BrightonSEO September 2014

September 16th, 2014 by No comments »

Random notes from the latest Brighton SEO conference

These notes are for me only and not a reflection of the speakers presentations

Programmatic Content: Is this the future of content – Dipesh Pattni

  • ARC Audience Relevant Compelling
  • Resurface the good content
  • Content journeys are the future
  • Related content based on tagging
  • Ascertain which content is working
  • Tag it and use a database to serve
  • Cookie the visitor
  • Segment the audience
  • Then resurface the content

How to get your boss to care about canonical tags – Dan Patmore (Argos lover)

Work out what products people are looking at and make sure they are higher in categories and search

Cannibalisation – Jon Earnshaw

  • Give the page authority by making using internam links
  • Subdomain conflict problems
  • International content issues
  • Semantic flux
  • Watch for sister sites
  • All product pages descriptions when mentioning the brand should link to that brand page

Advertising Analysis – Alexandra Tachalova

http://www.slideshare.net/SEMrush/brightonseo-presentation-advertising-analysis-beyond-numbers

  • Emotion triggers
  • Value
  • Trust
  • Up to 70% best discount
  • Create urgency and instant gratification
  • Trend setting
  • Must have
  • Best selling brands
  • Shop the way you want to
  • Online exclusive
  • Shop with confidence

Effective Visits – Lukasz Zelezny

  • Remove the bounces to show effective visits
  • effective visit is more powerful when spotting trends
  • Brand 24
  • Searchmetrics
  • Semrush
  • Analytics canvas
  • Site Catalyst
  • On page Moz

Quickfire takeaways

  • Create data from data to create new content
  • Idea walls to join two ideas to create a new one
  • XML sitemaps can be pasted nto excel
  • Commentate on your niche
  • Take the data from searchmetrics and Semrush – de dupe – optimize each page for the keyword it already ranks for.
  • Take all cx emails from cx who have not bought in a year and add email addresses to a custom audience in facebook – set up campaign – Facebook will build a lookalike adience
  • Feedback Army
  • Have multiple sites in webmaster tools based on the individual top level categories. i.e www.example.com/dresses and www.example.com/shoes
  • bit.ly/seocurate
  • bit.ly/Brighton2014

Click.ology review

January 22nd, 2014 by 1 comment »

Having skimmed through a copy of Direct Commerce last week I was drawn into an article on the back cover discussing the new book Click.ology, by Graham Jones.

Proving that traditional media drives sales I ordered it on Amazon with “one-click” using my prime subscription, knowing it would be with me in time for the weekend.

The book arrived on Friday, as I knew it would. I read the book over the weekend and felt it deserved a quick blog post.

I thought I knew pretty much everything about ecommerce having worked in traditional retail for eight years before my ten years in new age retail but I was wrong.

Graham makes a point in his book about how we all know and use our own websites and look at them slightly blinkered. Currently I oversee six ecommerce websites and I have gleaned numerous points to action.

You have to test and retest. Something we do but hand on heart probably not enough. He talks about red always being seen as the stop colour but actually recommends testing red due to it being a potent sexual signal and will draw men, in particular, in. One of our websites has been using a red “add to basket” button for years. In fact, only a year ago I was told during a cold call from a web agency that red was a big no-no and I should change them immediately. I politely said I would retest the colours as we had seen a very small uplift in propensity to add to basket using the red button. I can back up Graham’s argument for red, especially as our site is geared towards men.

I am pleased to see he talks about pricing and how discounting will erode your brand. This is something we have been trying very hard not to do despite competitors constantly hammering prices down. Interestingly, the books RRP is £12.99 but Amazon was selling it for £9.09. It wouldn’t of mattered if had not been discounted because  I had already seen the price and was prepared to spend that much. The editorial had already sold the book to me; Amazon didn’t need to do any more to sell it. Graham, I owe you a coffee!

I particularly enjoyed the part in the book commenting about as ecommerce store owners we think that answering an email within 24 hours is sufficient. I have had numerous battles with operations directors that 24 hrs is not acceptable and that an immediate response within working hours is what the customer wants. Graham makes this same point, emphasising that consumers expect an answer to their question via email as quickly as they would get by an immediately answered telephone.

I have always assumed having stock levels on a website puts doubt in the mind of consumers when the numbers get low. Is there really only one left on the shelf? Will it be it good condition? As a consequence I have always just had the message saying “In stock” if the product has one or more. Upon reading Click.ology it made me realise some of our products perform better on channels like Amazon because it does show a low stock level. It must be as Graham suggests, that the low stocks numbers showing cause people to act faster because they fear they may miss out. I plan to test the theory on a couple of our sites to see if the “add to basket” button converts better with the true stock levels showing.

I could go on but that will spoil the fun for you when read Click.ology. The book has been well written and it will appeal to all readers whether they are a MD or an ecommerce executive. It is a quick read but don’t let that fool you; there are plenty of great points to takeaway from within the 182 pages.

The book nows sits on the bookshelf in our office, next to books, like Nudge, and is on the reading list for all new recruits within the ecommerce department in their probationary period.

You can find more information on the author’s website: http://click.ology.biz/ The book can also be purchased from Amazon.

The Fiverr Senuke XCR Test

February 9th, 2013 by No comments »

Every so often I come across a websites back link profile that has 1000’s of backlinks and I question the quality and legitimacy of them. Why would someone link to this site in those numbers is a question I still ask.

Since Googles algorithm change announced in April 2012 and its subsequent naming ‘Penguin’ are black hat techniques still getting results in the SERPS.

Once in a while I visit http://www.blackhatworld.com/ and today I was reading about a wholesaler who was asking if he could increase the ranking of his product page on Amazon.

He stated that he earns money when people buy his product whenever it is purchased. He therefore wanted to improve his ranking for certain keywords he felt were specific to his product that do not currently rank by promoting his amazon product page.

This opens up the question if you throw links at an Amazon page will it work. Google is probably not going to punish the technique as it knows Amazon and that Amazon has many good back links. The wholesaler said it worked by getting links through Fiverr (the marketplace where everything is $5) and he was reaping the benefits.

I see a test coming on….

Part 1

Use one of the highest rated sellers on Fiverr for link building to try and rank a specific product page from the test site. Now the test site in question is a site that has been around for a year, has very few backlinks and has content pulled from the Amazon Product API with very little content spinning.

I ordered ‘run Senuke xCR to create Google Friendly Backlinks’ from the user best_seo.

He promises:

* 7000+ GIGS SOLD. BUY 5 & Get 1 FREE. I will nuke variety of backlinks from Web 2.0 articles, PDF Distribution Sites, Wiki Sites, Social Bookmark, Web 2.0 profiles & Forum profiles which are a Great mixture of Low-High PR of Domains, Do-Follow, No-Follow from Different IPs. This is ALL IN ONE SEO PACKAGE for your website, Local Business Site, videos, Press Release, Affiliate Sites, Niche Site, Blog etc. I will deliver detailed report +Ping. I have 2 Years of experience in SeNuke, so with this gig you will hire an expert. My gig is safest! I need 1 URL and upto 6 keywords for each order. No need of artcle because it is scraped by se nuke itself. However, I may use your artcle, if you can provide 500 words in spintax format. This is 100% Google Friendly and Safe! Please read the Extras listed below which makes this gig more powerful. 40% of orders are of Full Monty template with an additional cost of $20.

Seeing as though he used Senuke I thought I would take a look at the tool. Reading between the lines it looks like a tool that automates the registration of profiles on sites that allow you to post links. It looks like many users use it to promote their sites selling the tool itself on an affiliate basis. Snake oil sprang to my mind!! The tool itself is approx £100pm which if it does what it says it does isn’t a bad deal. I am sure pre 2012 early adopters would have made some serious money from both selling and using this tool.

Anyway back to today and the test. What did I expect.

The keywords I am trying to rank for do not bring up the test site in the first 700 results in Google. For this to be worthwhile It needs to be in the top 50.

Obviously top 50 is not really good enough to consider this a financial success. We would need top 20 for that but the product I have decided to test is a popular product so top 50 would be a result.

Results coming soon including the report from best_seo

Part 2

If Part 1 creates an uplift and the site ranks higher than 700 for the keyword the next test will be to see if there is any extra benefit in promoting a high pr site like Amazon.

So what is the point of all this. My expectation is that the thin affiliate site will not see any benefit but the higher PR site will. If it works it proves that since Penguin low quality links are still worth getting. The next test would be to push the barriers to see at what number of low quality links will cause a penalty.

Watch this space. I will revisit this in a couple of weeks.

Magento v OpenCart

January 24th, 2013 by No comments »

First off this post does not give you side by side feature comparisons of two of the most popular open source shopping cart projects out there today. It is a discussion about having used, played and abused both platforms. If you want a chart go here http://www.antropy.co.uk/blog/opencart-vs-magento/

During the day at work we use a paid for solution called Trade IT from Red Technology. It was chosen for scalability, security, reliability and one point of contact. The paid for solution was launched in 2008. At that time we were looking at many solutions from paid, leased and open source. We did look at Magento but dismissed it as it was relatively new, had a small user base and the open source development and system administration costs made it almost comparable with the paid solution we opted for.

In the last five years we have needed to use open source shopping cart solutions along side Trade It for various small projects. We have used mainly Prestashop and Open Cart both with success. They both written in PHP and can be launched on the cheapest of Linux web hosts including shared hosting. In a nutshell we can deploy an online store in less than half a day with out of the box functionality with a payment gateway.

Recently I have needed to revisit Magento. You cannot move at Ecommerce expos and conferences for the number of Magento suppliers now. The company we left in 2008 have ditched their Microsoft Commerce platform and have moved to a 100% Magento Development and Hosting business model.

A few Google searches revealed the following:

There is now more than one version of Magento with Enterprise Magento commanding a hefty licence fee but with the promise of cutting edge developments and amazing support. So I am now needing to change my title to Magento Community V Open Cart. Magento Community is the open source version available for download and deployment.

Everyone still complains about it being slow. When I tested the version back in 2008 with the sample database I felt the performance out of the box was poor. It still is the case but many people have documented the needs of Magento allowing you to improve the performance to an acceptable level. There are plenty of hosting providers out there that concentrate on Magento hosting http://www.sonassihosting.com/uk-magento-hosting.html is one that I have come across. My old place of work – Shore is now using the Magento platform and hosting on a dedicated server supplied and supported by Sonassi. So performance has been improved and hosting possibilities include both shared hosting, dedicated servers and cloud hosting. There are many ready to go images on AWS for instance.

In 2008 there was a lack of documentation. In fact I purchased a book, the name escapes me now, that I had to wait three months to get due to them only shipping to North America. It was worthless. By the time I read it the web documentation was better. This still is the case. Many book reviews on Amazon today lead me to my conclusion. The web needs to be your first port of call for documentation.

What s different is the amount of themes that are now available for Magento. Ready to go for less than $200 in most cases boasting responsive design and clean administrator changeable designs. Let me just reiterate that. A deign that can be custom to you that is fully responsive to device for under $200. That is truly amazing and a game changer for startups. You no longer need £5000 to spend on design and xhtml choppers.

So in a nutshell you can be up and running with enterprise level featured web store for less than $200 and a £40 per month hosting plan.

Ok its not bespoke and may not fit in completely with your business but as much as I hate to say it all ecommerce stores are the same.

  • Display product.
  • Add to cart.
  • Give me an address where you want to send it and
  • Pay for it.
  • All as quickly as possible and at the best price.

There is avery little difference in ecommerce stores nowadays:

  • Logo top left.
  • Cart top right.
  • Horizontal Navigation.
  • Carousel.
  • Featured products.
  • Footer.

Just look at www.johnlewis.com and www.amara.co.uk . Almost identical to the casual observer but not a copy.

It should be identical. Walk down any high street (if there any left today!):

  • Shop window with hero products.
  • Products displayed.
  • A till with PDQ machine operated by a sales person.

People need it to be the same. Your ecommerce store that has 500 visits a day is not going to change the way 500,000 people a day shop on Amazon.co.uk. It’s not broken so don’t spend money fixing it and even then let Amazon fix it if it is. Spend more time on merchandising, categorisation, product copy, photography before coming up with the latest zero page checkout!

I digress. As I stated earlier I still am an Open Cart user. In my opinion it is a little less hardware dependant than Magento. Easy to install with one click install on cPanel hosting being available. It’s the Wordpress of shopping carts BUT It is not truly scaleable and will not have the benefit of an Enterprise edition filtering down thorough to the community versions. If your Magento store takes off and is entertaining 50,000 visitors a day you will want the security of the Enterprise addition I can assure you.

50,000 visits is going to equate to £25k a day revenue on a 1% conversion and £50 AOV. You could never run a business with 25k dropping off your cashflow for a couple of days. Besides the license for Enterprise premium starts at $50k a year. That represents a sound investment for a £10 million pound business.

So in conclusion. Open cart for speed and small projects, thin affiliate sites, small traffic numbers. Magento for those wanting enterprise functionality and an easy scaling route for growing businesses. Finally whilst Magento is here to stay since the purchase by eBay the Community edition may see less updates as time goes by. eBay will want a return on its investment by pushing people to a paid for product whether it be Enterprise edition or the new Magento Go one stop shop.

As always should you require any help with Magento or Open Cart installs get in touch.

Resize EBS volume on EC2

March 16th, 2012 by No comments »

This post will go through the steps required to resize an EBS volume that is attaches to an EC2 instance on Amazon Web Services using the AWS console

  • First stop the instance. Make sure you do not terminate, just stop and do not worry about the warning regarding ephemeral storage.
  • Note the mounting point where the volume is attached. Mine is /dev/SDA1
  • Detach the volume from the instance by clicking detach volume in the EBS section.
  • Create a snapshot of the volume. Depending on the size it could take an hour. In order to see the progress make sure you refresh the page by clicking the AWS consoles refresh button and not your browsers.
  • Create a volume from the snapshot specifying the size you require for the instance now.
  • Attach the new larger volume to the instance on SDA1
  • Start the instance
  • Reassign the elastic IP as this would have dropped off when the instance was stopped.
  • SSH to the instance and run the following
    df -h
    to ascertain the root partition code. Mine in this case is xvda1 and then run
    sudo resize2fs /dev/xvda1
    to resize the drive
  • Remove the old volume but keep the snapshot for backup.
  • Test that everything has worked as planned.

You have now increased the size of EBS volume attached to your EC2 instance on AWS. Feel free to comment.

Slow wordpress plugin auto upgrades

September 14th, 2010 by No comments »

Does your wordpress site do the following:

  • Not allow you to upgrade automatically plugins with one click
  • Hangs on a blank page whilst also hanging the entire site
  • Finally comes back with installation errors.

This is the solution for you. (Relates to installs using Wordpress 2.9.1 or above)

Check your permissions are correct.

They probably are if you have not touched them or do not know what I am talking about.

Make sure the server is allocating enough memory to php in your php.ini file

Finally and this is the one that caused me over 2 months of pain.

Check to see which FTP engine your server is using.

PureFTP is the one that causes problems

You need ProFTP.

If you do not have access to your server because you are on shared hosting you will need to talk to your host.

If you are in control of your server using WHM you just need to change the FTP engine in the FTP Server selection page fund under server configuration in the left hand navigation.

Should take approx 1 min.

Check your wordpress plugins again and auto update one and it shouldfly through giving you the success screen in a blink.

If you cannot change or want to change to ProFTP you could make sure suPHP is installed on the server.

This will allow the php scripts access to write to the directories whilst still using PureFTP

I hope this helps anyone stumbling upon this post with the same problem as me.

Comments welcome

This information is provided FOC and I cannot take any responsibility for anything going wrong whilst following the above instructions. If you are unsure talk to someone in support at your hosting provider.

Free Website Critique

May 14th, 2010 by 5 comments »

So there I was in the pub after a gruelling cycle ride, talking to a regular, about her website.

Like so many other small businesses there is no money for development or marketing at the moment.

Her business relies on clients signing up for her paid seminars, on her website.

In a nutshell, the site needs qualified traffic to convert to the goal of an application for her seminars.

So where is the site in Google? Despite the small niche’s name being in the domain name it does not rank on the 1st page in the SERPS. It is in fact on page two.

Some PPC advertising is happening to ensure the site has 1st page presence. There does not seem to be any competition keeping the click price down.

Why is it not ranking on the first page?

There is a lot of content and lots of links to subsequent pages which is great. (10/10)

The title tags for each of the pages are unique although the home page does not include the niche’s main keyword.

The meta description tag is the same for all pages and needs to be unique.

Interestingly the site is in DMOZ and its description in the SERPS is being pulled from this entry. Again more emphasis on the main keyword is required here.

There are very few other links to the homepage suggesting a link building campaign is required.

There may well be some duplicate content issues with the domain.tld and domain.tld/home showing the same content.

With a days consultancy and a link building campaign this site could easily rank on page one and probably in position three after one site and a wikipedia entry.

I know that the money is not there for a days consultanc, and to be honest the website owner is pretty tech savvy and in my mind is a great candidate for DIYSEO.

DIYSEO is a relatively new service that mentors the user in optimizing their site through bite size steps that they can do at their own pace.

They are currently offering a free trial for 7 days although £30 a month for SEO ongoing is not a bad price either.

Here is the link again:

DIYSEO – SEO for SMB – Get a 7 Day Free Trial Today!

So now we have got the traffic rolling in through our optimised site we need to concentrate on the conversion.

Conversion

One of the first things that struck me about the site was no obvious call to action.

As previously stated there is a lot of content on this site and the call to action is hidden within the navigation in text format.

If the end goal is to get an application from a visitor it should be the first thing they see.

I would replace the header image with a banner advertising the online seminar with a huge apply now button and emphasis on online so anyone reading considers themselves a prospect irrespective of where they live in the world.

The banner rather than the current ‘mailto link’ would go to a form with a simple request of an email address followed by another form for date choice and even payment in the future.

So why have a form?

A two stage form will allow you to capture the email address ensuring if the date choice and payment is not made you can follow up with a three stage email campaign. (More about that later)

Some development work is going to be needed here in order to program the form and store the data.

At least three different banners should be created and tested using Website Optimiser from Google. One should have some emphasis saying last few places available even if it is not true to promote a faster reaction to the call to action by the visitor.

Traffic is low to the site but considering the end goal never changes within months rather than days you should have a winner.

Using a service like Mail Chimp, email addresses that are captured but goals are not completed could be sent the following emails.

  1. Thanks for your interest would you like some more information before booking.
  2. Have not heard from you would you like me to call you to make the booking.
  3. OK last ditch attempt – I have one place left that I can offer you for 10% off if you book today.

Usability

To understand how users interact with the site I would recommend having a go with Clicktale that records random sessions from users.

You see their mouse movements and clicks. It is not real time but easy to implement and view. You can learn an awful lot about your users in a short space of time.

Further Work

Further enhancements could be made by using information from Google Analytics such as which pages have the highest exit rates, see where drop off is using funnel visualisation.

Finally a PPC campaign here would allow the website to gather lots of keyword data and suggestions that could then be implemented into the natural SEO. That is another blog post!

So to summarise

  1. DIYSEO
  2. Banner creation witha strong call to action
  3. A two stage form with the option to pay in the future.
  4. A 3 stage email campaign on drop offs using Mail Chimp
  5. View all of your hard work working using Clicktale
  6. Get to grips with Google Analytics and set up funnels and goals
  7. Think about a PPC strategy really soon.

Hopefully my findings will help the regular in the pub, and anyone else in the same situation.

If anyone has any comments or additions please feel free to leave them here.

If you need any help with your website please get in touch.

Best grandparents day gifts

April 23rd, 2010 by No comments »

I came across a great site the other day. ahelpinghand.co.uk specialises in one to one training in your own home to get you on the internet, emailing and computer literate.

Rob Richman the companys founder felt that there was a gap in the market for computer training for absolute beginners.

Some people do not have the confidence to admit to a group of people in a class environment that they cannot use a computer.

ahelpinghand.co.uk combats this by providing the training on a 1-1 basis in that persons own home and more importantly on that persons own computer.

Now for the clever part. Rob at A Helping Hand understands that his end customers by definition are not going to find his website by searching in Google – they will after his training mind.

No, his new customers will come in the form of people redeeming gift vouchers they have received as gifts from loved ones wishing them to give them a boost in computer literacy.

For example. Lets suppose you are based in New York on secondment from Head office in London. Your mother who is based in London is missing the grandchildren since you moved six months ago.

How great would it be that Nana could read a bedtime story over Skype with full video and voice every Sunday evening before they go back to school the following week.

The trouble is she has never used a computer and whilst you could buy her one with all the necessary hardware, she would not know how to use it.

This is where ahelpinghand.co.uk comes in. You buy a voucher on their fully transactional website ahelpinghand.co.uk. Having paid using the well known and safe payment gateway Paypal your voucher will be mailed 1st class to your Mother.

Upon receipt she just has to give Rob or one of the other fully trained instructors at a helping hand to book her computer lesson at a time that suits her.

The lesson will aim to cover exactly what is needed by the client, in this case, internet setup, skype installed, webcam and speakers installed and tuition on how to use the software itself.

Before you know it your children will be chatting to Nana as if she is the room with them even though she is some 3000 miles away.

Amazing.

So rather than cheap flowers for mothers day gifts or Moonpig cards for Nana on Grandparents day (1st Sunday of the October) make sure you check out ahelpinghand.co.uk for the ultimate gift. The gift that will last a lifetime and allow loved ones to make full use of technology available today.

Link Building Tutorial

December 23rd, 2009 by No comments »

Many website owners feel left out in the cold when their website goes live.

Weeks of development and copywriting have gone into their website and having installed Google analytics realise no one is seeing their new creation.

There are many things to ensure good ranking in the SERPS (Search Engine Result Pages.)

This post relates to just one aspect of SEO (Search Engine Optimisation) – Link building.

The facts

  • Links are important for good ranking
  • Links believe it or not also bring traffic!!
  • Links can have different weights
  • You cannot distinguish between a paid link or a free link
  • You do not necessarily need hundreds

Step 1

First you need to dig out your list of keywords and phrases you compiled when creating your website. If you do not have a list, you need one now. Make sure the key phrases you wish to rank for are in the copy of the website and titles of the page.

To clarify when I say titles I mean the content within the <title> tag.

Next, draw up a list of people who will link to you. This may be other websites you own. Linked In profiles, Facebook, The designer who made your website. Now if its possible you need to build anchor text.

e.g. a link to www.jonlloyd.co.uk should not look like www.jonlloyd.co.uk if you wish to rank for your key phrases.

The example above is made from the code below

<a href =”http://www.jonlloyd.co.uk”>www.jonlloyd.co.uk</a>

Ideally if one of your key phrases was Search Engine Optimisation the following would be better:

<a href =”http://www.jonlloyd.co.uk”>Search Engine Optimisation</a>

You would also link to the most relevant page on the site for that keyword rather than homepage. For extra points the keyword/phrase you used should be present in the title tag.

This method is not always available to you, for instance you may only be able to enter a URL in Facebook

You should repeat the above for all of your key phrases evenly but giving weight to more of your important ones. Only have one link to your site for one key phrase in these type of positions – Do not stuff.

Step 2

Make sure you are listed in Google Local Search for your business.

Google Local

Get a link from your local chamber of commerce.

List your site at the local library’s Website if possible

Submit your site to DMOZ

http://www.dmoz.org/add.html

If you can, add your site to Yahoo Directory. Currently it is $300 per year but it is a highly authorative (is this a word) link

https://ecom.yahoo.com/dir/submit/intro/

Step 3

Write a 200-500 word article for each key phrase you have on your list. The article should sell your services. It should include 3-4 links of your key phrase as anchor text to the correct page on your site.

Submit these articles to sites like

EzineArticles, GoArticles, iSnare, Digg

Step 4

Reciprocal links. Now you could argue that reciprocal linking does nothing for SEO as Google tends to give these links a very low score. However, they will give you traffic.

Reciprocal linking should be done with like minded websites ideally i.e. your competitors. What, I hear you cry no one would do that. Really, a wedding photographer in Scotland is highly unlikely to take a contract in Devon so why not have a reciprocal link arrangement.

Again keep thinking anchor text.

<a href =”www.weddingphotographer.co.uk”>Wedding Photography Devon</a>

Step 5

Ask and/or answer questions on Yahoo! Answers

http://answers.yahoo.com/

Set up a Squidoo Page to discuss new advancements in your field. Add links to expert web pages, along with a link back to your site.

www.squidoo.com

The above are just some ways to generate links to your site and ultimately increase your SERP ranking.

This list is by no means exhaustive and does reflect my thoughts and experiences in getting sites ranked well.

Maybe I will post a part two in the future.

If you cannot wait then by all means drop me a line and I will get your SEO back on track.

Feel free to add comments.

Setting up OpenVPN on Ubuntu

December 17th, 2009 by No comments »

So here is the dilemma. I use a Mac and all of our office is Windows based.

I have a VPN connection set up between home and the office via the routers and the Watchguard Firebox firewall.

All is well until I go away from home. There is no client for the Watchguard Firebox firewall that will work on the Mac.

What I need is a way to connect to my home network when away from home with my Mac which will then in turn allow me to connect to my office.

There are probably many solutions out there so I am not saying this is the right or only solution out there for my dilemma

Setting up the server

My Server is running Ubuntu 9.04 in desktop mode with a fixed IP address of 192.168.1.9.

Install openvpn

sudo apt-get install openvpn

Comment all lines in /etc/default/openvpn with # and add:

AUTOSTART="openvpn"

This line tells OpenVPN which configuration file it should use by default when starting. Configuration files are in /etc/openvpn and use the .conf extension so the setting above points to/etc/openvpn/openvpn.conf, a file that still does not exist and we will create later

The following will start, stop or restart OpenVPN as usual, let’s see:

Start OpenVPN:
/etc/init.d/openvpn start

Stop OpenVPN:
/etc/init.d/openvpn stop

Restart OpenVPN:
/etc/init.d/openvpn restart

Every time you change settings in /etc/openvpn/openvpn.conf you will need to restart OpenVPN.

Keys and certificates

Now we need to create security certificates and keys. We’ll do all this in the server as root:

sudo su

And add your password to get root access

cd /etc/openvpn/

Copy the directory easy-rsa to /etc/openvpn:

cp -r /usr/share/doc/openvpn/examples/easy-rsa/ .

Remember we’re still inside the /etc/openvpn directory. Now let’s edit the file vars with our favorite editor (replace vi with yours):

nano easy-rsa/2.0/vars

modify the below

export KEY_COUNTRY="UK"
export KEY_PROVINCE="SU"
export KEY_CITY="Birmingham"
export KEY_ORG="home"
export KEY_EMAIL="jon@example.com"

Save and quit.

Now run:

cd easy-rsa/2.0/
. ./vars

Important: that’s a period, a space and another period followed by /vars. This is a common confusion in many setups.

Now:

./clean-all

The next command creates your certificate authority (CA) using the parameters you just set, you should just add Common Name, I used OpenVPN-CA. For this step you’ll need OpenSSL; if you don’t have it in your server install it by running:

sudo apt-get install openssl

Ok, now we’re ready:

./build-ca

Now let’s create the keys, first the server:

./build-key-server server

This is important. When build-key-server asks for Common Name write server, the same parameter you provided to the command.

Also you’ll need to answer yes to these two questions: Sign the certificate? [y/n] and 1 out of 1 certificate requests certified, commit? [y/n].

Now the key for the client:

./build-key client1

Use client1 as Common Name, the same parameter you used above for build-key.
You can repeat this step if you want to have more clients, just replace the parameter with client2,client3, etc.
Now let’s create Diffie Hellman parameters:

./build-dh

There you are! Now you should have a new directory with your certificates and keys:/etc/openvpn/easy-rsa/keys. To configure your first client copy these files from servo to cliento:

ca.crt
client1.crt
client1.key

Ideally you should use a secure channel, I use scp with RSA authentication

Openvpn.conf for the server:

dev tun
proto tcp
port 1194
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
user nobody
group nogroup
server 10.8.77.0 255.255.255.0
persist-key
persist-tun
#status openvpn-status.log
#verb 3
client-to-client

Place this file in /etc/openvpn/

Now start openvpn by

/etc/init.d/openvpn start

Setting up the router

Just make sure that the port and protocol 1194 TCp in my case are forwarded to the server 192.168.1.9

Setting up tunnelblick

Download the dmg from http://code.google.com/p/tunnelblick/

Install as usual by dragging the icon to the applications folder.

When you run it for the first time it will add a black tunnel icon near your spotlight icon.

You will also need to enter your admin password as the client requires root access.

When clicking the tunnel you are presented with options. The defaults are fine.

Click on the details and you will see the OpenVPN log output.

Click the edit configuration

Openvpn.conf client content:

dev tun
client
proto tcp
remote 81.174.97.97 1194
resolv-retry infinite
nobind
user nobody
group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
# Set log file verbosity.
verb 3

Paste your client openvpn.conf copy in to the text editor and save.

Don’t worry it will overwrite despite the prompt.

It saves the file in user/Library/Application Support/Tunnelblick/Configurations

I placed the certificate and keys for the client in here as well. You can place them anywhere but you would need to change the client openvpn.conf accordingly.

Now press connect and you should see the verbose output suggesting a good connection

Test

If you ifconfig on the mac you should get an extra entry for tun0

Now ping 10.8.77.1 and you should get a reply from the server.

I can now vnc to this server and then vnc to from the server to any office computer on the subnet 192.168.40.0

Other things to consider could be username password authentication as well as the certificates in case the Mac is stolen.

I would now like to route traffic so that I can get to the 192.168.40.0 subnet without having to vnc to the openvpn server.