mobile devices sysadmin technical

Windows Mobile 5/6 Networking Profiles, Proxy and VPN setup

After the last rant on Windows Mobile networking, I’ll go over a few actual solutions to the issues I encountered: hopefully a few people may find this more helpful.

Note that the following explanations, definitions of features and so on are the product of my own observation and experimentation with various WM5 and WM6 mobile devices. I have found some documentation on their functions but the majority of information I have discovered through trial and error. If there is some official documentation somewhere which contradicts what I say here (and I wouldn’t be at all surprised) then so be it: what I can say for sure is mine works.

That said, Windows Mobile networking is in my experience notoriously flaky and even though the stuff here works for my device, your mileage may vary considerably.

Ok, lets get into it.

Golden rule: Anytime you change anything at all in the networking profiles, after you have saved the changes, disable and re-enable the wireless network/adapter. I have a control utility for this on my device – (HTC Hermes) – but this will vary between devices. Following this step  every time I change anything has reduced my frustrations considerably – not doing this means settings often just don’t take effect, and after doing this sometimes things just start working.

A quick explanation of terms I’ve used:

  • “Config Profiles” refer to the named settings you can create and assign to different networks in “Network Management” (Start -> Settings -> Connections -> Connections -> Advanced -> Select Networks) – Some of the existing config profiles are ‘My ISP” and “My Workplace” (and you will have others automatically created for your ISP if you have mobile internet access on your SIM card via a 3G or GPRS network).

Explanation of how WM decides which network to use (And hence which attached config profile is used to decide how to connect)

Windows mobile networking is whack (but you knew that already, right?). Here’s how it breaks down: It decides how to handle a http network request based on whether there are any decimals (periods) in the dns name.

By its logic, anything with a decimal/period is ‘internet’ and anything without a decimal/period is ‘work’.

So:

  1. http://bogus.internal” is handled with the config profile attached to the“Internet” network
  2. http://bogus” is handled with the config profile attached to the“Private Network” network

You can create multiple different named config profiles and assign any of them to either “Internet” or “Private Network”.

An important thing to note is, a config cannot have a VPN server added to it (or use an already setup VPN) when applied to the ‘Internet’ network. If you want to use a VPN you’ll have to do it through the ‘Work’ network (see exceptions hint below).

Explanation of the ‘Exceptions’ settings.

Now – anything in the ‘Exceptions’ list goes through the “My Work” profile regardless of whether the dns name has decimals in it to not. The good news is you can use wildcards here to force a wide range of sites through the ‘My Work’ profile if you want – hint: http:/*.* and https://*.* . I didn’t end up using this for my solution, but you might find it useful.

I’m sure this flavor of networking makes sense to some software engineer in Microsoft land, but to me it just spells confusion. Once I worked out what was actually going on, I figured out some shortcuts/config hacks which can be used to railroad the networking into doing more or less what you tell it to.

So here’s what I’ve done to make mine work:

First, I access everything using its FQDN – no dotless machinename shortcuts. This makes sure everything is using the profile assigned to “Internet” (regardless of whether I’m on a work network or not).

Make sure the ‘Exceptions’ section has no entries.

Next, tell windows mobile that every wireless network you connect to is “The Internet”. Forget about the “Work” option . As far as my usage goes, that option is useless. All the wireless networks I connect to are set to “Internet”. If you have already added a wireless network and don’t know if its tagged to “Work” or “Internet, you can go into settings -> wireless networks, find existing networks, and change which network it connects to.

Next, create a couple of new custom network configs, as follows:

  • ‘Direct Connection’ – this does as it says, and contains no settings for proxy or vpn.
  • ‘Proxy Connection’ – this has my work proxy server entered

You do this via Settings –> connections (tab) –> connections (icon) –> Advanced (tab), Select Networks (button). Here you can edit existing or create new config profiles.

Incidentally, my workplace uses VPNs to grant authenticated access to the wireless network – so not allowing a VPN connection to a host on a “private network” just breaks everything.

Once you’ve done that and entered your proxy authentication credentials in the appropriate places, you’re ready to go. Whenever you want to change how you’re connecting to the net go to network settings, and change “internet” to one of your created profiles. Remember to start/stop the wireless to force the change, and your next network access should be using either direct, proxy, (or VPN – see below), whichever you’ve chosen.

By doing this you lose any pretense of windows Mobile networking transparently working from whichever location / network you are connected to, but it never worked properly for me anyway, and at least this way you have some control back.

Connecting to a VPN

The above covered getting web access only, either direct or via a proxy. To get a VPN connection active (eg for skype and the like) heres what you have to do instead:

  1. Assign a config profile to the ‘work’ network
  2. Add a VPN connection to the config profile you used. You can add VPN connections to a config profile by assigning it to to the “Internet” connection, hitting OK, going back to the ‘Tasks’ tab and clicking the ‘Add a new VPN server connection’.
  3. Add the appropriate wildcard exceptions (to the ‘exceptions’ section) to trigger the VPN connection for every hostname.

Once I get a VPN up at my work from inside the wireless I can make direct connections to outside hosts, for example using PocketPutty. Be warned though that even if it does connect, Windows Mobile likes to shut down the VPN connection once it decides it is no longer in use, eg after you haven’t looked at web pages for a while, regardless of whatever else you are doing on the network, (say in a live SSH session). Parking pocket IE on a web page with an auto-refresh might possibly fool it into keeping the VPN alive, but I haven’t experimented with that yet.

Hopefully there is some useful info in here and it eases the pain of getting your mobile device networking in a saner fashion.

This is a fairly quick covering of networking with WM5/6 and its highly likely there are holes, inaccuracies and/or bits left out:  If anyone has queries, corrections or extra to add, go ahead and comment or hit up the contact form for direct email.

rant technical

Adding search plugins to firefox is now broken by default?

I’ve just discovered an incredibly annoying bug downgrade “feature” in the new firefox (3) – the new add-search-plugins site is broken. I noticed it in later versions of firefox 2.x as well: I was kind of hoping it was something temporary but it looks like its here to stay.

(Quick solution: ignore the site the “Add engines” link takes you to and go to mycroft.mozilla.org instead – its all there).

I’m a big fan of the firefox search bar: I have it setup for google, google images, dictionary.com, urban dictionary, wikipedia, wikiquote, youtube, imdb and ebay. I’ve even written two search plugins in use at the computer science dept at my university which is used to search the staff directory + and general website.  I use them all the time, and they will be included in the firefox 3.x deployed to the workstations our 17+ computer labs this semester.

So I’m a fan, I consider search plugins a highly desirable if not essential time-saving feature in my browser, and as soon as I install a new copy of firefox, I take time out to customise my search menu pretty much straightaway. I quietly evangelise the feature to others, show them how easy their common searches can be. Click here, click there, bam, done, easier, isnt firefox great?

Problem is,  what used to be a simple and smooth process is no longer. By default anyway – and only if you’ve upgraded your browser relatively recently.

Now I haven’t actually gone back and installed an older version to check or anything, but I’m pretty sure that getting more search plugins used to be a case of dropping the search menu, selecting “Manage Search engines”, then “Get more search engines” (or the equivalent text) in the settings dialog.

This would take me to a site I never bothered to remember the URL of, since the link was always right there in settings.

Used to be, I could go *wherever the aforementioned link went*, type in the name of *major searchable site* I wanted to add (ebay/youtube/wikipedia/etc) and would be presented with a list of links – click on them, approve the security popup, and wham, the plugin is added. It was quick and easy, and I found that if I was searching somewhere (ebay for example), rather than go straight to the site and use their search, it was worth the 60 or so extra seconds to go via the search plugins site and add them to my search bar.

Now, this simplicity is broken, due to a simple change: the “Get more engines” link now takes me to addons.mozilla.org. Different site, ok, cool – as long as it gives me the functionality, right? I have faith. Its landed me automatically in the ‘Search plugins’ category. Cool. I seach for ‘ebay’. It turns up… zilch. Searching for ‘google’ gives me… ‘AOL search’ (wtf?).

Oh no.

A couple of minutes later navigating around and trying different searches with no fruit, I realise that regardless of whether this site actually does conspire to harbour the search bar plugins I pursue, perhaps concealed behind some menu or search option I have overlooked, however n00b-like I may be in overlooking said option, this new way of adding plugins has failed, catastrophically. It has failed the end user test. Namely, its chief advertised function – adding searchbar plugins – is nowhere in sight. Not to the casual user, and not to me. It is, it seems, akin to getting in a taxi, asking to be taken to a restaurant and being dumped at the local gymnasium. I wanted a hamburger and I didn’t even get something edible. The place I’ve been taken is not even related.

So I dumped the broken site and hit google looking for firefox search plugins. A couple of links in, I found what looks like the old site – mycroft.mozdev.org - which has the goodness, the instant search, the 60 second convenience I wanted. I bookmarked it, problem solved – for me, anyway. Now I remember that URL in case I need to add more plugins on another machine, or demonstrate the add plugins feature on someone elses browser.

I just hope this difficulty doesn’t put people off using firefox, especially those migrating from other browsers.

linux sysadmin technical

Simple quick and dirty linux to smb copy backup script using smbfs

I recently wrote this bash script for the purpose of a simple selective backup on one of our linux servers. It tars up a bunch of files and copies them to a windows / SMB server elsewhere on the network (where it is then backed up to tape as per everything else on that server). I know there are many different examples of this type of script on the interweb already, but someone might find this version helpful as well.

There seems to be a few different ways to get the SMB bit done but I ended up using smbfs: you’ll need this on your system for this script to work. If you don’t have it and you’re using a package manager it should be pretty simple to get, a bit of #apt-get install smbfs should do the trick.

Note: I am aware of various security issues with running scripts as root, storing passwords in scripts, and this sort of thing. Since this is a super simple backup script, I’m doing it anyway : Complaints department is /dev/null ;)

Script 1: this is a super simple version. It tars and copies some folders to the remote share and thats it.

#!/bin/bash

#simple backup script
#by Glen Scott, glenscott.net

# set smb server and auth vars
sharename="//ourserver/ourshare"
username="ourdomain\ourbackupuser"
password="passwordgoeshere"

backuplocation="/backups/*"
savepath="/root/"
filename=$(hostname).backup.$(date +%a).tar
mountpoint="/mnt/smb"

#tar up the backup folder
tar -cf $savepath$filename $backuplocation

#connect to the share
mount.smbfs $sharename $mountpoint -o username=$username,password=$password

# move the tar
mv -f $savepath$filename $mountpoint

# disconnect the share
umount $mountpoint

#all done!

Script 2: this is the second version I made for another box. It needed a mysql database backed up as well so I added a few lines in for that. I also took the chance to add a quick working folders checker / creator, tidy it up a bit and comment everything.

#!/bin/bash

# simple backup script
# by Glen Scott, glenscott.net

# this is a simple script to tar.gz certain folder locations and copy them to a SMB share
# this script should be run periodically from crontab
# you will need smbfs installed on your system or modify the samba mount method

# set smb server and auth vars
sharename="//ourserver/ourshare"
username="ourdomain\ourbackupuser"
password="passwordgoeshere"

#set mysql details
mysqlhost="localhost"
mysqlusername="root"
mysqlpasswd="mysqlpasswordhere"

#set which folder locations we want to backup, inc trailing slashes
#add more here and append to the appropriate tar line further down the script if needed

location1="/var/"
location2="/backup/"

#set temp files and folders
backuptemp="/backuptmp/"
savepath="/root/backup/"
filename=$(hostname).backup.$(date +%a).tar.gz
mountpoint="/mnt/smb"

# make sure our working folders are present and accounted for

if [ ! -d "${backuptemp}" ]
then
mkdir $backuptemp
fi

if [ ! -d "${savepath}" ]
then
mkdir $savepath
fi

if [ ! -d "${mountpoint}" ]
then
mkdir $mountpoint
fi

# tar up the files we want into the backup temp
tar -cf ${backuptemp}files.tar $location1 $location2

#dump the local mysql db into the backup temp
mysqldump "-h${mysqlhost}" "-u${mysqluser}" "-p${mysqlpasswd}" --all-databases --lock-tables > ${backuptemp}mysqldump.sql

#tar up the backup temp folder
tar -czf $savepath$filename $backuptemp

#connect the smb share to our mount point
mount.smbfs $sharename $mountpoint -o username=$username,password=$password

# copy the tar (could also move it but whatever you like)
cp -f $savepath$filename $mountpoint

# disconnect the share
umount $mountpoint

#all done

As long as you have smbfs installed, the above should work fine.

A word on smbfs: without it the above script will fail. You can probably install smbfs quite easily on your system with the command apt-get install smbfs (or yum if you’re using redhat/fedora, or whatever your flavor of package manager happens to be). I use debian, so apt-get works just fine for me.

A word on Crontab: You’ll need to add the script to your local cron to get regular backups.

I won’t go into hideous details about how crontab works, theres plenty of that on the net already. To keep it simple, if your distro supports it (most should) you can put a symlink to the script in /etc/cron.daily or /etc/cron.weekly which will give you a simple schedule.

If you want something a bit more complicated, you’ll have to mess with the crontab. I’m aware there are commands to get this done but I’ve always just edited the system crontab directly. Mine runs twice a week, on wednesdays and fridays, so my crontab line looks like this:

# m h dom mon dow user    command
0  2    * * 3,5 root    /root/backupscript

 

UPDATE: I notice a mutated version of this script has been posted in this forum thread over at linuxquestions.org – cool! Check it out over there if you want to see what someone else has done with it.