Saturday, March 9, 2013

AutoHotKey Scripts

So after my last post about AHK script to allow an application running only when connected to a VPN i thought i should make another post with moar scriptz.

I found about AHK Command Picker @ http://ahkcommandpicker.codeplex.com/ and i thought damn this thing is a great script and i Shall build all my scripts, shortcuts, functions and what not in AHK Cmd picker.

I want to share my complete setup with you and i'll try to make it as general as possible so you can adopt it pretty easily for your own needs.

So GitHub, i know, my first experience with it just now for this purpose to share AHK scripts. One of the other reasons why GitHub is collaboration and improvements...

https://github.com/ilirb/ahk-scripts

I'll intruduce you briefly here what will you find at my GitHub repository and what "extra" functions i have included in AHK Command Picker. However, i will not keep this post up-to-date since it'll defeat the purpose having it in the GitHub, instead, i'll update my GitHub repository.

Please read more about AHK Command Picker itself at http://ahkcommandpicker.codeplex.com/documentation so you can get a sense what it is about, how to use it and how to include your own scripts.

Besides AHK cmd picker you will get at least this from my repository (as of  2013 March 09):
  • OpenConsole - Will open CMD in the current folder opened in Windows Explorer
  • NewTextFile - You like build-in Ctrl+Shift+N to create a new folder in Windows 7? Use Ctrl+Shift+T to create a new text file in current folder.
  • uTorrentWebUI - Remote control uTorrent running in another machine. Stop, start, pause, unpause, etc. Send a torrent url or magnet link to another computer with a single shortcut. And more...
  • ConnectVPNRemote - Start VPN connection on the remote machine
  • PSExecWArgs - Execute commands in remote computer using PSExec using dialog input.
  • GoogleMusicControl - Simple Google Play Music control start, pause, next, previous. (Opened in Chrome only, for now)
  • LoopChromeTabs - Go through all opened tabs and find a certain tab in Chrome
  • Some really basic shortcuts...
Go ahead and try it, i myself have become obsessed with automating things and trying to do normal day to day stuff with less effort.

Monday, January 21, 2013

Rrjeta private VPN me TINC


Une i kam dy PC ne shtepi me lidhje interneti prej 100 Mbps, nje PC te fuqishem ne pune dhe telefon Samsung Galaxy S2 i9100 me internet pa limit (21 Mbps)

Kam pas nevoje qe krejt kto me i lidh bashke qe me mujt me ba shares, remote control, me ba backup me Crashplan, LAN lojna, voip, etj. Masi une jetoj ne Suedi kam dasht me e lidh edhe familjen ne Kosove ne te njejten rrjete.

Shenim: njohuria ime per rrjeta eshte shum e limitume edhe me e instalu e rregullu TINC kerkon kogja njohuri n'rrjeta. Pershkak ksaj edhe kam pas shum probleme me e rregullu TINC. Por nese keni pytje kam me u mundu me ju ndihmu sa ma shum.

Para se me fillu duheni me pas parasysh qe duheni me pas 1 IP publike dhe duheni me mujt me ba forward porten 655 ne makinen ku TINC ka me punu.

Instalo TINC VPN ne Microsoft Windows


S'pari shkarkone Tinc prej http://www.tinc-vpn.org/download/. I keni dy mundesi Stable dhe Pre-Release, une e kam provu Pre-release mirpo ka pas nje problem qe pas ni kohe Tinc ka hy me nje loop edhe eshte ndal qe gjithashtu ka fillu me marr shum CPU, keshtuqe ju rekomandoj Stable verzionin. Gjithashtu konfigurimi osht pak ma ndryshe prej Stable edhe PreRelease. Ne fund te fundit ju doni mos me mendu per to pasi ta rregulloni.

Ketu i keni disa instrukcione qysh me instalu http://www.tinc-vpn.org/examples/windows-install/ edhe me konfiguru mirpo konfigurimin e bajme ketu.

Pasi ta keni instalu Tinc, instalone kartelen virtuale te rrjetes duke startu addtap.bat si administrator (kliko me tast te djathte dhe zgjedhe Run as Administrator)



Konfiguro TINC VPN ne Microsoft Windows


Shenim: Tinc i run konfigurimet ne te njejtin vend ku osht i instalum qe osht pak problem me punu me to nese e keni UAC te aktivizume (nese nuk e di qka osht ather e ki te aktivizume).

Per me konfiguru kemi me perdor CMD Command Prompt por ju lirisht mundeni me perdor Notepad apo naj text editor tjeter si Notepad++.

Per me startu cmd.exe si administrator kliko ne start menu dhe shkruje direkt "cmd", klikoje me tast t'djathte dhe zgjedhe Run as Administrator (me rendsi).



Ne cmd shkruj komandad qe jan ktu me Italic
Pe llogarisim qe ky kompjuter osht qe ka me pas porten 655 te hapun ne IP adresen publike e tjert kompjutera mbrapa NAT qe kan mu lidh ne kete kompjuter.

cd "c:\Program Files (x86)\tinc"
mkdir base - folderit po ia vnojme emrin e njejt si te konfigurimit
echo Name = base > base\tinc.conf - Kjo osht emri kti vpn
echo Interface = tincvpn >> base\tinc.conf - Nese ke kriju shum kartela virtuale ather ktu e shkrun cilen ka me perdor ky konfigurim (sepse mundesh me pas shum vpn :) )

Tash duhet me kriju edhe ni folder ne "base" me emrin "hosts" ku kemi me i rujt shenimet e ketij kompjuteri edhe tjerve qe kemi mi lidh ma vone.

mkdir base\hosts
echo Subnet = 172.20.1.1/32 > base\hosts\base

echo Address = 1.2.3.4 >> base\hosts\base

ose
echo Address = mybase.dyndns.org >> base\hosts\base

Adresa ktu duhet me u kan IP adresa publike, mos e perdor 1.2.3.4 veq shembull osht. Nese keni IP dinamike dmth qe ndryshon shpesh at'her ju rekomandoj me perdor naj free Dynamic DNS providers qe me perdor hostname ne vend te IP (psh. filani.dyndns.org)


Hapi tjeter osht me i gjeneru celesat per sigurim qe veq atyne qe ju besojm e ja u japim fajlin me celes mujn me u lidh ne rrjeten tone.

tincd.exe -n base -K

pranoj ato qka rekomandon tinc duke shtyp dy here enter

duhet me u dok diqka keshtu:


Nese e hap fajlin base\hosts\base me notepad duhet me u dok diqka kshtu:
Subnet = 172.20.1.1/32 
Address = mybase.dyndns.org 

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA83RaNhLW0YzwpVQ2094qMRCtxRyhSrLmQSxKXox5BjaK8lqz4FSx
RMWbwUjl66YhIczUkV8PvXIlVRXknjsKkwlHyQxWY2lZQjdl7mrKgON64LQDF1SJ
7o8PWMV2a4Pe5vV8EdStEP9Z/17azF4vG0OKcIsKmXrd4eMdlWLb+TZJ1UA9Lp/G
4kxLIE/KJDdXye/cmnp+xX2Rl3Pgid8CAlIlMST3mh8q9reYKwNvH9dzNtzESBwp
R1tO/TrH+1Mx0p66vaZL4WWiwSf20VZFibOMDZlNG29ow4K96OtqoqsTzdY9UOhy
w0tYr75zrhub06yB99+q3Kzrqvpu4nIlbwIDAQAB
-----END RSA PUBLIC KEY-----

Dhe base\tinc.conf diqka kshtu:

Name = base 
Interface = tincvpn 

Ata qe nuk dojn me shkru ne CMD munden me i kriju krejt kto konfigurime tu e perdor Notepad. Fajlat duhet me u kopju ne vende te sakta si ne shembullin tone "C:\Program Files (x86)\tinc\base\". Mirepo, ju duhet prap se prap me perdor CMD per me i kriju celsat, mos u mundoni me perdor ato qka e kom shkru une se osht edhe ni pjese tjeter qe ju nuk e shihni e nuk ka me ju punu pa to.

Tash duhet me konfiguru kartelen e rrjetes qe e kemi kriju n'fillim mas instalimit te Tinc.

Shko ne "Control Panel\Network and Internet\Network Connections" dhe ndrroja emrin karteles "TAP-Win32 Adapter" qe e ka "Local Area Connection x" ne "tincvpn".
Me tast te djathte klikoje edhe zgjedhe properties, Internet Protocol Version 4 (TCP/IPv4) dhe kliko Properties prap
Sheno IP adresen: 172.20.1.1
Subnet: 255.255.255.0

Une e kam perdor ket rrjete 172.20.1.0/24 se ato qe fillojne me 192 edhe 10 m'kane ba shum problem masi i perdori ne shpi edhe ne pune.
OK, kompjuteri jone i pare u kry, tash ta rregullojme kompjuterin e dyte.


Kompjuteri II


Instaloje Tinc edhe startoje CMD

cd "c:\Program Files (x86)\tinc"
mkdir homeserver
echo Name = homeserver > homeserver\tinc.conf
echo ConnectTo = base >> homeserver\tinc.conf
echo Interface = tincvpn >> homeserver\tinc.conf
mkdir homeserver\hosts
echo Subnet = 172.20.1.2/32 > homeserver\hosts\homeserver
tincd.exe -n homeserver -K

Nese pe vereni nuk e kam shkru "Address = mybase.dyndns.org" se kjo adrese osht interesant veq nese ki IP publike e ky kompjuter eshte mbrapa NAT. Mirpo kemi shtu "ConnectTo = base" se qekjo i tregon ku me u lidh.

homeserver\tinc.conf
Subnet = 172.20.1.2/32 

-----BEGIN RSA PUBLIC KEY-----
7o8PWMV2a4Pe5vV8EdStEP9Z/17azF4vG0OKcIsKmXrd4eMdlWLb+TZJ1UA9Lp/G
feIBCgKCAQEA83RaNhLW0YzwpVQ2094qMRCtxRyhSrLmQSxKXox5BjaK8lqz4FSx
RMWbwUjl66YhIczUkV8PvXIlVRXknjsKkwlHyQxWY2lZQjdl7mrKgON64LQDF1SJ
4kxLIE/KJDdXye/cmnp+xX2Rl3Pgid8CAlIlMST3mh8q9reYKwNvH9dzNtzESBwp
R1tO/TrH+1Mx0p66vaZL4WWiwSf20VZFibOMDZlNG29ow4K96OtqoqsTzdY9UOhy
w0tYr75zrhub06yB99+q3Kzrqvpu4nIlbwIDAQAB
-----END RSA PUBLIC KEY-----

homeserver\hosts\homeserver
Name = homeserver
ConnectTo = base
Interface = tincvpn 

Konfiguroje kartelen e rrjetes qe e kemi instalu pas Tinc-ut, ndrroja emrin ne "tincvpn" dhe shkruj keto IP:

IP: 172.20.1.2
Subnet: 255.255.255.0


Shkembimi i çelsave


Kopjo host fajlin prej kompjuterit t'pare te kompjuteri dyte njashtu edhe prej kompjuterit t'dyte te i pari.

Kopjo fajlin "C:\Program Files (x86)\tinc\base\hosts\base" prej kompjuteri t'pare te "C:\Program Files (x86)\tinc\homeserver\hosts\" qe osht ne kompjuterin e dyte.
Tani kopjo fajlin "C:\Program Files (x86)\tinc\homesever\hosts\homeserver" prej kompjuterit t'dyte te  "C:\Program Files (x86)\tinc\homeserver\hosts\" kompjuteri pare.
Pra secili kompjuter e ka host fajlin e secilit kompjuter.

Startoje TINCD


Jemi gati, komanda e fundit qe do ta ekzekutojme ne kompjuterin e pare osht:
tincd.exe -n base

Kjo ka me kriju ni service edhe me startu. (Servisi e starton automatikisht VPN kur kompjuteri te starton apo nese keni ba restart)

Edhe gati njejt ne kompjuterin e dyte:
tincd.exe -n homeserver 

U kry!


Nese keni probleme


Perveq nese keni naj firewall qe nuk ju le me pingu, perndryshe Pingu osht mjeti ma i mire per me kontrollu lidhjen e rrjetave. Ndaloje perkosisht firewall ne secilin kompjuter edhe pingoj kompjuterat mes veti per me kontrollu a osht gjithqka ne rregull. Na jemi duke i perdor IP-te 172.20.1.1 dhe 172.20.1.2 pra pingoj prej dy kompjuterave.

Deri sa jeni tu mundu me gjet problemin ju kisha rekomandu qe me startu TINC ne debug mode qe me pa se cka po ndodh. Nale servisin nese osht i startu edhe startoje TINC kshtu:

tincd.exe -n base -d3 -D

Per ma shum informata, dokumentacion, shembuj perdorni dokumentacionin oficial http://www.tinc-vpn.org/documentation/tinc_toc.html#SEC_Contents

Android


Une e kam +CyanogenMod 10.1 ne Galaxy S2 i9100 edhe punon shum mire, nuk jam i sigurt qysh ka me punu ne telefona edhe Rom-a tjere.

Masi osht kogja telashe me i kriju krejt ato konfigurime prej telefonit, na do ta perodim kompjuterin Base per ate pune.

cd "c:\Program Files (x86)\tinc"
mkdir android

echo ScriptsInterpreter = /system/bin/sh > android\tinc.conf

echo Device = /dev/tun >> android\tinc.conf
echo Name = android >> android\tinc.conf
echo ConnectTo = base >> android\tinc.conf

mkdir android\hosts

echo Subnet = 172.20.1.3/32 > android\hosts\android

tincd.exe -n android -K

Per android na vyn nje extra file "tinc-up" per me konfiguru rrjeten

echo #!/bin/sh > android\tinc-up

echo ifconfig $INTERFACE 172.20.1.3 netmask 255.255.255.0 >> android\tinc-up

Kshtu doken fajlat perafersisht nese i lexoni me naj tekst editor:

android\tinc.conf
Subnet = 172.20.1.3/32 

-----BEGIN RSA PUBLIC KEY-----
R1tO/TrH+1Mx0p66vaZL4WWiwSf20VZFibOMDZlNG29ow4K96OtqoqsTzdY9UOhy
feIBCgKCAQEA83RaNhLW0YzwpVQ2094qMRCtxRyhSrLmQSxKXox5BjaK8lqz4FSx
RMWbwUjl66YhIczUkV8PvXIlVRXknjsKkwlHyQxWY2lZQjdl7mrKgON64LQDF1SJ
4kxLIE/KJDdXye/cmnp+xX2Rl3Pgid8CAlIlMST3mh8q9reYKwNvH9dzNtzESBwp
w0tYr75zrhub06yB99+q3Kzrqvpu4nIlbwIDAQAB
-----END RSA PUBLIC KEY-----

android\hosts\android
ScriptsInterpreter = /system/bin/sh
Device = /dev/tun
Name = android
ConnectTo = base

android\tinc-up
#!/bin/sh
ifconfig $INTERFACE 172.20.1.3 netmask 255.255.255.0

VREJTJE mos harroni me i shkemby host fajlat prej ktij "android" edhe "base", tani kopjo krejt "android" folderin prej kompjuteit ne android telefonin tuj.


Merre Tinc GUI prej Google Play Store ne telefon, hape, preke ikonen e vegles, zgjedhe Configuration path dhe zgjedhe folderin ku e ke kopju folderin "android" prej kompjuterit, preke OK, Execute as Super User dhe shko mbrapa.

Preke start edhe kenaqu.

Nese t'del naj error rreth /dev/tun hjeke qat rresht edhe provo apet.


Linux


Kam mujt me provu veq me nje Debian server ku per fat ka edhe IP publike qe na ndihmon me eliminu piken e dobet e veq ni serverit me IP publike ku nese nje prej ktyne del offline tjetri osht online :) Mirpo kam pas shum pak me provu ne linux kshtu qe ka mundesi qe ka nevoje per ma shum perpunim.

apt-get update
apt-get install tinc
press enter
mkdir -p /etc/tinc/debsrv/hosts
cd /etc/tinc/

echo Name = debsrv > debsrv/tinc.conf
echo ConnectTo = base >> debsrv/tinc.conf
echo Interface = tincvpn >> debsrv/tinc.conf

echo Subnet = 172.20.1.6/32 > debsrv/hosts/debsrv
echo Address = nfsserver.dyndns.org >> debsrv/hosts/debsrv

tincd -n debsrv -K

echo debsrv >> /etc/tinc/nets.boot
echo '#!/bin/sh' | tee -a tinc-up tinc-down
echo 'ifconfig $INTERFACE 172.20.1.6 netmask 255.255.255.0' | tee -a tinc-up
echo 'ifconfig $INTERFACE down' | tee -a tinc-down
chmod 755 tinc-up tinc-down

Mos harroni me i shkemby host fajlat mes kti serveri edhe base serverit gjithashtu edhe me kompjuterat tjere.

Nese i kemi dy kompjutera me IP publike mundemi me i pas dy vija ConnectTo ne cdo konfigurim ashtu qe nese naj server bjen kompjuterat lidhen automatikisht te tjetri, ne fakt ata lidhen prej fillimit ne dyjat :)
ConnectTo = base
ConnectTo = debsrv

Shfrytzimi i "Cloud" sherbimeve


Une e du shume +Dropbox qe e kam te instalume ne krejt kompjuterat e paisjet qe i perdori edhe e perdori gati ne cdo hap. Masi e kam ne cdo kompjuter me ka hy ne pune edhe ma shum sa i perket fajlat e konfigurimeve per Tinc.

E kam kriju ni folder Tinc edhe nenfolderat per secilin kompjuter. Tani kam kriju symlink (shortcut) ne folder tinc ne C:\Program Files (x86)\tinc\ duke perdor komanden "mklink":
Ne kompjuterin e pare: mklink /D C:\Program Files (x86)\tinc\base C:\Users\Ilir\Dropbox\Tinc\base
Kompjuteri dyte: mklink /D C:\Program Files (x86)\tinc\homeserver C:\Users\Ilir\Dropbox\Tinc\homeserver

Tu e perdor ket metode i kam krejt senet e centralizume kshtu qe nese baj naj ndryshim qe prek krejt kompjuterat tjere nuk kam nevoj me shku te secili e me i ba ndryshimet po krejt i baj prej cilit do kompjuter. Si psh me shtu naj kompjuter e me kopju host fajlat ne krejt kompjuterat tjere (:

Ne fakt ju mundeni me perdor cilin do servis si psh +Google Drive, AeroFS, Skydrive, Box...


Per fund


Une nuk jam person shum kompetent n'ket lami, i kam hy rrjetav private veq prej nevojes. TINC me ka impresionu me thjeshtsine edhe punen e tij edhe me ka hy ne pune shum saqe me ka shty me shkru ket tutorial per tjeret me perdor.

E sa per TINC deri tash jam shum i knaqun, ka disa jave qe kam fillu me perdor edhe nuk kam pas naj telashe, mesiguri ka me pas naj problem, konfigurim ma te thjesht e ma te mire a ku ta di.

Kam pa qe ka edhe disa zgjidhje tjera per rrjeta private VPN si kjo edhe kam me i provu, nashta jane edhe ma te mire e ma te thjesht.

Tuesday, January 8, 2013

Allow application to run only when you are connected to VPN with AutoHotKey

I recently started using +AutoHotkey  to automate things and i really like it, and I'm going to post a series of my scripts that i use.

This AHK script is about checking if I'm connected to certain VPN (or one of them if there are many) and start a backup, perform a set of actions,start an application, run uTorrent :) basically anything you can think of.
It will do a check every 10 sec to see if you are connected, if the VPN connection is dropped it will close the application and start it if connection is back.

To get started download and install AutoHotKey from http://www.autohotkey.com/

I also recommend SciTE4AutoHotkey editor http://www.autohotkey.net/~fincs/SciTE4AutoHotkey_3/web/ to create, edit, debug scripts.

Copy the entire code (in blue) and paste it in a new file and save it with extension .ahk.
Tip: If you are using Notepad and want to have different file extension than .txt include the whole filename in quotas like "checkVpn.ahk" when you save the file.

To run it just double click on the file and it will run in background which you can find it in system tray.

To have this run when Windows starts make a shortcut of this file in Startup folder in Startmenu or just move the script there.

For this example i have used uTorrent.exe \m/
And only changes you have to make is your VPN IP list column delimited, e.g.:
I have three different VPN connections whose IPs start with
10.0.1.3
10.0.2.23
10.0.3.132
Since i know the first 10.0.1 won't change i use only those and make it
10.0.1:10.0.2:10.0.3
Applications filename and
Applications full path

Enjoy
VPNIP = 10.0.1:10.0.2:10.0.3 ;Write your VPN IP or part of it, if you have many separate them using column :
app = uTorrent.exe ;Write the file name of the app
appFullPath = "C:\Program Files (x86)\uTorrent\uTorrent.exe" ;Write the full path including filename of the app

Loop ;perform the main action
{
 global Connected, app, appFullPath
 Process, Exist, %app%
 AppRunning = %ErrorLevel%
 Sleep, 10000
 CheckIP()
 If (Connected = 1)
  {
  If (AppRunning = 0) ; If it is not running
   {
   Run, %appFullPath%
   }
  else
  continue
  } 
 else
 {
  If (AppRunning > 0)
  Process, Close, %app%
 }
}

CheckIP() ;checks if we are connected to VPN and set variable Connected to 0|1
{
 global VPNIP
 StringSplit, IPArray, VPNIP, :
 LocalIP = %A_IPAddress1%,%A_IPAddress2%,%A_IPAddress3%,%A_IPAddress4%
 Matches = 0
 Loop, %IPArray0%
 {
  Each := IPArray%A_Index%
  IfInString, LocalIP, %Each%
   Matches++
 }
 If Matches > 0
  Connected = 1
 else
  Connected = 0
}

Sunday, January 6, 2013

Private VPN with TINC

I have two computers at home on 100Mbps broadband internet connection, a very powerful computer at work and a Samsung Galaxy S2 i9100 smartphone on unlimited mobile broadband (21 Mbps).

What i wanted to have is a secure and seamless connection between these devices to share things, RDP, Crashplan backup, LAN gaming, etc. Also option to connect my home in Kosovo where my parents live into this network.

DISCLAIMER: My knowledge in networking is very very limited and setting up TINC requires quite a knowledge in networking and this was my biggest struggle getting it up and running. While if you have questions I'll try to help you as much as i can but the help might be limited.

To make this work you will need to have at least one public IP address and able to forward a port 655 to machine running the TINC.

Okay let's start.

Install TINC VPN on Microsoft Windows

First download Tinc http://www.tinc-vpn.org/download/. You have two options, Stable and Pre-Release. I started with Pre-Release but there was one bug that after a while the tinc went into a loop and stopped working (also consuming CPU) so i suggest you go with Stable, also they are slightly differently configured. After all, you want to set this up and forget it.

Install TINC, http://www.tinc-vpn.org/examples/windows-install/ there you'll find instructions how to install and even configure but the part at configuring we'll handle here.

After you have installed Tinc, install virtual network device by running addtap.bat as administrator (right click and choose Run as Administrator), depending on you operating system you can find it in C:\Program Files (x86)\tinc\tap-win64 or C:\Program Files (x86)\tinc\tap-win32 or if you have 32 bit OS C:\Program Files\tinc\tap-win32.


Configure TINC VPN on Microsoft Windows

Note: the Tinc uses configuration files in same location as it's installed making a little bit harder to work with configuration files if you have UAC on.

In this post we will use CMD to make most of the configuration but feel free to use plain old Notepad or your text editor of your choice (probably Notepad++).

To Run CMD.exe as Administrator click start menu (win key) and type cmd then right click and choose Run as Administrator (important)



Now begin by typing only the commands in Italic
I assume that this will be the computer which will have port 655 open on public IP and other computers/devices behind NAT will connect to it.

cd "c:\Program Files (x86)\tinc"
mkdir base - i will call this 1st computer "base"
echo Name = base > base\tinc.conf - This will give the name to this vpn
echo Interface = tincvpn >> base\tinc.conf - If you have created multiple network devices then you write here which one will this configuration use (because you can have multiple vpns :) )

Now we need to create a folder in "base" called "hosts" where we will put information about this computer and other we will connect latter.
mkdir base\hosts
echo Subnet = 172.20.1.1/32 > base\hosts\base

echo Address = 1.2.3.4 >> base\hosts\base

or
echo Address = mybase.dyndns.org >> base\hosts\base

Address here should be your public IP address, don't use 1.2.3.4. If you don't have static IP then i really recommend using one of many free dynamic dns providers and add that instead of IP.


Next step is to generate keypair for security so that only to the ones we trust and give host file with key will be able to connect to our network.

tincd.exe -n base -K

and accept the defaults by pressing enter twice.


It should look something like this:


If you open base\hosts\base with text editor it will look something like this:

Subnet = 172.20.1.1/32 
Address = mybase.dyndns.org 

-----BEGIN RSA PUBLIC KEY-----

MIIBCgKCAQEA83RaNhLW0YzwpVQ2094qMRCtxRyhSrLmQSxKXox5BjaK8lqz4FSx
RMWbwUjl66YhIczUkV8PvXIlVRXknjsKkwlHyQxWY2lZQjdl7mrKgON64LQDF1SJ
7o8PWMV2a4Pe5vV8EdStEP9Z/17azF4vG0OKcIsKmXrd4eMdlWLb+TZJ1UA9Lp/G
4kxLIE/KJDdXye/cmnp+xX2Rl3Pgid8CAlIlMST3mh8q9reYKwNvH9dzNtzESBwp
R1tO/TrH+1Mx0p66vaZL4WWiwSf20VZFibOMDZlNG29ow4K96OtqoqsTzdY9UOhy
w0tYr75zrhub06yB99+q3Kzrqvpu4nIlbwIDAQAB
-----END RSA PUBLIC KEY-----


And base\tinc.conf something like this:

Name = base 
Interface = tincvpn 

Those who don't want to type into CMD you can create all these configurations using a notepad then copy into correct location (our example "C:\Program Files (x86)\tinc\base\"). Thou, you will still need to generate keypair because using my Public Key won't work if you don't have the Private Key.

Now we have to configure the network interface which we created at the very beginning after we installed Tinc.
Go to Control Panel\Network and Internet\Network Connections and rename the device TAP-Win32 Adapter with name Local Area Connection x to "tincvpn".
Right click it and choose properties, select Internet Protocol Version 4 (TCP/IPv4) and click Properties
Enter IP: 172.20.1.1
Subnet: 255.255.255.0

I have used this subnet 172.20.1.0/24 because 192 and 10 was causing all kind of trouble due to being used at work and home.
OK our first machine is done. Lets install and configure the second machine.

Second Machine

Install Tinc and fire up CMD

cd "c:\Program Files (x86)\tinc"
mkdir homeserver
echo Name = homeserver > homeserver\tinc.conf
echo ConnectTo = base >> homeserver\tinc.conf
echo Interface = tincvpn >> homeserver\tinc.conf
mkdir homeserver\hosts
echo Subnet = 172.20.1.2/32 > homeserver\hosts\homeserver
tincd.exe -n homeserver -K

If you observed well we omitted the last command echo Address = mybase.dyndns.org >> base\hosts\base because this option "Address" defines the public IP and this computer is behind NAT. And, added a new one "ConnectTo = base" so that this will connect to our base vpn.


Configure the Networking device you created after installation by first renaming it to "tincvpn" then use the following IP:

IP: 172.20.1.2
Subnet: 255.255.255.0

Exchange

Copy hosts from base computer to homeserver and vice versa.
Copy the file "C:\Program Files (x86)\tinc\base\hosts\base" from 1st computer to "C:\Program Files (x86)\tinc\homeserver\hosts\" in 2nd computer
And copy the file "C:\Program Files (x86)\tinc\homesever\hosts\homeserver" from 2nd computer to "C:\Program Files (x86)\tinc\homeserver\hosts\" in 1st computer.
So each computer has both hosts file.

Run the TINCD

We are done, the last command we will run on 1st computer is
tincd.exe -n base

This will create the service and start it. (It will automatically start vpn when computer is started or rebooted) :)


And the ~same in 2nd computer
tincd.exe -n homeserver 

Voila! you should be up and running.

Troubleshooting

Ping, unless your firewall is blocking ICMP packets (ping) it's the best tool to check the connection. Temporary disable firewall on each computer and ping each computers to check if everything is OK. We are using IPs 172.20.1.1 and 172.20.1.2 so ping both IP from both computers.

While troubleshooting i strongly suggest you run tinc in debug mode so you can see whats going on.
Stop the service if it's running and run tinc like this:

tincd.exe -n base -d3 -D

You will find how to troubleshoot, configure, documentation, examples and much more straight from TINC-VPN's documentation http://www.tinc-vpn.org/documentation/tinc_toc.html#SEC_Contents

Android

I'm running +CyanogenMod 10 on my Galaxy S2 i9100 and it works very well, I'm not sure how it will work on other devices/roms.

Since it'll be cumbersome to create all the configurations in the Android device itself we will use our "base" machine to do that.

cd "c:\Program Files (x86)\tinc"
mkdir android

echo ScriptsInterpreter = /system/bin/sh > android\tinc.conf

echo Device = /dev/tun >> android\tinc.conf
echo Name = android >> android\tinc.conf
echo ConnectTo = base >> android\tinc.conf

mkdir android\hosts

echo Subnet = 172.20.1.3/32 > android\hosts\android

tincd.exe -n android -K

Create tinc-up file (android's network device configuration)

echo #!/bin/sh > android\tinc-up

echo ifconfig $INTERFACE 172.20.1.3 netmask 255.255.255.0 >> android\tinc-up

Important exchange host files between this one "android" and "base" then copy the whole "android" folder from computer to your android phone.


Get Tinc GUI from Google Play Store on you device, open it, press the Wrench icon (settings), select Configuration path and select the folder where you copied the "C:\Program Files (x86)\tinc\android" folder, press OK, Execute as Super User and go back.

Press Start enjoy the new world.

If you get error about the device /dev/tun remove that line and try again.

Linux

I could test on a Debian server which luckily happens to have a public IP which will help us increase redundancy if one of the hosts is down. However, i barely tested it and cannot say the configuration is foolproof.

apt-get update
apt-get install tinc
press enter
mkdir -p /etc/tinc/debsrv/hosts
cd /etc/tinc/

echo Name = debsrv > debsrv/tinc.conf
echo ConnectTo = base >> debsrv/tinc.conf
echo Interface = tincvpn >> debsrv/tinc.conf

echo Subnet = 172.20.1.6/32 > debsrv/hosts/debsrv
echo Address = nfsserver.dyndns.org >> debsrv/hosts/debsrv

tincd -n debsrv -K

echo debsrv >> /etc/tinc/nets.boot
echo '#!/bin/sh' | tee -a tinc-up tinc-down
echo 'ifconfig $INTERFACE 172.20.1.6 netmask 255.255.255.0' | tee -a tinc-up
echo 'ifconfig $INTERFACE down' | tee -a tinc-down
chmod 755 tinc-up tinc-down

Don't forget to exchange hosts file between this server and base and actually with any of the other device.

If we have two hosts with public IP we can have two ConnectTo lines on each nodes so that if one goes down they will still be connected to the other one.
ConnectTo = base
ConnectTo = debsrv

Taking advantage of the Cloud

I love +Dropbox and have it installed on all my computers and use it everywhere. Since i have it on all my computers it has really come to use when it came to Tinc configuration files.

I have created a folder Tinc and sub folders for each computer's tinc configurations. Then i created symlink (shortcut) to tinc folder in C:\Program Files (x86)\tinc\ using command:
1st computer: mklink /D C:\Program Files (x86)\tinc\base C:\Users\Ilir\Dropbox\Tinc\base
2nd computer: mklink /D C:\Program Files (x86)\tinc\homeserver C:\Users\Ilir\Dropbox\Tinc\homeserver

Using this i have everything centralized so if i make a change that affects many hosts i don't have to go to each computer and do that i do everything from one computer. Efficiency!

You can use any of the cloud storage actually, like +Google Drive, AeroFS, Skydrive, Box...

Final thoughts

I'm far far from a competent person in this area, i just got into private networks. TINC impressed me so much that i thought if i can do it anyone can, so let's write a tutorial.
Regarding Tinc itself, so far so good, but remember I've been running it only couple of days in time of writing this, there could be problems, better, easier configurations and what not. I'm looking forward to having more time to experiment with Tinc and why not experiment with other solutions either.

Until next article or tutorial.

Friday, January 4, 2013

Back???

It's been a long time since i wrote anything on my blog and the plan was always to write things continuously but i stopped for a moment without any reason :( maybe i'm just a bad writer and my english kind of sucks...

However i'm writing few things now and will post it/them soon.

My first post will be about TINC VPN (more info http://www.tinc-vpn.org/) how i set up to connect my 2 computers at home, computer at work and my android phone.

-------------

Ka kalu nje kohe e gjate prej sa kam shkru diqka ne blogun tim edhe pse plani ka qen gjithmone me shkru n'kontinuitet mirpo pa ndonje arsye nuk e kam bere.

Por, jam duke i shkru disa gjera dhe do ti postoj shpejt.

Postimi i pare qe do ta bej eshte per TINC VPN (ma shum info ne http://www.tinc-vpn.org/), qysh e kam rregullu qe me i lidh 2 kompjuterat qe i kam ne shpi, kompjuterin ne pune edhe telefonin android.

Tuesday, February 23, 2010

My new tittle: FATHER :D

On 21 Feb 2010 01:41 my baby is born and weights 3270 grams and OMG how much i love him. This is really something amazing. Happy happy happy...

Saturday, March 21, 2009

Restricting outbound calls in Asterisk/FreePBX

One of the most required features of any PBX in any company is call restrictions. Now i know there are many written articles about this and many different ways to do it from easy to complex way but i find my method quite easy to implement and involves no manually editing any file.

Now all you need is Custom Context module (click for more information on how to download and install it in FreePBX)

Now lets start making some people angry with restrictions.

For the rest of the guide i will use my own setup as How-to and example.

First thing that you need is identify how many levels/groups of restriction do you need:

I have 4 groups of restriction:
1) Only extensions – a group which will not be able to make any outbound calls only internal ones
2) National/local calls – a group which will be able to use all outbound routes that can call any number within a country
3) Any call with PINs – a group which will be able to make any call anywhere but each user has its own PIN code (PIN code will only be used when making international calls)
4) No restrictions – a group without any kind of restriction, that includes no PINs as well (bosses really hate having restrictions pins, etc and it makes sense since they pay the bills).

Now we go and apply these restriction accordingly.

Lets click Custom Contexts after it appeared when you installed the module which we will see two textboxes which we will fill right away with our first context:

1) The first one is Only local extensions so i will put in Context:
local-extensions
and Description:
Only local extensions
(I have to admit I'm very bad at naming so you are free to use your own naming convention)
Now we click submit and make the proper restrictions

First we Set All To: Deny (we don't want to change all those list boxes one by one)
Then we allow only ones that we want to allow so this groups is able to make local/internal calls.
Basically what we need to allow are:
Call Parking, ext-group, ext-local and ext-queues, there are some others that we could allow like app-speakextennum, app-speakingclock, app-userlogonoff but that is up to you and it depends what other app/modules you are using and have setup, and you have to make sure that all outbound routes are set to DENY or you shouldn’t read this guide at all.

Submit

Now before i continue with the rest of the guide I ASSUME that you allready have setup trunks and outbound routes (we’ll cover these in future… maybe…)

2) Create context: national-calls with a description Allow national calls.
Or better way you can go to your created 1st local-extensions context and duplicate it since we will use the previous setup and just add more allows.

Here i have allowed everything in the two first sections (Default internal context and Internal Dialplan) except ENTIRE Basic Internal Dialplan and ALL OUTBOUND ROUTES (these two should never be allowed)

And in the Outbound Routes sections i have allowed only the routes that are able to make local and national calls (i don't know what kind of hardware you do have but for example i have FXO adapters, Sipuras, GSM gateways and local ISP SIP accounts)

Click submit

3) Duplicate the context national-calls and name it lets say:
all-calls-wpin (All calls with pin restriction)

Now i believe you can guess what's next is that you just have to add those outbound routes that are left which can make international calls (in my case i have many different SIP providers that can make international landline/mobile calls for example, internetcalls, voipbuster, etc etc etc… there are really many of them)

4) Duplicate the previous one (all-calls-wpin) to no-restriction (Desc: Not any kind of restriction in the whole world ……… of this box :P)

So now just allow hmmm… what is more than calling internationally? Calling SPACE? Well there is a little trick that makes those international outbound routes work without PINs and as i mentioned outbound routes the trick is in there. Now all you have to do is duplicate/recreate those outbound routes that are with PIN sets :D, rename them to xxxxx-nopin and remove any PIN sets from these newly created outbound routes.

Okay now we have created duplicates of some outbound routes, removed the pin sets and now its time to go to Custom Contexts again. First select context no-restriction and make some restrictions (its now or never to make restriction for our bosses, grin…) and in Outbound routes deny access to Outbound routes that have PIN sets and allow to routes that are without pin.
Submit
Then
Go to context all-calls-wpin and deny outbound calls to routes that are without pins, of course allow the ones with pins.

You may ask why we are having double outbound routes with and without pins, well the thing is that when calling internationally you usually have your dial patter like “00.” and avoiding complications like having users call with 00 and bosses call with 99 or whatever is why we make double outbound routes but each group/context have access to its route respectively.

I hope you enjoy this guide.

Saturday, February 28, 2009

Updated trunk configuration Asterisk, freepbx and Portech MV-3xx

This is my new updated functional configuration of Portech.

This guide will help you settings up Trunk in Asterisk (freebox, trixbox, PBIF, etc.) for Portech GSM Gateway.

The new configuration will pass Caller ID.


First we will configure the Portech MV-372 i believe this configuration will also work with Portech MV-370 and other Portech MV-3xx like MV-374.

Login to your portech

Route
  • Mobile To Lan Settings:
    Item CID URL
    0 * 192.168.x.x (your asterisk ip)

  • Lan To Mobile Settings:
    Item URL Call num
    0 * #
  • Mobile
    • Settings:
      Mobile 1:
      Sip From: Tel/Tel (No reg)
      CLID Presentation: Invocation
      LAN Answer Mode: Income

      Do the same for Mobile 2
  • SIP Settings
    • Service Domain
      You only fill Domain Server and Proxy server with your asterisk IP address:
      Domain Server: 192.168.x.x
      Proxy Server: 192.168.x.x

      Again do the same for Mobile
    • Port Settings
      Make sure SIP Port for Mobile 1 is 5060 and port 5062 for Mobile 2

Other settings are fine you may leave them as they are, only check Network (WAN) settings if you don't have DHCP or you need static IP for Portech gsm gateway.

Don't forget to save changes (should reboot after saving)

Asterisk/Freepbx

Login to your FreePBX and add SIP Trunk

Outbound Called ID: xxxxxxx (put you number here)
Maximum Channels: 1

Outgoing settings
Trunk Name: SIM1 (you may put anything you like)
PEER Details:
host=192.168.x.x (your Portech IP address)
type=peer
port=5060

Incoming Settings:
USER Context: xxxxxxx (put you mobile number)
Leave Incoming settings blank.

Click submit (don't forget the Orange bar on top after you make changes in your server)

Add another SIP Trunk for SIM2

Outbound Called ID: yyyyyyyy (put you phone number here)
Maximum Channels: 1
go to Outgoing settings

Trunk Name: SIM2
PEER Details:
host=192.168.x.x (your Portech IP address)
type=peer
port=5062 (important)

Incoming Settings:
USER Context: yyyyyyyy (put you second phone number)

Again apply changes.

We're almost done. Now to make this work we have to create Outbound Route, so click Outbound Routes
Put Route name as you wish, i have called it Portech_1 (since i will add another and will make it Portech_2)
Dial Patterns: i have put 049XXXXXX because i want only mobile numbers from the same provider to go through this trunk (through Portech) i mean i want to cut the costs right?

Trunk Sequence: i added SIP/SIM1 and SIP/SIM2
You can separate Trunks from OutRoutes if you have SIM cards from two different providers, just create another Outbound Route remove one Trunk from trunk sequence of the first route that we created and add it to this new one. Submit.

Also don’t forget in order to receive calls you need to have Inbound Route setup on Asterisk/freepbx. To get you started just create new Incoming route set you destination to an extension or ring group or any other destionation you would like to transfer calls to.

Only thing you left to do now is click Submit Changes then Apply Configuration Changes and pray for this to work.

Hope this new configuration will work better.

Tuesday, June 24, 2008

Portech MV-372

UPDATE: This is old configuration you can try the new configuration in the post above

The Portech MV-372 gave me a lot of headache configuring it right. The configuration for Asterisk specified in documentations wasn't an option for me, working as extension, two dial stages while it works but come on, dial the extension, wait for signal, dial the number...
On the net i found some non-working configs so i had to spend 4 days trying to make it work as a Trunk and not as an extension.

Ok lets move on with configuration ;)

First we will configure the Portech MV-372 i believe this configuration will also work with Portech MV-370.

Login to your portech

  • Route
    • Mobile To Lan Settings:
      Item | CID | URL
      0 | * | 100
      notes: in URL you put your extension of your asterisk you want call from mobile to go. It can be extension, ringgroup, ...

    • Lan To Mobile Settings:
      Item | URL | Call Num
      0 | * | #
      notes: URL will match the IP address that will allow to dial through portech, since my server is behind NAT i allowed all IP, haven't try to specify IP. Call num # will receive the number dialed from ip(soft)phone.

  • SIP Settings
    • Service Domain
      Mobile 1 (Realm 1)
      Display Name: Sim1
      User Name: 1001
      Register Name: 1001
      Register Password: xxxxxx (choose a password)
      Domain Server: 192.168.x.x (you asterisk IP)
      Proxy Server: 192.168.x.x
      Mobile 2 (Realm 1)
      Display Name: Sim2
      User Name: 1002
      Register Name: 1002
      Register Password: xxxxxx (choose a password)
      Domain Server: 192.168.x.x (you asterisk IP)
      Proxy Server: 192.168.x.x

      notes: Username and registername you can change it to your needs just have a note of them since you will be entering those in asterisk trunks.

    • Port Settings
      Just make sure SIP Port for Mobile 1 is 5060 and
      SIP Port for Mobile 2 is 5062
Other settings are fine you may leave them as they are, only check Network (WAN) settings if you don't have DHCP or you need static ip for portech gsm gateway.

Dont forget to save changes (should reboot after saving)

Now lets move to Asterisk.

Login to your FreePBX/Trixbox and add SIP Trunk

Outbound Called ID: xxxxxxx (put you number here)
Maximum Channels: 1
go to Outgoing settings

Trunk Name: SIM1 (i have called it that way)
PEER Details:
host=192.168.x.x (your Portech IP address)
type=peer

Incoming Settings:
USER Context: 1001 (important must match username/registername at Sip settings of Portech)
USER Details:
type=friend
secret=xxxxxx (match SIP Settings password from Portech)
username=1001 (match SIP Settings from Portech)
qualify=yes
nat=yes
canreinvite=no
context=from-internal
host=192.168.x.x (Portech IP)

And then just click Submit Changes (don't forget the Orange bar on top after you make changes in your server)

Add another SIP Trunk for SIM2

Outbound Called ID: xxxxxxx (put you number here)
Maximum Channels: 1
go to Outgoing settings

Trunk Name: SIM2
PEER Details:
host=192.168.x.x (your Portech IP address)
type=peer
port=5062 (important - this is for Mobile 2, remmber Port Settings on Portech?)

Incoming Settings:
USER Context: 1002 (important must match username/registername at Sip settings of Portech)
USER Details:
type=friend
secret=xxxxxx (match SIP Settings password from Portech)
username=1002 (match SIP Settings from Portech)
qualify=yes
nat=yes
canreinvite=no
context=from-internal
host=192.168.x.x (Portech IP)
port=5062

Again apply changes.

We're almost done. Now to make this work we have to create Outboud Route, so click Outbound Routes
Put Route name as you wish, i have called it Portech_1 (since i will add another and will make it Portech_2)
Dial Patterns: i have put 049XXXXXX because i want only mobile numbers from the same provider to go through this trunk (through Portech) i mean i want to cut the costs right? But because you don't have my gun on your head go ahead and do whatever it suits you.

Trunk Sequence: i added SIP/SIM1 and SIP/SIM2
You can sepparate Trunks from OutRoutes if you have sim cards from two different providers, just create another Outbound Route remove one Trunk from trunk sequence of the first route that we created and add it to this new one.

Only thing you left to do now is click Submit Changes then Apply Configuration Changes and pray for this to work.

Hope it will work for you.

Me, company, voip...

Okay my first blog post, i am starting this Blog to post everything that involves my current job as an IT, so you can imagine that this will be only Tech Blog.

Anyway what i first wanted to post is about VOIP specifically FreePBX/Asterisk/Trixbox

My company is soon to switch to VOIP from traditional PBX and i am assinged to deal with it, make all configuration, preparation, choosing products, etc...

I have decided i will go with Trixbox (asterisk) just that it is Open "source" not that i really have a clue on code that i could intervene but you can very easy find help around the net.

I installed Trixbox on a VMWare ESX 3.5 server and it works prefectly, we have ordered 20 Linksys SPA942 ip phones, 4 SPA 3102 for connecting PSTN lines and 3 x Linksys 24 port gigabit POE switches (just for ip phones) ... (kidding), 2 x GSM gateways Portech MV-372 and cant remmember at the moment what else.

Enough of this, i'll soon start to post my configuration.