Nirlog.com

This guide describes how to install and configure the OpenVPN Server in Linux and clients in Windows XP and Mac OSX. There are many advanced features in OpenVPN and if you’re interested in those advanced stuff, there’s a more detailed HowTo for you. This guide was created from my successful installation, so it works for me. If you find any problems or have suggestions please leave a comment. I’ll try my best to help. I’m sure, you know that you’re using this at your own risk

In our scenario, a small office network is protected by Linux firewall and we’ll implement the secure OpenVPN to access the internal office network (File Server, Database Server and Desktop PCs) securely from anywhere in the Internet.

Read the rest of this entry »

I’ve used IPSec, PPTP and SSL VPNs for quite some time and found them to have their own strengths and weaknesses. IPSec is secure but too complicated, with too many options for implementation and configuration. PPTP is easy to use and configure but it had some security issues in the past, which deters serious security minded organizations to implement it. Commercial SSL VPNs are easy to use but they’re very expensive and still haven’t solved all the remote connection problems.

I was introduced to SoftEther (popular Japanese personal VPN) by one of my boss few years ago, it’s secure and free but the documents are available only in Japanese. While I was searching for english documents of SoftEther, I came across an Wikipedia entry, which said “It is similar to OpenVPN, though it is closed source software”. I’d heard about OpenVPN but had never given it a serious look. This time I decided to look at it. I was pleasantly surprised by it’s ease of installation, use and robust security. Here are few points to note about OpenVPN:

• It’s a free and opensource.
• It’s secure; uses the SSL/TSL protocol.
• It’s easy to install and use. Graphical User Interfaces are available for those who fear the command lines.
• Has flexible authentication scheme based on certificates, smart cards, or traditional username/password credentials.
• Can be implemented as a bridge or a router (OSI layer 2 or layer 3).
• Excellent cross-platform support, it can be installed in Linux, Unix, Windows and Mac OS X.
• Good documentation, FAQs, HowTos and articles.

If you’re looking for a secure, cheap, flexible and easy to use vpn solution, then you should give OpenVPN a try.

The Great Firewall of China monitors, filters and blocks all the websites and email contents. If you’re in China you won’t be able to browse CNN, BBC and other international news smoothly, and you’ll have a terrible experience of sending and receiving emails. There will be a lot of unexplained bounce back emails and sometime emails lost in black holes. To further extend their control over the net, now China is moving towards ‘real name’ system for blogs.

The Internet Society of China has recommended to the government that bloggers be required to use their real names when they register blogs, state media said on Monday, in the latest attempt to regulate free-wheeling Web content.
The society, which is affiliated with the Ministry of Information Industry, said no decision had been made but that a ‘real name system’ was inevitable.

Implementation of this will mean an end to anonymity, threat to privacy and a further curb on free speech. I quite doubt how effective they’ll be in implementing this system, looking at the number of blogs and bloggers in China.

China now boasts over 17.5 million bloggers, producing nearly 34 million blogs. An estimated 75 million Chinese netizens—more than half the country’s estimated 130 million Internet users—are blog readers.

But China has a reputation for being ruthless in implementing their policies and they do have technical, human and financial resources at their disposal. I think they’ll try very hard and ultimately fail. What do you think?

I’m back from Nepal, currently coping with loads of email accumulated during last 2 weeks and following up some special jobs. Going back to Nepal has always been special but this time it was an extra special event due to Dashain, prospect of peace in the country and my son being able to understand and remember the trip

Read the rest of this entry »

I’ll be in Nepal for next 2 weeks with my family for Dashain. I’m going home after 3 years and this will be my Dashain at home after 7 years. My son is very exited about the trip, he was too little to remember his previous visits. I think this one is going to be a memorable one to him (he’s 6 now). When I talk about the himalayas, rivers, lakes and the natural beauty of Nepal he’s so interested and has more and more to ask. Let’s see what kind of impression he’ll have about Nepal. I’m not sure whether I’ll be posting anything to the blog while I’m there but I’ll try to upload some photos from there.

Most of the modern Ethernet networks use LAN switches and for the Network Admins it’s very essential to understand how this basic, yet very important component of the network operates. I came across an excellent document in cisco site about How LAN Switches Work. The document explains what a LAN switch is, how transparent bridging works, what are VLANs, trunking, and spanning trees.

Switching allows a network to maintain full-duplex Ethernet. Before switching existed, Ethernet was half duplex. Half duplex means that only one device on the network can transmit at any given time. In a fully switched network, nodes only communicate with the switch and never directly with each other. In the road analogy, half duplex is similar to the problem of a single lane, when road construction closes one lane of a two-lane road. Traffic attempts to use the same lane in both directions. Traffic that comes one way must wait until traffic from the other direction stops in order to avoid collision.

eKatnipur.com is reporting that a girl in far western Nepal emits ‘glass pieces’ from forhead. A team of doctors are researching on 12-year-old girl, who has been excreting glass pieces from the side of her forehead for the last three years.

“The CT scan report indicates that she has some kind of problem in her forehead skin,” said Dr M Kiduwai who is involved in the research, “The pieces do not seem to be coming out from the bone. But we can give more details only after further investigation.”

Here are some other mysterious phenomena reported by media:

Lekhnath School girls continue to suffer from “mass hysteria” - The students shouted, cried and fell unconscious in fear uttering that they saw an enormous snake that was about to pounce on them, according to the teachers.

World’s shortest boy - 14 years old and 20-inch tall Nepali boy. He’s probably the shortest boy in the world, but to qualify for the Guinness World Records he’ll have to wait for 4 more years until he reaches 18.

Bizarre baby born in Dolakha (WARNING! you might find the images disturbing) - A neck-less baby was born with extraordinarily large eyeballs. Died within half an hour.

The Buddha Boy of Nepal - Ram Bahadur Bomjon, who meditated under a pipal tree for 10-months before he went missing on March 2006. He’s said he’ll be back after 6 years.

Studies of the mental processes of chess grandmasters show that anyone can become expert in almost anything. It indicates that experts are made, not born.

But how do the experts in these various subjects acquire their extraordinary skills? How much can be credited to innate talent and how much to intensive training? Psychologists have sought answers in studies of chess masters. The collected results of a century of such research have led to new theories explaining how the mind organizes and retrieves information. What is more, this research may have important implications for educators. Perhaps the same techniques used by chess players to hone their skills could be applied in the classroom to teach reading, writing and arithmetic.

The TCP/IP Guide is the most comprehensive and easy to understand TCP/IP reference material available online. The 1600+ pages long guide is also available as a print book at amazon. This is absolutely one of the most useful resources for Network Admins. It is a perfect reference guide for experts, as well as an excellent learning aid for beginners. It includes full coverage of PPP, ARP, IP, IPv6, IP NAT, IPSec, Mobile IP, ICMP, RIP, BGP, TCP, UDP, DNS, DHCP, SNMP, FTP, SMTP, NNTP, HTTP, Telnet and much more

I went to HK Disneyland last weekend with my family. My son was very excited to meet and take photos with his favorite Goofy, Buzz, Tigger, Mickey, Mini and many more. It was a fun place to be, but also was too crowded and had to queue up for everything up to half an hour. Anyway, what mattered most was that my son was very happy and we had a great time. I have taken some photos, enjoy…

The entrance, right after getting off the Disney train. We knew it would be crowded.
Read the rest of this entry »