Monthly Archives: November 2014

Responsive Frameworks: Bootstrap, Foundation, and others

Search for ‘compare responsive frameworks’ and you are lead to an array of blog posts and commentaries on the topic.

I do not propose to reiterate stuff already said by others, but simply to consider what the frameworks might mean for me and the environment that I intend to apply a framework to.

My references are currently:

Regardless, of which framework, apparently consideration of which stylesheet language is used by the framework is another consideration. Is one ‘better’ than another or just ‘different’ ?

…and I have a lot of reading to do. My goal is to better understand options beyond the non-responsive Blueprint CSS framework that I have been using with osCmax.

 

 

 

osCmax and Templates, Responsive, CSS, and frameworks

A few years back I was working up a site in osCmax (osCommerce fork) and while the templating system was good it left a lot of issues with cross browser compatibility. I blogged several posts and some lengthy commentary on how I set it up with Blueprint, a CSS framework.

Revisiting osCmax recently I am now looking again at templates or themes and I have noted that Blueprint has not been updated since 2011 only a short while after my last efforts into my Blueprint for osCmax efforts.

As a result, I am doing more reading, and particularly on the more recent Responsive frameworks. Blueprint may well have atrophied simply due to the rapid increase in mobility issues for web design.

I’d observe that in some cases I expect that I do not need a responsive website and unless I know that I am working to a market that has a prevalence of mobile visits, then what is the point ? I have a particular site that I manage and I know from its’ stats over 10 years or more of views, that even today 80% of users are PC based and the 20% tend to be more unknowns than emphatically mobile. Further, even if the 20% were all mobile users, they may well be ok with the existing CSS styles that still present the site in a usable fashion on a tablet. Phone and small screen users may also be ok, and even if I ‘ask the audience’ do I get a response that I can use?

At this stage I am thinking that if I do deploy a responsive framework, then I will do so as a backend ‘good idea’ to maybe future-proof the site for an advent of a mobile tipping point. And to achieve that I should review the possible frameworks, just not from a ‘mobile-first’ perspective.

 

 

Debian Linux openvpn connect to Watchguard VPN

I have a Debian Server that I wanted to connect to a Watchguard VPN.

OpenVPN is the tool that I used and the following is based on JoKi’s excellent blog entry with my own adjustments to address the issues that I found.

To start you do need to install and run a connection using the Watchguard MobileVPN on your Windows box to get the configuration files in

C:Usersyour_user_name_hereAppDataRoamingWatchGuardMobile VPN

It took me a while to work out that I had to run it to get the config files created, installing alone is not enough.

Installation in Debian is straightforward

#apt-get install openvpn

Once that is done go to the newly created /etc/openvpn and copy the files from the abovementioned Watchguard directory to it.

ca.crt
client.crt
client.ovpn
client.pem

Now it should all be good to go.

#openvpn --config client.ovpn

Except that I was getting all sorts of errors and warnings……

Wed Nov 12 12:16:50 2014 VERIFY X509NAME ERROR: /O=watchguard_technologies/0.0=f ireware/CN=fireware_sslvpn_server, must be /O=watchguard_technologies/ITU-T=fire ware/CN=fireware_sslvpn_server
Wed Nov 12 12:16:50 2014 TLS_ERROR: BIO read tls_read_plaintext error: error:140 90086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Nov 12 12:16:50 2014 TLS Error: TLS object -> incoming plaintext read error
Wed Nov 12 12:16:50 2014 TLS Error: TLS handshake failed
Wed Nov 12 12:16:50 2014 Fatal TLS error (check_tls_errors_co), restarting
Wed Nov 12 12:16:50 2014 SIGUSR1[soft,tls-error] received, process restarting
Wed Nov 12 12:16:50 2014 Restart pause, 5 second(s)

Everything I read said that the certificate files would be the issue, but that was not logical to me as they were direct from the Watchguard device and not ones I was creating.

But I checked them anyway with

#openssl verify -CAfile ca.crt client.crt

Next I tried addressing the verify X509 Name error by changing the client.ovpn file entry changing

tls-remote

to

verify-x509-name

and messed around with that for a while until in disgust I commented the line out to try and confirm that it was triggering the error.

Of course, it worked first time !!!  Argghhhh!!

So the answer to the above is to remove the tls-remote line completely from the configuration file.

tls-remote “/O=watchguard_technologies/ITU-T=fireware/CN=fireware_sslvpn_server”

Either comment it with # at the start of the line or delete it.

Once that was sorted I had a working connection all that remained was to

#mv client.ovpn client.conf

create an auth.txt file with

myusername
mysecretpassword

#chmod to 0600 auth.txt

Edit the client.conf file to have

auth-user-pass auth.txt

and finally start it as a service
#service openvpn start client

and the last bit of the puzzle, to add it as a service to automatically start

#update-rc.d openvpn enable

Thanks to JoKi for getting me started.