DD-wrt 上行OpenVPN 終於再次成功!

左找右找, google又google, 終找到解決方法:

謝謝以下的reference:
http://www.howtogeek.com/forum/topic/how-to-install-and-configure-openvpn-on-your-dd-wrt-router

記憶中對上一次成功還有兩件事, 一是DNSMASQ的問題, 另一個是Firewall.

有睇之前的references, 也了解要set iptables, 這是理所當然.

Reference 5只是有以下的setting:

iptables -I INPUT -p tcp --dport 631 -j ACCEPT 
iptables -I INPUT -p udp --dport 631 -j ACCEPT 

iptables -I FORWARD 1 --source 192.168.60.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT 
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

但這是不足的, 還是做NAT:

iptables -t nat -A POSTROUTING -s 192.168.60.0/24 -o vlan2 -j SNAT --to-source $(nvram get wan_ipaddr)

把所有的traffic 轉出去.

至於DNSMASQ,

Local DNS要打開, No DNS Rehind disable, Additional DNSMasq Options: interface=tun0

好奇怪, 曾telnet入去睇, DNSMASQ default start at tun but not tun!!!

Happy to use it now!!!!

DD-wrt 上行OpenVPN -- 失敗經驗

據上一篇文章, 這樣的設定是失敗, 敗在那裡, 仍然為DNS失敗.

失敗的情況:

用另一部電腦在另一個ip上, 安裝了open-client, 成功地接上了Open-vpn Server, 但是只能瀏覽內聯網內的東西, 用上回192.168.5.1上的DD-WRT, 並可以看到management console, 但卻不能上其他的網絡.

上一次試過用設定為Google Free DNS 8.8.8.8也失敗過的.

這次會再試試, 稍後再談談是否失敗.

DD-wrt 上行OpenVPN

Firmware: DD-WRT v24-sp2 (02/11/13) std
Router: TP-LINK TL-WR1043nd

Testing Mobile Network: Smartone HK 3G, 中國聯通-中港如意通3G
Broadband Network: PCCW 500Mb

References:

1. http://freemanv1.blogspot.hk/2012/05/dd-wrt-openvpn.html
2. http://www.dd-wrt.com/wiki/index.php/OpenVPN
3. https://oogami.name/941/
4. https://www.privateinternetaccess.com/forum/index.php?p=/discussion/22/dd-wrt-openvpn-vpn-setup/p1
5. http://www.hkepc.com/forum/viewthread.php?tid=1774976

這裡的設定, 以reference 5為基礎.

前言:

一個多月前, 更新了DD-WRT, 順手設定了OPEN-VPN Server, 因為原用的PPTP已被大陸半封了, 用FB時傻吓又傻吓, 又不能upload照片, 決定改用open-vpn. 當時已經完成設定, 用Smartone測試過, 基本無問題, 但太太到大陸旅行, 中港如意通卻無法接通, 相信和port no 1194有關.

幾天前, router突然跳機, 失去了原來的設定, 明天自己卻要去大陸, 於是決定重設一次. 上一次的設定, 基本上, 大部分都很容易, 最難的部分在於DNS的設定, 花了兩天的時間, 才令DNS接上, 可以認出URL, 所以這一次要記下所有的東西, 以使日後重試.

準備:

先到http://openvpn.net/index.php/open-source/downloads.html 下載 Open-Vpn, 這裡用2.3.0的版本, 用這個program來產生certificate.

Reference 5內已經有詳細講解.

我得到下列的cert:
ca.crt 
ca.key 
dh{n}.pem 
server.crt 
server.key 
client1.crt 
client1.key 
client2.crt 
client2.key 
client3.crt 
client3.key

安裝Server:

DD-WRT 的open-vpn server略有差異的, 這是我的版本.

這一次我決定試用631這個port no, 上一次試過用443來做, 但死機, 我指router死了, 我的management web interface已經不是用443, 不知何解. Port 631是official 用來做internet printing protocol (ipp), 應該有機會可以過的, 而且TCP和UDP都有用, 所以大陸方面應該比較容易過的.

Advanced Options重要的, 要設定Redirect default Gateway, 否則出唔到街.

Allow duplicate cn要Enable? 容後研究一下.

Additional Config加入push "dhcp-option DNS 192.168.5.1"是重要的, 上次好似set了很久, 好像加了另一句才可以.

設定後:

再在Administration內的Command內Save Firewall加入:
iptables -I INPUT -p tcp --dport 631 -j ACCEPT 
iptables -I INPUT -p udp --dport 631 -j ACCEPT 

iptables -I FORWARD 1 --source 192.168.60.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT 
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

記得上一次為Firewall的設定也搞了好一段時間, 好像跟tun0的設定有關, default好似在tun而不是tun0 ... 好奇怪的, 容後再看情況.

Server基本設定完成.
下篇文章才講Android 4.1.2下設定Open vpn client.

Xcode 4, Phonegap and jQuery Mobile

這是一個新的嘗試，如果純用Objective C來發展新的App有點不化算，原因如下：

1。 只能於蘋果系列。

2。要重新學習，而適應的時間長。

3。發展的，都不是一些要運用太多手機內置功能的軟件。無需應用太多這種語言。

phonegap的好處是用html和css的技術，但壞處是慢。jquery mobile亦有本身的問題，例如fixed position header 和footer問題，還有就是div hide and show 的問題。

用phonegap在xcode 4上亦有很問題，submit上Apple store亦要面對較長的時間，亦是Skip off--> Yes. 很奇怪的。

When the time Guanxi is not able to be monetized!

Indeed, it is really hard to image there comes a time guanxi in China cannot be monetized. Here is the case.

Ms C and his busband were senior staff of two state-owned enterprise. Ms C retired a few years ago to take care of her daughter. Ms C got a very good guanxi with senior officials from Telecom authority and the cultural and broadcasting authority. With her guanxi, she even could build connection with Hong Kong Tycoons and elites.

Under her possession, she got licences in ICP, ISP, VoIP and etc, which are mouth-watering by foreigners. However, after years' effort in business sectors, she found herself ran out of energy with no profit and no prosperity.

What's going wrong here?

Is it merely a managerial problem? Yes, but just partial. Her basic target is to attract foreign investors to fund up her business. Her business never gets a long term planning and a roadmap. Everything in her business is just a mock-up and a logistic. Some products after being fully developed were never launched since she just wanted a showcase.

Honestly, it leaves the investors a lot of questions. Should we fund her up to build a real business? Would she be a good business owner? If you are a foreign investor, will you build your second home in China with her?

What is critical here?

It is a regulatory problem. Managerial problem can be easily overcome but not for regulatory problem. Thousands of rules keep foreign telecom related operator away. How to overcome this problem?

Another AR example from IKEA

Again, as discussed before, something that is up and coming! Augmented Reality. This is the 2nd time I show you an example. Here is another example from IKEA.

McKinsey advocating second home in China

Perhaps, you cannot hear that. But I do. I can sense a chant of “China, China, China” in global business arena even though there are a lot of downsides. Yes, not just me. McKinsey, the famous global business consultant, advocates an idea of taking China as second home for businesses.

Spurred on with its rapid evolution, China is now considered as the global battlefield for sectors, like consumer electronics, semiconductors, and electricity transmission equipment, on which global winners are determined. McKinsey describes the way of some multinational companies “side betting” by letting their rivals take risk on China’s booming and regulatory imperfect. McKinsey warns if multinational companies do not start building second home in China, they would not keep their success. In other words, multinational companies need to commit themselves to China and make long-term “guanxi” (a term which is more than relationship and connection) there.

McKinsey is striking up a discordant tune to the concerto playing by chambers of commerce from America and Europe. Indeed, RMB rate control, Google-China tension, new regulation on “indigenous innovation” and antimonopoly issue on Coca-cola acquisition of Huiyuen Juice, all those issues were discussed on the table by the chambers. Mainstream view is formed multinational companies are likely not welcome by China.

I think McKinsey’s argument is strong. It cites two examples, piano and auto markets in the China, to illustrate how attractive the markets are. However, what is the value proposition for a second home? Merely revenue?

I agreed with the point that it should not be a measure to gain revenue but a measure to survive in the market and not to be demolished by competitors.

There are five qualitative metrics to measure the success of second home in China:

1. Time spent in China

2. Visibility into China

3. Chinese representation in the senior team

4. Knowledge of Chinese customers and suppliers

5. Relationships with government leaders and regulators