Jan 162017
 

Bimil - Auto-typeFor this version I mostly concentrated on getting auto-type working properly. Lot of bug fixes and improvements were done to it. It will work regardless of caps-lock state, added enter and tab keys, and looks on high-DPI screen have been improved; to name a few.

Start dialog has been improved too – most notable change being support for read-only files. And that doesn’t stop at start dialog as application now handles that pesky attribute without an issue.

Additional Run Command field has been added to allow for running any application directly from Bimil. It even supported environment variables (e.g. %APPDATA%) for better usability.

In any case, a new version can be downloaded either directly from application or from Bimil pages.

Jan 112017
 

While I have quite a few of my projects exposed on GitHub, I also have a private stash on my FreeBSD-based file server.

After a bit of mess-up I had to modify repository directly on server. No biggie, I connected via Putty only to be greeted with a bunch of ESC nonsense upon every Git command execution. From output it was obvious that something was wrong with ANSI color support.

Adding --no-color to each Git command helped a bit but at the cost of color. Some commands that have no support for omitting color I just redirected to tee null. But that also came in black and white only.

After a while I noticed a pattern – Git commands that needed paging were messy while simple ones showed color just fine. On a whim I set Git pager to less:

# git config --global core.pager less

And it worked – despite the fact less is generally a Git’s default to start with.

My best guess is that package I installed doesn’t agree well with my environment and that a few switches might actually solve it without Git reconfiguration. However, this worked and I had no will to continue chasing the rainbow any more. :)

Jan 062017
 

Few posts ago, I have gone over the procedure needed to get OpenVPN going. However, what about SSTP-based VPN?

This guide is going to assume you are to enter commands into the New Terminal window from WinBox. That way I will simply repeat commands needed instead of going through the screens. Commands are actually quite descriptive and easy to “translate” into GUI actions if that is your preference.

Prerequisite for any VPN server is to get certificates sorted. Procedure is exactly the same as for OpenVPN server setup with the slight difference being that common-name really matters. It must match either external IP or external host name – no exceptions.

For completeness sake, I will repeat the certificate creation steps here:

/certificate
add name=ca-template common-name=example.com days-valid=3650 key-size=4096 key-usage=crl-sign,key-cert-sign
add name=server-template common-name=*.example.com days-valid=3650 key-size=4096 key-usage=digital-signature,key-encipherment,tls-server
add name=client-template common-name=*.example.com days-valid=3650 key-size=4096 key-usage=tls-client

sign ca-template ca-crl-host=127.0.0.1 name=ca-certificate
sign server-template ca=ca-certificate name=server-certificate
sign client-template ca=ca-certificate name=client-certificate

Depending on your router’s speed, that sign command might time-out – nothing to worry about – just wait for CPU to drop below 100%. Or alternatively check the name of certificate – template part will disappear once signing is completed.

For later shenaningans, we will need root certificate export (just move it somewhere on your computer afterward):

/certificate
export-certificate ca-certificate export-passphrase=""

Next we need a IP address pool for clients. I will assume you have your clients in some other network (e.g. 192.168.1.x) and this new network is just for VPN (notice that it can be the same pool as one used for OpenVPN):

/ip
pool add name="vpn-pool" ranges=192.168.8.10-192.168.8.99

Instead of editing the default encrypted profile, we can create a new one. Assumption is your Mikrotik will also be a DNS server. And while at it, you can create a bit more imaginative user/password (again, if you did this for OpenVPN server, you can just reuse the same profile and user):

/ppp
profile add name="vpn-profile" use-encryption=yes local-address=192.168.8.250 dns-server=192.168.8.250 remote-address=vpn-pool
secret add name=user profile=vpn-profile password=password

Finally, we get to enable SSTP VPN server interface – first step that is actually needed if you already have OpenVPN server running:

/interface sstp-server server
set enabled=yes default-profile=vpn-profile authentication=mschap2 certificate=server-certificate force-aes=yes pfs=yes

One curiosity is force-aes flag that is officially listed as not working with Windows clients. I’ve tested it on Windows 7 and 10 without any issues. You can clear it if you play with something older.

With this, our SSTP VPN server is up and running – onto the client setup!

For client we first need to import our certificate authority and we need to do it a bit roundabout way. First we start MMC (Microsoft Management Console) and to it add Certificates (File->Add/Remove Snap-in). When asked select Computer account for Local Computer and find Trusted Root Certification Authorities. Right-click on it will show Import to which we give certificate we’ve exported a few steps ago.

In the Network and Sharing Center now we can go and Set up a new connection. When asked we just select Connect to a workplace and write destination host name (or IP). Remember that it must match certificate common-name (or a matching wildcard) you gave to your server certificate.

If all steps went fine, you should be presented with user name / password prompt and off you go.

PS: Do not forget to adjust firewall if necessary (TCP port 443).

Jan 012017
 

As before, the first post of (UTC) 2017 is reserved for some stats.

The most notable update this blog saw was a move from jmedved.com to medo64.com domain. It came on a whim and without too much trouble.

In regards to posts this year, there we 69 of them – again a few more then the year 2015. As my plans were to keep up a post every six days, I cannot be dissatisfied. For this year, I will aim for five and let’s see what happens. :)

The most posts were in the electronics category (14%) closely followed by general updates (13%). Programming got 12% as did Mikrotik – something I started playing with again after a while. Lastly we have the Linux category at 10%.

I got a bit lazy with YouTube channel and all chances are that this’ll continue in 2017. Making even a single video simply takes time and that is one thing I rarely have.

Traffic-wise it is annoyingly hard to tell as I changed domain mid-year. Yes, I could spend some time and consolidate numbers but I cannot be bothered. Based on random month selection, traffic is in the same ballpark and that is good enough for me.

For the first time slightly more than 50% of readers is using Chrome, and Firefox is a distant second with 20%. Somehow Internet Explorer is still third at 15%. Safari is further away still at 6% and I cannot believe crappy Edge has almost 3%. I guess Microsoft’s practice of making it default with every Windows update kinda works. Either that or 3% of my readers have lost their mind.

20% of my traffic comes from USA, with Russia at second place with 10%. This is really a surprise to me as Russia wasn’t even in the first 10 previous years. Closer look at sources shows this is probably just due to Russian spam-bots as in the first 10 I could verify only a single source. Germany is thus third at 8%. United Kingdom, France, Japan, and India share the fourth place at 4% each.

Total of 196 countries visible in my logs is again down from the 207 last year – I am losing countries left and right. My favorite single-visit country was definitely São Tomé & Príncipe which gets extra style points for its Unicode rich name.

All the best in 2017!