December 4, 2006
December 3, 2006
Routing all client traffic (including web-traffic) through the VPN
By default, when an OpenVPN client is active, only network traffic to and from the OpenVPN server site will pass over the VPN. General web browsing, for example, will be accomplished with direct connections that bypass the VPN.
In certain cases this behavior might not be desirable — you might want a VPN client to tunnel all network traffic through the VPN, including general internet web browsing. While this type of VPN configuration will exact a performance penalty on the client, it gives the VPN administrator more control over security policies when a client is simultaneously connected to both the public internet and the VPN at the same time.
Add the following directive to the server configuration file:
push "redirect-gateway def1"
If your VPN setup is over a wireless network, where all clients and the server are on the same wireless subnet, add the local flag:push "redirect-gateway local def1"
Pushing the redirect-gateway option to clients will cause all IP network traffic originating on client machines to pass through the OpenVPN server. The server will need to be configured to deal with this traffic somehow, such as by NATing it to the internet, or routing it through the server site’s HTTP proxy.
On Linux, you could use a command such as this to NAT the VPN client traffic to the internet:iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
This command assumes that the VPN subnet is 10.8.0.0/24 (taken from the server directive in the OpenVPN server configuration) and that the local ethernet interface is eth0.
When redirect-gateway is used, OpenVPN clients will route DNS queries through the VPN, and the VPN server will need handle them. This can be accomplished by pushing a DNS server address to connecting clients which will replace their normal DNS server settings during the time that the VPN is active. For example:push "dhcp-option DNS 10.8.0.1"
will configure Windows clients (or non-Windows clients with some extra server-side scripting) to use 10.8.0.1 as their DNS server. Any address which is reachable from clients may be used as the DNS server address.
Redirecting all network traffic through the VPN is not entirely a problem-free proposition. Here are some typical gotchas to be aware of:
- Many OpenVPN client machines connecting to the internet will periodically interact with a DHCP server to renew their IP address leases. The redirect-gateway option might prevent the client from reaching the local DHCP server (because DHCP messages would be routed over the VPN), causing it to lose its IP address lease.
- Issues exist with respect to pushing DNS addresses to Windows clients.
- Web browsing performance on the client will be noticably slower.
For more information on the mechanics of the redirect-gateway directive, see the manual page.
Source: OpenVPN 2.0 HOWTO
November 25, 2006
标 题: Re: 为什么我买的OLEVIA 532H LCDTV没有信号?
发信站: BBS 未名空间站 (Sat Nov 25 14:25:29 2006)
Thank you so much!!!
This info is so useful, you saved the day! I cannot tune in any channel last
I chose the show room mode when I first started then never changed it until
I read your post.
发信人: Bolicious (Bolicious), 信区: shopping
标 题: http://www.olevia.com/jsp/support/faqs.jsp
发信站: BBS 未名空间站 (Sat Nov 25 09:20:29 2006)
I spent all the afternoon to figure this out:
1) Make you TV is on “Home” Mode. If not, follow the instructions from the
2) Set Channel search to Auto
3) To read the Operation manual that is in the CD disc
November 24, 2006
(1 votes, average: 4 out of 5)
Posted on Sunday, October 15, 2006 by Tim Fehlman
In years past, I was not as technically savvy as I am today (which may be saying something). I was also naive enough to believe that what I was told I was getting from my ISP is actually what I received. Now, I’m not saying that all ISPs are out to cheat you but there are definitely some that are less than reputable.
One of the easiest ways for them to “steal” from you is by throttling your bandwidth. This means that they may tell you that you are getting one speed but actually receiving another. Luckily, there are a number of websites out there that let you test your bandwidth.
Recently, I ran across a very cool one that is super easy to use. It has a very nice graphical interface and lets you choose which server you want to test you speed with. Check out SpeedTest and see how your ISP is doing.
October 22, 2006
October 21, 2006
我用的是 X20，深受 IBM 系列的本本都没有 Win 键之苦，少了很多快捷键，所以觉得有些不爽，都怪我平时用惯了 Win 键的相关快捷操作。有人说使用 Ctrl＋Esc 就行了，其实 Ctel+Esc 无法完全代替 WIN 键，以为它无法使用 Win 键的所有功能，只能弹出开始菜单而已。详细的 Win 键功能如下：
一、Win 键修改大法第一重：hotkey tool
首先想到的是可以用驻留内存的软件来拦截键盘操作。。找到了这样的一个软件 TPKey to WinKey
这个软件可以利用 ThinkPad 键启动各种 WinKey 组合热键 与 其它特殊功能。。。呵呵。。是专门针对 IBM 机型开发的耶！
呵呵。。找到了一个通过修改注册表来实现的方式，可以把 Alt 或 Ctrl 键来模拟 Win 键，这个方式可是实现了系统资源的零消耗。。哈哈。。
（请将 IE 的「编码方式」改为「日文（自动选择）」即可读取。
在该页，选择看是 Win 2000 or Win NT，然后设定 remap 的机制，再将「入替有效」打勾即可。最多可以同时 remap 四个键。我是将右边的 Alt remap 成左边的 windows key。然后将产生的码存起来，存成 remap.reg，执行该档即可更新你的 keyboard 的 mapping。
如果有人也想将右边的 Alt 键变成 Windows key， 可以直接将这段 code 存成 remap.reg，执行即可：
Windows Registry Editor Version 5.00
但是这个方式只能在 2000/Nt 系统下有效。。如果用的是 95/98 怎么办呢？
想来想去，好像以前在微软的 PowerToys 中看到有自定义键盘的东西，马上转向微软的网站。。一番搜索。。终于。。
三、Win 键修改大法第三重： RemapKey
谢谢您能看到这里，说明您和我一样，真的需要 Win 键了。。所以下面推出 终极完美方案：
1. Windows 95/98: 到 http://www.microsoft.com/Windows95/…Toy/Default.asp
下载 Windows 95 Kernel Toys Set 执行 Keyboard Remap
2. Windows 2000: 需要 Windows 2000 Resource Kit 里的 RemapKey，可到
注意：For Windows 2000 的这个 RemapKey 是笔者看到过得功能最强大的键盘 Remap 工具，竟然可以复位义键盘上的每一个按钮功能。。。爽！！！
October 13, 2006
October 11, 2006
very valuable advice for business people.
very valuable advice for business people
October 10, 2006
Have you ever clicked send on a message and then remembered that you forgot to attach that important file, or realized you put the wrong time down for a meeting? Outlook allows you the option of recalling a sent message. Here’s how:
1. Go to the Sent Items folder.
2. Find the message you want recalled and double-click it.
3. Go to the Actions menu and select Recall This Message.
4. To recall the message:
Select Delete unread copies of this message.
(Note: the recipient needs to have Outlook opened for the message to be deleted)
To replace the message:
Select Delete unread copies and replace with a new message, click OK, and type your new message.
To be notified about the success of the recall or replacement:
Check the Tell me if recall succeeds or fails for each recipient check box.
5. Click OK.
October 7, 2006
October 6, 2006
HOWTO: Set up a Windows SSH server for VNC tunneling
[ 17 August 2006 ]
Marked under security, windows.
This tutorial will walk you through the steps to running a SSH server on your Windows machine and using it to create a secure tunnel through the Internet to use VNC.
Install the SSH server:
- Log into Windows with Administrative privileges
- If there is no password set for this user, set one in the Control Panel. *(a password is required)
- Create a cygwin folder in the C: drive (C:\cygwin)
- Download setup.exe from cygwin.com and save it to C:\cygwin
- Run C:\cygwin\setup.exe
- Install from the Internet and save to C:\cygwin\
- For Local Package Directory, use C:\cygwin\
- Select a download site from the large list.
- On the Select Package screen, click View once so “Full” appears.
- Scroll down to openssh in the package column, and click on “Skip” so an “X” will appear in column “Bin?”.
- After the packages have been downloaded, finish the installation
- Right click My Computer, Properties > Advanced > Environment Variables
- Under System Variables, click New, add CYGWIN as the variable name, add ntsec as the variable value
- Under System Variables, scroll down to Path, click Edit, add ;c:\cygwin\bin to the end of the string already in the field
- Open Cygwin on the desktop and type in ssh-host-config
- “Privilege Separation?” Yes
- “Create local user SSHd?” Yes
- “Install SSHd as a service?” Yes
- “CYGWIN = ” enter ntsec
- While in the same Cygwin window, enter net start sshd to start the SSH server
- If you ever need to stop the SSH server, enter net stop sshd
- In the Cygwin window enter mkpasswd –local > /etc/passwd to copy over the Windows user settings to Cygwin
- In the Cygwin window enter mkgroup –local > /etc/group to copy over the Windows group settings to Cygwin
Test the SSH server:
- Enter ssh localhost in a Cygwin window
- Any time you SSH into a server for the first time, you will get an authenticity warning. The RSA key will be listed and it will ask you if you want to continue. Type in ‘yes‘ to continue.
- If you get a prompt without any errors, enter ls -lh /cygdrive/c
- If you see a directory listing of your C:\ drive, everything went right
Install the VNC server:
- Install your VNC client of choice. Make sure you install the server portion of the client
- If you are given the option to “allow loopback connections” choose Yes
- Make sure you register the VNC Server as a system service. Various clients do this in different ways
- Once it’s registered as a service, it will auto-run at Windows startup as a service
Tweak your firewall (if applicable) to allow port 22:
- In your firewall, open TCP port 22 for SSH use
- Example: in Norton Internet Security, Personal Firewall > Configure button > Advanced tab > General button > click Add. Permit to and from connections for TCP port 22. Name the rule something like SSH
- Example: in Windows Firewall for SP2, Start > Control Panel > Windows Firewall > Exceptions Tab > Add port > port name SSH, port 22 TCP
Tweak your router (if applicable) to forward port 22:
- If you’re behind a router, forward TCP port 22 to your internal IP
- This means that any traffic coming in through port 22 (the SSH port) will be passed through the router and directed (forwarded) to your internal IP
SETUP: Remote machine
Install the SSH client and create a tunnel:
- Install your SSH client of choice (mine is PuTTY)
- Create a tunnel to your SSH server
- In PuTTY, click the Add button under the tunnels section
- Make the source port = 5900 and the destination = 127.0.0.1:5900
- In the SSH Secure Shell client, edit your profile and go to the Tunneling tab
- Make the listen port 5900, the Destination host 127.0.0.1 and the destination port 5900. Choose TCP for the type and uncheck “Allow local connections only.”
Configure PuTTY for auto-login (if you choose to use PuTTY):
- Make a shortcut to putty.exe on your Desktop
- Right click the shortcut, Properties > Shortcut tab > Target field
- Add the following to the end of the string in the field: -load “[your profile name]” -l [login name] -pw [password]
- Example: -load “home” -l Mark -pw mypassword
Install the VNC viewer:
- Find a VNC program of your choice and install the VNC Viewer portion of the package.
EXECUTE: VNC over SSH
- Open your SSH client, connect to your remote IP address
- Open your VNC viewer, connect to 127.0.0.1:5900
This value can be displayed on your website, openly emailed, etc.
October 3, 2006
If you just want to remove it for one user:
1. Log into the XP box with the user you want to change
2. Click Start and click Run
3. In the runbox type regedit and press ENTER
4. Navigate to the following key:
5. Double-click on the dword MessageExpiryDays in the right column. If the dword is not there, create it.
6. Set the value to 0
If you want to remove the notification for all users:
1. Click Start -> run -> regedit (as noted above)
2. Navigate to
3. Double-click on the dword MessageExpiryDays in the right column. If the dword is not there, create it.
4. Set the value to 0