Just about four weeks ago I posted about the resurrection of the .ovpn to .apc converter script. In the meantime Alois told me in the comments that while this was nice it didn’t work for current versions of the OpenVPN Access Server and the .ovpn files it creates.
Well, since there’s been nothing much else to do I did some more work on the script and I can now happily say that it now also converts the new .ovpn format to an .apc the Astaro can understand. Unfortunately, there’s a little catch: the OpenVPN Access Server relies on ‘tls-auth’ for client connections and the Astaro neither knows of that concept not provides a method to import the needed key file. So I had to do some creative manipulation to make the Astaro do my bidding to include the necessary config statements. In addition, you will need to manually copy the key file to the Astaro to make everything work as expected. To make things as easy as possible, the script will tell you what to do.
The Astaro Security Gateway (ASG) is a great firewall and remote access solution. The only flaw of it being that Astaro, too, tries to build a walled garden around their suite of products. One major drawback here is that while the ASG has outstanding capabilities as a remote access server, there’s no easy way to use it as a client to connect to an OpenVPN SSL server. The main show stopper is that the ASG expects to get all it’s connection information from a .apc file while OpenVPN at best provides a .ovpn file which has a completely different structure.
Back in 2009 Patrick Schneider provided a simple bash script that would convert .ovpn files together with the needed certificates and key files into a .apc file the ASG could read. Unfortunately the script stopped working with newer ASG releases. Since I needed the functionality for a current project, I resurrected the code, polished and updated it a bit. The result can now be found on Gitorious: the new OVPN-to-APC converter script. Feel free to clone and enhance.
Update: Just pushed a new version to Gitorious that now handles the new .ovpn format provided by the OpenVPN Access Server as well.
For those of you who don’t know Bacula and what it does: The headline says it all. Or to quote the website:
Bacula is a set of Open Source, enterprise ready, computer programs that permit you to manage backup, recovery, and verification of computer data across a network of computers of different kinds. In technical terms, it is an Open Source, enterprise ready, network based backup program.
I work with web sites for a living. I give them a place to live, I trash them when they’re no longer needed and I also move them. And believe me, moving a site is the trickiest of the jobs. But in all of my professional life, I’ve never ever seen a blunder like this (output shortened for brevity):
crow:~$ dig developer.lotus.com
; < <>> DiG 9.6.0-APPLE-P2 < <>> developer.lotus.com
;; QUESTION SECTION:
;developer.lotus.com. IN A
;; ANSWER SECTION:
developer.lotus.com. 127 IN CNAME 184.108.40.206.
220.127.116.11. 0 IN A 18.104.22.168
Really. Did they outsource the last thinking person in their networking department? Ok, maybe they fixed it and the change just hasn’t trickled down. So let’s try a different approach (again, shortened:)
While trying to upgrade a customers installation to PHP 5.2.10 I learned that hard way that PEAR is broken in this release. This isn’t specific to any OS as the bugreportsshow but rather seems to be a general problem that slipped Q&A (who is laughing there?). All you’ll get is
"Cannot use a scalar value as an array in
phar://install-pear-nozlib.phar/PEAR/ChannelFile.php on line 1391"
when trying to install PEAR.
So, for the time being, better not upgrade to PHP 5.2.10 if you need to use PEAR.
As C. Harwick found out, Safari 4 leaves a messy trail of what it did. Or, to be more precise, of what you did while using Safari 4.
Those of you whoâ€™ve been trying out the new Safari 4 beta – at least on the Mac, though I imagine you could find similar data trails on the Windows version too – have no doubt been impressed at its shiny new features. But if youâ€™re a stickler for disk space like I am, or a stickler for privacy (or, heaven help you, both), Safariâ€™s poor housekeeping is quite alarming.
For some months now my Astaro firewall was unable to start the PostgreSQL service on boot. Since this didn’t seem to have any real impact on function or performance, I started some feeble attempts at fixing it but never succeeded until today.
Now it happened to Nagios: Users and parts of the original development team have formed a forge of the original code. The new project is named ICINGA (ugh, all caps)Icinga.
Now, why the fork. That’s what the people behind the fork say:
In his article over at NetworkWorld, Mich Kabay gives a nice example of how the theory of security in networked systems tends to clash with reality:
“Locking out an account after only a few failed attempts has a significant impact on legitimate users and tends to cause them to choose simpler passwords or store their passwords insecurely, thus weakening security.”