Archive for January, 2011

Force iTunes to reread all ID3 Tags in your Library

January 16, 2011 3 comments

I recently did some cleanups in my music library (not that I did anything by hand, I used Music Brainz Picard, a fingerprint based song database).

Now the only trouble was that iTunes just doesn’t offer an easy way to update all Tags in its database with the updated ones from my library. Fortunately, I found this nice little Apple Script (note to myself: In the unlikely event I’d have some spare time, learn some Apple Script, it seems very very powerful).

Why am I sharing all this? Because it took me like 30 mins of googling to find out. Maybe I’m gonna increase the page rank a bit 😉

Categories: General, Tools

OpenVPN Site to Site Setup

January 16, 2011 6 comments

I’ve had a big fight to get my OpenVPN setup working to properly connect my remote office to my home network via a Mac Mini serving as a gateway on one side. I’m going to leave all the security/certificate issues out of this, as this is very well covered elsewhere.

The desired network topology is a fully bidirectional site to site link and  looks like this:

Home (> VPN ( / Internet -> Remote Office (
Home <-> VPN Server ( <-> Home Router (<-> Internet <-> Remote Router ( <-> Office VPN Gateway ( <-> Office Clients

To achieve this, the server configuration needs to contain:

local 	# The Network Interface to use 
proto udp				# We're using UDP
port 1194				# This UDP port must be forwarded to local by the home Router
dev tun					# We're using routing, so we need the tun device

server # this is the transit network pool
ifconfig-pool-persist ipp.txt # persist the leases
topology subnet				  # more on this later

push "route" 	# make clients push packets for the home network into the VPN
route 	# route packets for the remote office into the tunnel

client-config-dir ccd				# next to the config file, create a directory "ccd" which will contain client specific settings
push "dhcp-option DNS" # anounce the home office dns server to the connected clients, we only want a single dns for active directory to work

keepalive 10 120 # check connectivity every ten seconds, kill link after two minutes

comp-lzo	# compression is a good idea to improve bandwith
status openvpn-status.log

In the ccd directory, we can create a file for each client that connects to make OpenVPN push client specific settings. To make this happen, create a file with the Common Name of the certificate the remote office gateway uses to authenticate itself to the server (I looked it up in the ipp.txt pool file after the client has connected).
That file needs to contain a single setting:

iroute # do not push traffic for the remote network into the vpn, we _are_ the remote network

Note that because we persist the DHCP lease log in ipp.txt, the remote gateway will always be assigned in our example (you can edit this by editing ipp.txt and restrarting the OpenVPN Server Service).

Additionally, we need to set up a cople of routes in our routers:

  • Home Router:
    • to OpenVPN Server (
    • to OpenVPN Server (
    • Obviously open up UDP port 1194 on the firewall and forward it to
  • Remote Router:
    • to OpenVPN Gateway (

The topology subnet setting has caused some issue for me, but I finally got them resolved. The solution was to add the remote offices gateway adress to the route setting:

route 	# route packets for the remote office into the tunnel, make the remote offices vpn adress the gateway for this traffic.
If you don’t do this, you’ll get an error like this in the server log:
OpenVPN ROUTE: OpenVPN needs a gateway parameter for a –route option and no default was specified by either –route-gateway or –ifconfig options
OpenVPN ROUTE: failed to parse/resolve route for host/network
It’s a shame this isn’t mentioned on the official OpenVPN HowTo, the otherwise sparse but sufficient documentation could be a bit more precise here.
Using the tracert tool was an invaluable help here to check if my packets are routed correctly, one thing learned.
Categories: General
%d bloggers like this: