mercoledì 19 settembre 2012

Self compile Tesseract 3.0.1 on Debian Squeeze, libleptonica problem

In my case, ./configure fails with an error :


checking for asin... yes
checking for leptonica... yes
checking for pixCreate in -llept... no
configure: error: leptonica library missing


Libleptonica package was correctly installed but something is broken; there are tons of workarounds around about setting paths or other magic options, they are useless.
In order to solve the issue you have to uninstall (by apt-get) the debian libleptonica package and self compile libleptonica by source; After libleptonica self installation (make install), tesseract compilation 'll work as expected.
Get leptonica source.
Get Tesseract compialtion instructions.

sabato 15 settembre 2012

Openvpn server with Qnap TS-409 Pro, you can




 
Qnap ts-409 Pro is an old but powerful 4-bay NAS box (linux ARM) and comes with a nice proprietary webinterface and lot of functionalities.

The Mission

Add an OpenVPN access to my home network.
I like to have full access to all my home machines (bonus target: grant the home machines access to the VPN subnet as well).

The Plan

Installing openvpn on the main router/firewall is usually a good way to go but my home network has, as usual, a low-end TP-Link ADSL router and there is no way to install openvpn into that device.
The plan is to install the openvpn server instance into my only 24h/24h server, the Qnap TS-409 Pro. 

Warning

Installing a new software, changing configuration files and writing into flash are, for inexperienced users, always dangerous operations.
This guide may apply to other similar Qnap NAS models as well but you have to check for correctenss and applicability of this procedure by your own.
I'm not responsible of any damage, if you brick your box it's your fault, not mine.


The Solution

The Qnap community is very active and the box comes with a lot of QPKG packages, e.g. installing OpenWRT/ipkg support is straightforward.
This is the step by step guide I have used; here is the summary:

  1. QPKG Optware installion
  2. ipkg update
  3. ipkg install of openvpn package
  4. manual installation of tun.ko module
  5. create CA and certificates (EasyRSA, you can do this your pc)
  6. create server configuration files
  7. create client configuration files
  8. set port forward on router
  9. configure new static route on the router
  10. enable network forwarding on the TS-409
  11. test configuration
  12. change autostart.sh in order to persist changes thru reboot
It is mandatory to apply these  OpenVPN_Extras instructions (9,10) in order VPN to communicate properly with LAN; The tun device works only by routing properly the traffic.

In next paragraphs I'm not going to rewrite the linked wiki but I'll focus only on the tricky and interesting parts.

Details

Assuptions and network topolgy

Details about my network topology and choices about openvpn service ports.

Local network IP range: 192.168.55.0/24 (Subnet 255.255.255.0)
Qnap NAS server, home LAN IP: 192.168.55.77

OpenVPN service listens to 192.168.55.77:22111
ADSL Router forwards (Virtual Server) incoming UDP WAN traffic to port 7788 to the home host 192.168.55.77:22111 (yes, different port)


Clients will connect to Openvpn thru an external port which looks different from 22111, my choice

Server configuration

Mount the flash device in order to edit autorun.sh, with command:
mount -t ext2 /dev/mtdblock5 /tmp/createThisDirectoy/

mtdblock5 is the right device name for Qnap TS-409 Pro, check your box guide or wiki in order to find out your own.
... pay attention, after hacking the flash please umount in order to save changes properly:
umount /tmp/createThisDirectoy/

My autorun.sh looks like this, this chages are needed in order to restart openvpn automatically after a system shutdown

mkdir /dev/net;
mknod /dev/net/tun c 10 200;
(sleep 10;insmod /opt/etc/openvpn/modules/tun.ko)&

echo "1" > /proc/sys/net/ipv4/ip_forward
(sleep 15; /opt/sbin/openvpn /opt/etc/openvpn/easy.conf)&

The green row enables ip forwarding inside TS-409, this will route the VPN traffic from the tun interface towards the home lan interfaces, and the box will forward the packets to the destination machines.

my current easy.conf looks like this:

# OpenVPN server configuration QNAP NAS
# basic settings

# you have to choose your port (the listen port of openvpn service)
port 22111
proto udp
dev tun
#
# detect mtu if the connection is slow.
; mtu-test
#
# define mtu, if necessary
; tun-mtu xyz
#
# define the ip-addresses of the underlying tunnel
server 10.8.5.0 255.255.255.0
#
# Route
push "route 192.168.55.0 255.255.255.0"   #  <--- Enter the ip-address of your home network here!
#
# certificates & keys
dh /opt/etc/openvpn/keys/dh2048.pem
ca /opt/etc/openvpn/keys/ca.crt
cert /opt/etc/openvpn/keys/server.crt
key /opt/etc/openvpn/keys/server.key
#
# data compression
comp-lzo
#
# allow, that several clients with the same common name log on
; duplicate-cn
#
# different clients can "see" each other through the tunnel.
; client-to-client
#
# Keepalive
keepalive 15 120
#
# verbosity of status messages in the console. Activate for debugging (1-9) possible)
; verb 5
#
# Log files
status /share/HDA_DATA/.qpkg/Optware/etc/openvpn/log/status.log
log-append /share/HDA_DATA/.qpkg/Optware/etc/openvpn/log/openvpn.log

#
# Run as daemon (activate, after everything is set up properly)
; daemon
#
# Management Interface. Access with "telnet localhost 7505"
management localhost 7505




Notes:
The TS-409 Pro Optware folder is located (by QPKG installer) in a path which differs from the wiki guide, in my case my path is: /share/HDA_DATA/.qpkg/Optware/
Let's check optware path and files location on your box and change the script accordingly.


Client configuration

The clients, with the proper private keys and certificates, connect to the OpenVPN server using this configuration file:

# connect to QNAP OpenVPN Server

port 7788
proto udp
dev tun
tls-client
remote youraccountname.dynds.net 7788  #  <--- enter your dyndns-account here!
pull
# set mtu, if necessary
; tun-mtu xyz
#
resolv-retry infinite
nobind
persist-key
persist-tun
# certificates and keys
# Note the double \\ in the path for a windows config
ca ca.crt
cert your.crt
key your.key


ns-cert-type server
verb 4
comp-lzo


There are redundant settings and useless options too but, you know, this configuration file works :-)


Router configuration

The router has to do two operations:
  • forwards (Virtual Server) incoming UDP traffic to port 7788 to 192.168.55.77:22111
  • Routes all the packets with destination 10.8.5.0/24 to the gateway 192.168.55.77
The first one is a basic router configuration, usually named "virtual server", the second one is a bit difficult and you net to set a static route into your router.
The rule is this:
  
Destination Subnet Mask Gateway Interface x
10.8.5.0 255.255.255.0 192.168.55.77 br0

 br0 is the internal LAN bridge.

Why this route?

This static route is necessary for the LAN to send back packets to the VPN.. the LAN's machines are going to send all the VPN packets to the router (the destination is another subnet) and without this rule they are going to be lost o rejected.

Conclusions

I have only changed few details from the original wiki and I have succefully achived my objective.
Being able to connect to my home network thru VPN, being able to connect and communicate to all machines inside.