DD-WRT – Block Traffic When the VPN Conection Fails

I did a bunch of research and testing and found a solution for a hardware like kill switch within DD-WRT. This is where you want to basically block traffic when the VPN conection fails or gets blocked for many reasons.

This was some of the things I tested for:

1. When the OpenVPN process dies all LAN/wireless traffic will not leak to the WAN port and bypass the VPN tunnel.
2. When the router boots up LAN/wireless traffic will not leak to the WAN port and bypass the VPN tunnel.
3. When OpenVPN is blocked downstream, ex. blocking UDP 1194, LAN/wireless traffic will not leak to the WAN port and bypass the VPN tunnel.
4. Unplugging/plugging any port on the router will not cause LAN/wireless traffic to leak to the WAN port and bypass the VPN tunnel.

I use a regular router, router #1, downstream (Fios router from Verizon) and use DD-WRT, router #2, only when I want to use the VPN. I connect the WAN port of the DD-WRT router into the LAN port of the Fios router. I then manually connect devices which I want to use the VPN into the LAN ports OR associate them with the wireless AP in the DD-WRT router.

If you only wanted to use one router and not two as I have described above, then you would need to use a policy based solution where some devices would tunnel over the VPN and other you could selectively allow to bypass the VPN. See my comments at the very end for this solution.

These are the firewall commands I added to my WZR-HP-G300NH v1 router (ADMINISTRATION – COMMANDS):

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o eth1 -j DROP
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Make certain you click “Save Firewall”.

The last line is a duplicate from the OP, but doesn’t seem to cause any issue. I also own a whr-g54s which required the same above command, but eth1 was replaced with vlan1. Each router will have different interfaces, so these firewall commands might be different for your router. You can use the route command to see what interfaces you have.

This is where I found this information: https://airvpn.org/topic/4287-how-to-block-all-traffic-with-dd-wrt-if-vpn-connection-fails/

For a policy based solution where you want to allow some machines to go around the VPN, go here: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=777788

 

I double posted this on PIA forums:

https://www.privateinternetaccess.com/forum/discussion/comment/22021/#Comment_22021

Set airplane mode automatically when you are connected to WIFI (Android)

You can set airplane mode automatically when you are connected to WIFI on you favorite Android (4.2+) phone provided you have:

1. 4.2+ Android Phone

2. Root Access

3. Tasker

4. Secure Settings

General instructions here:

https://groups.google.com/d/msg/tasker/HgjCbDOvGp4/DexKczO4d3YJ

This is not for novice users. Gaining root access and using Tasker/Secure Settings is not an easy path.

JW6 HTML5/Flash (JW Player 6 self-hosted) setup for Blogger.com and WordPress.

NOTE: I have included examples for cloud AND self-hosted player setup.

I found some help here http://www.bloggerjourney.com/2013/01/how-to-embed-jw-player-in-blogger-to.html

Blogger.com setup:

Settings->Template->Edit HTML->

NOTE: I disable mobile templates as JW player doesn’t work well in Mobile mode. It’s right next to the “Edit HTML” button from above.

Go to the top and find </head>

Paste your JW code directly above </head>

ex. cloud-hosted player:

<script src=”http://jwpsrv.com/library/bunch-of-numbersXXXXXX.js”></script>

NOTE: You will need to substitute “bunch-of-numbersXXXXXX” with the correct URL/INFO found in your JW Player account/dashboard.

ex. self-hosted player:

<script type=”text/javascript” src=”http://mywebsiteexample.com/jwplayer/jwplayer.js”,</script>
<script type=”text/javascript”>jwplayer.key=”my key code goes here”;</script>

NOTE: You will need to substitute “http://mywebsiteexample.com/jwplayer/jwplayer.js” with the absolute path where the self-hosted player is located. Also, “my key code goes here” is found in your JW Player account/dashboard.

Save the template.

Now create a post and use the HTML edit. Here is an example:

<div id=’mediaspaceaaaa’>Loading the player…</div>
<script type=’text/javascript’>
jwplayer(‘mediaspaceaaaa’).setup({
file: ‘http://mywebsiteexample.com/movies/aaaa.mp4’,
image: ‘http://mywebsiteexample.com/movies/aaaa.jpg’,
width: 430,
height: 241
});
</script>

You will need to clearly substitute, “mediaspaceaaaa”, “http://mywebsiteexample.com/movies/aaaa.mp4”, “http://mywebsiteexample.com/movies/aaaa.jpg”, and the personal preference for the width and height.

NOTE: The downside here is that the WYSIWYG-compose tab will NOT work in Blogger since the <main></main> is not processed. So the only way you will see your video is by posting the post as public. The exception being the cloud-hosted player will show in the preview view, but not the self-hosted player. Oh well. Maybe someone can chime in here.

Lastly, WordPress (WITHOUT a plugin):

NOTE: I do NOT add the self/cloud hosted code/script to the <main> HTML. I added it to the beginning of each post, but only once, the top as you might have 3 videos in one post 🙂

Make a new post, here is the HTML ex.

ex. cloud-hosted player:

<script src=”http://jwpsrv.com/library/bunch-of-numbersXXXXXX.js”></script>

NOTE: You will need to substitute “bunch-of-numbersXXXXXX” with the correct URL/INFO found in your JW Player account/dashboard.

ex. self-hosted player:

<script type=”text/javascript” src=”/jwplayer/jwplayer.js”></script>
<script type=”text/javascript”>jwplayer.key=”my key code goes here”;</script>

NOTE: You will need to substitute “/jwplayer/jwplayer.js” with the relative path to the file on your local WordPress install/machine or absolute path (http://mywebsiteexample.com/jwplayer/jwplayer.js) if the file is located on another site/machine. Also, “my key code goes here” is found in your JW Player account/dashboard.

<div id=”mediaspaceaaaa”>Loading the player…</div>

<script type=”text/javascript”>
jwplayer(“mediaspaceaaaa”).setup({
file: “/stuff/movies/SANY0315.flv”,
image: “/stuff/movies/SANY0315.jpg”,
width: 500,
height: 281
});
</script>

You will need to clearly substitute, “mediaspaceaaaa”, “/stuff/movies/SANY0315.flv”, “/stuff/movies/SANY0315.jpg”, and the personal preference for the width and height.

You will notice that the URLs for both “file” and “image” are relative. This URL is relative because the files are hosted on the same WordPress machine, otherwise you would need to provide the absolute full URL path, ex. “http://mywebsiteexample.com/stuff/movies/SANY0315.flv”

Here is some more embedded code examples:

http://www.longtailvideo.com/support/jw-player/28839/embedding-the-player

Lastly, if you intend to use HTML5 video, the safest codec/containers is mp4 H.264 with AAC audio. Make certain your mp4 file is “web optimized” (Handbrake) or faststart is enabled (FFmpeg). These encoders need the metadata at the beginning of the file:

There are utilities and encoders which will do this for your.

FFmpeg will need “-movflags faststart”

External utility: http://renaun.com/blog/2010/06/qtindexswapper-2/

Lastly, you need to set <!DOCTYPE html> to prevent triggering IE’s quirks mode, but blogger already has this set.

http://www.longtailvideo.com/support/jw-player/28840/troubleshooting-your-setup

WordPress Comment Spam and Disqus

Delete wp-comments-post.php from the base directory of your WordPress installation when using the Disqus plugin.

Sadly, this will need to be done each time WordPress is upgraded or reinstalled.

This script should be disabled by default and automatically when any other comment system is being using in WordPress. I guess the is a feature request.

http://beta.beantin.se/wordpress-comment-spam-disqus/

Thanks James!

Handbrake Retain/Keep Interlaced Video h.264/x.264 for Encoding

Interlaced handbrake 0.9.8 support:
1) set to dvd preset
2) add :tff OR :bff in the advanced tab, put at end (append).
3) turn off all filters: set to off, set fps to same as source and constant.
Use mediainfo and set to sheet to find if tff or bff
4) feel free to set resolution, etc

This will allow your TV or device to perform the de-interlacing which is far superior than removing half the motion resolution as 98% people and/or software encoders do by default.

Inspired by:
http://www.hardwareheaven.com/audio-video-editing-encoding/218040-encoding-interlaced-source-into-interlaced-x264-format.html

Slingbox Remote Files for Popbox 3D

Here are the files you will need to add a custom remote to your Slingbox/Slingplayer so that you can control your Popbox 3D remotely 🙂

http://www.hifi-remote.com/forums/dload.php?action=file&file_id=9810

As discussed here:

http://www.hifi-remote.com/forums/viewtopic.php?p=98070#98070

Install the files with these directions:

Here.

Cross posted from: http://forum.popbox.com/showthread.php?tid=1336

Instructions for PBXes.org, Google Voice, and Sipdroid with a Google Apps Account

This was driving me crazy!

ATTN GOOGLE APPS CUSTOMERS: You need to manually add a temporary gmail account to your android phone (This would be under settings -> “Accounts & sync”, “Add account” -> “Google” -> “Next” -> “Create” -> etc…). Once that happens, you will see the button on the home screen of sipdroid to configure your PBXes account.

Use your temporary gmail account username and password. You will ALSO need to select a username for PBXes.org.

Once this process completes, you will now be able to use outbound calling ONLY since your temp account will NOT have a Google voice number, but who cares, keep reading…

Log into PBXes.org with your username you selected on registration an the password from your temp gmail account, re-read that twice.

Once you are in, select “trunks” from the left menu and click on “GTALK/tempgamail@gmail.com. From there, change your username and password from the temp gmail account to your Google apps account. Click “Submit Changes”.

From there you may have to reload Sipdroid, but outgoing and incoming calls should work fine. Be certain that Google Chat (your google apps mail address) is selected/enabled as a forwarded phone (inside Google Voice web portal) in order for inbound calling to work on Sipdroid.

Feel free to delete your temporary gmail account from Google’s site AND remove the account from your android phone as a sync account. This would be under settings -> “Accounts & sync”, select the temp gmail account, and touch “Remove account”. Cheers.

Info from here:
http://androidforums.com/android-applications/252222-free-voip-calling-using-google-voice-sipdroid.html#post2152875 Thanks grimlock
and
http://code.google.com/p/sipdroid/issues/detail?id=753#c8
and
http://androidforums.com/android-applications/252222-free-voip-calling-using-google-voice-sipdroid-4.html#post2447641

Roku XDS Component Cable

Thanks to a Roku forum user for this one:

Part number CRE-ZVM-AV-STR sold from ITDirec ships for less than $4.00.

It’s a Creative Zen video cable, but the pin out is the same as the pricey component cable sold from Roku.

The original post is here.

You will need to plug the cables in according to this chart:

The RED RCA jack goes to Y or GREEN RCA input
The WHITE RCA jack goes to Pb or BLUE RCA input
The YELLOW RCA jack goes to Pr or RED RCA input

The above chart and cable are just for component video. You will also need to use either the RCA stereo audio cables that came with your XDS or connect to your TV or receiver with your own digital audio cable.

Pinout information here is:
1 = Ground, 2 = Red, 3 = Blue, 4 = Green. Also verified that it is the same as the component cable supplied with the WD TV Live and Live+ units. For reference, pin 1 being closest to the jacket and pin 4 being the tip of the jack.

See picture and more information on the pin out here: