ZeroNet Blogs

Static ZeroNet blogs mirror

Reading W28Y17

- Posted in KanjaZero by with comments

Playing with a USB thermometer

- Posted in KanjaZero by with comments

So, it all started with one of my machine that has a CPU running a bit hot (above spec) even when it's not doing much...(<10% cpu usage, still goes >75-80Deg C)

I don't have another temperature sensor on this machine (other than the CPU one) so I bought a ~5EUR USB one. uhidev1 at uhub4 port 2 configuration 1 interface 1

Simply plug it in:

"RDing TEMPerV1.4" rev 2.00/0.01 addr 3
uhidev1: iclass 3/1
ugold0 at uhidev1
ugold0: 1 sensor type ds75/12bit (temperature)

well...does this work? one easy way to check:

# sysctl hw.sensors.ugold0
hw.sensors.ugold0.temp0=24.25 degC (inner)

Coolness... I am running symon/symux/syweb which is an easy way to rrdtool/rrdgraph. pkg_add them as usual to install them. Then rcctl enable for symon and symux. Then you can rcctl start them once the config is completed. The two temperature sensors are cpu0.temp0 and this usb one, ugold0.temp0

# cat /etc/symon.conf
monitor { cpu(0), sensor(cpu0.temp0),
mem, mbuf,
if(lo0), if(alc0), if(axe0), if(vether0),
io(sd0), io(sd2), io(sd3),
} stream to 2100

# cat /etc/symux.conf                                                                                                                                                                                                                                         
mux 2100

source {

        accept { cpu(0), sensor(cpu0.temp0),
          mem, mbuf,
          if(lo0), if(alc0), if(axe0), if(vether0),
          io(sd0), io(sd2), io(sd3),
        datadir "/var/www/symon/rrds/localhost"

If you have some rrds already and just added some new one it's no problem you can create the new one with the same command, it won't touch the one already existing:

/usr/local/share/examples/symon/ all

Now to get the pretty graph on syweb, go in /var/www/symon and create a temp.layout:

group   name="Merged Graph";
text    "<div>
        How external temp impact the internal one.
graph   template ='-v temp (Celcius)
-w %width%
-h %heigth%
-s %start%
-e %end%
-t Temperature Sensors
COMMENT:  min   avg     max     cur     \n

Don't forget the httpd configuration for syweb:

# cat /etc/httpd.conf
server "stats.zerocks" {
        listen on port 81
        root "/htdocs/syweb"
        directory index index.php
        location "*.php*" {
                fastcgi socket "/run/php-fpm.sock"

Pretty I can easily see how much of an impact the outside temperature has on the cpu one... Obviously there's plenty of other application to be done with this. Have fun.

#openbsd #symon #rrdtool

ZeroNet - My First Impressions

- Posted in KanjaZero by with comments

TADAMMM - Here are my first impressions after being on ZeroNet for 96 hours:

  • Overall: Simple, smart and cool. And pretty easy to find content and resources.
  • ZeroBlog: AWESOME.That's for sure a keeper.
  • ZeroMe: The interface is pretty slick, I like it...when it works...for some reason I have load of display issues, 70% of the time it's blank (greyish) then clicking on my profile then back on followers "sometimes" give me back the expected content. Of course NoScript and other add-ons didn't help but even all of them turned off it's still struggling. Same feedback using tor-browser, firefox or chrome. The Hubs seem to be a pretty big mess. Keep having tons of update failure.
  • Zites: Super easy to create a Zite from scratch... the error when 'Signing" isn't obvious to me that it could be a size limitation, should have a clear message or automatically offer to expend size. Also this story of always offering big size chunk, for a 323MB site it wants 500MB. Then the publishing process ... feels like black magic. Sometimes it works...sometimes it doesn't. for the very first publish I mean in similar condition with 2 peers. I should probably RTFM and understand this part better. But once it's running it's all good.
  • ZeroMail: The echobot isn't working, that's not a big deal. I could communicate with people but deleted messages keep popping back up in Inbox every now and then. Also always have an update failing on one file.

I will for sure keep fooling around here. Get used to it... #imho #zeronet

Running a tor relay.

- Posted in KanjaZero by with comments

There are no valid excuses for not running a tor relay at home. Seriously. Do you monitor your home bandwidth usage? So much unused capacity... And considering that most of the ZeroNet users also use tor... then it makes even more sense! You can't say it's difficult to configure, here's the few lines you need in your tor confg file. (Which btw is very well documented so just read it.)

$ grep -v '^\s*[#]' /etc/tor/torrc | awk /./

SOCKSPort 0# Default: Bind to localhost:9050 for local connections.
Log notice file /var/log/tor/notices.log  # I don't want more noise in syslog
RunAsDaemon 1
DataDirectory /var/tor
ORPort 9418
Nickname whateveryoulike
RelayBandwidthRate 1221 KBytes  # Throttle traffic to 10Mpbs
RelayBandwidthBurst 1465 KBytes # But allow bursts up to 12Mbps
AccountingMax 90 GBytes  # 90GB max / timeperiod (that would be 8.3Mbps continuous)
AccountingStart day 00:00  # timeperiod is per day (reset at midnight)
User _tor
ExitPolicy reject *:* # no exits allowed

#justdoit #thingthatmatters #tor #bepartofsomething

OpenBSD pf.conf

- Posted in KanjaZero by with comments

Let's have a quick look on how to configure OpenBSD PF (Packet Filter) to force all traffic through a VPN. We'll also cover how to configure dnscrypt_proxy for a safe DNS resolution (going through the VPN as well^^).

Here's a quick pf.conf to do the job, appreciate how short and crystal clear the syntax is!

##### /etc/pf.conf
# em0 is your local network interface
# W.X.Y.Z is the IP address of the openvpn server
# some openvpn client config file comes with a hostname,
# not an IP for the server, resolv it and change it manually
set block-policy drop
# no filtering on loopback
set skip on lo0
# block all ipv6
block return out quick inet6 all
block in quick inet6 all
# block all by default
block all
# accept the local interface to connect only to the vpn server
pass out quick on em0 from any to {$vpn} flags S/SA keep state
# accept all traffic through the VPN
pass out quick on tun0 from any to any flags S/SA keep state

For the DNS resolution we'll be using dnscrypt_proxy.

# Install the binary package
pkg_add -v dnscrypt_proxy
# activate it in /etc/rc.conf.local
rcctl enable dnscrypt_proxy
# configure it in /etc/rc.conf.local
echo "dnscrypt_proxy_flags=-l /var/log/dnscrypt.log -R ipredator -a" >> /etc/rc.conf.local
# change your /etc/resolv.conf to use dnscrypt_proxy
echo "nameserver" > /etc/resolv.conf

Make sure pf is set at boot (rcctl enable pf) make sure to refresh the rules if you've just changed them (pfctl -f /etc/pf.conf) then you shouldn't be able to access anything until you: 1/ Start your vpn client (openvpn myclient.conf -- remember to have remote IP_ad dress and not an hostname) 2/ Start dnscrypt_proxy (rcctl start dnscrypt_proxy) that goes through the VPN . .. obviously. 3/ Now you can start tor ... 4/ And now you can start ZeroNet If the VPN drops nothing works...this way ZeroNet goes through Tor which itself g oes through your VPN and just in case the dns request goes on another safe way out still through the VPN...

#commentsarewelcome #openvpn #openbsd #pf

Installing ZeroNet on OpenBSD

- Posted in KanjaZero by with comments

Let's just cover real quick how to install ZeroNet on OpenBSD and start it then how to get it to go through tor. All done in 3 minutes!

## Let's install the pre-required packages
pkg_add -v python-2.7 py-gevent py-msgpack
## Let's fetch ZeroNet from github
ftp <>
## open the ZeroNet tarball
tar zvfz master.tar.gz
## get into the directory and start it!
cd ./ZeroNet-master/
python2.7 --ui_ip '192.168.X.11'

The --ui_ip is to allow this to be reachable from the vLAN interface (from another computer) since it's running on a headless server. To run it with tor, it's also pretty straight forward:

## install and configure tor
pkg_add -v tor
vi /etc/tor/torrc
## uncomment the lines below in /etc/tor/torrc
ControlPort 9051
CookieAuthentication 1
## start tor
rcctl start tor
## allow the group from the user that will run zeronet to rw the control_auth_cookie
## quick and ugly way to do this for testing purpose is to just:
chgrp usergroup /var/tor/ && chmod 750 /var/tor/
chgrp usergroup /var/tor/control_auth_cookie && chmod 660 /var/tor/control_auth_cookie
## then we're good to start zeronet from the folder when you've untar it
cd /wherever/Zeronet-master
python2.7 --tor_controller --tor_proxy --ui_ip '192.168.X.11'

PS: I should provide a less naughty way to adjust the auth_cookie the meantime this still works

#zeronet #tor #openbsd #howto

I will describe here how to install an OpenBSD virtual machine under OpenBSD with VMM. Then in a future post we'll cover how to install ZeroNet (VPN+Tor+dnscrypt_proxy+pf) on this VM.

Let's get the install kernel and the install image for OpenBSD 6.1 amd64:

# ftp <>
# ftp <>

Before I forgot let's enable vmd and stard it:

# rcctl enable vmd && rcctl start vmd

I am creating a 64GB image file for the VM then I start the install image booting on the install kernel and setting up 2GB of ram for it. The -c option will get you straight connected to the console.

# vmctl create -s 64G
# vmctl start "zerovm" -c -b bsd.rd -m 2G -i 1 -d -d install61.fs

Do a standard install - nothing special, all default options make sense.When you get to the installation of sets, choose "disk > not mounted > sd1 > a". Once it's done and your back at the shell prompt. Exit the VM console using the key sequence ~^D (tilde ctrl-D). Stop the VM and check the status of the VM

# vmctl stop zerovm 
# vmctl status

Let's configure the VM to start at boot with the correct parameter and a virtual ethernet switch on the LAN (feel free to use another IP subnet than your real LAN so it will be even easier to filter with pf on the host). Create the virtual interface:

# echo "inet 192.168.X.1 NONE" > /etc/hostname.vether0

Make sure you allow traffic on this interface in your host /etc/pf.conf

vmd_if = "vether0"
pass out quick on $vmd_if inet
pass in quick on $vmd_if inet

Create your /etc/vm.conf :

files=  /usr/where/ever/you/have/yourvm/store/
vm zerovm {
   memory 2g
   disk $files
   interface tap { lladdr 00:01:02:03:04:05 switch localnet }
switch localnet {
   add vether0

That should be it... create the interface (the hostname.vether0 is to have it at boot time) then refresh your pf to take your change into account and restart vmd:

# ifconfig vether0 create
# ifconfig vether0 inet 192.168.X.1
# pfctl -f /etc/pf.conf
# rcctl restart vmd

If everything went smooth the VM should start check and connect to it:

# vmctl status
# vmctl console zerovm

That's it... next time we'll see how to install zeronet on this pretty new VM running on OpenBSD of course! (I assume you've configured the VM network properly within the same subnet that the vether0 etc.. etc...)

#howto #openbsd #vmm