Some Mikrotik Masquerading

There are plenty of good tutorials how to create a L2TP/IPsec VPN or OpenVPN on Mikrotik, though not many mention what rule you need in your firewall if you wan to be able to access devices on the local network of the VPN server. Some say that you need to enable proxy-arp on the local device, nope, that’s not the proper way. It is worth mentioning that this is on Mikrotik OS 6.37

This is the rule you need to add to your firewall, of course replace the network with yours assigned to VPN clients

ip firewall nat add action=masquerade chain=srcnat dst-address=!192.168.1.0/24 src-address=192.168.1.0/24

OS-X – change username/home directory – El Capitan

As you may know when you change your username in OS-X you must change the home directory as well to match the new username (https://support.apple.com/en-us/HT201548).

Now in El Capitan when you change the home directory you get an extra “/” at the end of the username and it is going to be in your $HOME environment variable as well: /Users/myusername/. This information is provided by launchd. It can be changed from .profile or .bash_profile but it won’t take effect everywhere in the system but in terminal.

This doesn’t look like a big issue at the first glance however it might be. Some applications refuse to run if there is a discrepancy between $HOME env variable and value returned by NSHomeDirectory().
I had issues running Tunnelblick. “The checks are performed to help prevent attacks like the Bourne-Again Shell (Bash) Remote Code Execution Vulnerability.”

 

Luckily there is an easy fix.

  1. Create a new directory under /Users/temporarily
  2. Create a new admin user if you don’t have one already
  3. Sing out from the user with issues and log in to the other user
  4. Go to System Preferences -> Users&Groups -> hit the lock icon -> right click on the troubled user name then Advanced Options
  5. Choose the directory you’ve created in step 1 (/Users/temporarily) -> click OK
  6. Click the lock again to lock it
  7. Right click again on the troubled user name and click Advanced Options -> Type in the correct home directory without the forward slash at the end /Users/username -> click OK
  8. Login with the user you had issues and you should be done, and you can remove /Users/temporarily directory

I want to thank for the help of the Tunnelblick debugging the app and Apple’s customer care who confirmed the bug and helped with the work around. Apple shall come up with a bug fix in their next release.