Differences

This shows you the differences between two versions of the page.

--- osx:start [2017/12/05 12:54]
robm [VPN over SSH]
+++ osx:start [2018/04/05 08:17]
robm [Global Keyboard Shortcut to toggle Skype microphone]
@@ Line 671: / Line 671: @@
 Configure IPv4 (ICMP+TCP+UDP) forwarding and Network Address Translation (NAT):
-   - In the root shell on the **server**: <code>
+   - In the root shell on the **server** (only needs to be done one per boot): <code>
-   - echo 1 > /proc/sys/net/ipv4/ip_forward
+# Prepare networking stack for use by forced commands in
-/sbin/iptables -t nat -F
+# /root/.ssh/authorized_keys that creates a point-to-point network (via tun0)
-/sbin/iptables -t nat -A POSTROUTING ! --destination 172.16.0.2  -j MASQUERADE
+# between 172.16.0.1 (this host) and 172.16.0.2 (remote end).
+# We then want to enabling forwarding of IPv4 traffic, i.e. we want to act as a
+# router. We enable this in the kernel, and then ensure traffic originating
+# from the remote side of the point-to-point link is accepted, and any
+# responses are likewise accepted
+echo 1 > /proc/sys/net/ipv4/ip_forward
 /sbin/iptables -F
-/sbin/iptables -A FORWARD ! --source 172.16.0.2 --destination 172.16.0.2 -m state --state RELATED,ESTABLISHED -j ACCEPT
+/sbin/iptables -A FORWARD ! --source 172.16.0.2 --destination 172.16.0.2 \
+        -m state --state RELATED,ESTABLISHED -j ACCEPT
 /sbin/iptables -A FORWARD --source 172.16.0.2 ! --destination 172.16.0.2 -j ACCEPT
+# Any traffic originating from the remote side should go through Network
+# Address Translation (NAT), so responses from (e.g.) DNS servers are sent to
+# this host, so *we* can forward it to the remote end. This is the MASQUERADE
+# rule.
+/sbin/iptables -t nat -F
+/sbin/iptables -t nat -A POSTROUTING ! --destination 172.16.0.2  -j MASQUERADE
 # Monitor packets
@@ Line 709: / Line 723: @@
 ====== Global Keyboard Shortcut to toggle Skype microphone ======
+<note tip>I've since switched to using [[https://www.boastr.net/|BetterTouchTool]] which lets me add buttons to the TouchBar that do the same</note>
 Use Automator to create a new Service which takes no input, this will appears in System Preferences > Keyboard Shortcuts > Services > General. Get this new service to run the following AppleScript which uses an *unsupported* Skype Desktop API:
@@ Line 728: / Line 744: @@
 Credit to http://stackoverflow.com/a/20049615/83100
+====== Use TouchID for sudo ======
+Based on https://apple.stackexchange.com/a/306324/21948
+  * Prompts for TouchID when working locally, asks for password otherwise (e.g. SSH)
+Add ''auth sufficient pam_tid.so'' to ''/etc/pam.d/sudo'', e.g.:
+<code>
+# sudo: auth account password session
+auth       sufficient     pam_tid.so
+auth       sufficient     pam_smartcard.so
+auth       required       pam_opendirectory.so
+account    required       pam_permit.so
+password   required       pam_deny.so
+session    required       pam_permit.so
+</code>
+These appear to be tried in the order listed, and if one aborts (e.g. press ESC for TouchID) the next is tried (i.e. the usual terminal password prompt)

RobMeerman.co.uk

User Tools

Site Tools

Differences

Page Tools