Just got my RSI Mouse Mat delivered.  Very quick delivery, only ordered it a few days ago!  Razer Goliathus mouse mat for scale.

Using OpenVPN with OpenWRT is a common solution for pushing routes out various egress points from your network.  However, maintaining a list of routes in your OpenVPN config is a nuisance, plus if the mapping from DNS name to IP address changes, they spontaneously break.  Additionally, you ideally want to use the DNS resolution of a name from the remote end of your VPN tunnel, not from the local end.

So, after an argument with someone about how RFC6238 authenticators work (ie, the authenticator does not need to know any detail or be able to communicate with the service being authenticated to), I decided to cobble together a highly minimalist (and functional) Authenticator which spits out tokencodes that are compatible with Google Authenticator, in Python.

Now, if you’re using an OpenVPN selective routing tunnel like I’ve been discussing to push specific subnets through a tunnel, then you probably also have good reason to want to force specific DNS domains to resolve through a DNS server that is also on the the other end of that tunnel (eg, an internal network).

There’s a lot of guides about how to use OpenVPN to push arbitrary routes (usually to defeat geolocking) from an OpenVPN client to a server.  However, my requirements are actually backwards.  I need to be able to push routes from my server to a client (since the ‘server’ is my home router).  This requires a different rule set from normal.

Discovered a little wrinkle in Windows 7’s Network Identification feature.  If you’re pushing an OpenVPN tunnel to a machine and not substituting the default gateway (because, for example, you want a split tunnel) with the VPN’s gateway, then Windows just consistently won’t identify the network, which means you’re stuck with the “Public” firewall profile.