CommsCentral

Adventures in Technology and the Outdoors

Hi and welcome to my site.
This site is broken into 2 parts.

The Tech Journal which is my adventures in technology and is the most active part of the site.

The other half is the Outdoor Journal which is all about my outdoors hobbies.

This main page will always show the most recent post from each half of the site. Click the links above to see more posts from the Tech or Outdoor halves of the site

Most Recent Posts


Posted In: Tech

Release of openvpn dynamodb authenticator on github!

Posted at: 2016-10-25 @ 07:59:08

Today I'm announcing the release of an authentication module for OpenVPN that uses DynamoDB as its credential store:
Check it out on github: https://github.com/adcreare/openvpn-dynamodb-authenticator

Installation is as simple as downloading the latest release of the gem file https://github.com/adcreare/openvpn-dynamodb-authenticator/releases/latest and performing the install
sudo gem install openvpn-dynamodb-authenticator-*.gem


This tool was designed specifically for AWS OpenVPN Baston hosts.

AWS best practices tell us that when we deploy a VPC we should also deploy a Baston host for remote administration and management of instances inside our VPC.

Even if you have a direct connect or VPC level VPN to your corporate datacenter or office, it is still recommended to have a Baston host for your AWS environment for a few reasons.
The day you most need you access instances inside your VPC will be the day that the corporate datacenter is having problems.
Personally I also like to seperate my administration traffic from my application related traffic. Direct connects and VPC VPN connections in my view are for that, not for administration.

Having all administration traffic running through a central host also provides a degree of auditing and control of that traffic. After all, we don't really need our Baston that much, because we shouldn't be making non-scripted manual changes to our instances, right? :)

One of the commonly suggested options, is using SSH and port forwarding. Anyone who has ever used that is sure to know why that is painful and not scalable.

My preference is to use the opensource OpenVPN TLS/SSL vpn product to provide this access.
In addition to the standard private and public keypairs required I also enforce usernames and passwords. I find users tend to expect this (even if they don't need it) and it also makes user management by the operations team simpler.

By default usernames and passwords are stored in standard linux password file, namely /etc/password for user details and /etc/shadow for the encrypted passwords and openvpn will ask the system on logon if those credentials match the ones supplied.

The trouble with this, is that managing these accounts is a pain and they are tied to the vpn server instance. This can cause issues, if that instance fails, terminates or if I want highly available Baston hosts in an autoscaling group combined with elastic load balancer. For that I need a shared credential store and hence this module was born.

OpenVPN will be configured to call this module on logon, which will check the supplied credentials against a dynamoDB table. The module supports the same format as in /etc/shadow for simple migration from an existing credential store.

I only support the newer ID 6 format for encrypted passwords used by glibc 2.7 and above, which is a sha-512 hash combined with a random salt as per crypt man page

Check it out and feel free to fork and pull and changes!



Posted In: Outdoors

Bushwalking - Blue Mountains, out to Ruined Castle from Scenic Railway

Posted at: 2008-09-23 @ 21:44:09

We had wonderful weather for our walk, not a cloud in the sky but also not too hot. Almost prefect walking weather.

I had arranged to meet everyone at the Maple Grove car park, which is just back from the Scenic Railway and normally doesn't have many cars in it. It's also close to the end of the Furber steps which was the planned walk out route.

meeting point


From the car park we walked along the Prince Henry cliff walk to Echo Point and then onto the start of The Giant Staircase. This was probably a couple of KMs and took us around 30 minutes to complete. The descent down the Giant Staircase was straight forward and done without incident while enjoying some of the great views over the Jamison valley.
Jamison Valley

The Giant Staircase sounds worse than it really is. Yes it's steep and narrow, but it's not that long. The descent for us took around 20 minutes and that was with a lot of traffic. The climb back up would take longer. I'd allow 45 minutes to an hour. Less if you're really fit!

giant staircase


Once at the bottom of the stairs we started out for the Scenic Railway which is around 3KM from the base of the Giant Staircase.
We stopped for lunch in a beautiful spot at the base of the Katoomba falls. A short distance before the base of the Scenic Railway. We even celebrated the birthday of one of the group members with cake and all! Much to his surprise.

Waterfall Jamison valley


From the base of the Scenic Railway we walked along the new(ish) boardwalk until the dirt track turn off to Ruined Castle, Golden Stairs and Landslide.

The first part of the track before the Landslide is straight forward. However, when the main fork is reached the lower one needs to be taken or you'll end up against the rock face near Malita Point. The track also cut directly through one of the coal seams in the area. The Scenic Railway was in fact built to service the mines down in the valley long before it became the tourist attraction it is now. When the mines closed up, the railway remained and continues to operate to this day. The base of the railway now has lots of exhibits and signs talking about the old mining days. If you've never been down that way before its certainly worth a look.

I also found what looks like an old mine air shaft between the Landslide and the Golden Stairs. I grabbed the torch and had a quick look in the entrance and found the cutting was almost a prefect rectangle continuing dead straight into the rock for as far as I could see. I would love to know more details if anyone out there has some knowledge about what it is and what shafts in the mountain it connects to.

I should add here just in case someone is dumb enough to get silly ideas. Mine shafts are not something that should be explored. They can be highly unstable and a real death trap for the inexperienced.

Next we came to the Landslide, which I have to say isn't the nicest of walking. Its a lot of small loose rocks which is all too easy to slip on. The path over the rock pile is sign posted with arrows and yellow panted stakes in the ground however inexperienced walkers do need to be careful, its easy to miss a few.

landslide


Once we were past the landslide its mostly flat walk, past the bottom of the Golden Stairs until the turn off to Ruined Castle. The turn off is signposted with the other track continuing on to Mt Solitary. The track up to Ruined Castle was a bit of a killer! It's got a serious climb that lasts for probably 1KM. Once past this it's mostly flat across the ridge to the castle.
From the bottom of the rocks which make up the Ruined Castle, is a short climb to the top of the rocks for the view.

Ruined Castle itself is well worth the walk, the 360 degree views over the Jamison valley are a real treat.

ruined castle



ruined castle



ruined castle


The walk back was uneventful aside from us all starting to get tired and that Landslide rock pile seeming harder on the way back! Once back at the scenic railway, we walked back up the Furber steps to the car park as we'd missed the last train out. It was starting to get dark around this time (about 6PM) but there was enough light to see us out of the valley, although we did have torches just in case we got caught. We got out of the valley, three very tired and sore walkers!

All up, we covered somewhere between 20 and 24KMs in around 6 hours which I think isn't bad going for one day!

I highly recommend the walk, although you may want to cut the distance down a bit by skipping the Giant Staircase and getting the Scenic Railway down, unless you're after a real workout. However, unless you have at least one experienced leader in the group, I wouldn't recommend the walk as it is not a walk to be taken lightly.
The Blue Mountains website grades the walk as for experienced walkers only and says the following:

"Experienced walkers only - High level of fitness and navigational skill required, minimum 3 in group. Advise friends or police of route and destination times".

I don't really agree with the navigational part unless they class reading signs as that. Either way, treat the walk with respect and make sure you have plenty of water as there isn't any to be found that's safe to drink on the walk itself.

Caveman





© 2015 CommsCentral