Link: How To Setup a VPN in Ubuntu using OpenVPN

We love Linux and we love it for its open source nature, security, and powerful tools. There are a lot of free as well as commercial VPN solutions available for Ubuntu. We are not going to list or rank all the top VPN providers. We don’t necessarily want to rank them simply because users choose their VPN provider based on their personal requirements. If you want an US VPN service, you should look for the best US VPN service that supports OpenVPN. The intent of the article is to help newbies configure and use their favorite VPN service without going back and forth in Ubuntu community forum and embarrass oneself before the rather patronizing users.

Full article here:
How To Setup a VPN in Ubuntu using OpenVPN (Linuxaria)

Link: 10 URLs That Every Google User Should Know

Where can you get a list of every ad that you have clicked on Google? Where should you go if you don’t remember your administrator password? What are your interests as determined by Google?

Here are 10 important links that every Google user should know about. They are tucked away, somewhere deep inside your Google dashboard.

Full article here:
10 URLs That Every Google User Should Know (Digital Inspiration)

Link: How to spoof the MAC address of a network interface on Linux

A 48-bit MAC address (e.g., 08:4f:b5:05:56:a0) is a globally unique identifier associated with a physical network interface, which is assigned by a manufacturer of the corresponding network interface card. Higher 24 bits in a MAC address (also known as OUI or “Organizationally Unique Identifier”) uniquely identify the organization which has issued the MAC address, so that there is no conflict among all existing MAC addresses.

While a MAC address is a manufacturer-assigned hardware address, it can actually be modified by a user. This practice is often called “MAC address spoofing.” In this tutorial, I am going to show how to spoof the MAC address of a network interface on Linux.

Full article here:
How to spoof the MAC address of a network interface on Linux (Xmodulo)

Link: Browse Internet as Nobody knows what you are doing, Simple SOCKS Proxy setup under Linux

As you may know ISPs can see those links you visit from your devices while using their service, this thing bother me and many users who knows about this stuff. Simply we can use SOCKS proxy using SSH. This approach is useful to surf web because things will be encrypted and your local administrator or ISP won’t be able to see what you are doing, they just can see encrypted packets are floating. 🙂

Also this method won’t eat much of your bandwidth but a little difference you may notice while testing your bandwidth using speedtest tools.

Full article here:
Browse Internet as Nobody knows what you are doing, Simple SOCKS Proxy setup under Linux (NoobsLab)

Link: OpenVPN on DD-WRT: A Secure Connection To Home Networks

Since the demise of the free LogMeIn service, you might have lost access to your home PC. Fortunately, with the right router, and a little bit of time, you can gain free access to your home machines very easily with OpenVPN. This guide I’ve written for the DSLReports.com community will focus primarily on OpenVPN running on DD-WRT, but should apply almost equally to “TomatoVPN” firmware, or newer Asus routers which include it (I would also recommend checking out “Tomato by Shibby” — as this looks to be some great firmware for those with supported hardware).

Full article here:
OpenVPN on DD-WRT: A Secure Connection To Home Networks | DSLReports, ISP Information (DSLReports.com)

Link: How to use sshfs (Secure Shell FileSystem) to Mount Remote Directories Locally

Sshfs is a file system for operating systems that have FUSE (Filesystem in Userspace) implementation. Examples of such operating systems are Linux, Mac OS X and FreeBSD but not limited to these. SSHFS is a great tool as it enable a user to mount remote directories on the local machine securely. The SSH protocol encrypts the connection between the local and remote machine. This makes it difficult for a third party to see the files being exchanged between the two machines on the network.

Full article here:
How to use sshfs (Secure Shell FileSystem) to Mount Remote Directories Locally (LinOxide)
Related:
SSHFS (Secure SHell FileSystem) for Mounting Remote Linux Filesystems (Tecmint)
Mount Remote Filesystems Over SSH Using SSHFS (Unixmen)
SSHFS in Linux (Linux/Vmware Solutions)
Linux Terminal: sshfs, Remote directory over ssh (Linuxaria)

Link: How To Set Up Unlocator DNS Under Linux To Access Netflix, Hulu, CBS, ABC, Pandora and More Outside The US

Tunlr, a free DNS service that allowed its users to access US-based on-demand Internet streaming providers from outside the US, was shut down recently.

For those who are looking for a reliable alternative, there’s Unlocator, a similar service that you can use to watch Netflix, Hulu, CBS, MTV, PBS, ABC, Pandora and more no matter where you live.

The service is free to use while in beta (I’m not sure when it will be out of beta) and once it leaves the beta, it will cost $4.95 / month.

At the time I’m writing this article, Unlocator supports 78 services, including: Netflix, Hulu, Pandora, ABC, AMC, BBC, CBS, Channel4, Discovery Channel, ESPN, Fox, HBO Go, MTV, NBC, PBS, Showtime, TV.com, VEVO, USA Network, VH1 and others. A complete list can be found HERE.

While Unlocator works as advertised, there is one issue: using the Unlocator DNS permanently is not a good idea for privacy/security reasons, speed and so on. For this reason, I’ve adapted the instructions for Tunlr I wrote a while back on WebUpd8, for Unlocator.

Full article here:
How To Set Up Unlocator DNS Under Linux To Access Netflix, Hulu, CBS, ABC, Pandora and More Outside The US (Web Upd8)

Link: 2 Ways to Stop Websites from Hijacking Your Webcam and Microphone in Chrome

For anyone concerned about their privacy online, a significant security risk concerning your computer’s webcam and microphone has been recently discovered in the Chrome web browser. The risk – a default setting that will give a website open access to your computer’s microphone and webcam if you give it access just once.

This of course can open up the floodgates to all sorts of unsavory activity by unsavory individuals; namely websites taking advantage of this setting by turning on your microphone and webcam with you having no idea, even sometimes installing a hidden widget that activates these media devices if a certain word is said. Fortunately, it’s easy to turn this setting off.

In this post we’ll show you how to stop websites from hijacking your webcam and microphone in the Chrome web browser.

Full article here:
2 Ways to Stop Websites from Hijacking Your Webcam and Microphone in Chrome (TechNorms)

Link: How to Setup a VPN (PPTP) Server on Debian Linux

VPN-ing into your server will allow you to connect to every possible service running on it, as if you were sitting next to it on the same network, without individually forwarding every port combination for every service you would like to access remotely.

Using a VPN connection also has the upshot of, if desired, granting access to other computers on the network as if you where in it locally from anywhere across the internet.

While not the most secure of the VPN solutions out there, PPTP is by far the simplest to install, configure and connect to from any modern system and from windows specifically as the client is a part of the OS since the XP days and you don’t need to mess with certificates (like with L2TP+IPsec or SSL VPNs) on both sides of the connection.

Did i get you interested? then let’s go 🙂

Full article here:
How to Setup a VPN (PPTP) Server on Debian Linux

Why you can’t get SRTP encryption to work between Asterisk and your VoIP adapter or phone

Some recent versions of Asterisk (Asterisk 11 in particular) have built-in SRTP support of sorts. As Wikipedia notes,

The Secure Real-time Transport Protocol (or SRTP) defines a profile of RTP (Real-time Transport Protocol), intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast applications. It was developed by a small team of IP protocol and cryptographic experts from Cisco and Ericsson including David Oran, David McGrew, Mark Baugher, Mats Naslund, Elisabetta Carrara, James Black, Karl Norman, and Rolf Blom. It was first published by the IETF in March 2004 as RFC 3711.

In simple terms, SRTP encrypts the audio of your VoIP calls, making it much more difficult for anyone with a packet sniffer to listen in.

Let’s say you have an Android-based tablet and you are running CSipSimple. If you have configured it as an extension off your Asterisk 11 server, and you turn SRTP on in the security settings, you will likely find that outgoing calls work fine but incoming calls do not.  The reason is that you need to add one line to the extension’s configuration settings in Asterisk:

encryption=yes

If you are using FreePBX then it’s only a bit more complicated.  You’d need to add two lines to the /etc/asterisk/sip_custom_post.conf file:

[####](+)
encryption=yes

Replacing #### with the extension number. Once you have done this and reloaded Asterisk, it will only communicate with the endpoint using SRTP.

BUT there is one problem here.  With some other VoIP devices and softphones, once your have enabled SRTP, any attempt to place an outgoing call will not work.  And, if you watch the Asterisk CLI, you may see lines similar to this:

[2013-12-19 08:18:57] NOTICE[2949][C-000005e9]: sip/sdp_crypto.c:255 sdp_crypto_process: Crypto life time unsupported: crypto:1 AES_CM_128_HMAC_SHA1_80 inline:6aV+PFYMnVJVUZuxug9EM5yefPnfOrNhHcKLSABE|2^20
[2013-12-19 08:18:57] NOTICE[2949][C-000005e9]: sip/sdp_crypto.c:265 sdp_crypto_process: SRTP crypto offer not acceptable
[2013-12-19 08:18:57] WARNING[2949][C-000005e9]: chan_sip.c:10454 process_sdp: Rejecting secure audio stream without encryption details: audio 17100 RTP/SAVP 0 8 18 104 101

The problem is that in Asterisk, “any SRTP offers that specify the optional lifetime key component will fail”, as is detailed in this submitted patch to Asterisk:

(ASTERISK-17899) [patch] Adds a ‘ignorecryptolifetime’ (Ignore Crypto Lifetime) option to sip.conf for SRTP keys specifying optional ‘lifetime’

If if the device or softphone had a setting to disable sending the lifetime parameter, it probably would work. If users would go through the trouble of applying this patch to Asterisk, it would probably work, but many users either don’t know how to do that, or they are running a pre-built distribution and don’t want to or cannot tamper with it (also, any upgrades to Asterisk thereafter would require re-application of the patch). If Digium would apply this patch to Asterisk and push it out in upgrade releases, it probably would work. But for whatever reason, though this patch was first posted back in May of 2011, Digium has not seen fit to roll it into Asterisk.

So, this may very well be the reason, or at least one of the reasons, why you can’t get SRTP encryption to work between Asterisk and your VoIP adapter or phone! Basically, your VoIP device or softphone and Asterisk just don’t want to play nice with each other.

We’ve heard that some other varieties of PBX software, such as FreeSWITCH, might not have this issue, but since we don’t have a working FreeSWITCH installation at the moment we cannot comment on that.