Archive

Archive for the ‘programming’ Category

Setting up a Windows VPN Server on Azure

June 8, 2014 3 comments

I recently decided that I wanted to secure all of my network traffic using a VPN. Just search for Edward Snowden and you will come up with a few reasons why a VPN connection is a good idea these days. I am going to set mine up in Azure – just because. If you want to get a VPN connection, I would recommend buying a monthly service instead because it will be cheaper probably offers more features as well. In fact, there was a slickdeals deal just a couple of days ago for ~$5/month. The VPN server I will be setting up in Azure will run you about ~$67/month and so its really a no-brainer. This also gave me an opportunity to learn more about Azure features. So, here goes.

Setting Up A Virtual Network

The VPN server you will create later in the tutorial will be placed inside this network and the network will act as the private address space for VPN clients.

    1. Login to Azure and click on the Networks tab in the menu.
    2. Click New->Network Services->Virtual Network->Quick Create
    3. Enter the settings that you would like for the network. Here’s a look at mine.

virtual_network

Launch a Windows Server

Now we’ll setup the Windows machine that will act as the VPN server.

  1. Start by going to the Virtual Machines tab and click on New->Compute->Virtual Machine->From Gallery.
  2. Select Windows Server 2012 R2 Datacenter for the image
  3. In the first VM configuration page, give the server a name and set a username and password to remote desktop to the server. I am going to setup my server as an A1 size image. You can choose a bigger size if needed.
    vm_config
  4. In the second VM configuration page, there are a few settings that you need to change.
  5. For Region/Affinity Group/Virtual Network, choose the virtual network that we created earlier. I will choose the testVpnNetwork that I created.
  6. Add a new endpoint to the server. Name it SSTP and allow TCP port 443. This is required because we will be using the SSTP protocol for the VPN connection.
  7. Your page should look something like this.
    vm_config2
  8. Click the check box to create the server.
  9. Wait until the server is up and running and then click on connect and open the rdp file to remote desktop to the server.

Setting Up Remote Access on Windows Server

Setup Remote Access just like you would on any other windows server. It is well documented and this blog was helpful when I was setting this up. I’ll go through the important steps here.

  1. Add the Remote Access role to the server. On the Server Manager dashboard, select Add Roles and Features.
  2. Click Next until you hit the Server Roles page. Check Remote Access and click Next.
  3. In the Roles Services page, click Direct Access and VPN(RAS). Click Add Features on the popup window. Also check Routing.
  4. Then continue clicking Next and finally Install.

While you are waiting for that to finish, you need to setup the SSL certificate that will be used to secure the VPN connection. Azure automatically provisions a certificate on each VM and installs it in the personal certificate store of the Local Machine. It is a self signed certificate but it is good enough for our purposes. But since it is self-signed, it won’t be trusted by your windows client PC and so you will need to copy the cert and install it on your windows PC as a trusted certificate. We’ll do that now.

  1. Open MMC by clicking start and typing mmc.exe.
  2. Add the certificates snap in. File->Add/Remove Snap in and choose certificates and Computer Account.
  3. If you look in the Personal certificates store, there should be a single certificate there and it will have the same name that you gave your cloud service in Azure when you were setting up the server. My certificate is named testWinVpnServer.cloudapp.net.
  4. Right click on the certificate and choose All Tasks->Export. Export as a cer and save the file. You need to transfer it to your local windows pc by emailing it to yourself or transfer the file through remote desktop itself.
  5. Once the file is on your local machine, double click on it and click on Install certificate. Install it into the Local Machine and select Place all certificates in the following store and choose Trusted Root Certification Authorities. Click Next and Finish.

Go back to the Remote Access installation wizard and hopefully it is now complete. Click on the Open Getting Started Wizard to configure Remote Access.

Configuring Remote Access

  1. Choose Deploy VPN only. DirectAccess makes it easy such that your corporate website request goes through the VPN network and your netflix stream goes through your local internet. We want everything to go through the VPN network and so we will deploy only VPN.
  2. In the Routing and Remote Access windows that opened, right click on the server and select Configure and Enable Routing and Remote Access.
  3. Choose custom configuration and check VPN access and NAT. Then Finish.
  4. Hit Start Service to start the service
  5. Once its running, right click on the server name again and choose Properties. Then under the security tab, under SSL certificate binding, choose the certificate ending in cloudapp.net.
  6. Click on the IPv4 tab. Here you will setup the VPN server to assign IP addresses to clients from a static pool since there is not DHCP server available.
  7. Under IPv4 address assignment, choose Static address pool and click on Add.
  8. Enter an IP address range that is within the subnet you configured in Azure. I’ll choose 10.0.0.100 to 10.0.0.200.
  9. Hit OK and you may need to restart the service.
  10. Now right click on the NAT option under the Server Name and select New Interface.
  11. Select Ethernet2. Then choose Public Interface connected to the Internet and check Enable NAT on this interface. I chose Ethernet2 here since that is the network that is connected to the internet on my server. On your server, it might be named something else but most probably not.
  12. Hit OK.
  13. You need to give the Adminstrator user permission to connect using VPN. You can do that in MMC. Open it my searching for mmc.exe.
  14. Click Add/Remove Snap-in and select Local Users and Groups.
  15. Select the users tab and then right click on your user and select properties.
  16. Select the Dial-in tab and under Network Access Permission, select Allow Access.
  17. You now have the server setup. Let’s get the client setup as well.

Setting Up Windows 8.1 Client for VPN

  1. Open the Network and Sharing center. Just open start and search for it.
  2. Click Setup a new connection or network.
  3. Choose Connect to a workplace.
  4. Click Use my internet connection.
  5. Enter the cloud app service url. For me it is, testWinVpnServer.cloudapp.net. Go to Azure->Cloud services to find out the url.
  6. Give the connection a name and click Create.
  7. Click on change adapter settings from the Network and Sharing Center.
  8. Find the VPN adapter you just created.
  9. Click on the Security tab.
  10. Select Secure Socket Tunneling Prototol (SSTP) for Type of VPN.
  11. Select Require Encryption for Data Encryption.
  12. Hit OK.
  13. You can right click on the adapter and choose Connect to connect to the server. You will need to enter the same credentials you used to login to the server.
  14. Here’s look at my settings.

client_settings

And there you have it. You are now connected to your very own VPN service. You can test it by searching whatismyip on bing and verify that the IP address matches the Virtual IP of the VPN server. Note that using a VPN server can drastically impact your network speeds. Here’s a comparison on my home network.

norm_speedvpn_speed

 

That’s right! Whooping >50% slower. Maybe I won’t have it connected all the time…hmm.

Advertisements

Using the AWS flow framework in a Maven project

September 18, 2013 2 comments

Recently, I’ve had to use the SWF flow framework for Java for an existing project using Maven. The developer guide and online examples only talk about using Eclipse and Ant and so I had to do some googling to find out how.

I wasted a lot of time looking into Aspect Oriented Programming (AOP) and finding out that Netbeans doesn’t support it and then trying to use the maven-processor-plugin. But in the end it turned out pretty simple and easy. The solution was more or less given in this stack overflow answer. But that goes into more background detail than necessary. I just wanted to get the basic steps to get going and I’ve copied it here.

        1. Install the AWS JAVA SDK – download from http://aws.amazon.com/sdkforjava/
        2. Install the flow framework jar with maven using the following command. You must run this command from the lib folder of the AWS SDK installation folder which will contain the aws-java-sdk-flow-build-tools jar file.
          mvn install:install-file -Dfile=aws-java-sdk-flow-build-tools-<version>.jar -DgroupId=com.amazonaws -DartifactId=aws-java-sdk-flow-build-tools -Dversion=<version> -Dpackaging=jar 
        3. Add the following dependencies to your project pom. Note that I’ve put the versions that I’m currently using. If you’ve moved to a newer version, then use that version number. The versions here have been tested as working.
          <dependency>
           <groupId>junit</groupId>
           <artifactId>junit</artifactId>
           <version>4.11</version>
           <scope>test</scope>
           </dependency>
           <dependency>
           <groupId>com.amazonaws</groupId>
           <artifactId>aws-java-sdk</artifactId>
           <version>1.5.5</version>
           </dependency>
           <dependency>
           <groupId>org.aspectj</groupId>
           <artifactId>aspectjrt</artifactId>
           <version>1.7.3</version>
           </dependency>
           <dependency>
           <groupId>com.amazonaws</groupId>
           <artifactId>aws-java-sdk-flow-build-tools</artifactId>
           <version>1.5.5</version>
           </dependency>
           <dependency>
           <groupId>org.freemarker</groupId>
           <artifactId>freemarker</artifactId>
           <version>2.3.18</version>
           </dependency>
           <dependency>
           <groupId>log4j</groupId>
           <artifactId>log4j</artifactId>
           <version>1.2.17</version>
           </dependency>
          
        4. The last piece of the puzzle is to put together the build so that the aspject weaving takes place at the right build step. Configure your pom build section like so:
              <build>
                  <plugins>
                      <plugin>
                          <groupId>org.codehaus.mojo</groupId>
                          <artifactId>apt-maven-plugin</artifactId>
                          <version>1.0-alpha-5</version>
                          <executions>
                              <execution>
                                  <goals>
                                      <goal>process</goal>
                                  </goals>
                              </execution>
                          </executions>
                      </plugin>
                      <plugin>
                          <groupId>org.codehaus.mojo</groupId>
                          <artifactId>aspectj-maven-plugin</artifactId>
                          <version>1.5</version>
                          <configuration>
                              <aspectLibraries>
                                  <aspectLibrary>
                                      <groupId>com.amazonaws</groupId>
                                      <artifactId>aws-java-sdk</artifactId>
                                  </aspectLibrary>
                              </aspectLibraries>
                              <complianceLevel>1.6</complianceLevel>
                              <showWeaveInfo>true</showWeaveInfo>
                              <verbose>true</verbose>
                              <sources>
                                  <source>
                                      <basedir>${basedir}/target/generated-sources/annotations</basedir>
                                  </source>
                                  <source>
                                      <basedir>src/main/java</basedir>
                                      <includes>
                                          <include>**/*WorkflowImpl.java</include>
                                          <include>**/*ActivitiesImpl.java</include>
                                      </includes>
                                  </source>
                              </sources>
                          </configuration>
                          <executions>
                              <execution>
                                  <goals>
                                      <goal>compile</goal>
                                      <goal>test-compile</goal>
                                  </goals>
                              </execution>
                          </executions>
                      </plugin>
          
                  </plugins>
              </build>
          
        5. And that’s it. You are done!

I use Netbeans and netbeans automatically takes care of showing the generated source files as part of the IDE and adding them to the buildpath.

A little back story

I followed through pretty much the instructions on the stack overflow answer and that was enough to get me started. Then I added an activity and tried to use the ExponentialRetry annotation and things started failing. I also noticed that asynchronous methods in my test weren’t exactly being called asynchronously. I searched through the aws forums and stumbled upon this gem that led me to the current build configuration that I have now. Basically what it means is that the auto generated classes need to be generated first before the aspectj weaving takes place and you have make sure to include the autogenerated sources as part of your aspjectj weave as you can see by looking at the sources for the aspectj plugin. Also, I’m selecting my activities and workflow classes using the wildcard * selector based on my filename naming convention. You may need to change it to fit your project.

Now when you compile your project, you should see an additional step [aspectj:compile] and it will tell you which files were found to have the annotations and which annotations were processed.

GoodBye Google Reader

March 13, 2013 Leave a comment

Update: Switched to Feedly instead. It automatically syncs all of your google reader subscriptions. Easiest transition ever.

Google Reader has been one of those apps that I used several times every day. You’ll be missed. Looking for alternatives but Pulse looks very interesting and has a chrome plugin.

My stats from 5 years. Suddently realized I read a lot of news!

 

Image

Tags: , ,

WikiPublisher plugin for jenkins

March 27, 2011 Leave a comment

Sometimes, folks other than the developers are interested in the finding out about the different builds and the components (upstream projects) that are in a build. These other folks might be managers or non-programming types that don’t have access to Jenkins or are not interested in looking up things on Jenkins. They prefer to just see a website with all builds listed. This plugin attempts to satisfy that need.

We have an internal wiki site for sharing useful information and that seems as good a place as any to share information about current builds of projects. So, I’ve written the wiki publisher plugin that publishes your build name along with the names of all of its upstream builds to a wiki page you’ve configured. The names are also linked back to their corresponding build on Jenkins so that you can go from wiki to Jenkins to download artifacts or lookup changes.

This plugin is modeled after the Confluence Publisher plugin that is available for Jenkins. There are two separate configuration pages. In the global configuration page, you need to setup your list of wiki sites that you would like to publish to. I expect most will only have one site setup here but its nice to know you can add more. If your wiki site uses authentication, then you need to setup your username, password, domain for the user that Jenkins will use to publish to the wiki site. Make sure that this user has edit permission on the wiki pages. Also, I’ve only tested it against a wiki that authenticates against LDAP server. So there’s the possibility that it won’t work on other setups. One additional note of caution. Your wiki site may be using https but only use a self signed certificate. In that’s the case, then do not check the “use https” link or it won’t work.

Now that you have your wiki site setup, its time to configure your project to publish to the wiki site. Open up your project configuration page and you will see a new section to publish build results to a wiki. Here, select the wiki site your setup previously and enter the name of the page where the results are to be published. The plugin won’t create the page itself and you must go to your wiki and setup an empty page before running any builds.

This plugin uses the jwbf library for publishing to the wiki and that library has a dependency on log4j 1.2.14 or above. Unfortunately, Jenkins uses an older version and so on your Jenkins machine, you must setup the “java.endorsed.dirs” environment variable to point to a directory that contains log4j 1.2.14 or above.

Let me know if this plugin has been useful to you and thanks to the excellent Jenkins build tool.

Tags: ,

major.minor plugin for Jenkins

March 27, 2011 Leave a comment

Recently, I’ve been tasked with setting up a build environment at work and we decided to go with Hudson and now Jenkins. I think the best part of Jenkins is its extensibility in the form of writing plugins to make it do exactly what you want. So my first plugin was to change the build numbers that Jenkins uses like #1, #2 etc. to something more meaningful for our scenario and so was born the major.minor plugin.

The premise of the plugin is quite simple. In our projects, we would like to see build names of the form major.minor.revision. We use subversion for source code management and so the revision number here refers to the svn revision number. The major and the minor numbers are configured when the build is initially setup and are initialized to 1 and 00 respectively. So, the first build name might be something like 1.00.23 if the svn revision at that point happened to be 23.

At some point down the line in the project cycle, we might like to increment the minor or major number and this can be done manually after a build by using already Jenkins feature to edit the build name. Since the plugin picks up the major and minor part of the build name from the previous build of the project, subsequent builds will now have the correct major and minor sections.

Now that the build name has been changed, when you browse through the builds directory for your project, it will be hard for you to figure out which build is what because Jenkins only creates directories using the build number like #2, #3 etc. and the date/time when the build was executed. To make it easier, the plugin also creates a new symbolic link with the build name in the builds directory. Now the Jenkins UI and builds directory matches and its easier for you to get to the right build.

When you enable this plugin, you get a new configuration section for your project. In this section, you will configure a regex to match build names against. I’ve made it a regex so that it is a little bit more flexible and can be still be used even if your organization does not use a major.minor.revision format for naming builds. The important thing is that you add a capturing group in your build name regex which is used to insert the new revision number into the build name. Note that if you don’t use svn for scm, the plugin still works and inserts the build number in place of the revision number. The other configuration is for setting the initial build name for your project like 1.00.00.

The plugin also makes available a BUILD_NAME environment variable for any scripts that might need it.

Hope this plugin helps anyone looking for nicer build names and thanks to the Jenkins project for a great build tool.

The plugin source is available on Github and you are free to fork and tinker with it suit your needs.

Tags: ,

Create SVN repositories using a standard folder structure

December 10, 2009 Leave a comment

This is shell script that you can use to create all of your repositories using the same standard folder structure. You need to replace the following variables for it to run:

  1. Replace [name] with the correct username of a user who will have permissions on the repository.
  2. Replace [password] with the correct password of the user
  3. Replace yourdomain.com with the path to where your svn repositories are stored

call the script: ./scriptname reponame and it will create a new repository with the name reponame.

Here’s what the script does:

  1. The script creates the new repository folder
  2. It gives apache permissions on the folder. If you are not using apache, uncomment the line.
  3. If you are using an access file to provide fine-tuned directory permissions, you may want to uncomment the two lines that refer to access.txt. Those two lines add the new repo to the access file and gives the admin group rw permissions on the repository.
  4. It then goes and creates the standard folder structure, ie, trunk, branches adn tags folder.
#!/bin/bash
svnadmin create $1;
chgrp -R apache $1;
chmod -R g+rw $1;
#echo "[$1:/]" >> access.txt
#echo "@admin = rw" >> access.txt
svn –username [name] –password [pass] mkdir "http://yourdomain.com/svn/"$1"/trunk" -m "ADD: /trunk";
svn –username [name] –password [pass] mkdir "http://yourdomain.com/svn/"$1"/branches" -m "ADD: /branches";
svn –username [name]—password [pass] mkdir "http://yourdomain.com/svn/"$1"/tags" -m "ADD: /tags";

echo "------------------------------------------";
echo "Standard Repo Layout Created";

jQuery Formhints plugin

November 29, 2009 Leave a comment

A very simple jquery plugin for showing hints right next to form inputs. This is a jquery adaptation of the excellent javascript & css form hint script here.

I’ve made it where the form hints show up when you mouse over the input elements. You can also make a small edit to the script so that the formhints only show when the user actually clicks on an input element. Just change the “input.mouseover” to an “input.click”.

(function($){

	$.fn.formhints = function(params){
		$(":input", this).each(
				function(i)
				{
					var input = $(this);
					if(input.next("span").length > 0)
					{ // if this input element has a span next to it
						$(input.next("span")).hide();// initially hide all
						input.mouseover(function() {
							var pos = $(this).position();
							var left = pos.left + $(this).width() + 30;
							$(input.next("span")).css({'display':'inline', 'top':pos.top+'px',
								'left':left+'px'});
						});
						input.mouseout(function() {
							$(input.next("span")).css('display','none');
						});
					}
				}
		);
	};

})(jQuery);

In order to use it, the form html needs to be modified. Each input element with a hint must have an adjacent “span” element which contains the hint text that will be displayed to the user. Here’s a sample input element:

<div class="input text required">
	<label for="ScriptName">Script name</label>
	<input id="ScriptName" maxlength="200" name="data[Script][name]" type="text" />
	<span class="hint">
		Name of the script
		<span class="hint-pointer"> </span>
	</span></div>

Note the span element after the input element. It will contain the hint that will be displayed to the user on mouseover. You can apply css styles to the hint to make it look nice. I’m just reusing the hint class developed by askthecssguy for his script which looks quite nice.

Once you’ve gotten the span elements added to your form, add this one line to your page load function to get your form ready for action.

$(document).ready(function(){
	$("#formidhere").formhints();
});

And that’s it. Make sure to replace the “formidhere” with the id of your form.

Here’s the css I used for my form hint and the final result.

.hint {
  position: absolute;
  width: 200px;
  margin-top: -4px;
  border: 1px solid #c93;
  padding: 10px 12px;
  background: #ffc url(../img/hint_pointer.gif) no-repeat -100px -100px;
}

.hint .hint-pointer {
    position: absolute;
    left: -10px;
    top: 5px;
    width: 10px;
    height: 19px;
    background: url(../img/hint_pointer.gif) left top no-repeat;

}
%d bloggers like this: