?

Log in

No account? Create an account

Watching hulu.com from Sweden
flower
starfighter
When I've been visiting my wife in the US we've been watching some series and movies on hulu.com, sitting in bed and snacking on something. I like the presentation of it, it's cute. It's sort of the same feeling i've had with spotify. Finally content providers are starting to provide good experiences on the internets.

Back in Sweden, me and my wife spend most of our free time together connected through skype. Sometimes it's nice to both of us be watching the same thing at the same time, sort of mimicking the experience of actually being in the same bed next to each other watching the same thing.

Before we'd tried hulu, we'd just google around the internets looking for some shoddy, seedy, backalley website where movies can be streamed. But after trying out something smooth, cute, polished like hulu.. it's really hard going back.

That's the kind of thing that motivates me to learn about tools like amazons ec2/s3, openvpn and routing :)

So. let's talk about that.

Hello, hulu

Using a VPN to route hulu traffic through Amazon EC2 to make it look like i'm surfing from the US (or at least from a Cloud) on Mac OS X.



Step one; Setting up the Amazon EC2 tools.


Pretty much taken from: Starting Amazon EC2 with Mac OS X


  1. Get an account at http://aws.amazon.com/ and sign up for Elastic Compute Cloud

  2. Once signed up, follow the link to Create a New X.509 Certificate and when they ask you if you're sure, say yes. This generates two key-files, a private and a public one.

  3. Download both files

  4. Download the EC2 Command-Line Tools from here.


  5. Open Terminal, create an .ec2 directory in your home directory and open it


  6. cd ~
    mkdir .ec2
    cd .ec2
    open .

  7. Copy the public and private key-files into the new .ec2 directory

  8. Unzip the EC2 Tools, and copy the unzipped bin and lib directories into the .ec2 directory


  9. Edit your .profile to set some ec2 environmental variables. Using nano (or some other text editor), open your .profile


  10. nano ~/.profile

  11. At the bottom of the file, add


  12. # Setup Amazon EC2 Command-Line Tools
    export EC2_HOME=~/.ec2
    export PATH=$PATH:$EC2_HOME/bin
    export EC2_PRIVATE_KEY=`ls $EC2_HOME/pk-*.pem`
    export EC2_CERT=`ls $EC2_HOME/cert-*.pem`
    export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Home/

    Save and close the file. Nano uses Ctrl+O to save, and then Ctrl+X to exit.
  13. Reload it for the the changes to take effect


  14. . ~/.profile



Step two: Setting up a Debian image in EC2




  1. Start by creating a keypair. We need this to log into the instances we create. It'll be printed to the commandline, and you'll need to copy & paste it, including the —–BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—– lines into a new file named ec2-keypair in the .ec2 directory and then change the permission of the file


  2. ec2-add-keypair ec2-keypair


  3. Time to start up your instance. Remember, at this point amazon starts charging you for their time and bandwidth.


  4. ec2-run-instances ami-67fe190e -k ec2-keypair


  5. While it's booting up you can check it's status by running, this will also show you the domain name we'll use to connect to the instance later on


  6. ec2-describe-instances


  7. Now we need to open up the ports for ssh and openvp to our instance


  8. ec2-authorize default -p 22
    ec2-authorize default -p 1194


  9. And now, connect to your instance over ssh using your keypair


  10. ssh -i ~/.ec2/ec2-keypair root@ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com



Step three: Configuring openvpn, NAT and IP forwarding


This part mostly from: Install OpenVPN on Ubuntu, Hulu Outside the US and Network Security


  1. Start by updating the package system, optionally running any needed upgrades, then install openvpn and openssl


  2. aptitude update
    aptitude upgrade
    aptitude install openvpn openssl


  3. Prepare the scripts we'll use to create private and public keys for the vpn


  4. cd /etc/openvpn/
    cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ easy-rsa
    cd easy-rsa

  5. Open the script called vars and edit the lines at the bottom according to your location


  6. nano vars

    these are the default values:

    # These are the default values for fields
    # which will be placed in the certificate.
    # Don't leave any of these fields blank.
    export KEY_COUNTRY="US"
    export KEY_PROVINCE="CA"
    export KEY_CITY="SanFrancisco"
    export KEY_ORG="Fort-Funston"
    export KEY_EMAIL="me@myhost.mydomain"

  7. Run the script you just edited, and clean up the key generation environment


  8. . ./vars
    ./clean-all


  9. Build the openvpn keys used for connecting a client to the server


  10. ./build-ca
    ./build-key-server server
    ./build-key client
    ./build-dh

    You'll be asked a bunch of questions, but you should just go with the default values, and y for any y/n prompt.

  11. You'll end up with three files in the keys folder. Copy the files back to your client computer, for example with scp


  12. cd keys
    scp ca.crt client.crt client.key me@myip


  13. Create a configuration file /etc/openvpn/openvpn.conf


  14. dev tun
    proto tcp
    port 1194

    ca /etc/openvpn/easy-rsa/keys/ca.crt
    cert /etc/openvpn/easy-rsa/keys/server.crt
    key /etc/openvpn/easy-rsa/keys/server.key
    dh /etc/openvpn/easy-rsa/keys/dh1024.pem

    user nobody
    group nogroup
    server 10.8.0.0 255.255.255.0

    persist-key
    persist-tun

    #status openvpn-status.log
    #verb 3
    client-to-client

    # hulu / akamai
    push "route 77.67.0.0 255.255.128.0 vpn_gateway"
    push "route 80.128.0.0 255.224.0.0 vpn_gateway"

    # p.hulu.com
    push "route 208.91.157.10 255.255.255.255 vpn_gateway"

    # t.hulu.com
    push "route 209.130.205.38 255.255.255.255 vpn_gateway"

    log-append /var/log/openvpn
    comp-lzo


  15. Edit /etc/default/openvpn and add this line


  16. AUTOSTART="openvpn"


  17. Create another configuration file /etc/network/if-up.d/iptables


  18. cd /etc/network/if-up.d
    nano iptables


  19. Add these lines to it, to enable IP forwarding and NAT


  20. #!/bin/sh

    # configure IP forwarding and IPTables NAT
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE


  21. Change the permissions of it and run it


  22. chmod +x iptables
    ./iptables


  23. Start the openvpn server


  24. /etc/init.d/openvpn start



Step four: Configure your mac to connect to the vpn, with Tunnelblick




  1. Download and install Tunnelblick

  2. Put the files we downloaded from the keys directory into ~/Library/openvpn/

  3. Create a new configuration file for the connection in Tunnelblick. Don't forget to change the remote server from xxx.xxx.xxx.xxx with the address to your ec2 instance


  4. client
    dev tun
    proto tcp
    remote x.y.z.w 1194
    resolv-retry infinite
    nobind

    user nobody
    group nogroup

    persist-key
    persist-tun

    ca ca.crt
    cert client1.crt
    key client1.key

    comp-lzo
    verb 3


  5. Tell Tunnelblick to connect, and you the rest should sort itself out.


  6. You can verify that the routes have been added to your computer by running:


  7. netstat -r -n



(optional) Step five: Saving your instance for later, powering it down, and starting it back up


This mostly taken from Saving a Customised Linux Amazon Instance (EC2 and S3)


  1. Start by going back to http://aws.amazon.com/ and signing up for the Simple Storage Service

  2. Copy over your keys to the instance


  3. scp -i ~/.ec2/ec2-keypair ~/.ec2/pk-*.pem ~/.ec2/cert-*.pem root@ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com:/mnt

  4. SSH to the server, and create a bundle out of your customized instance


  5. ec2-bundle-vol -d /mnt -k /mnt/pk-*.pem -c /mnt/cert-*.pem -u XXXXXXXXXXXX

    Where XXXXXXXXXXXX is your Amazon account number without the dashes.

  6. Copy over the bundle to the Simple Storage Service


  7. ec2-upload-bundle -b [your-s3-bucket] -m /mnt/image.manifest.xml -a [aws-access-key-id] -s [aws-secret-access-key]

    Your access-key and secret-access-key can be found on the AWS website under "Access Identifiers"

  8. Now, go back to your client machine and register your bundle on S3 as an AMI with EC2.


  9. ec2-register [your-s3-bucket]/image.manifest.xml


  10. And, you're done. Now you can shut down the instance when you're not using it. And then just start it back up using your new AMI


  11. ec2-terminate-instances i-xxxxxxxx



And that should be it! :D

I will come back and look at this entry tomorrow when i'm not sleepy and can think straight again :3

Setting up your Mac OS X terminal
flower
starfighter
Terminal Settings

Spending a lot of time in the mac terminal, I always make a lot of tweaks and settings because the defaults are pretty crap. What a good thing to put in a blag.

Colors


When I'm lazy and don't have the time to set up a color theme, I just go with the Pro theme. The basic white-text-on-black-background is good. It does have some serious issues with the readability of the ansi colored text on the black background though.

To remedy this, we first install SIMBL and then put this bundle into ~/Library/Application Support/SIMBL/Plugins/. There's more to read about that in this blag post and the comments to it.

After restarting the terminal and bringing up its preferences, there should now be a More... button under the selection color picker.

Terminal Preferences with SIMBL hack

Click it to change your ANSI colors.

I like my terminals a bit blue and desaturated. So I made some settings and I call them Blueberry, you can download them here:

Blueberry terminal settings

sun, sun, sun
flower
starfighter
So, we got back from Florida late on Wednesday and we've both been working.. Ollie's got her 12 hour shifts and I've been picking up on work in sweden from here. Skype is a pretty amazing tool. My skin's peeling like mad today from the sunburn I got when we were down there.. heh.

Pics pics & moarCollapse )

Yesterday we went to see wall-e which was a gorgeus movie of robot goodness.

Now I'm gonna go look see if I can find something mountainbike:y to ride on!

waiting for my luggage
flower
starfighter
last night my luggage finally arrived, because apparently it's always lost for a few days when it's supposed to go from atlanta to kingsport. so we had to wait for that before going off on roadtrips southwards.

while waiting, i've accustomed myself to driving an automatic (first time i did the same thing i did first time i was learning to drive with my mom, put reverse in and stepped on the gas and wrooom back we go. didn't run over anything this time though) and going places always by car, never by walking, and shopping clothes and waving at people and drinking sweet ice teas and ice mochass. it's way warm. i haven't bothered with sunburns or short pants in ages, but we're working on that now. i've got funny red-and-white patterns all over.

but yesss. now the luggage finally arrived so today we'll probably get going towards florida. we've got a compass and it can show you what way south is, and that's the way we're going :D

oh and i have to find a converter plug thing. i want to power my computer D:

i'm going already
flower
starfighter
Waiting to board at Arlanda.



And apparently meeting up with people before i left wasn't really happening on saturday. It was friday. Big secret planning since long? Bathing and getting a new haircut (a wee bit on the short side) and all sorts of crazy things. I got to see some people I hadn't seen in.. forever. Amazing :) Some of us did get too much to drink, in the end, but I hope everyone's feeling better today. Saturday was just me and the friends from Mariefred watching the game :) it was very nice to be able to cool down and relax after fridays craziness.

Andreas+Diana, your blue blanket is in my apartment. Tanja has the keys to it. Thanks for bringing my gameboy :)

Check back in a bit, eh!