I was going to write up a blog post about setting up a self-hosted Zerotier server when I came to the realisation that there wasn’t really any good management tools for the CLI for ZeroTier.
The “Getting Started” guide from ZeroTier is pretty sparse on explanations on what things do, with some curl commands thrown into the mix to do things like create networks, authorise members, and things like that, but that is nowhere near convenient to use on a command line, though that is made pretty clear by the end of first page where they say
You’d likely build yourself something fancier around this API.
And they were right! I built something slightly fancier! Introducing Zerotier-Console!
Onto Part 2 of my series on VPNs, this guide will show you how to set up an OpenVPN server on my Linux distribution of choice, Debian.
Debian is available as an image on a lot of VPS providers, and even services like Amazon AWS and Microsoft Azure, making it the perfect base to start your self-hosted VPN journey on.
You can help keep my site up and running by checking out the VPS providers that I use via the Affiliate links over on the left hand side there!
A Quick Introduction to OpenVPN
OpenVPN is a popular open-source VPN (Virtual Private Network) solution known for its security, flexibility, and cross-platform compatibility with apps for iOS, Android, Windows, and Mac OSX.
In this guide, we will walk you through the process of setting up an OpenVPN server on Debian 11.
In keeping with my last snippet about setting up a VPN server, I’ve decided to run a VPN series, seeing as how EVERY SINGLE YOUTUBER is being sponsored by a VPN nowadays.
I’ll go over the pros and cons of using a commercial VPN such as ExpressVPN or Surfshark vs running your own, and go over a few of the options that you have if you do want to run your own.
It has been a loooong time since I’ve posted…a lot has happened, but finally back on the blog!
I’ve been working a lot with Mikrotik devices lately, and I’ve written up a few bits and bobs to make my life easier.
Below is the snippet I’ve written to quickly set up an OpenVPN server on a Mikrotik router.
#### VARIABLES
#### UPDATE BEFORE RUNNING SCRIPT
# This variable sets the DNS server that will be used by the clients on the VPN
:global netVPNDNSServer 8.8.8.8
# Sets the company and export passphrase that will be used for the cert
:global Company "YOUR COMPANY"
:global CertExportPassphrase YOURPASSPHRASE
# Sets up a user and password for the VPN
:global vpnuser joebloggs
:global vpnpass bloggsvpn
## Certificate Setup
/log info "generating certs"
## You may want to update your country, state, etc, but it's not necessary
/certificate add name=CA country=AU state=WA locality=WA organization=$Company unit=IT common-name=CA trusted=yes key-usage=key-cert-sign,crl-sign days-valid=3650
/certificate add name=server country=AU state=WA locality=WA organization=$Company unit=IT common-name=server trusted=yes key-usage=digital-signature,key-encipherment,tls-server days-valid=3650
/certificate add name=client country=AU state=WA locality=WA organization=$Company unit=IT common-name=client key-usage=tls-client days-valid=3650
# If you're copy and pasting this into terminal, paste each certificate sign line separately, and ignore the delay lines
/log info "signing certs"
/certificate sign CA name=CA
/log info "30 sec wait"
/delay 30000ms
/certificate sign server ca=CA
/log info "30 sec wait"
/delay 30000ms
/certificate set server trusted=yes
/certificate sign client ca=CA
/log info "30 sec wait"
/delay 30000ms
/log info "exporting certs"
/certificate export-certificate CA
/certificate export-certificate client export-passphrase=$CertExportPassphrase
## OpenVPN Config
# This is where the IP addresses are set for the OpenVPN Clients.
# If you need to change them, this is the spot.
/ip pool add comment="OVPN Pool" name=Pool-VPN ranges=10.0.100.10-10.0.100.200
/ppp profile add dns-server=$netVPNDNSServer local-address=10.0.100.1 name=Profile-VPN only-one=no remote-address=Pool-VPN use-encryption=required
/interface ovpn-server server set auth=sha1 certificate=server cipher=aes256 default-profile=Profile-VPN enabled=yes require-client-certificate=yes
/ppp secret add name=$vpnuser password=$vpnpass profile=Profile-VPN service=ovpn
I recently had to recover a dying USB stick that kept spitting out read errors. ddrescue‘s default parameters could only help so much as the flash controller would hang the instant it hit a bad read error, necessitating a unplug and replug of the USB stick before it could carry on.
I decided to hack up a little script so I could recover select areas of the USB stick first and control what blocks ddrescue was attempting. Using ddrescueview, I could see which blocks had and had not been attempted. Using the information from the Block Inspector, I could obtain a hex address of the block I wanted to start from.
Copying the text from the blocks into my hex-to-decimal script gave me a block to start from.
That block number lets me use the -i parameter to set a starting point and -s to set sector size. Then I use a loop to scan through a certain amount of blocks at a time
START=514916352;for x in {0..20000}; do echo $(($START+512*$x)); ddrescue -i $(($START+512* $x)) -a 1024 -s 512 -O -d /dev/sdx imagefile mapfile; if [[ $? -gt 0 ]]; then START=$(($START+512)); break;fi; done;START=$(( $START+512*$x+512));echo $START;