Skirting the issue.

Every so often I decide that I actually want to be a bit feminine for a change and you know wear make up and stuff. Funnily enough this has usually been around the time of BiCon which is the annual convention for bisexual people and allies to get together and hang out.
This year however I have a party coming up and I’m thinking it would be nice to dress up for it for a change rather than just wearing my usual jeans and stuff. I think part of if is hanging around K and remembering when I used to dress up really gothy myself.
I’m currently spending some time trying to find myself the right knee length skirt (yes I’m very fussy about what I wear being exactly right) and thinking about wearing it with some funky tights (I used to have a thing for funky tights). I think I may also be taking S to Camden market to buy a new pair of New Rocks. I used to have the ones I really like but sadly the zip went on them so they didn’t end up moving with me to London.
I’ve also been practising a bit with eye make-up as I used to be good at it but am so hideously out of practice I’m having to relearn how to do it.

GRE tunneling for fun and profit.

I recently subscribed to Netflix and being in the UK I found that they have loads more available in the US to watch.  To get around this in a way that would also allow me to stream programmes to my chromecast is actually quite complicated.  As I have small Linux box on my network to provide IPv6 via a tunnel I thought I would allow this to also allow access via a GRE tunnel to a VPS running in the US.

The first thing you need to do is setup the machine in the US so it can do NAT just like your home router can do with the following:
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -F FORWARD

iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT

iptables -A INPUT -i us-gre -j ACCEPT
iptables -A FORWARD -i us-gre -j ACCEPT
iptables -A INPUT -i us-gre -j ACCEPT
iptables -A FORWARD -i us-gre -j ACCEPT

Your then need to setup a GRE tunnel between your VM running in another country and your home network.  One thing to be aware of is that GRE tunnels use a specific IP protocol number rather than TCP or UDP.  This means that your need to either activate an option which enables this or setup the machine doing the routing on your home network as the DMZ host.

I used the following to setup a GRE tunnel on the VPS which will forward all data to my home network over the tunnel (my home network has addresses in the 192.168.x.x range).

ip tunnel del us-gre
ip tunnel add us-gre mode gre remote local ttl 255

ip link set us-gre up
ip addr add 192.168.X.1/24 dev us-gre

echo add routes

ip route add via 192.168.X.10 dev us-gre
#ip route add dev us-gre

Once you have everything setup on the VPS VM then your need to do the same on your home network with the following:

# VPN hosts.
ip rule add from 192.168.0.x table vpn

# Add default routes for vpn table.
ip route add default via dev tun0 table vpn

ip route flush cache

ip tunnel del us-gre
ip tunnel add us-gre mode gre remote local ttl 255

ip link set us-gre up
ip addr add dev us-gre

echo add default route

ip route add via dev us-gre table vpn

You will also need to run the following to add a table so you can have different routing destinations for different hosts which route via this machine.

echo 200 vpn >> /etc/iproute2/rt_tables

In order to make a machine use the tunnel your need to adjust your DHCP settings so the machine you want uses the machine with the tunnel as it’s default route. Once this is done your use:

ip rule add from ip route flush cache

table vpn on the machine with the tunnel on it. This creates a rule which makes the requested machine use a different routing table to all other traffic.