This is an unformatted brain dump of my experiences getting a VPN server set up using Ubuntu 10.04 LTS. My target was to get this solution working with native Mac OS X clients as well as Microsoft Windows XP, Vista and 7 clients. I wanted to simply have to give my clients a username, password and preshare key and they would have everything they needed to connect to the VPN. I was able to get this working with strongswan (and not openswan) as well as using xl2tpd.

- Clear any install of strongswan or openswan:

apt-get remove strongswan strongswan-dbg strongswan-ikev1 strongswan-ikev2 strongswan-nm strongswan-starter libstrongswan openswan

- Install xl2tpd (l2tp server), libfcgi0ldbl, ipsec-tools and libcurl3 (strongswan dependencies)

apt-get install xl2tpd libfcgi0ldbl ipsec-tools libcurl3

- Install the 4.5.0 back ported packages files (downloadable here).

This is required since I was having troubles with Ubuntu 10.04 default packages of strongswan (4.3.1) when authenticating windows native clients with a PSK, so I simply took the *unstable* version of strongswan 4.5.0 and built them under a fresh 10.04 install. I also activated nat transport mode at compile time since the 4.3.1 packages that ship with 10.04 don’t have this option activated.

If these packages don’t work for you, simply build your own.


dpkg -i \
strongswan_4.5.0-1ubuntu2_all.deb \
strongswan-dbg_4.5.0-1ubuntu2_i386.deb \
strongswan-ikev1_4.5.0-1ubuntu2_i386.deb \
strongswan-ikev2_4.5.0-1ubuntu2_i386.deb \
strongswan-nm_4.5.0-1ubuntu2_i386.deb \
strongswan-starter_4.5.0-1ubuntu2_i386.deb


/etc/ipsec.conf:


config setup
nat_traversal=yes
plutostart=yes
charonstart=yes

conn L2TP-VPN
type=transport
keyexchange=ikev1
keyingtries=3
authby=psk
pfs=no
rekey=no
left=%defaultroute
leftnexthop=%defaultroute
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
rightsubnetwithin=0.0.0.0/0
auto=add


Here we define the IPsec part of our L2TP over IPsec VPN connection.

We specify a transport type and force the use of IKE v1 (keyexchange=ikev1). This is important because since 4.5.0 strongswan defaults to IKE V2 and at this time fewer client use this (native Windows XP and native Mac OS X still use IKE V1). We will authenticate the IPsec layer with a pre shared key that we give to your clients. (authby=psk) The left part of our link is the server itself (defaultroute being the current main IP, left=%defaultroute), and the right part of our link can be anything (right=%any). We specify rightprotoport=17/%any because OSX clients do not use source port 1701 when connecting. pfs=no makes sure perfect forward is not enabled since our mainstream clients do not support it. rekey=no will make sure the VPN server will not initiate a rekey by itself. auto=add will make the connection start automatically when it matches an incoming client.

/etc/ipsec.secrets:


< SERVER PUBLIC IP > %any: PSK “< YOUR_PRESHARE_KEY_STRING >“

Here you put your preshare key for your VPN server. This information needs to be given to clients to allow them to connect.
(username, password and PSK).

/etc/xl2tpd/xl2tpd.conf:


[global]
port = 1701
listen-addr = < SERVER_PUBLIC_IP >
ipsec saref = no

[lns default]
ip range = 172.16.45.2-255
local ip = 172.16.45.1
require authentication = yes
refuse pap = yes
require chap = yes
pppoptfile = /etc/ppp/options.xl2tpd
ppp debug = yes
name = < SERVER_NAME >
length bit = yes


The listen-addr here is important to prevent the daemon from not listening correctly once the ipsec link is done. The Ubuntu default kernel for 10.04 does not come with SAref support, so we explicitely disable it. We require authentication on this link and refuse clear text passwords (pap). We require authentication with chap (the accounts should be defined in the /etc/ppp/chap-secrets file).

/etc/ppp/options.xl2tpd:


require-mschap-v2
ms-dns < YOUR_DNS_SERVER >
asyncmap 0
auth
crtscts
idle 1800
lock
hide-password
modem
debug
name < SERVER_NAME >
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
mtu 1410
mru 1410
connect-delay 500


- /etc/ppp/chap-secrets:


myusername * mypassword *
myotherusername * myotherpassword *


- Start xl2tpd and ipsec:


service xl2tpd start
service ipsec start


- Firewall rules to put in to allow incoming connections over protocol ESP, ISAKMP(500) , L2TP (1701), PPTP (1723) and Nat traversal (4500).


-A INPUT -i eth0 -p esp -j ACCEPT
-A INPUT -i eth0 -p udp --dport 500 -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 500 -j ACCEPT
-A INPUT -i eth0 -p udp --dport 4500 -j ACCEPT
-A INPUT -i eth0 -p udp --dport 1701 -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT


Lastly for your firewall you will have to decide what you allow your VPN users to see and reach. You can firewall them specifically using the ppp+ interfaces in your iptables.

(ie: -A FORWARD -i ppp+ -d < SERVER HOST > -p tcp -m tcp –dport 22 -j ACCEPT )

* Note: It seems there’s is an issue with the 4.5.0 packages in which describing networks in ipsec.conf with full netmask representation (ie: 255.255.255.248) would cause the charon daemon to die. Using the network address mask instead (/29) proved to work correctly…probably a bug in that version…

Connections should now work from iphones, ipads, windows native clients as well as OSX, provided you use the right creds! I tested on Android 2.2+ and was able to connect correctly. I would’nt use these specific versions in production but the process of setting it up and understanding the issues has been somewhat…entertaining.

I hope this helped someone.

-b

In a joint effort, and as previously stated on this very blog, our friends at the NFB and the folks here at Turbulent Media are now making the popular NFB player available for free for anyone seeking to display videos with flash.

The player is available as a compiled swf and is meant for basic video showcasing. You are free to use it on your blogs, twits and any other online video needs.

Source code and examples are available for download directly from the google code repository page nfb-video-player.

This first downloadable BETA package contains complete source code, all the graphical assets and a complete working example of the video player.

This beautiful player holds the Pyro API at its core, and is quite configurable through a series of flashVar parameters. You can easily integrate the player into your blog or website and use the available parameters to your own needs.

It is also the first exemple of a full Pyro integration being officially released, and will, without a doubt, make quite a few people happy, since we’ve been asked for real life working PYRO exemples.

We will be giving some basic support for questions and bug report related to this player through the nfb-video-player google code project.

LO and behold, Its official, pyro is now on google code.
You will find it all here: PYRO on google

Thats great news, what will I find there ?
Our google code nest contains the following:

Version controlled latest pyro updates and documentations (Be in synch with us here, get the latest latest working build).

Latest stable releases and docs packaged in zip files.

Upcomming wiki with advices and how-to’s

Wait a minute, I knew that !
Yeah yeah we know its not really new is it ? Already a seasoned pyro user aren’t ya, well we just needed to make it official, dont worry, it’s the exact same repository you’ve been retrieving pyro from. No need for you to change nor update your pyro svn location.

What the heck are you talking about ? What is this Pyro thing ?
Pyro is a small flash video API we have build. Nothing to brag too much about, but its worth checking out if you deal with video in flash in your line of work.

Here is a ‘résumé’ of what it does:

Progressive, RTMP (and the likes) and middleware induced streaming all united in one API.

Loading and progress ratios.

Client side bandwidth detection.

Resizing and proportion calculations.

Auto adjusts buffertime or lets you handle it as you see fit.

Manages dual treshold bufferTime strategies and single treshold bufferTime.

Dispatches a flock of Pyro events.

Regular play, pause, toggle pause , mute, volue, toggle mute, stop, close, width, height methods…. and so on.

and more.

When building flash 3D application it is often necessary to implement complex routines to manage camera movements. Wether it’s a 3rd person follow cam, a first person FPS camera or a more customized movements most of the time it would be desirable for developers to have access to a simple camera that implements a “natural” movement.

While developing a small racing game internally as a pet project, I came across the need to develop such a camera, one that would allow us to easily tail a moving object in the scene while keeping the right orientation in relation to the subject. Though, that is simple to do by itself, what really makes this camera interesting is that it’s not a “perfect” follow. In order to give a good acceleration effect on turns and in “turbo boost” moments, I wanted a camera that would be a bit late in it’s follow and allow for smooth and more natural feel, something that you see in classic 3D racing games.

Hence the Spring Camera was born, a camera that works very simply by implementing spring physics between the camera and it’s target. Imagine the camera is linked by a spring to a target, when the target moves in 3D space the spring extends and then “pulls” the camera thus giving a nice natural feel to the movement.

“One camera to rule them all”

Here is a sample Away3D code to initialize a spring cam in the View. By default, the spring motion is activated once the target property of the camera is set:

var springcam:SpringCam = new SpringCam(); view.camera = springcam; springcam.target = myTarget;

Ovbiously, there are more options. 3 main parameters are used to control the behavior of the camera:

Mass - The “weight” of the camera, how difficult it is to pull it.
Stiffness - How hard the spring is to extend. A high value here is as if the spring was a stick (or fixed lenght)
Damping - Controls how the spring resists the spring “boingggg” effect. A higher value makes for a smoother ride, lower values and the more boing you’ll get.

The camera also implements 2 important offset:

Position offset - Where the camera should be ideally in relation to the target (in model space). For example, if we want the camera to try to be 100 units behind the target, we’ll use a value of Number3D(0,0,-100); Obviously if the target moves fast we won’t stay 100 units behind exactly which is how the effect is created.

Look offset - Where the camera should look at in relation to the target. By default, the camera look AT the target but you might want to have the camera attempt to look at a different spot. For example, Number3D(-100,0,0) would look 100 units to the left of the target. (all this in target model space).

springcam.mass = 10; springcam.damping = 4; springcam.stiffness = 1; //Try to look 100 units in front of target springcam.lookOffset = new Number3D(0,0,100); //Try to stay 100 units behind target. springcam.positionOffset = new Number3D(0,0,-100);

And that’s pretty much all there is to it in terms of usage! The camera will automatically set it’s position in relation to the target based on the physics of the spring every frame without any additional code. Now all you need to do is move the target in 3d space and change it’s orientation…the camera will automatically follow.

All of these parameters, including target can be modified at runtime and will be updated real-time so you can do some pretty funky adjustments in your application code to create specific effect when needed.

This camera can be used to build a wide variety of cool cameras movements including but not limited to 3rd person camera, 1st person camera, chase cam, as well as all the standard camera parameters. You can even use it for cool transition effects!

Take a look at the Spring physics powered 3D camera demonstration.

Download the SpringCam class for Away3D.
Simply add the class in your Away3D source in the src/away3d/cameras folder.

Download the SpringCamera3D class for Papervision3D.
Simply add the class in your PV3D source in the src/org/papervision3d/cameras folder.

You can also grab the source code to the demonstration (away3d 2.2.1+ required)

Special thanks go to Kim Reeves for giving me a needed hand in whipping up the demo. Kudos!

UPDATE: John Lindquist created a short example using the original Focus example for pv3d with source available.

Hey if you like it or use it in a project, let us know with a comment and subscribe to our RSS feed!

Pyro is the name of the class set we have been using internally at Turbulent to build all the media players for our many corporate web clients. It’s the results of over 10 rewrites and many many revisions.

“Why build yet another video player?” you ask. Pyro only integrates the core logic of playing video using flash. Yea, sure, you can build your own thing using NetStream/NetConnection, hey , that’s basically what Pyro does and that’s what professionnals do. They do it over and over again. So why waste time with all the same problems like size handling, duration, bandwidth detection, etc? It’s from this question that Pyro was born.

It bundles all core functionalities of standard flash video players but leaves out defined design aspects to the developers while leveraging a common, simple and direct AS3 API for handling progressive http, proxied http and rtmp (rtmps, etc..) streams.

So we wrote some code and documented it.
You can find all the latest versions at our google code repo, right HERE.

For now this is a first release to see if there is interest in the community of using and contributing to Pyro. We use Pyro in a number of commercial applications and we keep adding and supporting the small but very functionnal codebase.

Here’s a basic usage example:

1. Create a Pyro instance, insert width then height as arguments and add your pyro instance to the child list. If you don’t pass it width / height, Pyro will adjust it’s size to the stream you want to play.

var pyroInstance:Pyro = new Pyro(320, 240); addChild(pyroInstance);</code> pyroInstance.autoAdjustBufferTime = true; pyroInstance.checkBandwidth = true; //regular progressive download playback. pyroInstance.play("http://myvideosite.com/videos/gratton.flv"); /* or use a middleware script to start streaming at a defined offset, in which case Pyro will take care of feeding your front-end the right data for progress bars etc. */ pyroInstance.play("http://myvideosite.com/videos/gratton.flv?start=34.454"); /* Don't have any fancy script, hell rtmp support is transparent. pyroInstance.play("rtmp://mymediaserver.com/streams/gratton.mp4"); pyroInstance.pause(); pyroInstance.resize( pyroInstance.width*2, pyroInstance.height*2); pyroInstance.mute(); pyroInstance.unmute(); pyroInstance.volume(0.5);

“Do one thing but do it well”

Pyro is already at the heart of many of web projects that we have produced in the past few years and such is the case of the National Film Board of canada (NFB). The video player we built for the NFB uses Pyro to implement features like closed-captioning and voice over tracks as well as support 3 modes of streaming. You can see it in action on the www.NFB.ca website.

Here is a dumb list of what the API provides:

- Support for progressive download (duh)
- Support for progressive download with time offsets ( for streaming from a specific time offset in a file)
- Support for RTMP streaming
- Bandwidth detection
- Automatic bufferTime adjustment based on client bandwidth
- Play / Pause / Buffer state management
- Volume control and mute state
- Many resizing options including ratio, fixed or auto-detect.
- Simple queue point integration and support.
- Duration handling as well as progress ratio
- Load ratio

Hey we’re not reinventing the wheel here. Just making a small solid video player API that implements what we keep repeating all the time. We’ve been pretty careful with memory leaks as well, so hopefully the API is not leaking

PATIENCE PLEASE
Please be indulgent, Pyro is always evolving and is far from beeing perfect. It might be missing features you were desperately hoping for , if that’s the case, we’re DEFINITLY opened to developing them. Drop us a comment!

Give it a shot , see if it’s useful, and if it is, please let us know!

Here’s the docs, and source…again.

Stay tuned for more examples !

Eric

Marpi from the Papervision channel contacted me regarding a problem with the Cassini shape in our previous post Papervision3D: Quad layer - Shape morphing source . Seems the that vertices and UV coordinates for the shape were not computed correctly. Well I took some time to correct the problem and realign the UV and vertices of the shape so all should be in order now!

Unfortunately, even the updated code is made using PV3D-Effects branch, which is outdated now! I do believe the code will function correctly using the latest pv3d trunk, though if anyone encounters some problems and that there is some demand I’ll make an official port.

Download the updated source shapes here.

The original experiment was also updated.

Happy peanuts! (cassini)

-b