Downloading with curl showing zenity GUI progress bar

Below is a simple command to show a GUI progress bar while downloading with curl command:

curl -o "big.iso" "http://domain.com/big.iso" 2>&1 | stdbuf -oL tr '\r' '\n' | sed -u 's/^ *\([0-9][0-9]*\).*\( [0-9].*$\)/\1\n#Download Speed\:\2/' | zenity --progress --title "Downloading"

Here is an example of how it might look:

Ubuntu Open VPN Server setup behind NAT using tun

This may not necessarily  be a better guide than from where I got this information but I was having a hard time with including multiple machines on the server side when using a routed VPN server (dev tun) behind a NAT so I created this guide. Fore most other cases the official docs are a better sources for information.

Information gathered from https://help.ubuntu.com/12.04/serverguide/openvpn.html
and from https://openvpn.net/index.php/open-source/documentation/howto.html

First install openvpn:

sudo apt-get install openvpn

Public Key Infrastructure Setup

The first step in building an OpenVPN configuration is to establish a PKI (public key infrastructure). The PKI consists of:

• a separate certificate (also known as a public key) and private key for the server and each client, and
• a master Certificate Authority (CA) certificate and key which is used to sign each of the server and client certificates.
  

Certificate Authority (CA) Setup:
first change to root:

sudo su

Now make the folder where we'll do the server configuration:

mkdir /etc/openvpn/easy-rsa/

Now copy the openvpn example configuration and setup scripts:

cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

Next, edit /etc/openvpn/easy-rsa/vars adjusting the following to your environment:

export KEY_COUNTRY="US"
export KEY_PROVINCE="NC"
export KEY_CITY="Winston-Salem"
export KEY_ORG="Example Company"
export KEY_EMAIL="steve@example.com"

Run the following commands to generate the master Certificate Authority (CA) certificate and key:

cd /etc/openvpn/easy-rsa/
source vars
./clean-all
./build-ca

Server Certificates:
Next, we will generate a certificate and private key for the server:

./build-key-server myservername

You will get two queries: "Sign the certificate? [y/n]" and "1 out of 1 certificate requests certified, commit? [y/n]" answer both with y.

Diffie Hellman parameters must be generated for the OpenVPN server:

./build-dh

The keys have been generated to a subdirectory of "keys/". A common practice is to copy them to /etc/openvpn/ folder:

cd keys/
cp myservername.crt myservername.key ca.crt dh2048.pem /etc/openvpn/

Note: the dh2048.pem file name might be dh1024.pem depending what the default is or what bit keys you generated.

Client Certificates:
The client will also need certificates to authenticate itself to the server.
to create the certificate and key for client1 run the follow commands as root:

cd /etc/openvpn/easy-rsa/
source vars
./build-key client1

Copy the following files to the client using a secure method:

• /etc/openvpn/ca.crt
• /etc/openvpn/easy-rsa/keys/client1.crt
• /etc/openvpn/easy-rsa/keys/client1.key

Since the client certificates and keys are only required by the client it might be a good idea to remove them from the server.

Simple Server Configuration
Copy the example server configuration file and unpack it from /usr/share/doc/openvpn/examples/sample-config-files/:

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz

Edit /etc/openvpn/server.conf to make sure the following lines are pointing to the certificates and keys you created in the section above.

ca ca.crt
cert myservername.crt
key myservername.key 
dh dh2048.pem #Note this might be dh1024.pem

Now start the server. You will find logging and error messages in your syslog.

root@server:/etc/openvpn# service openvpn start
 * Starting virtual private network daemon(s)...
   *   Autostarting VPN 'server'                     [ OK ]

Now check if OpenVPN created a tun0 interface:

root@server:/etc/openvpn# ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
[...]

Simple Client Configuration
Copy the example client configuration file to the same location on the client computer as you did the previous client files (ca.crt client1.crt client1.key). The example configuration file is at /usr/share/doc/openvpn/examples/sample-config-files/client.conf. For windows you'll probably want to rename the file to client1.ovpn instead of client1.conf.

The openvpn gui program on windows looks for the configuration files in C:\Program Files\OpenVPN\config by default so that's probably where you want to place them once you've done editing the configuration file.

On Ubuntu you'll probably want to create a hidden .vpn folder in your home directory and place all the client files into the directory. Also if you're using network manager on Ubuntu install the openvpn network manager plugin to be able to use openvpn configuration files with networkmanager.

sudo apt-get install network-manager-openvpn

Other distros will have similar packages for network manager that you can install.

For more client implementations check the following article:
https://help.ubuntu.com/12.04/serverguide/openvpn.html#openvpn-client-implementations

The minimal  changes you need to make in the example configuration are as follows. Make sure they keyword client is in the configuration file and that the file has the correct OpenVPN server name or address:

client
remote vpnserver.example.com 1194

And also make sure your client.conf or client.ovpn (if you renamed it already) has the following pointing to your client certificates and keys.

ca ca.crt
cert client1.crt
key client1.key

Now import your vpn configuration file from network manager gui and try connecting or if you're using another OS or a different client implementation it will be different. For different implementations check here. If you're behind a NAT you'll be unable to connect as well so continue to the next step.

Behind NAT Configurations

Basically all that you need to do in the gateway (The gateway may be your router) is forward port 1194 or whatever port you chose in the configuration files to your OpenVPN server. You will want a static IP address for your server. Next allow the port through your firewall on both the gateway and OpenVPN server.

Including multiple machines on the server side when using a routed VPN (dev tun)
First, you must advertise your subnet to VPN clients as being accessible through the VPN. In this case we will assume that your subnet is 10.66.0.0/24 and the VPN IP address pool uses 10.8.0.0/24. This can easily be done with the following server-side config file directive:

push "route 10.66.0.0 255.255.255.0"

Note: if your IP address is 192.168.1.10 your subnet is probably 192.168.1.0/24. Another thing if this is you subnet on server you should probably change it since it's a common subnet therefore there might be routing conflicts with client.
On linux you can check you subnet with ip command:

$ ip route
default via 192.168.1.1 dev br0
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.10

Next you need to set up a static route on the gateway to route the client subnet (10.8.0.0/24) to your OpenVPN server.
Note: there might might be separate field to enter netmask for example
192.168.0.0/24 would be written as 192.168.0.0, netmask 255.255.255.0
See more information here. http://en.wikipedia.org/wiki/Subnetwork

The last step is to enable IP and TUN/TAP forwarding on the OpenVPN server.

On the server run the following command to enable IP forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

And the following commands to allow TUN forwarding on iptables (firewall).
Allow TUN interface connections to OpenVPN server:

iptables -A INPUT -i tun+ -j ACCEPT

Allow TUN interface connections to be forwarded through other interfaces

iptables -A FORWARD -i tun+ -j ACCEPT

Also make sure that your network interface is in promiscuous mode.

$ netstat -i
Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0    651606      0      9 0        430319      0      0      0 BMRU
lo        65536 0     73440      0      0 0         73440      0      0      0 LRU
tun0       1500 0         0      0      0 0             0      0      0      0 MOPRU

The P flag is for promiscuous mode.

Weather Widget for KDE

The weather widget available for KDE in the official archlinux repositories does not work for me but there is an alternative in the aur that works and is great see this page for more details.
To install it use yaourt:

yaourt -S kdeplasma-applets-yawp

Blocking a website for all client IPFire gateway

Via ssh log into ipfire and run the following command to block a website for all clients using that gateway.

# iptables -I FORWARD  -m string --string "example.com" --algo bm --from 1 --to 600 -j REJECT

P.S. I just created this post for me to remember it.

Commands I run on Arch Linux install

An update version where I've used plasma 5 instead of kde4 can be found here.

First Connect to the internet
Next is partitioning and mounting
After that installing
Note: in partitioning and mounting step you should have mounted the partition you want to have as root on /mnt for the following commands to be right:

# pacstrap -i /mnt base base-devel

Generate an fstab

# genfstab -U -p /mnt >> /mnt/etc/fstab 

Make sure fstab looks right

# nano /mnt/etc/fstab 

Chroot And configure the base system

# arch-chroot /mnt /bin/bash

Locale
Edit locale.gen and uncomment en_US.UTF-8 UTF-8

nano /etc/locale.gen

Generate the locale(s) specified in /etc/locale.gen:

# locale-gen

Create the /etc/locale.conf file substituting your chosen locale:

# echo LANG=en_US.UTF-8 > /etc/locale.conf

Export substituting your chosen locale:

# export LANG=en_US.UTF-8

Create a symbolic link /etc/localtime to your subzone file /usr/share/zoneinfo/Zone/SubZone using this command:

# ln -s /usr/share/zoneinfo/Zone/SubZone /etc/localtime

I use:

# ln -s /usr/share/zoneinfo/America/Belize /etc/localtime

Hardware clock
Use either UTC (recommended):

# hwclock --systohc --utc

localtime (discouraged; used by default in Windows):

# hwclock --systohc --localtime

Hostname

# echo myhostname > /etc/hostname

Add the same hostname to /etc/hosts:

# nano /etc/hosts

---------------------------------------------------
#
# /etc/hosts: static lookup table for host names
#

#<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 localhost.localdomain localhost myhostname
::1  localhost.localdomain localhost

# End of file

Set the root password
Set the root password with:

# passwd

Install and configure a bootloader
I use either syslinux or grub.
See syslinux or grub for details or check the beginners guide

Users and groups Add a user. examples:

# useradd -m -G wheel -s /bin/bash archie

# useradd -m -g users -G wheel -s /bin/bash archie

Read more about users and groups here.
Display server
Install xorg-server
Display Driver
First, identify your card:

$ lspci | grep VGA

Note: if you don't get any output, try looking for a 3D controller instead:

$ lspci | grep 3D

Then install an appropriate driver. You can search the package database for a complete list of open-source video drivers:

$ pacman -Ss xf86-video

Or check this page.
You might also want to install touchpad drivers if you have laptop.

$ pacman -S xf86-input-synaptics

Installing kdebase and NetworkManager
To install kdebase and NetowrkMangager I use this command.

pacman -S kdebase kdemultimedia-kmix kdeplasma-applets-plasma-nm firefox

Enable KDM and NetworkManager with:

# systemctl enable kdm; systemctl enable NetworkManager

Exit out of chroot:

# exit

Unmount partitions:

# umount -R /mnt

Reboot:

# reboot

Useful Programs you might install

Install software:

# pacman -S exfat-utils fuse-exfat ntfs-3g kio-mtp dosfstools gparted thunderbird firefox ktorrent smplayer amarok gstreamer0.10-plugins kdesdk-kate gimp kdegraphics-okular kdegraphics-gwenview digikam blender kdenlive p7zip unrar unzip zip kdeutils-ark kdeutils-kcalc cups cups-pdf gutenprint kdeutils-print-manager system-config-printer flashplugin networkmanager-openvpn openssh libreoffice hunspell hunspell-en k3b cdrdao dvd+rw-tools oxygen-gtk3 oxygen-gtk2 kde-gtk-config wget ntp firefox-adblock-plus

Cups and ssh you need to enable yet with:

# systemctl enable org.cups.cupsd; systemctl enable sshd

Then reboot or run the following command for it to work:

# systemctl start cups; systemctl start sshd

You might want to install additional printer drivers:

pacman -S gutenprint foomatic-db foomatic-db-engine foomatic-db-nonfree hplip splix foo2zjs

Speed Up applications startup in kde
User Rob wrote on his blog this "magic trick" to improve application start-up time by 50-150ms. To enable it, create this folder in your home:

$ mkdir -p ~/.compose-cache/

Install extra fonts

pacman -S ttf-bitstream-vera ttf-dejavu ttf-freefont ttf-linux-libertine ttf-oxygen ttf-droid ttf-liberation ttf-ubuntu-font-family

Nice Music Widget/Plasmoid for KDE on Arch Linux

There is a KDE applet called nowplaying that is pretty cool. Below is a screenshot of it:

To install use either yaourt or pacman:

yaourt -S kdeplasma-addons-applets-nowplaying
pacman -S kdeplasma-addons-applets-nowplaying

Installing yaourt on archlinux

You can use the following commands to install yaourt:

curl -O https://aur.archlinux.org/packages/pa/package-query/package-query.tar.gz
tar zxvf package-query.tar.gz
cd package-query
makepkg -si
cd ..
curl -O https://aur.archlinux.org/packages/ya/yaourt/yaourt.tar.gz
tar zxvf yaourt.tar.gz
cd yaourt
makepkg -si
cd ..

Another method to install yaourt is to add the repository to /etc/pacman.conf:

[archlinuxfr]
SigLevel = Never
Server = http://repo.archlinux.fr/$arch

And then use pacman to install yaourt:

pacman -Sy yaourt

Sources: http://archlinux.fr/yaourt-en