Month: August 2020

Categories
Uncategorized

image-orientation CSS property

The other day I was investigating an issue with Chrome 83 and a MJPEG stream embedded in an <img />

The MJPEG stream was streaming an iPhone screen to the end user. When the user decided to rotate the screen (switching between portrait and landscape), the MJPEG stream was updated accordingly when viewing the stream inside a separate tab, but it was not showing correctly when embedded in a HTML image tag.

Turns out that since Chrome 81, the browser will look at the EXIF data to decide the correct orientation. The issue I was experiencing was happening because the EXIF data did not update after each rotation.

The solution was to use image-orientation and apply this CSS rule to the image tag. Once that was in place, the MJPEG stream was showing correctly after each rotation.

More information is available in this Chromium ticket.

Categories
Linux

WireGuard: an alternative to OpenVPN

This week I’ve been experimenting with WireGuard, which is a relatively new alternative to OpenVPN. It claims to be faster and more secure than other VPN products, partly because its codebase is very small compared to other VPN products.

WireGuard is easy to configure. It is compatible with many Linux distro’s, including Ubuntu. For my testing purposes, I’ve set up a new Ubuntu 18.04 LTS VM with Hardware Enablement.

First, make sure you’ve installed WireGuard correctly:
apt-get install wireguard

You should now be able to use wg and wg-quick
Let’s create a public and private key, which we’ll be using to set up a secure connection:

wg genkey | tee privatekey | wg pubkey > publickey

On the server VM, create a new configuration file /etc/wireguard/wg0.conf
Add the private key you just generated in the PrivateKey section.

This should contain configuration like this:

[Interface]
PrivateKey = <private key>
Address = 192.168.160.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth1 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth1 -j MASQUERADE
SaveConfig = false

[Peer]
PublicKey = <public key>
AllowedIPs = 192.168.158.3/32

The next thing you’ll need to do is add the Peers that will be able to connect to this server. Simply create another VM (Windows, Linux or MacOS) and follow the same steps:

  • install WireGuard
  • generate private and public key
  • create a new /etc/wireguard/wg0.conf configuration file
[Interface]
PrivateKey = <private key>
Address = 192.168.158.3/32
DNS = 8.8.8.8

[Peer]
PublicKey = <public key of the server>
Endpoint = <ip4-of-server>:51820
AllowedIPs = 0.0.0.0/0, ::/0 # Forward all traffic to server

The AllowedIPs instructs WireGuard to forward all traffic through the tunnel.

Finally, you can start up WireGuard on both the server and client:

wg-quick up /etc/wireguard/wg0.conf

Now both VMs should be connected and able to ping each other.
You can check the status of the connection with:

wg show

I saw a notable increase in throughput compared to OpenVPN. Try it out yourself and let me know in the comments.