Kevin Kleinfelter's blog

Which Way Does ln -s point (or Which Comes First, the Real Folder or the Symbolic One)?

I hate "ln -s". I can never remember which to put first -- the name I'm creating or the name which already exists.

ln -s {target-filename} {symbolic-filename}


ln -s {thing-that-exists}{new-thing-that-will-exist}


ln -s {old-thing}{new-thing}

Solution OpenVPN

You're thinking, "I'd like to use VPN, but I can't afford a Cisco AnyConnect license." I'll walk you through setting up free OpenVPN software on a $50 Raspberry Pi computer. Benefits:

OpenVPN Troubleshooting

Here's where I collect my 'learnings' on setting up and operating OpenVPN.

Handy Command Lines

Restart OpenVPN server, to re-load config file:

sudo service openvpn restart

OpenVPN Always Connects Twice or Connects, Drops, Connects, Drops, Connects...

I set up my OpenVPN system and went to make my initial connection. It connected! And dropped, and connected and stayed connected. In fact, every time I told the client to connect, it would connect, then drop, then reconnect. Weird. Usable. A little slow. A mystery.

Build Configuration Files for Your OpenVPN Clients

Building a config file is hard. Here's a script to help build it. On the machine where you built your keys, put this in a file named ~/easy-rsa/ It is based on a script found here, written by Eric Jodoin. Be sure to edit EXTERNALIP.

Dangers of Open WiFi

Open WiFi Is Scary

If you go to Starbucks (or McDonalds or Chick-fil-A or...) and you connect to WiFi without entering a password, your WiFi traffic is broadcast to all WiFi clients within range. Using commonly available tools, anyone can capture web pages you visit, etc. HTTPS protects some of your traffic, but some sites use HTTPS solely for authentication, and many apps send data unencrypted. For sites which use HTTPS solely for authentication, it is possible for a hacker to capture your cookies and masquerade as you.

Write Raspbian to SD Card from Linux

There is a perfectly good how-to at

Once you follow that, be sure to create an empty file named "ssh" in /boot on the SD Card. This will enable you to connect to your Pi via SSH, even if you're running a "headless" Pi with no monitor.

Return to Basic Raspberry Pi Setup

How Does a VPN Work?

When your laptop wants to talk with a host computer via the Internet (using something called "IP protocol"), it sends a data frame via WiFi or a wired connection. The frame travels from router to router via a mostly direct route until it arrives at the computer you're trying to talk with. Unless it is encrypted, if you send "myUserID" and "myPassword", every router along the way will see "myUserID" and "myPassword" somewhere in the frame. This is not good if you're in a coffee shop where someone has tampered with the router.

Write Raspbian to SD Card from Mac

  • Run:

    diskutil list
  • Review the output. Identify the device for your SD. On mine, it was "disk2". Substitute 2 (or your digit) for # below.

  • Run:

    diskutil unmountDisk /dev/disk#
  • Run (this takes a few minutes):

    sudo dd bs=1m if=2017-01-11-raspbian-jessie-lite.img of=/dev/rdisk#
  • Create a "ssh" file on the SD card to enable ssh on first boot and un-mount the SD card:

Write Raspbian to SD Card from Windows

  • Download Win32DiskImager
  • Unzip it to Win32DiskImager.exe
  • Right-click Win32DiskImager.exe and select Run as Administrator
  • Select the image file you extracted (2017-01-11-raspbian-jessie-lite.img)
  • Select the drive letter of the SD card in the device box. Be careful! You don't want to write to C:\
  • Click Write and wait for it to finish

Build Keys for OpenVPN Clients

These instructions assume you set up your server per this article.

We're going to build 30 keys, permitting up to 30 clients. You can come back and build more keys later, but by then you will have forgotten how. Build a nice big supply of them now, and store them somewhere safe. Distribute them as needed. Make a little spreadsheet (or a readme.txt) to track where you use each one.


Subscribe to RSS - Kevin Kleinfelter's blog