Olutayo’s Kidney Transplant Fund

Olutayo is my immediate younger brother. Not sure why I haven’t put this up before now since we have had a Facebook page and a GoFundMe page for him for quite a while.

The summary is that his kidneys failed completely (CKD – Chronic Kidney Disease) mid-last year (2016) and he needed a transplant. He was on dialysis for a year and finally had his operation (after we found a suitable donor) about a month ago. The financial and emotional strain on all concerned has been immense. But in all things we give thanks.

A rough estimate of the cost of his treatment so far should be well over  N16 million Naira (the operation is a huge chunk of it, while the 2-3 times weekly dialysis sessions for the year makes up the bulk of the balance). So while we were able to pay for the operation upfront (no negotiation in the matter), it means we have debt to re-pay. In addition, he has to take anti-rejection drugs (so that his body doesn’t reject the transplanted kidney) for as long as he lives and the drugs are quite expensive as well (at current rate about $10,000 per annum).

The link to the Facebook and GoFundMe pages are below. We continue to request for your support in prayers and donations.

https://www.facebook.com/Olutayos-Kidney-Transplant-Fund-1573477076294320/

https://www.gofundme.com/2jq7mgc

Thank you!

Posted in Uncategorized | Tagged , , , , , , , , , | Leave a comment

Is Simple’s system too simple?

Is Simple’s system too Simple?

OK. I will start by owning up to my central role in this fiasco right away.
Let’s start from the beginning. I decided I had had enough of giving Simple Mobile “free money” and decided to transfer my phone line from Simple Mobile to H2o Wireless. Why “free money”? Well, the cheapest pay-as-you-go package on Simple is roughly $28 ($25 plus sales tax) for unlimited talk and text (they added 1GB data to the package a month or two ago). I have had my line since December last year and I make possibly 5 calls a month. I recently “discovered” H2o wireless. One way or the other I discovered BestBuy carries the H2o SIM (I think I might have googled it). I then ended up on the BestBuy website and had an online chat with one of their support people. I told the fellow in explicit details where I was and what I wanted to do. He agreed that I could walk straight into the BestBuy in my city and that they would do the transfer for me on the spot. I finally got a friend to drive me to BestBuy. Sauntered to their “mobile” desk, waited for my turn only for the gentleman to look confused when I asked him about the H2o wireless SIM card. He then called someone else over his phone and finally said they don’t stock them in that shop. They had it in a shop a 100-miles away or so. He apologized after I told him I chatted with someone on their website who said I should just visit the shop. I thanked him for his time and my friend googled the card again and it showed up on the Walmart site (on Google). As Walmart was about 5 minutes away and we were out already, we decided to go there. Same issue again, they didn’t have it at the local store but they also had it at some city some distance away.

I headed back home and decided to order it online. Did I mention that my Simple service was going to expire the following morning? Amazon had it (the H2o Wireless SIM Starter Kit) for $1 but by the time you added shipping it came to $3+ and would take some 10 days or so to get to me. I checked on Walmart and they would ship it to my local store in 5 days at the same cost but fortunately as you will see later, the minimum order quantity is 2 units and the total price from Walmart (fortunately as you will see later, the minimum order quantity is 2 units) for roughly $3 (so basically, I was getting two SIM packs in half the time and for the same amount I would have got 1 unit on Amazon). To be accurate, it was being sold on Amazon by a third-party retailer.
I was pleasantly surprised when I got a notification 3 days later that my package was ready for pickup at the local Walmart Supercenter. The following day, I got another friend to take me to the store in the evening. I wanted to be sure I didn’t make any mistakes with the transfer so I chose to wait till the following day when I could get on a chat with someone from the H2o website to guide me through.

I think here is why I made the snafu. I had the transfer request form open in one window and was chatting with the lady (Missy-H2o) in another browser window. The form had several fields including a “call back number”, “number to transfer field”, “Simple account number”, and “Simple PIN/Password.” I added a third window to my “multitasking” session by launching a chat window with Simple Mobile support to confirm the Account number and password. Back and fort between the 3 sessions, the auto-complete popped up in the transfer form ad I selected it, unfortunately, because I choose the Chrome auto-complete for my email account, Chrome automatically entered all the associated details in the other forms. So while the “call back number” was correct because I typed it in, I somehow missed the fact that Chrome had entered my cousin’s number (also using Simple mobile but in a city some 16 hours away – I had stayed with him briefly in December so I used his address and phone number as contact details for a number of online forms I filled out before getting my own SIM which was how chrome came to associate his number with my email address). To be accurate, it appears H2o sent me a summary of the request immediately but as I used a Yahoo! Address and was extremely busy yesterday, I didn’t see it until 2 days later (I might have been able to rectify the issue if I had seen the mail immediately).

Anyway, I opened the mail today and noticed the error. Got on a chat with Dee-H2o over on the H2o website and after lots of explanation, she claimed both accounts appear to share the same details. To which I insisted the only thing common is the billing address. I had no idea what his Simple account number and PIN were and I am not sure he even had an online Simple account. The only conclusion was someone dropped the ball along the line. Finally Dee-H2o suggested I contact Simple to find out how they managed to transfer the line if the details were incorrect. In the meantime, to transfer the number back to Simple, I had to load the line with $10 H2o credit (which was the cost of the transfer) and then have my cousin request a transfer back to Simple. I asked Dee-H2o (I somehow assume the name belongs to a lady?) why they charge for the transfer when Simple doesn’t: she ignored the question. My conclusion in the meantime was that Simple didn’t verify the data in the transfer request which means one could initiate the transfer of any random number and it would be carried out?! Scary!

“Is there anything else I can help you with today?”

“Yes, what about the transfer of my original line?”

“You can re-initiate that transfer afresh, but you will need a new SIM, because the new SIM your cousin’s line was transferred to is now useless” (once H2o transfers the number back to him). So it was fortunate I got 2 SIM cards from Walmart.

So onward with my Israelite’s journey! I opened a chat up with Simple mobile, pasted my chat session with Dee-H2o into the chat window and asked Ingrid to kindly take time to read it. She came back and said she couldn’t find a record of my cousin’s number in their system. Duh! I told her Simple already transferred it to H2o which was part of the “conversation” I sent to her.

In the meantime, I tried to contact my cousin and couldn’t get through for obvious reasons. I finally got through to him through his fiancé, and he confirmed that his line went off yesterday and he had contacted Simple to complain and they kept insisting someone with access to his account had requested a transfer of the line to Tmobile. He contacted Tmobile and they had no record of the transfer. He immediately yanked his credit card from the Simple account thinking maybe someone was trying to steal his identity.

I got back to the lady and repeatedly told her that the transfer request should have failed unless Simple wasn’t verifying the data included in transfer requests (unless of course it was only the billing address they verified – maybe it’s all about the greens! Lol). I asked that she escalate the issue which she said she would. I also said they should provide feedback to both my cousin and I (which I suspect won’t happen until hell freezes over) and I told her I would make her famous! And that for my $10, I would at least get a good story out of the whole issue for my blog. Thumbs up to Ingrid, she remained polite throughout though I assume she was probably wishing I would go find someone else to bother. I told her that it looks like if I had her number, I could go request a transfer of it to H2o and it would succeed which is scary!

If you have $10 to burn and have a line on the Simple platform, it’s worth a shot. Get a new H2o SIM, then go initiate a transfer of the line from H2o (you can open a free account) and ensure the PIN and account number fields are wrong but put the right line number in the “line to transfer” field, and see if the transfer succeeds. Of course, you will need a $10 top-up on H2o to transfer the line back to Simple and the hassle and probably a new Simple SIM as well.
If they are smart, someone is reviewing my transfer request right now to figure out what went wrong.

So, the question is: “Is Simple’s system too Simple?”

NB: if Simple gets back to me with an explanation (even if it’s something else I did that made the transfer go through I will update this blog entry).

Posted in Uncategorized | Tagged , , , , , , , , , | Leave a comment

Sometimes …

Sometimes I have the strangest dreams.

Like this morning. A diver was strapped between a massive whale and a manatee and airlifted overhead across a piece of land/bridge from the water on one side (where I assumed they had become trapped) to the water on the other side which I believe was the ocean. And there I was looking up as the bundle passed overhead thinking “Wow! he must be very brave.”

Posted in Uncategorized | Tagged , , , , | Leave a comment

Nothing happens in Minute

Nothing happens in Minute

The rusted gate of the graveyard creaked as I pushed it open. I felt out of place. As if I was disturbing the sleep of those who were buried there. I literally tiptoed across the grass. I knew it made no sense and I realized how ridiculous I must have looked, yet I couldn’t help myself. In a few more steps I should be standing in front of the headstone I needed to see.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

No one would blame you if you have never heard of Minute or have no idea where it is on the surface of the earth. But I was born and raised here. The earliest records of the town indicated my forebears several generations back moved from across the country and settled here. Why Minute of all places, you might ask. Unfortunately, it is just one more thing no one in the sleepy little town knows anymore.

It is said that the only exciting thing about Minute is the name. How did you pronounce it in your head? “Minute” as in a division of time, or “minute” as in small? Even the citizens no longer agree as to the correct pronunciation. One thing is for sure, the town is stuck somewhere in the last century and it is certainly small. Don’t get me wrong. We have water and power. We even have Internet access but that is as far as it goes. A few folks know what Facebook is about, fewer have actually used it. The town’s name made for all sorts of jokes. A favourite of visitors is to call any man from town a “minute man” and the fact that we are so few does not help either. But the citizens have grown a thick skin long ago and you will hardly find anyone take offence at the tasteless joke. The worst thing that might happen to you is to end up paying for a round at the local bar on main street. A few decades earlier you might have ended up in the city jail or left with a few missing teeth. But the police station closed down shortly after Chief Jameson died (he was the only policeman in town) and the jail went with it. I think we appreciate what little out of town visitors we get now that we are willing to tolerate a little unruliness.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

I met Karl on the first day of school several decades ago. In a class of 10, the pickings were small and we ended up fast friends over the years. I was quiet and he was boisterous. Together we still got into our share of troubles. But nothing major in a town where doors lacked locks and you could have a warm meal in any house you choose with no eyebrows raised – because of course, you knew at least someone in every house, and if not, someone is bound to know you anyway.

Karl got married to his high-school sweetheart right out of school while I got married to my farm. The happy ending didn’t quite happen though. Not for either of us. My farm barely survived not to talk of the dreams of riches I had, and the lady (I refuse to mention her name) ran away with a farming equipment salesman that came through town in a shiny Ford Thunderbird. It broke Karl’s heart into a thousand pieces. I didn’t see much of him after that. Not for lack of trying but he just couldn’t get over her. I could never be sure, but I think on some level, he blamed me for how it all went south. The salesman came in on a particularly blustery day and would have moved on but I wanted to see what he had to sell. We got to talking about farming in general, and by the time we were done, it was too late for him to leave. When he didn’t leave the next day I just assumed he wanted to take it easy for a few days in a quiet town. Karl and I drifted apart gradually after she left. I still saw him around town every once in a while, and we would stop and talk for a minute or two. But it was always awkward. I think we both thought about the same thing but neither would broach the subject. Then out of the blues, I got a hand-written letter from him a few days ago.

 11th of January, 2017

Hi Andy,
I need your help. You know how I usually end up at the graveyard on our jaunts across town. I haven’t been there in like forever, but I was feeling particularly out of sorts last Monday and one thing led to another and I found myself there. The place looked so quiet it felt like I was intruding (for the first time). But I had to go in. The gate creaked loudly as I pushed my way in. I went from headstone to headstone reading the inscriptions and imagining the life the person led while he was alive – as you know I usually do. I must have got carried away because I didn’t realise there was someone standing next to me until he spoke. It turned out to be Mr Jackson, you know, the old gravedigger.

“You know. I have heard of people leaving on the same day they arrived, but this is the only case I know of for sure. He was dead well before my time of course. And little is known about the family. They are no longer in Minute. I believe they shipped out shortly after he passed on. The story was never clear but something dark happened back then.” He said.

I looked again at the headstone and realised I had never seen it before. Yet I am sure I have been to that corner of the graveyard before in the past. I did a quick calculation and realised he was the same age as us when he died. I was about to move on when it struck me that I shared the same birthday with him. That set my heart racing for some reason. Then I realized his initials where exactly the same as mine – Kristopher Butler – K.B. I pressed the old man for more details but he had told me all he knew. I didn’t sleep at all that night and was at the city library well before Mrs Fiona Adkins came to open it up as usual. I didn’t find much information there either. She told me the fire of 1964 destroyed several of the city’s documents including some of the census and other historical records.

I went back home and I must have fallen asleep at some point. I had a dream that I was back at the graveyard. But the headstone was laying on its side and someone had opened the grave. Then the next minute I was lying on my back in the grave and someone was shovelling dirt on me. I couldn’t move! I tried calling out to him to stop but nothing came out of my mouth. Then he stopped briefly when someone called out to him. I could have sworn it was Mr Jackson and the name he called out was the name on the headstone. The fellow was definitely our peer, but his clothes though neat looked like something my great-grandpa would have felt totally at home in. I thought he had stopped for good, but then the voice said “never mind, get on with it.” He turned round and started shovelling dirt into the grave again. I was soaked in sweat when I woke up screaming.

I have not slept now for several days. Do not bother to come to the house until you have done me this favour I ask of you. Please go to the graveyard and look for the headstone. It is in the upper east corner as you make your way into the graveyard. I want to know if I am crazy or not. Until I am sure, I have decided not to leave my house until my birthday has passed. I have this sense of foreboding that something dreadful will happen on that day. I am rationing the food I have and I think if I skip a little here and there, I should be able to make do. I shall not step out of the house till that day is over and I shall not attend to anyone. But I shall be looking forward to a letter from you. If you still consider me a friend (which I have not been to you since she left), you will go.

Your friend in desperate need,
Karl Bridgewater

I never did understand his fascination with the town’s graveyard. Personally, I didn’t see the point of going there to “visit” people who had died long before my parents were born and the ones you really did know were still too fresh to be too painful. But I couldn’t abandon him now in his hour of need. I would go. But it took me two days to get up the will to finally leave my house.

I stepped out and it felt as if the wind intended to lift me up and blow me away across town. And it was unseasonably cold. Don’t get me wrong, it is cold all year round in Minute so I am used to the cold. I decided it was the wind that set my chattering by the time I had walked a dozen yards. And I still had two hundred more to the graveyard.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

I came to a standstill in front of the same headstone Karl must have stood looking down at a week or so ago. Everything was as he had said in his letter. The days and the initials matched his. His birthday was in a week from today. And that reminded me that mine was in another month or so after his. Frankly I didn’t know what to make of the whole matter. I was still there when a voice woke me out of my contemplation.

Andrew Inglewood is it not? I think the last time I saw you was at Margaret Townsend’s wedding. Must have been all of 15 years ago. Yep. I think I am right. I thought maybe you had moved away. You know a lot of folks did back then.” He said.

I thought for a second and then nodded.

“Strange headstone, right? You are the second person looking at it this week. Karl Bridgewater was here a few days ago. Didn’t you boys run together at some point? He was quite fascinated by it and wanted to know if I knew anything about the lad that is buried there. Unfortunately, I don’t, but I suggested he might check at the library. You know, for birth records and maybe some old newspaper from back then might have survived. If there’s anyone that knows more about this town than I, it is Fiona Adkins. Should have been Fiona Jackson though. But she was fire and I was tepid water at best. I had no chance. Well, that’s what she said anyway. I guess I proved her right.”

“I think I should be moving on. The knees won’t take much more today.”

I said goodbye and he had shuffled a few feet away, when he suddenly stopped and looked back. “You know, I did a little bit of work around here after Karl left and I found the strangest thing. There’s another headstone just a few yards away on the other side of the walkway facing west. Same stone, very similar to that one. In fact, the fellow buried there died just about a month after this fellow here. And wait for it, wait for it, that’s not even what got me. What really got my attention was the fact that he also died the same day he was born. Same age as this lad here actually. So I got to thinking what sort of coincidence is that right? I had it in mind to go see what Karl found in the library but my knees played up especially bad that week so I let it go.”

My heart was racing madly. There was one question on my tongue but I couldn’t open my mouth to ask. My jaws were clenched together and my throat was dry. It was as if he read my mind as he turned around and walked away.

“You might take a look at it if you like. I believe the name is Arthur Inkwater. You can’t miss it.”

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

NB: A different kind of grave-robber: I imagine I “borrow” silent stories. (05-Mar-2017)

Posted in Uncategorized | Tagged , , , , , , , , | 2 Comments

Setting up an OpenVPN access server

This post is strictly geeky stuff so feel free to skip and check out the poetry and short stories instead (don’t leave until you do! Thanks!)

A friend/colleague contacted me a couple of days ago and asked if I know how to set up an OpenVPN server. He said he took a look at the website (openvpn.net) and that the instructions there are not that easy to follow. Nothing challenges me more than getting IT-related stuff to work – figuring stuff out. And also, he said there might be some $$ involved.
I knew what OpenVPN was but had never set up a server before. It took 2 days and nights to figure the stuff out completely. One thing I don’t like is having to repeat the same process for the same thing in future, so I almost always “document” the procedure(s).

Once it is nicely summarized (as below), it then looks quite easy, but it is not! (stroking my own ego a little :-).

Let’s go!

Setting up an OpenVPN access server on Linux (with a Windows Client)

1. Install Open-VPN server
NOTE: The /etc/init.d/openvpn service control script comes from the openvpn-AS server package but it’s easy
to create one. I have attached a copy (should be in the same directory as this howto)

# yum install openssl-devel lzo-devel pam-devel
# yum install rpm-build
# rpmbuild -tb openvpn-2.4.0.tar.gz
# rpm -Uvh /root/rpmbuild/RPMS/x86_64/openvpn-2.4.0-1.x86_64.rpm

2. Copy or create /etc/init.d/openvpn (so you can use the service command to control the service)

3. Install/download EasyRSA for creating the CA (Ceritification Authority) as well as certificates for clients:

download scripts package from https://github.com/OpenVPN/easy-rsa

cd /tmp
unzip easy-rsa-master.zip
cp -R /tmp/easy-rsa-master/easyrsa3 /etc/openvpn/

4. Copy the sample config files folder to /etc/openvpn
cp /usr/share/doc/openvpn-2.4.0/sample/sample-config-files/server.conf /etc/openvpn/
cp /usr/share/doc/openvpn-2.4.0/sample/sample-config-files/client.conf /etc/openvpn/
cp /usr/share/doc/openvpn-2.4.0/sample/sample-config-files/openvpn-startup.sh /etc/openvpn/openvpn-startup
cp /usr/share/doc/openvpn-2.4.0/sample/sample-config-files/openvpn-shutdown.sh /etc/openvpn/openvpn-shutdown

5. You should edit openvpn-shutdown and change the line “killall -TERM openvpn” to “killall -TERM /usr/sbin/openvpn”
(reason is that when you use “service openvpn restart|shutdown”, killall kills the service command as well)

6. You have to edit the server.conf to reflect the location of files relative to the /etc/opevpn folder.
For example, the entry “dh dh2048.pem” in server.conf needs to reflect where you actually put the dh2048.pem file.
If you put the files directly in /etc/openvpn then nothing needs to change, but if you decide for management
purposes to put the file in a subfolder (e.g., in /etc/openvpn/keys/ then the entry in server.conf would be “dh keys/dh2048.pem”) the entries would have to change. Same applies to entries for “ca”, “cert”, and “key”.

7. This option in server.conf is to protected against DDoS (either follow the instructions or comment it out)
tls-auth ta.key 0 # This file is secret

8. The 3 lines below are at the bottom of file openvpn-startup. Comment them out or create the vpn*.conf files.
I don’t think they are needed unless you have a need to have deamons with different configs e.g., say a deamon for different companies connecting to your server.
openvpn –cd $dir –daemon –config vpn1.conf
openvpn –cd $dir –daemon –config vpn2.conf
openvpn –cd $dir –daemon –config vpn2.conf

9. Creating the various certificates:

# cd /etc/openvpn/easyrsa3/

[root@gfs2 easyrsa3]# cp vars.example vars

10. Edit the vars file and set the following variables according to your needs:

[root@gfs2 easyrsa3]# vi vars

set_var EASYRSA_REQ_COUNTRY “NG”
set_var EASYRSA_REQ_PROVINCE “LA”
set_var EASYRSA_REQ_CITY “Lagos”
set_var EASYRSA_REQ_ORG “Samson Inc.”
set_var EASYRSA_REQ_EMAIL “sam@company.net”
set_var EASYRSA_REQ_OU “IT Organizational Unit”
set_var EASYRSA_REQ_CN=gfs2.company.com
set_var EASYRSA_REQ_NAME=server

[root@gfs2 easyrsa3]#

11. Initialize the PKI (you only need to do this once for a fresh setup):

[root@gfs2 easyrsa3]# ./easyrsa init-pki

12. Create the CA:
Answer 2 questions below (Common Name e.g., the name of the server, and the PEM passphrase – use any phrase)

[root@gfs2 easyrsa3]# ./easyrsa build-ca

13. Remove the passphrase (because we are running openvpn daemon non-interactively so no way to enter the phrase)
You will be prompted for the same passphrase you entered above when creating the certificate:

# cd /etc/openvpn/easyrsa3/pki/private
# openssl rsa -in ca.key -out ca.key2
[root@gfs2 private]# mv ca.key ca.key.org
[root@gfs2 private]# mv ca.key2 ca.key
[root@gfs2 private]# cd /etc/openvpn/easyrsa3/

14. Generate the Diffie hellman parameters (DH):
[root@gfs2 easyrsa3]# ./easyrsa gen-dh

15. Generate the CRL:
[root@gfs2 easyrsa3]# ./easyrsa gen-crl

16. Generate a certificate for the server (use any passphrase. We will remove it):
In the example below, gfs2 is the name of my server.

[root@gfs2 easyrsa3]# ./easyrsa build-server-full gfs2
# cd /tmp/easy-rsa-master/easyrsa3/pki/private/
# openssl rsa -in gfs2.key -out gfs2.key2
# mv gfs2.key gfs2.key.org
# mv gfs2.key2 gfs2.key

17. Copy all the files to your /etc/openvpn/ folder
[root@gfs2 easyrsa3]# cd /etc/openvpn/
[root@gfs2 openvpn]# cp easyrsa3/pki/crl.pem .
[root@gfs2 openvpn]# cp easyrsa3/pki/dh.pem .
[root@gfs2 openvpn]# cp easyrsa3/pki/ca.crt .
[root@gfs2 openvpn]# cp easyrsa3/pki/private/ca.key .
[root@gfs2 openvpn]# cp easyrsa3/pki/private/gfs2.key .
[root@gfs2 openvpn]# cp easyrsa3/pki/issued/gfs2.crt .
[root@gfs2 openvpn]# cp easyrsa3/pki/ca.crt /etc/openvpn/clients/

18. Edit server.conf in /etc/openvpn/ and make the necessary changes. The 3 lines in server.conf show below reflects the files created above:
ca ca.crt
cert gfs2.crt
key gfs2.key

19. Generate certificates for your clients (repeat for various clients using unique names in the process):
You will be prompted for a passphrase. Use any, we will remove it. In the example below, remoteclient1 is the name of a unique CN (Common Name) I am using for a client. Note that this does not have to be the actual name on the client.
But it is this name you will enter in the configuration of your VPN client on your remote client. This will then
allow the OpenVPN server to match the name to a specific configuration (if any) and client certificates on the server.

# cd /etc/openvpn/easyrsa3
[root@gfs2 easyrsa3]# ./easyrsa build-client-full remoteclient1
[root@gfs2 easyrsa3]# cd pki/private/

20. Remove the passphrase on the certificate (you will be prompted for the same passphrase you used above):
[root@gfs2 private]# openssl rsa -in remoteclient1.key -out remoteclient1.key2
[root@gfs2 private]# mv remoteclient1.key remoteclient1.key.org
[root@gfs2 private]# mv remoteclient1.key2 remoteclient1.key
[root@gfs2 private]# cp remoteclient1.key /etc/openvpn/clients/
[root@gfs2 private]# cp ../issued/remoteclient1.crt /etc/openvpn/clients/

21. Copy/Send the necessary certificates to the client (should be done as securely as possible)
ca.crt, remoteclient1.crt and remoteclient1.key (for my sample client)

22. On my sample Windows client. I am using SecurePoint SSL VPN v2
– I downloaded version 2.0.18 from https://sourceforge.net/projects/securepoint/
– Install it and run it.
– In the system-tray, right-click on the icon and choose “show window” from the menu
– Click on the settings icon (gear wheel in the lowe right-hand corner of the application window) and choose “New” fro the menu.
– Follow the wizard to create a new VPN connection.
– give the config a name; next;
– enter the IP address of FQDN of the VPN access server and change the port and protocol if necessary (must match the one on the server as defined in server.conf); next
– you are prompted for the location of 3 files you transferred to the client above: “Root CA:”; “Certificate:”; and “Key:”
“Root CA:” = ca.crt; “Certificate:” = remoteclient1.crt; and “Key:” = remoteclient1.key
– the “Advanced Settings” screen is next. IMPORTANT: You have to change the cipher (defaul is “Standard”) to the one configured in the server.conf file on the VPN access server. Current default is AES-256-CBC. If you don’t change it, you will still get connected but no real traffic will flow over the VPN (you won’t get any service or connectivity). You can also “Comp-LZO” compression; next
– Conclusion screen shows you a summary of your choices. Click the “Finish” button if everything looks OK
– Your new VPN connection config will appear in the Window of the VPN client. Right-click on it and choose “Connect”
– The next 2 screens will ask for your username and password. Both answers are the name of the client we used to create the certificate which is remoteclient1. You can also select the “Save Data” on both questions to have the VPN client remember your answers.
– The VPN connection to the server should be established once you press OK for the 2 questions above.

23. Suggested optional step: to configure OpenVPN to log into it’s own log file and not /var/log/messages (especially if you are debugging issues.)
Edit server.conf and change the log-append line (it is likely to be commented out. So remove the “;” at the begining of the line).

log-append /var/log/openvpn.log

24. Optionally install Web-pased connection monitor

– Download it from https://github.com/furlongm/openvpn-monitor/

– You need to install the semanticversion package to run the openvpn-monitor successfully

– Use pip to install the semantic_version package:
# yum install python-pip
# pip install semantic_version

Alternatively if for some reason you can’t install pip, you can install the semantic_version “manually” with python:

# cd /tmp
# git clone git://github.com/rbarrois/python-semanticversion.git
# cd python-semanticversion
# python setup.py install

– Then continue with installation instructions on the openvpn-monitor webpage above (start from the section for your Operating System)

NOTE: on RHEL/CentOS 6.x, you may need to edit /var/www/html/openvpn-monitor/openvpn-monitor.conf and enter the coordinates of your starting point (probably the location of your server). You can get the “DD coordinates” (for longitude and latitude) for your location (I was able to get the coords for my campus) from http://latitude.to/ for example. You can also try https://www.distancesto.com/coordinates.php

25. Restart (start) the OpenVPN service (any errors will be in file /var/log/messages)
# service openvpn restart

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
NOTES:

1. You may need to enable ipv4 forwarding if you want the remote clients to connect to other systems on the network of the VPN access server. The community version seems to do this by default but not sure of the commercial version (“sysctl -w net.ipv4.ip_forward=1” )
You will also need to edit server.conf and use the “push route” option so that the routes to (private) subnets “behind” the VPN server is sent to the clients if required (so the clients can reach other systems on those private subnets)

2. GUI for OpenVPN server on Windows:
download from https://github.com/OpenVPN/openvpn-gui

3. Alternative GUI-based way to control OpenVPN via Webmin module. Not worth the trouble as the developer’s website is not in English and not sure how up to date the module is. Not recommended.

yum install perl
yum install perl-Net-SSLeay
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.831-1.noarch.rpm
rpm -Uvh wget webmin-1.831-1.noarch.rpm
download openvpn-2.6.wbm.gz from http://www.openit.it/index.php/it/openvpnadmin and use Webmin to install it.
The module can generate certificates but I found it much more troublesome than the direct approach I used above.

4. There are various other options you may need to change in server.conf (and which must match on the client as well) to further optimize your setup.

5. Systems used in the config above (3x VMs running on VMWare workstation 12.5.2 on a HP EliteBook 840 – Windows 7, 16GB RAM, Intel Core i7 vPro):
a. Red Hat Enterprise Linux Server release 6.3 – OpenVPN 2.4.0 access server
b. Windows 8 (VPN client)
c. Windows XP (system “behind” VPN server on a private subnet)

6. Some other install guide:
http://www.ciscopress.com/articles/article.asp?p=605499
https://help.ubuntu.com/lts/serverguide/openvpn.html
https://openvpn.net/index.php/open-source/documentation/howto.html#security
https://openvpn.net/index.php/access-server/docs/quick-start-guide.html
https://openvpn.net/index.php/open-source/documentation/howto.html#install
https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-6

7. There several other clients for Windows, MAC, etc on the Internet. Some are free (open source/closed-source) and some are commercial/proprietary. Each has it’s own idiosyncrasies. I found it difficult getting the OpenVPN client to work with the OpenVPN server I set up above, but it worked seamlessly with their own OpenVPN AS VPN server (the commercial version of the OpenVPN server that comes with a management GUI).

8. Keywords or Tags: PKI,SecurePoint,OpenVPN,VPN,Diffie hellman,EasyRSA,RedHat,rpmbuild,github,Linux

9. The content of the /etc/init.d/openvpn service control script. You can add the service to run-levels 345 so it starts automatically whenever you (re)start the server (command “chkconfig –add openvpn”).

#!/bin/sh
#
# openvpn This shell script takes care of starting and stopping
# openvpn on RedHat or other chkconfig-based system.
#
# chkconfig: 345 24 76
#
# description: OpenVPN is a robust and highly flexible tunneling application \
# that uses all of the encryption, authentication, and \
# certification features of the OpenSSL library to securely \
# tunnel IP networks over a single UDP port.
#

# Contributed to the OpenVPN project by
# Douglas Keller <doug_at_voidstar.dyndns.org>
# 2002.05.15

# To install:
# copy this file to /etc/rc.d/init.d/openvpn
# shell> chkconfig –add openvpn
# shell> mkdir /etc/openvpn
# make .conf or .sh files in /etc/openvpn (see below)

# To uninstall:
# run: chkconfig –del openvpn

# Author’s Notes:
#
# I have created an /etc/init.d init script and enhanced openvpn.spec to
# automatically register the init script. Once the RPM is installed you
# can start and stop OpenVPN with “service openvpn start” and “service
# openvpn stop”.
#
# The init script does the following:
#
# – Starts an openvpn process for each .conf file it finds in
# /etc/openvpn.
#
# – If /etc/openvpn/xxx.sh exists for a xxx.conf file then it executes
# it before starting openvpn (useful for doing openvpn –mktun…).
#
# – In addition to start/stop you can do:
#
# service openvpn reload – SIGHUP
# service openvpn reopen – SIGUSR1
# service openvpn status – SIGUSR2
#
# Modifications:
#
# 2003.05.02
# * Changed == to = for sh compliance (Bishop Clark).
# * If condrestart|reload|reopen|status, check that we were
# actually started (James Yonan).
# * Added lock, piddir, and work variables (James Yonan).
# * If start is attempted twice, without an intervening stop, or
# if start is attempted when previous start was not properly
# shut down, then kill any previously started processes, before
# commencing new start operation (James Yonan).
# * Do a better job of flagging errors on start, and properly
# returning success or failure status to caller (James Yonan).
#
# 2005.04.04
# * Added openvpn-startup and openvpn-shutdown script calls
# (James Yonan).
#

# Location of openvpn binary
openvpn=””
openvpn_locations=”/usr/sbin/openvpn /usr/local/sbin/openvpn”
for location in $openvpn_locations
do
if [ -f “$location” ]
then
openvpn=$location
fi
done

# Lockfile
lock=”/var/lock/subsys/openvpn”

# PID directory
piddir=”/var/run/openvpn”

# Our working directory
work=/etc/openvpn

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
if [ ${NETWORKING} = “no” ]
then
echo “Networking is down”
exit 0
fi

# Check that binary exists
if ! [ -f $openvpn ]
then
echo “openvpn binary not found”
exit 0
fi

# See how we were called.
case “$1″ in
start)
echo -n $”Starting openvpn: ”

/sbin/modprobe tun >/dev/null 2>&1

# From a security perspective, I think it makes
# sense to remove this, and have users who need
# it explictly enable in their –up scripts or
# firewall setups.

#echo 1 > /proc/sys/net/ipv4/ip_forward

# Run startup script, if defined
if [ -f $work/openvpn-startup ]; then
$work/openvpn-startup
fi

if [ ! -d $piddir ]; then
mkdir $piddir
fi

if [ -f $lock ]; then
# we were not shut down correctly
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill `cat $pidf` >/dev/null 2>&1
fi
rm -f $pidf
done
rm -f $lock
sleep 2
fi

rm -f $piddir/*.pid
cd $work

# Start every .conf in $work and run .sh if exists
errors=0
successes=0
for c in `/bin/ls *.conf 2>/dev/null`; do
bn=${c%%.conf}
if [ -f “$bn.sh” ]; then
. ./$bn.sh
fi
rm -f $piddir/$bn.pid
$openvpn –daemon –writepid $piddir/$bn.pid –config $c –cd $work
if [ $? = 0 ]; then
successes=1
else
errors=1
fi
done

if [ $errors = 1 ]; then
failure; echo
else
success; echo
fi

if [ $successes = 1 ]; then
touch $lock
fi
;;
stop)
echo -n $”Shutting down openvpn: ”
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill `cat $pidf` >/dev/null 2>&1
fi
rm -f $pidf
done

# Run shutdown script, if defined
if [ -f $work/openvpn-shutdown ]; then
$work/openvpn-shutdown
fi

success; echo
rm -f $lock
;;
restart)
$0 stop
sleep 2
$0 start
;;
reload)
if [ -f $lock ]; then
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill -HUP `cat $pidf` >/dev/null 2>&1
fi
done
else
echo “openvpn: service not started”
exit 1
fi
;;
reopen)
if [ -f $lock ]; then
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill -USR1 `cat $pidf` >/dev/null 2>&1
fi
done
else
echo “openvpn: service not started”
exit 1
fi
;;
condrestart)
if [ -f $lock ]; then
$0 stop
# avoid race
sleep 2
$0 start
fi
;;
status)
if [ -f $lock ]; then
for pidf in `/bin/ls $piddir/*.pid 2>/dev/null`; do
if [ -s $pidf ]; then
kill -USR2 `cat $pidf` >/dev/null 2>&1
fi
done
echo “Status written to /var/log/messages”
else
echo “openvpn: service not started”
exit 1
fi
;;
*)
echo “Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}”
exit 1
;;
esac
exit 0

Posted in Uncategorized | Tagged , , , , , , , , , | Leave a comment

Fact includes Faith

FACT includes Faith

If your faith is limiting you, go forward not backwards. Start operating with fact: God’s facts. 
Physics and this reality will tamper with our faith. For example, I know I am not supposed to be able to walk on water. So when I try in faith, I am already at a disadvantage.

You believe when you turn on the tap in your kitchen, water will come out. Because you know there’s water in your overhead tank. So you lather you hands, turn on the tap and put your hands under it. That’s not faith in the tap – that’s fact. You know it for a certain. (By the way, Lagos has thought me to confirm the “fact” that there’s water by turning on the tap first before grabbing the soap).

Jesus walked on water, not because he had faith. But because that is his fact. He knew he was the son of God and can do all things. He didn’t walk on water by faith, he did it by God’s fact. By God’s reality if you will.

A baby has a better chance of walking on water than an adult. Why? Because having faith implies you know the alternative and knowing the alternative tampers with our faith (i.e., we doubt). A baby does not know the “alternative” about many things. She might walk to the edge of a pool and inquisitiveness might cause her to bend down and deep a finger in it. Now her fact includes the knowledge that water is a strange thing different from the solid ground she’s standing on. Alternatively a baby might come to the same pool and just keep on walking. Because her fact at that point does not include the “knowledge” that water won’t support her weight.

There’s nothing wrong with faith. In fact, faith is good. But fact is better. Our faith can fail, but God’s fact never does. It is forever true and constant.

If Paul referred to the righteousness of God in us (Romans 3:22), which would help us be righteous, then we can refer to God’s fact (or appropriate His fact) as our believe to help us be all we can be, and not our own faith that’s subject to our senses despite our best effort.

Fact thus supersedes faith. I shall start operating in fact. Not my own fact (which barely feeds me not to talk of feeding five thousand), but in God’s fact. That remains always true.
So let us complete the circle. We are not denying the place of faith. In “fact”, we are saying God is ever faithful because His fact is ever constant. Put another way, I shall put “my faith” in God’s facts (and not in my ability to convince myself to “believe”).

And lest any man accuse me of heresy, I shall “be like bro” Paul in 1 Corinthians 11:16. (His previous pronouncements on “hair” are not law so feel free to disagree). In my case, it’s the wanderings of a sleepless mind at 3:00am.

Posted in Uncategorized | Tagged , , , , , | Leave a comment

Sleepless

Sleepless

4 thousand miles across the pond
She still haunts my dreams and my days
Shall I get a 10-tongued whip
With barbs of steel on every strand

Shred my back and front
Till I rid my soul of perdition
That has but one destination
Born of my desires and my infatuation

Woe is me I think
For the pain is not in my flesh nor in my bones
A branding iron can not distract me
Nor the food nor the wine nor the nectar that is fresh cider

I shall lie me down now
And dream of wings of fire
Of Saturn and Pluto
One a cauldron, the other – ice

2:10am. 25/01/2017

Posted in Uncategorized | Tagged , , , , , , , , , | Leave a comment

It’s only 1997

I found a CD containing some Visual Basic (VB5) codes I had written a while back (Surds and Arabic-to-Roman-Numerals) and decided to re-live what the IDE looked like then. I have never really been a programmer (People life Prof. Dayo, Shina and Adan “Java” come to mind) because if there is a word lighter than lightweight, that’s what I should use for the few codes I have written. I guess trivial is a better word as lightweight in programming has a completely different meaning

But that’s not the point of this post. It’s more to buttress the pace at which technology changes. I found Visual Basic 5 on the freedownloadmanager.org website under the Windows abandonware section and installed it on my system. During the installation, I came to the component selection screen below and was drawn to the meagre disk space requirement  (compared to the multi-GB requirements of some newer coding platforms).

Look at the screen-grab below and see if you can tell what’s odd before scrolling down:

It’s the “Space available on C:” value! It’s set to “999999 K” which is just under 1GB. I am too lazy to go check what sort of hard disk sizes were predominant in 1997 but I suspect, whoever wrote this part of the installer probably used a field with only 6 digits in it a la “640K ought to be enough for anybody.” quote by the big boss himself (Bill Gates). So I guess the logic would be something like “if we get some value back that overruns the field just set it to the max supported value which would be 999999 since it’s unlikely there will be many of those disks around. We can’t code for every negligible corner case right?”
I am not berating the programmers: I just wanted to use it to point out the rapid pace of technological development.

The laptop I installed it on had a 476GB Hard Disk Drive (HDD) with 131GB free space. Since that field in the installer was expressed in KiloBytes (KB), they would have required 9 digits instead of the 6. People code smarter now of course. “Human-friendly form” would result in the value been converted to GB or TB (etc) which reduces the field’s required number of digits.

And the VB5 IDE was just 20 years ago. Of course in computing, that’s another era/lifetime.

End Note: Bill Gates has always denied ever making the statement above. So why didn’t I remove it? Some things are part of computing lore. That quote is one of them.

Posted in Uncategorized | Tagged , , , , , , , , , | Leave a comment

Change …

I could already see them as I came round the bend. Policemen on my side of the road and road safety men on the opposite side. I mentally assured myself there was nothing to worry about as my papers were complete.I was still like 5 car lengths away when he started waiving me to the side of the road. He came to the passengers side of the car and indicated I take my side window further down. 

Me: “Good afternoon bros” (with a smile)

OC: “Good afternoon” (returned smile). How is work?”

Me: “We dey try. Change is changing all of us.”

OC: “You don’t look like change is affecting you o”

“Film trick”. I laughed.

“Are you with your tinted permit?” (Back to business. The weekend needs “lubricating”).

Me: “Yes.” I made to release my seat belt so I could reach into my glove box. 

OC: “Don’t worry. Where is my weekend gift?” (The smile is back)

Me: “Even me I am looking for weekend gift” (I laughed).

OC: “You can go. Don’t worry. God go provide.”

Me: “Amen o.”

Posted in Uncategorized | Leave a comment

“Change”

“Change”

I have decided to rage against the machine!
I shall no more be a conformist!
People say “Why cooked yam and okro soup”
I say “Why not?”
You ask what has that got to do with “Change”
I say “The journey of a thousand mile starts with a single step”
Let me start small …

Posted in Uncategorized | Tagged , , , , , | Leave a comment