The Great Wall

I’ve been working on improving the address mapper for some weeks now, which is probably the most thorougly maintained ‘10 lines of python code would have done the job’ project I ever had. It’s real fun working in OCaml, and after I got over the Oasis frustration — I guess what I want it to do an what it is designed to do are orthogonal things — by writing a simple Makefile, it just works. Also, the build image helps a lot, if only to remember my future self how to set up the development environment.

When I just thought that things would get boring, I was contacted by a friend who’s currently visiting China for a prolonged vacation. He said that he lost his phone and needed some help in accessing the internet (you know, the part that is not comformant to CPC’s world view). Time to roll up my sleeves and fight for free speech!

The first thing was to upload some APK files that are hard to get in the People’s Republic. While feeling guilty both for hosting someone elses binaries and for visiting dodgy download sites, it (probably) serves a good cause. The more interesting part came afterwards: setting up a VPN. Of course, you can go out and register an account somewhere, but this costs money, you don’t really know whether it’s safe and it might be blocked off by the Great Firewall. What does the fearless admin do in this case? Exactly — roll your own.

Which was surprisingly easy, thanks to the work of Pieter Lange. After not more than one hour, we had the first OpenVPN listening on a public address, and after a couple of minutes more my friend was all set up with a public IP in Frankfurt (Main). The only downside: I think I’m reaching peak app on this server — running all the kubernetes services, the apps, the VPN etc. is makes it hit its very own Great Wall and I ran into problems with kubelet and docker. At least the mail server probably deserves its own pod.