tinc is a great mesh Virtual Private Network daemon, with just one little glitch (and also little crypto problems ;-). I find its configuration really tedious and complicated compared to OpenVPN and its possibility to centrally assign IP addresses and push options to clients. I know, that’s the tax for being mesh, but wouldn’t it be great to configure your mesh network a bit centrally ?
Sometime it’s needed to selectively route specified IPs or networks via different interface – i.e. if you want to route private addresses over VPN (a.k.a split tunnel routing) or to route some public IPs over VPN to unblock some nationally restricted sites (Netflix). Here are simple scripts to achieve this.
Another fix for “The process android.process.media has stopped unexpectedly…” that can (also) appear after you upgrade to Lollipop (Android 5.0) from some lower Android version without doing factory reset.
Try to uninstall “DRM Protected Content Storage” app via Settings -> Apps. In my case, this was a left-over of Android 4.3, and android.process.media had some problem with it, resulting in that super
annoying informative dialog…
Btw. if it doesn’t helps, and even nothing else – you’ll have to play with logcat, to discover the problem. “Simply” look for FATAL EXCEPTIONs.
If you are trying to access site with self-signed certificate with Firefox 31 (or later) and get Issuer certificate is invalid error (sec_error_ca_cert_invalid), you have to disable new mozilla::pkix certificate verification.
In about:config set
security.use_mozillapkix_verification = false
To find out more about mozilla::pkix and why your firefox just got so super secure and paranoid, that it doesn’t allows you to access you own site without googling – see https://wiki.mozilla.org/SecurityEngineering/Certificate_Verification. I’m only wondering, why did they renamed it from insanity::pkix to mozilla::pkix – do they confess that ‘mozilla’ is slowly becoming a synonym for ‘insane’ ?-) Throwing such an error without any hint or possiblity to add an exception (as usual) is IMHO insane – but, who cares about power users today…
Update: As noted in comments, this should not work in Firefox 33 (or later).
- Your internal CA certificate doesn’t specifies CA:TRUE in X509v3 Basic Constraints section
- You self-signed server certificate (the last one in certificate chain) specifies CA:TRUE – what is default for certificates generated by pkitool script from easy-rsa suite – and you have your CA certificate installed in FF.
See also FF bug #1042889.
Update3: Thanks to the work of, there is a fix for this in Firefox 31 ESR (