A friend put me onto AWS – Amazon Web Services. I had known about it for some time, but had not dabbled in it because I thought it would be too expensive. As of November last year though, Amazon, obviously aware that many people see their web services this way, decided to make a free use tier for basic testing and small production use.

So, I setup OpenVPN on an Ubuntu server micro-instance in the Asia Pacific region of Amazon AWS. I followed the instructions located here to setup the keys and certificates for the server and some local clients. At this stage I am only using the basic tunneling interface, I do plan to try the alternative TAP interface though, which would allow me to bridge my workstation at home with my mobile Internet tablet, the Nokia N900.

I found that using the sample configuration files from the OpenVPN HOWTO was the quickest way to get up and running. Apart from defining the necessary PKI files, These are the things I changed:

• For the server configuration. set or change the following options

push "redirect-gateway"
push "dhcp-option DNS 172.16.0.23"

• For the Nokia N900 client configuration, The DNS must be directed away from the internal proxy on the tablet. add this to the end:

script-security 2
up /etc/openvpn/maemo-update-resolvconf
down /etc/openvpn/maemo-update-resolvconf

• The server must have masquerading enabled as well for the VPN IP range. This involves using the following rules in iptables:

*nat
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/24 -d 0.0.0.0/0 -o eth0 -j MASQUERADE
COMMIT

• On Ubuntu 10.10 server, one can use “sudo iptables-apply rulesfile.txt” to apply the above ruleset. You may want to add this to a startup script in /etc/init.d – perhaps the openvpn startup script.

That covers the basics and gets me a faster, more open Internet connection from my mobile 3G tablet in China.

Please note that setting up a micro instance in AWS Console is fairly easy, I suggest you be careful not to choose a large image if you want to remain within the 10Gb free limit of Elastic Block Storage. The firewall will need to be opened up for port 1194 as well as the standard ssh.

Tags: International, Mobile, Technology by Corley
No Comments »

I wish I could say I found this in a butcher’s shop but alas, no. This was in a bakery that’s just opened nearby. Great bakery, run by an older lady, Macbeth I think her name is.

Tags: International, Mobile by Corley
No Comments »

The New York Times had some great photos of chinglish recently. Here is another classic I snapped today.

Tags: International, Mobile by Corley
No Comments »

Exploding cars please use other exit.

Tags: International, Mobile by Corley
No Comments »

A nice example of a hu-tong (胡同) pathway in Beijing, I took this near DaWangLu which is an expensive area showing the close contrasts in Beijing. I think that maybe the original wheel.

Tags: International, Mobile by Corley
No Comments »