Bluetrait

I decided to do a quick CSS update last night. The site design really hasn't changed since I released it back in early 2005. I've gone with a more white space approach. It still looks bad, I know I'm not a designer, I don't even know if it looks better than before. But it is different :) I think I need to fix up the two sidebars. I might have a look at that today.

Ordered Monday night, was delivered about 1pm today. Awesome! Cannot wait to get home! ;)

I've just added support to my blog for Akismet through the use of this php class. I'm currently waiting on my API key before I enable it.

Looks like some spam is finally getting past my spam filter. I'm going to look into adding support for this

I've been using FCKeditor in my admin panel for a while now. It started off being a bit buggy but now it is working very nicely. There is a new feature that allows you to have a full screen text/html editor, plus it loads heaps quicker. Have a test here

I've been getting my fair share of trackback spam in the last month or so. I've decided to disable trackbacks for the time being. Unfortunately I cannot use my spamblock code on them (which works great for normal comments).

Well the MacBook is finally out. I'm contemplating getting one.

Also I've noticed that my last post broke IE and really anyone running sub 1600x1050. Sorry about that, go buy a bigger screen ;)

On another note, I got an email from one of my friends at usyd:

Sydney Uni is selling original iMacs for $50!!! I don't know if you have any
use for super cheap old computers, but I thought I'd tell you anyway. The
School of Languages is trying to get rid of them. Maybe for spare parts,
extra storage space (although the one I saw I had a hard drive of a whopping
4 GB - not much storage space there!)???? Anyway, I thought you might like
to know.

So if anyone wants cheap macs. I think I've got enough. On last count we now have 6 macs in the house :)

I purchased my parents a new router/modem/wireless device the other day. It is a Netgear DG834G, great value for money.

Anyway the Netgear supports VPN termination, so I decided to setup a VPN between their house and mine. This allows me to run voip over the VPN without the need to worry about port forwarding (which is a real pain with SIP).

So the technical background:

My place:
1) Static IP address (59.167.253.89)
2) Juniper Netscreen 5GT running ScreenOS 5.3.0r2
3) 10.0.0.0/22 (10.0.0.0 - 10.0.3.255)
4) Router on address 10.0.0.254

Parents place:
1) Dynamic IP address
2) Netgear DG834G running firmware V3.01.25 (Has also been tested to work with a DG834 with firmware V2.10.22)
3) 10.0.4.0/24 (10.0.4.0 - 10.0.4.254)
4) Router on address 10.0.4.254

Now the netgear has some limitations with the VPN. The main issue is that it only supports "Main Mode" authentication. Main Mode is designed for site to site VPNs both with static IP addresses. My parents don't have a static IP address.

To get around this the netscreen allows you to point the remote end point (in this case the netgear) to a hostname. So for the netgear site you need to setup a dyndns.org account. For an example we will call this example.dyndns.org.

See below:

So lets setup the netscreen site first.

1) Setup IP Address Objects that point to each site. Under Objects > Addresses > List. In my case
10.0.0.0/22 TRUST (local)
10.0.4.0/25 UNTRUST (remote)

2) Now to setup the VPN Gateway on the netscreen. Under VPNs > AutoKey Advanced > Gateway.
Add a new connection like below:

Select your preshared key here too.

Now select Advanced (note you could use 3DES, but in this case I just use DES):

3) Now you need to setup Phase 2. Under VPNs > AutoKey IKE

Then select advanced:

4) Now we need to create a policy that allows traffic to flow in both directions. This is called a bidirectional VPN policy.

In Policies under Trust to Untrust create this policy.

5) Now time to setup the netgear. Create an auto VPN account

Note the preshared key must be the same for each device.

That should be all you need to do. You can monitor the connection on both sides through the log files. The netscreen outputs a more detailed log so it is best to read this.

If the connection doesn't work it is best to troubleshoot the VPN from a console connection to the netscreen.

To start the debugging process type:

To finish the debugging type:

Hard drives are so cheap these days. I just picked up a 300gb Seagate sata drive for $175. It does NCQ and has 16mb cache. Pretty cool drive.

It has been installed in the mail server to remove (at least for a day) our storage problem.

I thought I'd give ajax (Javascript and XMLHttpRequest) a test. The right hand side bar now loads using XMLHttpRequest. It is still a bit buggy and doesn't really serve any useful purpose but I wanted to learn how it works.

You can look at my javascript code here.

A useful howto on AJAX can be found here

EDIT: Another of my ajax test pages