state would lead you to believe. From day-to-day usage the update to the feeds I care about (read: those that actually have updates) is done in short order, but Charles reveals that Reeder is still pulling data from individual websites. My guess is that Reeder pulls the feed list from Google, gets the new posts mentioned therein, and then proceeds to do its own checking of feeds.
Reeder was the only app that had really crossed my mind after Andy Baio’s post, and it fulfilled my desire to experiment with Charles, which is a very good tool that I’ll turn to if I have future questions that need answering.
Paleo Egg Muffins
There are a number of recipes for paleo muffins, which are a great way to get fast paleo food in the morning. As I usually do with cooking, I created my own recipe from the ones I found online. For 24 muffins, I assembled:
- 18 eggs
- 5 small sausages (breakfast size)
- 2 large sausages
- 1 red pepper
- 1 large onion
- ½ cup strained yogurt (Greek style)
The odd sausage arrangement is simply because that is what I had on hand–once cooked and crumbled it was about 2 ½ cups worth of sausage.
I began by cooking the sausage, followed by sautéing the diced onion & pepper in the fat that rendered out of the sausage. After cracking all of the eggs into a a large bowl, I whisked them together with the yogurt. With all of that assembled, I combined the sausage with the pepper & onion and portioned it into a pair of muffin pans. The eggs are the last thing before the oven, filling each cup ⅔rds full. Into the oven for 15 minutes, rotate top/bottom pan, and give them another 7-10. The bottoms of mine were a bit under cooked, so I might try putting the lower rack all the way down, rather than the standard in-the-middle.
Altering many directories at once with CmdDirs
On any machine I use I create a directory, sandbox, at the root of my home directory to hold checkouts of source code I’m working on. This directory often contains code from many different repositories, dozens of projects that I intermittently work on. Many of these repositories depend on others, in particular Java submodules for Clearspring, and I want to be able to easily update all of them at once. With Subversion this is easy: the svn command allows you to act upon a checkout without being in the directory that contains it. Simply issuing svn up * from ~/sandbox ensures that I have the latest code revision in each of my checkouts and svn st * allows me to see if I have any uncommited changes.
While I love Git, it does not make such actions this simple. Git requires you to be in the repository directory (or set a number of environment variables) to work wit that repo. While the -exec option of find(1) allows me to descend into each directory and perform an action, I wanted to make this easy, because such all-checkout-actions are something that I want to do a number of times each day. Like most problems, this one is (best?) solved with Perl. Enter App::CmdDirs.
CmdDirs is a fairly simple Perl app that I have written to do what I describe above–descend into any number of directories and perform a command in each one.
titus:~/sandbox$ ls CmdAll mac-itunes genius-os scoreboard GAE hf uaParser WebService-LOC-CongRec iTunes-Sync titus:~/sandbox$ cmddirs "git st" Performing `git st` in <cmdall> ## master ?? App-CmdDirs-1.00.tar.gz Performing `git st` in <itunes-sync> ## master Performing `git st` in <uaparser> ## master M uaParser/test/test_user_agent.py Performing `git st` in <webservice-loc-congrec> ## master
See the numerous directories? Note that there are 9 directories in my sandbox but git st was only performed in a few of them, those which are Git repositories. CmdDirs has a modicum of intelligence: if it knows what your command is, the command will only be performed in applicable directories. This can be overridden with -all, -git, or -svn doing what you expect. Git and Subversion are the only two things supported right now, because that’s all I have a need for. Writing new Traversers is simple–just copy the form of git.pm or svn.pm. You can probably Achieve at this endeavor even without knowing Perl.
Here’s a one-liner for installing cmddirs:
curl https://github.com/dinomite/CmdDirs/raw/master/bin/cmddirs > ~/bin/cmddirs && chmod a+x ~/bin/cmddirs
Crapcan Racing Tips
Drivers’ schools are incredibly fun and the best way to improve your driving prowess. Track days can be incredibly useful for honing your skill once you have been on track enough to catch your own mistakes. While incredibly useful tools for learning to drive fast, neither can touch the 24 Hours of LeMons for having fun with motorsports. I have previously written about the basics of getting to a LeMons race, and what happened at our first race. The team just finished another race, the 2010 Arse-Freeze-Apalooza at Buttonwillow this past weekend, where we finished 68th of 173. Better than half made us happy, because the head gasket blew with an hour and a half left in the race.
Track driving is certainly a specialized skill and racing is a step beyond that–in addition to driving a car at the limit, you have to deal with numerous other cars on track who may decide to pass you at any time. In crapcan racing things are even crazier because most folks don’t care much if the car gets hit and many of them have little to no experience driving on a racetrack, much less in anger.
Track Experience
The biggest piece of advice I can give is to get some track experience before heading out on track in your first LeMons race. Street driving, or even autocross shares very little with driving on a racetrack, and there is no adequate preparation aside from sufficient time on a track. Even if you have done a lemons race, going to a much less crowded HPDE or other track even twill be very information–rare are the times you get to take an unmolested line, much less lap, at a race.
Many Races
The first time you go to a 24 Hours of LeMons event, you’ll find at least three different types of race teams: those who built something that doesn’t belong on a racetrack; the teams there to win; and the teams that are just there to have fun in any way possible. Don’t get me wrong, everyone is there to have fun, but the former two have very specific goals in mind. The folks who bring a Fiat 600 or a limousine aren’t interested in winning the race outright–they’re looking for the Index of Effluency, or simply testing their own mechanical mettle.
By the same token, some teams come with the intent to win the speed race–they have a reliable, quick car, know how to do fast pit stops, and don’t intend to spend time in the penalty box. If it’s not obvious who these teams are, check the time sheets after a couple hours of racing; they are the ones on the lead lap or just behind. Figure out which cars belong in this group, do your best to stay out of their way, and certainly don’t hit them.
Caution Wave
If you’ve done other racing or track days, one of the first things you’ll notice about crapcan racing is the number of yellow flags thrown. When you have hundreds of $500 cars on a racetrack with inexperienced drivers, problems happen often. At the Arse-Freeze-Apalooza, Jay said that the recovery crew did 75 tows on Saturday alone. Oftentimes, cautions will be thrown well ahead of what you can see if you’re closely following a pack of cars. For this reason, you’ll see folks who have been racing a while throw up their hand by the rear-view mirror and wave when they see a yellow flag. This way, everyone behind knows that they are going to slow for caution, and you should too.
Photos by Marshall Pierce.
E36 M3 Fuel Mileage
Since I have access to a Closed Course and a Professional Driver, I recently did a study of my M3’s gas mileage at different speeds. Since all cars are geared differently and exhibit vastly different aerodynamics, this won’t hold much water (gas?) for any other vehicle.
| Average speed | Miles per Gallon |
| >city< | 22 |
| 55 MPH | 32 |
| 75 MPH | 26 |
| 90 MPH | 24 |
| 105 MPH | 22 |
Creating an OpenVPN Server on Ubuntu
I have long used an SSH tunnel (put simply: ssh -D 8000 server + FoxyProxy) to browse the web securely from unencrypted wireless access points and other potentially hostile networks. While this is secure, it isn’t all that convenient and has inherent problems. What I really want is a proper VPN, that will seamlessly encapsulate all traffic from my local machine and pass it through the tunnel to be emitted by the server. OpenVPN is one of those things that has a reputation for being difficult to setup,so I long avoided it. Once I decided to actually make with the go, it turned out to not be terribly difficult, though I did have to do a bit of searching to get exactly what I wanted.
There are a number of good tutorials for setting up OpenVPN, and the following instructions will mostly mirror those. First, install the requisite packages:
caligula:~$ sudo aptitude install openvpn
Then, setup a place to generate the requisite keys:
caligula:~$ mkdir tmp/vpn && cd vpn
caligula:~/tmp/vpn$ cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* .
At this point, many tutorials (the above mentioned ones included) say that you should run ./init-config, which doesn’t exist in recent version OpenVPN. With the scripts for generating keys in place, open up vars and edit the stuff at the bottom, which should be pretty straightforward:
export KEY_COUNTRY="US"
export KEY_PROVINCE="NY"
export KEY_CITY="Rochester"
export KEY_ORG="Dinomite-Net"
export KEY_EMAIL="drew@dinomite.net"
The vars file just sets up a bunch of environment variables, so you’ll want to source it and then build the certificate authority:
caligula:~/tmp/vpn$ source vars
caligula:~/tmp/vpn$ ./clean-all
caligula:~/tmp/vpn$ ./build-ca
Building the certificate authority involves a few questions, for most of which the defaults defined from vars are all you need. Next, build the keys for the server and client (I name my computers after Roman emperors):
caligula:~/tmp/vpn$ ./build-key-server caligula
caligula:~/tmp/vpn$ ./build-key vespasian
caligula:~/tmp/vpn$ ./build-dh
With all that done, you can copy the appropriate key files over to the client, in my case vespasian. Since I already had tunnelblick on that machine, I put the files directly where they needed to go:
caligula:~/tmp/vpn$ cd keys
caligula:~/tmp/vpn/keys$ scp vespasian.crt vespasian.key \
ca.crt vespasian:~/Library/Application Support/Tunnelblick/Configurations/
Two steps left. First, make the client configuration file. For tunnelblick, this goes in the same directory as above, and you can name it whatever you want:
vespasian:~$ cat Library/Application Support/Tunnelblick/Configurations/client.conf
client
dev tun
proto udp
remote caligula.dinomite.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert vespasian.crt
key vespasian.key
comp-lzo
verb 3
There are plenty of other sites that will explain what all of those options mean, so I won’t go over it here. The important things to change from above are the remote and the names for the cert and key. Now on to the server config and the files that it needs:
caligula:~/tmp/vpn/keys$ cp dh1024.pem caligula.key caligula.crt /etc/openvpn/
caligula:~/tmp/vpn/keys$ cat /etc/openvpn/server.conf
server 10.7.7.0 255.255.255.0
push "redirect-gateway"
dev tun0
proto udp
keepalive 10 120
comp-lzo
dh /etc/openvpn/dh1024.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/caligula.dinomite.net.crt
key /etc/openvpn/caligula.dinomite.net.key
status /var/log/openvpn-status.log
verb 3
The secret sauce in that config is push "redirect-gateway" which is what tells the client to route all of its traffic through the tunnel to the server. To make this work, the server needs to be set up to do NAT:
caligula:~/tmp/vpn/keys$ echo "1" > /proc/sys/net/ipv4/ip_forward
caligula:~/tmp/vpn/keys$ iptables -t nat -A POSTROUTING -s 10.7.7.0/24 -o eth0 -j MASQUERADE
That’s all there is to it! Just restart the server (sudo /etc/init.d/openvpn restart), connect, and all your traffic is now safely encrypted to the server.