Categories
Freedom and Privacy Technology Tutorial yunohost

INSTALLING ROUNDCUBE 1.4 VERSION ON YUNOHOST

Thanks to the work of Brian we can now install the newest version of Roundcube on Yunohost.

Why is this so exciting?

  • Newer, fresher UI
  • PGP encryption Functionality with the enigma plugin
  • Mobile friendly skin

In short, it makes your self-hosted email awesome on a mobile too, regardless of whether you have an email app that works or not with PGP

Normally, if this app was an approved app in the Yunohost app list you would be able to simply search it and install it from the app list. Until then we have to install it by the command line but it’s not that scary at all so let’s begin.

Installing it

  1. ssh into your Yunohost box
  2. run this command to install it:
    sudo yunohost app install https://github.com/bhdouglass/roundcube_ynh/tree/testing

Configuring the Install

A bunch of questions will start. Here is how I answered mine but you can adjust as you like. Note, if you press the enter key it will choose the default option for quick installation. Critical step is choosing ‘yes’ when you are presented with the Enigma opion.

This first question is just a warning. You’re brave. Take that risk!

WARNING! Installing 3rd party applications may compromise the integrity and security of your system. You should > probably NOT install it unless you know what you are doing. Are you willing to take that risk? [Y/N] : y

This next step shows all the domains you have configured in your Yunohost box and will ask you which one you want this Roundcube to be associated with:

Available domains:
-domainone.com
-domaintwo.com

Choose a domain for Roundcube (default: domainone.com:

This next question lets you choose which URL folder you want for the mail. I changed mine from the default since I have other things running but you can leave default if you don’t have something already using ‘/webmail’:

Choose a path for Roundcube (default: /webmail): /pgpmail

I’m using Nextcloud calendar stuff so i don’t need CardDav stuff now but feel free to install it if you need it and want to use it:

Install CardDAV synchronization plugin? [yes | no] (default: no):

This is an important one if you plan to encrypt your emails!

Install Enigma messages encryption plugin? [yes | no] (default: no): yes

Testing it out

Once complete, you should now be able to go to ‘domainone.com/pgpmail’ (or whatever your options are) and hit the new Roundcube installation and log in with your Yunhohost email server settings. I recommend doing the following tests each time you get setup with something like this since desktop browser and mobile browser use different skins (sometimes) in Roundcube.

Before beginning, make sure that the public key of each email address has been sent/imported into each side of the email transaction. You can use the ‘import key’ feature in Roundcube’s desktop mode quite easily. At point of this tutorial I haven’t tried importing keys with Mobile browser, so I can’t confirm if that works or works well.

  • Send totally plain text test message from desktop browser to test email address
  • Send totally plain text test message from Mobile browser to test email address

All good? Now with public keys attached:

  • Send new email with just public key attached using Roundcube’s ‘attach public key’ feature – from Desktop browser
  • Send new email with just public key attached using Roundcube’s ‘attach public key’ feature – from Mobile browser

Still good? Now encrypt it!

  • Send new email fully encrypted using Roundcube’s ‘encrypt this email’ feature – from Desktop browser
  • Send new email with just public key attached using Roundcube’s ‘encrypt this email’ feature – from Mobile browser

Everything still good? You should be ‘in business’

Hope you enjoyed and found this useful.

Categories
Freedom and Privacy Technology Tutorial yunohost

HOW TO INSTALL NEW ROUNDCUBE VERSION ON SHARED HOST CPANEL WITH PGP KEYS WORKING

So, you want to not wait for RoundCube to release 1.4 to cpanel, or, you have Roundcube on your cpanel setup and for whatever reason the Enigma plugin that makes the PGP stuff work – isn’t working. Whatever your reason is, the solution is not insanely hard, but it took me about a week and a lot of hours to figure out how to get it going. Hopefully this will save you many hours that I lost! 🙂

Probably this page will work for future stuff too for future releases so I’ll leave the download pages more general.

Before we begin, quick thanks to everyone at Roundcube for really improving the look, feel and security of everything. Really nice upgrades in the UI for version 1.4 RC!

STEP ONE – DOWNLOAD

  1. Get your version (in this case 1.4-rc) from this Roundcube download page
  2. Download compressed Roundcube file to your computer
  3. Upload compressed Roundcube it via FTP (or whatever method you like)
  4. In your cpanel File Manager, Right click on the compressed Roundcube file and ‘extract’ – the file will decompress and extract the directory with the same name in the same directory where you clicked ‘extract’
  5. Locate the newly extracted file and rename to something you like. This will form part of the URL when you log into your email. If you leave it as is the URL will be too long and annoying so changing it to something like ‘mail’ or ’roundcube’ would be smart. Maybe don’t call it ‘webmail’ because most shared hosting uses that? Not sure, I didn’t test that but something more unique would probably be smart.
  6. go to the URL of your domain, with the new directory folder and add ‘installer’ at the end and this will start installer. You can read details on the Roundcube installation page and we are now at step ‘Configuring Roundcube’

Create your MYSQL database for Roundcube

You’ll need a database to make Roundcube work. Although this kind of stuff seems scary, it’s not that scary as long as you don’t delete stuff that’s already there that you don’t know about. In short, all you are gong to do is create a database, create a user for the database, and then glue the user to the database. That’s it.

Before you begin this part you should have some kind of password manager software setup, I think, so you can create strong passwords and not lose them. Otherwise, ‘do it the way you like’.

Here’s how:

  1. in your Cpanel home panel, go to ‘MYSQL Databases’
  2. in the top section, Create New Database, give your new database a decent name like ’roundcube_abc’ (no one sees this stuff, it’s just back end). You will note that it will automatically append something to the front. That will be part ofyour database name, not just the part you are typing in the field.
  3. Click ‘Create Database’ button
  4. Scroll down to the MYSQL Users section and in the ‘Add New User’ section at the top, create a new username with a strong password. You can use the password generator and then make sure to save it safely. You will note that it will automatically append something to the front. That will be part ofyour username name, not just the part you are typing in the field.
  5. Click ‘Create user’ button

Now you have both a database and a username. the last steps are to glue them together.

  1. Scroll down to ‘Add User to Database’
  2. From the ‘User’ dropdown, select the user you just created
  3. From the Database dropdown, select the database you just created above
  4. Click the ‘Add’ button

It will take you to another screen where it asks what permissions you want to give this user in this database. You will give it all permissions which should be the default (all boxes selected).

Confirm these changes.

Installing Roundcube

Really you should read this entire page and learn a bit as your setup might be different and it’s good to review the items they mention, although most or much of it is for people who have full access to their servers, not cpanel people.

Once you start the installation process, there really isn’t too much documentation on how to actually set it up. It will start a kind of ‘installation wizard’ but not a lot of help is there during the process. You’ll need to have the following items near you before you begin:

  • The email credentials that will be using Roundcube including: server names, type of email (ie. SMTP, IMAP), security protocol of each, ports for each. You can get all this from your email provider.
  • The database name, user name, and user name password for the MYSQL stuff you created above

Once all this is in hand simply walk through all the fields and do your best. The details of that part is out of scope of this tutorial but there is one vital point which you absolutely must seclect in order to use encryption and PGP and that is, in the plugin section you must select the Enigma plugin which will add all the functionality.

Again, be sure to install the the Enigma plugin.

Fixing the enigma_pgp_homedir not specified error

After installation is complete and everything appears working, if you were to go to the settings and to PGP keys you will be greeted with a warning that enigma_pgp_homedir is not specified, or, if you tried to simply put the path in there as if it were a full control server, it probably won’t work. At least that’s what happened to me and the purpose of this tutorial.

The solution to properly point Roundcube to a secure folder was pretty hard to figure out but now that it’s figured out should be pretty easy for you.

You should apparently not put your pgp key folder into the enigma plugin folder, or in the document root folder. Frankly I”m not skilled enough to know all the whys but I’ve learned to trust people smarter than I. So, I put the directory in the main directory of my domain where roundcube is. You can mirror this for simplicity and probably should. So, here go the steps:

  1. In cpanel File manager go to: public_html/yourdomain.com
  2. Create a folder for your keys. For this tutorial I’ll call it ‘keez’ but you can call it whatever you want. Make sure permissions are 0755 (they should be after you create it)
  3. In File manager, navigate to this location: /yourRoundCubeInstallationFolder//plugins/enigma/
  4. Locate the config.inc.php.dist file
  5. Touch it, right click on it, and rename and remove the ‘.dist’ from the end of the filename and save the change
  6. Touch the newly renamed file again and right click and ‘edit’. This will open the Cpanel text editor.
  7. It will give you a warning that by editing you can break everything, which of course we know, so, click edit again and reall stick it to the man!
  8. Scroll down in the code stuff until you see this section:

// REQUIRED! Keys directory for all users.
// Must be writeable by PHP process, and not in the web server document root
$config[‘enigma_pgp_homedir’] = null;

Now is the fun part. All you have to do is enter in the path that points to your keys folder that you created in step 2 above.

Mine now looks like this:

$config['enigma_pgp_homedir'] = realpath(__DIR__.'/..'.'/..'.'/..').'/keez';

As long as you put your keys folder in the main directory of your domain and named it ‘keez’ this line shoud work. If you have your folder somewhere else you’ll have to adjust accordingly. What I learned was each instance of '/..' moves up one level directory. So this command is saying ‘you will find the ‘keez’ folder by going up 3 levels from where you are now”.

Once you have adjusted this one line of code, click the ‘save changes’ button in your cpanel editor.

Go to your Roundcube email, go to ‘settings’ and go to ‘PGP Keys’ and you should now have working PGP functionality working in your Cpanel Roundcube, plus, you are running the new mobile-friendly version 1.4 now that all the paths are working.

I hope this helps!

Categories
Freedom and Privacy Life Skills Technology Tutorial

SETTING UP EMAIL WITH YUNOHOST AND CLOUDFLARE

In a previous blog post I set up a Yunohost (“YH” moving forward) box with a script so that it would report it’s location back to Cloudflare (“CF” moving forward) automatically using a cron job entry on the box and a cool piece of free software called ddns-cloudflare. That blog was to make sure the website stuff (ie. WordPress blog, Nextcloud, etc) would work. The other neat part about setting up your YH box this way, I was thinking during the process, is that (I guess but haven’t tested yet), you could just unplug it and plug it in at another physical location (with the right ports open at that location, of course) and it should just start ‘magically working’. This would be a real selling feature for getting ‘off the grid’.

Now to attack the part that most people like me avoid – EMAIL!

We have all heard that email servers are complicated and stressful, but, with the CF-YH combo – once I figured it out – it now seems much easier than I had expected. But there weren’t any specific blogs out there for me to follow so I decided it would be super helpful to write one to help others avoid what I just went through.

This tutorial will connect CF to your YH email and give you a few tips to test as you go until it’s all working, since there are a few things in both CF and in YH that are a bit ‘weird’ I discovered. My hope is that this tutorial helps you get setup faster and easier.

This tutorial assumes you already have a CF account setup with the settings from the previous tutorial (www and A record stuff).

KNOWING WHERE YOUR YUNOHOST SETTINGS ARE

You will be able to find the private and unique details for your own Yunohost installation in the following section of your user interface:

Domains / nameofyourdomain.com / DNS Configuration

When you click this it will open up a pane that has all your records from the previous tutorial but also the recommended email settings. If you are like me, none of it will make sense at all.

The parts you are going to need to match up to CF are:

MX, DKIM and DMARC

The way in which you input them into CF is more than half of the battle, and the part where this tutorial should save you about 3 days of messing around.

First, let me give you a link to Cloudflare’s own support page on this topic. This will also give you a list of pretty much any kind of entry you might need in your own setup, if it’s more advanced than this tutorial. It also shows you how to create a records in your CF DNS settings. Here’s the link.

Now that you know how to enter a record in general, let’s enter them.

I’m going to display this like this:

MX RECORD

  • WHAT YH SHOWS IN DNS CONFIG PANE: @ 3600 IN MX 10 mylataylor.ca
  • HOW TO ENTER AND PASTE IT INTO CF
  • TYPE: MX
  • NAME: nameofyourdomain.com
  • VALUE: SERVER: nameofyourdomain.com PRIORITY: 10
  • TTL: AUTOMATIC

DKIM RECORD

  • WHAT YH SHOWS IN DNS CONFIG PANE: mail._domainkey 3600 IN TXT “v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA…super_duper_long_long_thing”
  • HOW TO ENTER AND PASTE IT INTO CF
  • TYPE: TXT
  • NAME: mail._domainkey
  • VALUE: v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA…super_duper_long_long_thing (NO quotations)
  • TTL: AUTOMATIC

DMARC RECORD

  • WHAT YH SHOWS IN DNS CONFIG PANE: _dmarc 3600 IN TXT “v=DMARC1; p=none”
  • HOW TO ENTER AND PASTE IT INTO CF
  • TYPE: TXT
  • NAME: _dmarc
  • VALUE: v=DMARC1; p=none
  • TTL: AUTOMATIC

It was explained to me that I also need to check RDNS, but I have not had any problems yet, and I’m not sure what this is nor how to do it. If you want to add this instruction in the comments that would be great.

If you refresh your page in CF and notice that an orange cloud has re-appeared from grey status, you may not have updated your .yml zone file correctly from previous tutorial. Your script might be updating the DNS records and accidentally forcing it back on. And this will stop your emails from working (the orange cloud). Go back to that tutorial and review the script yml config file setup and make sure you got he hashtags on the right lines…

At this point, it’s the moment of truth: will you be able to send and receive emails?

CREATE ACCOUNTS (AND EMAIL ACCOUNTS) IN YUNOHOST

This part created some issues for me because there may (or may not) be either a bug or an interface issue in the YH account setup. It appears, as you create the YH user that the email can be separate, however, from my experience, you should keep the username and the ’email name’ to be exactly the same – let YH auto-fill it and keep that as your email name. So, if you want your email to be johndoe@nameofyourdomain.com, make your YH username as johndoe at the top and let that auto-fill into the email field below. It seems like YH can’t take periods/dots in the username so john.doe won’t work. There appears to be email aliases that are supposed to work so probably you can figure this out but for me, for this tutorial, I would just avoid dots/periods, keep a simple username and make sure it auto-fills into the email field.

TEST YOUR SETUP

Once your username / email is set up in YH, now move on to test the email, in the client of your choice, but I strongly recommend Thunderbird to at least test to make sure things are working because it definitely works, I can confirm. Once this test is confirmed and you can send, receive emails with a basic thunderbird setup, then can feel confidence about all your settings above.

THUNDERBIRD SETUP

Literally, just follow this link exactly. If your settings are right, it will work. If they aren’t, they won’t. Also, be sure to wait at least 30 minutes for your cron jobs (if you are continuing from the Cloudflare tutorial) to run because the cron job can mess up your settings as well, I discovered. Once you have run a cycle or two of cron jobs and all is well, go wild with the hottest new technology – email…

TIP: when you get to the manual config, Thunderbird puts a period / dot before the serverhostname which is easy to miss. If your email is in the main domain root, then make sure to remove these dots.

Now send a test email to another account you have access to. One important thing to check is that you aren’t ending up in spam folders…

TIP: If you press send on your test email and it hangs on sending, go into your account settings of Thunderbird and you might have some old Outoing (SMTP) servers from previous YH email tests in there. I found after I deleted these old test servers and tried again, it worked perfectly, but if there were other ones in there it hung and failed.

Assuming you got your test email, now send a reply back to it and make sure you get that too. If you’re excited and bored or both, do this step over and over again perhaps with nursery rhyme verses…but make sure no one is watching you… I can’t emphasize enough that you need to wait at least a cycle or two of your cron jobs running to make sure it’s not messing things up over at Cloudflare.

All good? Nice. Another consideration now that you are a warrior hosting your own email is that by using Thunderbird you can back up your emails easily enough by simply connecting and synching your emails across multiple devices.

UBUNTU TOUCH DEKKO SETUP

Now let’s set this up on our Ubuntu Touch device with Dekko.

  1. Select the left hamburger menu
  2. Select the top right settings cogwheel on dark panel
  3. Select ‘mail’
  4. Select ‘accounts’
  5. Select the top right + plus sign
  6. Select IMAP
  7. Enter ‘whatever you want’ for the first two name options
  8. IMAP hostname: overwrite example with your yunhost server email location
  9. ENCRYPTION: should already default to this: ‘force encryption (SSL/TLS)’. if not, do it.
  10. username/password: auto-filled from first step
  11. authentication: change to ‘login’ (defaults to ‘plain’)
  12. SMTP server: overwrite example with your yunohost server email location
  13. SMTP port: 587
  14. ENCRYPTION: ‘use encryption (STARTTLS)
  15. AUTHENTICATION: change to ‘login’ (it defaults to ‘plain’)

Last and final and very important or your outbound email will literally break for this account and, I think, all your email accounts. You need to go back into the settings for this new email address and to this step:

  1. Select top left hamburger menu
  2. Select top right settings cogwheel on dark panel
  3. Select ‘mail’
  4. Select ‘accounts’
  5. Select Your newly-created yunohost email account
  6. Select Outgoing Server
  7. Scroll down under the LOGIN field and turn on the switch that says ‘Authenticate from server capabilities’
  8. Press left arrow at top of screen to save settings

CONCLUSION

Now, you should be in business sending and receiving emails from a Yunohost server, in your house, using Dekko email client on your Ubuntu Touch device.

Categories
Freedom and Privacy Technology Tutorial Ubuntu

How to use Onionshare on Ubuntu

Looking for some extra security, privacy and anonymity whens sending files? This might be a neat solution for you.

Currently it seems the instructions for using this interesting Onionshare technology are not super clear so I’m writing up a quick tutorial so others can save a few minutes and set their expectations correctly.

First, how it works is this:

  • You have to use a command line tool for now
  • Onionshare does a bunch of fancy stuff to your file and turns it into a shareable link
  • The person on the other side gets the files by entering that link into a tor browser (not a regular browser – won’t work)
  • You get a .zip file, not the raw file which you download to your local device and extract
  • It seems you only get one chance and if you don’t get the files, the link dies and the sender has to start again.

So, let’s get started:

1. Install Onionshare.

Command line install instructions are in the Ubuntu section here

2. Install Tor browser

I used the Ubuntu Software centre. Probably there are other ways to get it.

3. Convert your file into a shareable and anonymous link

In the terminal, go to where your file is with the CD command and then type:
onionshare filename.txt
Where filename.txt is whatever file it is you are trying to share.

4. Copy Link to clipboard

If you haven’t used a terminal for copying before you’ll need to do control + shift + C (not just control + c)

5. Have sender open link in Tor browser

In this case it’s probably you for the first test so paste the link into the Tor browser.

6. Download the file(s)

It seems you only get one shot and that it won’t download raw file but only compressed package. Also if you aren’t familiar with Tor, I lost some precious time here as well looking on my computer for the file but it downloads into a ‘tor folder’ it seems so use the browser to go find your file in case it didn’t end up where you expected…what I did was find it, and then control + X it to my local machine from there to do the next steps.

7. Extract and Enjoy

Worked for me!

One-Shot Sharing

Try now to click the download files button again. You will see it’s dead.
Try also to use the same share link again. You will see this also is dead.
Kind of cool.

Sending more than one File at Once

So, after sending one file, I tried again to send an entire directory containing a screenshot, a PDF and a music file just to see what happened. I then tried to do the exact command with a regular directory to see if this would be able to handle it but no go. Onionshare appears not to be able to do this. It failed and couldn’t open the end zip file. For the second test I compressed the directory first as a .zip, then sent that via the instructions above and … still no go. When I try to extract it fails.

So it may currently only be able to send single files, but definitely single files work well with these instructions above and if you figured out how to send a directory, throw that in the comments below.

Categories
Freedom and Privacy Technology Tutorial

Bridging a Matrix and Telegram Room

ASSUMPTIONS

For this tutorial, we shall assume that you already have:

  • An existing Matrix chat room of which you are administrator and
  • A Telegram supergroup with admin rights to add members
  • The Matrix room is set to “Anyone who knows the room’s link, apart from guests” in the “Who can access this room” settings of the group
  • Encryption is turned off (otherwise bridge won’t work)

Let’s continue assuming the above to be true.

1. Add username “@tchncs_bot” to the Telegram group to which you wish to bridge Matrix

Do this in the usual way you add a member to a Telegram group.

2. Send Request to Telegram Bot to get Alias Info

In the Telegram Group chat text input area, type
/alias
And then send as a message to the group. It will spit back a long paragraph including this key information:

….”#telegram_-123456789:tchncs.de”…..

3. Invite the Alias Bot to the Matrix group

This step should be ok by any regular member of the group (no admin needed)
Invite this user to your matrix group: @aliasbot:tchncs.de
You should see message “Alias Bot joined the room”

4. With Full Admin Rights to the Matrix Group, Bridge it!

You will not be able to do this with anything less than full admin rights.
In the chat text input area, enter:

!alias #telegram_-12345668987654321

and send it (of course replacing the numbers with the ones you got in Step 2 above)

5. Enjoy your newly built bridge

Categories
Freedom and Privacy Technology Tutorial Ubuntu Ubuntu Touch

How to Sync Files from Ubuntu Touch to Nextcloud using UBsync

Ubuntu Touch is awesome. Nextcloud is also awesome. Put them together and you have awesome… squared. How cool would it be to have your photos automatically sync to your own Nextcloud sever? Well, you can do it today and here is how.

EDIT DEC 24, 2018 – Important Security Warning before beginning!
Currently as of the time of this post, UBsync is not very secure. The volunteers who forked it are not security experts and the password file is not secure and is in plain text. Therefore, be warned that if your content is of extremely private nature, do not use this blog contents until the app has been properly updated.

However, if you are just trying to move your selfies from your phone to your Nextcloud for safe-keeping, this blog will suffice and hopefully in the next little while we’ll have some helpers in the project to improve the way the password is handed.

Also, there is a way to mitigate some risk so that at least your main NC user/password cannot be high jacked. When you log in to your Nextcloud user settings through a browser and go to ‘Security’ and ‘Create new app password’. Be sure to save this password right away during creation and in a safe place because you can only see the password one time (you can’t come back and see it again).

Once you have this password ready, continue with the blog.

  1. Make sure that you have a user account and password from a Nextcloud server.
    If you don’t have a nextcloud user account, consider strongly hosting your own. You can do this on an unused computer, or using Nextcloudpi on a Raspberry pi, or host a more ‘serious server’.
  2. In your Nextcloud user directory, create an appropriate directory to put your Ubuntu Touch files in. If you don’t touch anything everything will go into your ‘Photos’ folder by default.
  3. Make sure you have the UBsync app installed from the OpenStore
  4. Go to System Settings in Ubuntu Touch
  5. Go to ‘Accounts’
  6. Select ‘Add Account’
  7. Select ‘Nextcloud’
    Note: If you try to add an account and it doesn’t respond and take you to the next step, you may need to reboot your device.
  8. Enter your Nextcloud credentials (from the ‘new app password’ you created at the very beginning)
  9. Open UBsync App on your Ubunt Touch device
  10. Select ‘Add a New Account’
  11. Select ‘allow’ if the prompt is showing the correct username with the correct server address
  12. Go back to ‘General Settings’ screen of UBsync
  13. Set your sync frequency.
  14. Select any other changes you want on this page.
  15. Go back another screen with the back button top left
  16. Select the folders on your device that you want to sync to your Nextcloud with the ‘Sync Folders’ option.
    The default option will put your Ubuntu Touch photos (unedited) into the /photos directory (which is a default directory when Nextcloud creates a new account) from the following Ubuntu Touch directory

Default: /Pictures/com.ubuntu.camera/.original

  • Add a new folder with the + plus sign on the top right.
    Select the directory on your UT device you want to sync. NOTE: This is the tricky part, the big ‘tick’ check mark in the center of the screen is not ‘touchable’ but is trying to direct you to hit the ‘tick’ in the top right menu!

Do the same actions for the remote folder.
If the Folder doesn’t exist you can create a new one easily by just typing it. After creating it, touch it again and hit the ‘tick’ in the top right to make it real.

  1. When complete, press the back arrow at top left of ‘sync settings’ title.
  2. Start the sync
    Select ‘sync service’ and then the green ‘sync’ button. NOTE: Make sure you are on wifi if you allowed your settings to use both cell phone data and wifi as the sync could be pretty big, especially the first one while it pulls the files from your phone and moves them to nextcloud.

How to Delete an Account un UBsync for Ubuntu Touch

  1. Go to System Settings in Ubuntu Touch
  2. Go to ‘Accounts’
  3. Touch ‘Nextcloud’
  4. Select ‘Remove Account’ button

That’s it. The account is now removed/deleted.

Categories
Freedom and Privacy Mesh Networks Technology Tutorial Ubuntu

MAKING DDNS WORK IN OPEN WRT

OpenWRT project is awesome for sure. It’s free software (open source) and it allows you to use your router the way you want, unlike how they usually come out of the box. That said, there doesn’t appear to be a super vibrant community around it (yet) so some stuff is pretty hard to do. I’ve created an OpenWRT English-speaking Telegram Group (for now) in hopes this might help some more community building.

Anyway, here is what you came to this blog for: Making the DDNS service work in your OpenWRT router – in my case, specifically, this is a Dlink DIR-615 router and I’m working with No-ip.com so you may need to adjust a bit according to your service. But if you have NO-IP or haven’t started yet, then maybe just use No-IP?

Let’s do it.

  1. Get your OpenWRT router setup with OpenWRT. If you happen to have a Dlink DIR-615 – bonus! Here is my blog post to that. If not, it might still be useful or inspiring for helping you get rolling.
  2. At the top of the router menu options, go to ‘System’ and then ‘Software’ and click the ‘update lists’ button.

This will pull all the possible packages you can install into your router from the community.

  1. Before installing other packages, install package named “luci-app-ddns.”
    It ‘seems’ that this also installs ddns-scripts when you install this which is another one you need so it’s nice it’s automatically installed with this package.
    Important Note: If you cannot find packages, or something is strange during package install, you may need to reboot your router to free up some RAM memory. This happened a few times and after rebooting the router I was then able to update the lists correctly.
  2. Using the same method as the step above, Install the No-IP package for OpenWRT called “ddns-scripts_no-ip_com”

A tab called ‘Services’ should now appear at the top of your router’s menu options because you performed step 3 above. Verify this is good and if some problem, repeat the above steps until you have your tab and possibly you will need to reboot router (see important note above)

  1. Under new ‘Services’ menu dropdown at top, “Dynamic DNS’ should now be an available option. Here is a link to some No-IP documentation for the client that I found useful. This link here in the ‘OpenWRT configuration’ section was also helpful to me for your reference although it wasn’t No-IP specific.
  2. In the ‘add’ field at the bottom left, give your service a listing name (I used ‘Noip’ for mine) Then click ‘add’.
  3. In the DDNS Service provider[IPv4] field, select “no-ip.com” from the dropdown list. Note: even though this is later in the order of fields, do this now.
  4. Press ‘change provider’ button
  5. For the ‘Lookup Hostname’ give it your No-IP custom URL without the “HTTPS://” stuff.
  6. In the “Domain” field, put the same info from step 7 above.
  7. username = your No-ip username (maybe your email?)
  8. Password = you guessed it! Your password for the No-IP service
  9. Under ‘Advanced Settings” I selected “https:// checkip .dyndns .com” from the “URL to detect[IPv4]” field. I found No-IP service wouldn’t work until I chose something from this list. It wouldn’t seem to point No-IP to my router without it…
  10. ‘Save and Apply’
  11. At the top right you might (I can’t remember to be honest) see a notification that you have unsaved changes in your router. If so, go and apply those changes to your router.
  12. Go back to overview list where you started. You should now see your new entry
  13. Click the ‘enabled’ checkbox
  14. Press ‘start’ button. You should now see a PID and a number with it and a red icon.

Now, you should be up and rolling and after No-IP has a bit of time to apply the changes your router should now be accessible by the URL you put in step 8 above.

Categories
Freedom and Privacy Mesh Networks Technology Tutorial Ubuntu

Flashing OpenWRT onto a D-link DIR-615 – The Sequel!

The funny part about this blog is that I spent an entire day searching for how to do this and then I ended up landing on a blog post with the answer… written by ME. in this 2015 blog post Lol or something?

This tutorial assumes you are using Ubuntu and know how to access your terminal and do some basic commands. If not, do a quick study on that before you begin. If you aren’t using Ubuntu on your computer I’m not sure what I can do to help other than encourage you to switch immediately.

This tutorial also assumes that your computer/laptop is plugged directly into the DIR-615 router by ethernet cable and not by wifi. It could probably be done with wifi, but I don’t know and I know it adds an extra layer of complexity I don’t like. So find a cable and plug in to do all this.

1. Download the appropriate image from OpenWRT to your computer.

I got mine by refining a search here.

2. Extract the file into it’s raw ‘.bin’ format.

Mine looks exactly as follows at the time of this writing when it’s sitting in my directory but as versions change and improve this could slightly change be aware:

lede-17.01.4-ar71xx-generic-dir-615-c1-squashfs-factory.bin

3. Using your terminal cd (change directory) to the location where the file is you just extracted in step 2.

4. Make sure your computer is set to a static IP address.

If you don’t know how to do this, search it online as I don’t have a quick link to it right now. “How to set static IP address in Ubuntu’ should find something. Make sure that your static IP address you are setting does not conflict with another device on the router, nor with the router itself at 192.168.0.1.

192.168.0.2 static

NOTE: After this router is flashed you will need to get rid of this static IP address since it won’t match your new router!

5. Pre-enter the following command into your terminal so you are ready to press enter

curl -0vF files=@lede-17.01.4-ar71xx-generic-dir-615-c1-squashfs-factory.bin http://192.168.0.1/cgi/index

Again, the part after the @ symbol in the command above might change depending on the .bin file you are flashing on. This tutorial will likely get old at some point so you may need to swap out a different file name into the command above but the rest should work long term.

6. Power off the router by unplugging the black power cable

Warning. You are about to forever wipe your router’s ‘operating system’ so if you have anything in there you care about this would be the time to get those out!

7. Put pen in the reset button of router and hold it there

8. While still holding reset button, plug in the power cable.

Keep holding the reset button! Don’t let go. The light will be a solid colour (orange, I recall?) but you are waiting for the first flash before executing the next step.

9. As soon as the solid light starts to flash hit the enter key in your terminal and run the curl command you pre-entered in step 5 above

After you hit this command at the perfect moment, things should start to work. When they do, you’ll see some funky html stuff come on the screen that looks like this:
* Hostname was NOT found in DNS cache
* Trying 192.168.0.1…
* Connected to 192.168.0.1 (192.168.0.1) port 80 (#0)
> POST /cgi/index HTTP/1.0
> User-Agent: curl/7.35.0
> Host: 192.168.0.1
> Accept: /
> Content-Length: 3932431
> Content-Type: multipart/form-data; boundary=————————464dbec1925a46d8
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Server: uIP/0.9 (http://dunkels.com/adam/uip/)
< Content-type: text/html
<
backup loader Device is Upgrading the Firmware


  • Don’t turn the device off before the Upgrade jobs done !
` `

More notes for this step
The screen will stay with this html/> script on there and at this point you can keep your eyes on the router as nothing will happen on the screen.
You should see lights flashing and reboots. Wait, wait, wait. Failure seems real but it’s not yet…. For me I was stuck on a green light for a really long time and no updates in terminal.

If after 5 minutes (or so) things appear to be ‘stuck’ at that point you could try unplugging the power cable and plugging it back in again to test.

To test to see if it worked, go to the new access IP address which should be 192.168.1.1. If you are prompted for user/password you succeeded.

A few troubleshooting notes

Something didn’t work? Read these next few points for some inspiration:

  • Did you really make a static IP address in step 4? You might think you did but maybe it didn’t work. Check with ifconfig command and see what IP address your computer/laptop has. If it’s not static, things won’t work right.
  • Were you too fast or too slow with the timing of the curl command in Step 5? Timing is a bit finicky here so you may have to try a few times to nail it.
  • If things are really goofy you ‘may’ need to install the original Dlink .bin file and start from there. I doubt it but there are records of this online so I thought I would mention it. You could get this on there by finding this .bin file online and using your new curl skills from above to flash the original .bin on there first.

Bin file name for DIR-615 = dir615_revC_firmware_311NA.bin

command to flash it on:
curl -0vF files=@dir615_revC_firmware_311NA.bin http://192.168.0.1/cgi/index

Follow up notes

  • Reminder! Turn your computer/laptop back to DHCP mode from static IP otherwise you might not be able to connect at all to your new router! I made this mistake way too many times and easy to forget.
  • After getting things up and running and if you need ddns, reboot device via ssh. when it comes back, then you could try this tutorial I wrote for the No-ip service. Here is a link to that tutorial.

Categories
Technology Tutorial Ubuntu

Doing a Really Big and Fast First Upload on a Fresh Nextcloudpi Install (the Samba Way)

EDIT 190515: Oops. Apparently in the instructions below in the Nautilus section I failed to say how to actually connect. Adding that now. Sorry.


Nice long title. Thankfully the speed of getting your first big upload to your new Nextcloudpi (NCP) server won’t be so long, thanks to this tutorial! By spending 10 minutes and doing this tutorial you will be uploading 95% faster (that was my experience).

Assumptions Before Beginning

  • You have full 100% admin access to your NCP (ie. you are the master admin and probably created the server and installed it, or are close friends with the person who did)
  • You have SSH access to your NCP, and you know how to SSH into your NCP. If you don’t… you’ll need to research that first.

1. Confirm the Username in NCP Who Will receive the Big File Shipment

This major upload will need to be associated with a username. In my case, I have created a ‘master-master user’ for this kind of reason. So I will be shipping this big upload to my ‘master-master user’ so that after it’s done that user can assign which files are to be shared with whom (and how). I think this is the right way to do it, even if you are the admin yourself. Topic is open to discussion, but that’s how I roll…

Make sure this user exists in NCP is the key point.

2. SSH into your NCP

NOTE!  Apparently you can do steps 2, 3, and 4 via the NCP web admin so this means you might not need SSH, plus it might be easier.  I won’t have a chance to test myself for a while but try that out first maybe! Otherwise, learn SSH and do the next few steps the way I write.

3. Setup Samba in NCP

  • sudo ncp-config

The first screen is informative and the ‘yes/no’ answers don’t make sense if you read it for grammatical sense. Just chose ‘yes’ which means “I understand that I have to force NCP to ‘scan’ the files when I’m done putting files on the box” This has now (Dec 2018) been fixed by the developers and it now says ‘I understand’ in the option box. Nice and thanks!
You will see:
ACTIVE: NO
PASSWORD: ownyourbits

Type ‘yes’ (no quotes) overtop of ‘no’ in ‘active’ and type in a strong password. You will use this password later and probably you don’t want to give this to anyone else because if you do, that user can go in and mess with other people’s files (I think) Use the Tab key until you arrive at ‘yes’ and press ‘enter’

It should automatically create the ‘samba shares’ for each username you have already put into the system. This means that every user in your box can also access files on the cloud this way and not just with a nextcloud client user features. But the main point is that we’ll be able to move files quickly across the Local Area Network (LAN)

Once this part is done, press any key it will bring you back to your ncp-config screen.

Tab twice until you hit ‘finish’ and then press enter. That will bring you back to your terminal.

4. Do your Samba Shares (and I don’t mean the dance….)

In this example I will be using Ubuntu desktop, so if you are using some other operating system – tough bananas – and you’ll have to search some other tutorial about how to connect your computer to your NCP using Samba.

First, open Nautilus (also called ‘Files” if you mouse-over it. The thing that lets you browser your files on your computer and looks like a file cabinet.

Next, go down to ‘Other Locations’ on the left panel and click it. In this case we want to use the LAN IP address because that’s the whole point of this exercse – fast transfer across LAN instead of going through the internets…

  • EDIT 190515: enter into the ‘connect to Server’ field at the bottom smb://ipaddress (ie. smb://192.168.1.30) where the ip address is, of course, the address of your nextcloud box
  • Enter in the credentials for the Samba user you made.

As soon as you enter it in, assuming your box is on, it will find all those usenames and folders for them automatically. Double click the one you want to dump all the files into (probably your master-master admin account). The next part, although it seems easy – is not! But the reward is great so let’s do it.

I realized that what you need here for the username is indeed the NCP username but, but, but.. the password is the one you created in step 3 above! So tricky but alas…

5. “You like to Move it, Move it.”

Let’s move the files now. In Nautilus, middle mouse click wherever your main dump of files are. That will open up a new Nautilius tab from where you can drag, drop stuff into the other tab you just logged into. I just find this a nice and easy way but you can drag drop files there however you like.

Now, select everything you want to move and move them into your NCP user’s Nautilus tab.

Note: You should consider doing this piece by piece unlike me who tried to move 13 GB at a time. You don’t have an easy way to check the progress in this way so consider doing these moves small pieces at a time so you can see progress more easily.

While this is file move is happening, read on to the next section because you’ll have to tell NCP to scan the files when it’s done.

6. Scan the Files

After the move is completely finished from step __ above, in your Nextcloudpi web admin area, scroll down to the ‘nc-scan’ section and run it. It took much less time than I expected. It quickly scans all the files associated with all the users and (I guess) says ‘hey, there is a file here connected to this user’. After running the scan NCP is ready to roll.

7. Start your sharing

Log into the account you just put the files in and start sharing as you like and normally do.

We here at wayne(outthere) hope this made your day shiny and bright. Have a nice day.

Categories
Freedom and Privacy Technology Tutorial

Doing a Successful Fresh Nextcloud Install without Screwing Up Something Big

The premise of this tutorial is to get a nextcloud instant back up and running while throwin away all the user data and nextcloud customizations of your last install but while keeping all the file stuff for a new upload. In my case, we have a ‘small operation’ and it’s not a big deal to just do a completely fresh install and put the files back. It annoys a few people because they have to do a brand new big sync, but it’s workable and assures that the install is truly ‘fresh’. This might work for other small business and families so I figured I would just document the workflow since it’s helpful for me to not forget something or lose something.

1. Notify others to backup

This step is important because the other people might have put some personal files in their user account that may no longer be on their local machine. If you do this wipe, they might lose the only copy of the file. Notify them to download to their local machine every file they might want letting them know if they don’t, it will be wiped

2. Backing Up

If you are using a local client, this will be easy: just copy/paste contents of the sync folder onto a big hard drive. If you are using the online version, download the files to a local machine.

3. Notify Others to Clear out their Local Sync Folder

If there are others using the NC instance, tell them to clear out the drive they are using now. They can do this after they have confirmed the files are safe in the step above ‘backing up’. If you are the main admin and are uploading a big chunk of files for others to share (ie. company directory) just leave everything where it is and it will make it faster to get everything back up

4. Clear Out the Hard Drive Upon Which Your Nextcloud Will Store Files

This is a bit more complicated than we can write here but depending on how you setup your NC your database files may be on the hard drive itself. To assure everything ‘just works’ (better) access the drive, clear out absolutely everything on it. Remember, make sure your drive is backed up (easy to forget) before doing this step! If this is your second install (or more) you may, like me, find it easier to SSH into the cloud and remove the files that way, if you have access. This allows me to just leave the drive as it is, mounted, and wiped clean. Again, depends on your setup. The key is that you will wipe all the ‘ncdata’ and ‘ncdatabase’ directories from the drive if they are stored there.

5. Do a Completely Fresh Nextcloud Install

Self explanatory, but there are many ways to do this depending on your setup. This is where you jump to your ‘nextcloud installation tutorial’…

6. Create a Nextcloud ‘Master Master Admin’ Account.

Welcome back! How was the install?? I do this step because I want an account over top of my own user account to do higher level admin stuff. I like to do this so I can share stuff with people on a more overarching manner – including my own user account. Now, with your NC ‘master master’ admin account create a ‘working admin’ user/password which will be used for high level controls and also creating new users, etc. Just type ‘admin’ in the groups box and save the user. Once created, log out.
So just to review you will have:

  • Main Nextcloud master-master admin (for doing stuff on a purely technical basis for the cloud)
  • Master-Master account (for doing permission stuff over files and users)
  • Your account (created by Master-Master)

Log Back in as New Admin User

Self explanatory

Recreate All the User Accounts with the Admin Account You Just Created

Recreate all the user name accounts as they were before. They will have new passwords when created, or, if you are family and have their passwords you can even imput their passwords for them as they were before.

Upload the Files

If you are doing a massive upload (ie. small business with lots of files) it’s better to use a desktop client app I have found. The web interface seems to crap out if the upload is insanely large and this can cost you a lot of time. I recommend getting a laptop/desktop client setup and syncing that way.

Useful Note about super huge uploads
In the past I have found out that I was accidentally uploading to the wrong hard drive due to a setup issue. I recommend using SSH and going into your NC instance and looking at the hard drive once in a while to see if there is data going on while it’s syncing. On Ubuntu I just run this command every 3 minutes for the first 10 minutes to make sure everything is alright:

sudo du -sh /media

It will output something like:

501M /media/

Then run same command again in about 2 minutes and hopefully that 501M is much bigger. That means it’s working. If not, well then. Stop your sync and fix whatever is wrong 😉

Hope this helps and have a great day out there.