[leaf-user] Re: leaf-user digest, Vol 1 #2876 - 10 msgs

[Bob von Knobloch]

[EMAIL PROTECTED] schrieb:
Send leaf-user mailing list submissions to
        leaf-user@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/leaf-user
or, via email, send a message with subject or body 'help' to
        [EMAIL PROTECTED]

You can reach the person managing the list at
        [EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of leaf-user digest..."


Today's Topics:

   1. Re: [Fwd: Re: [leaf-user] Re: ntpsimpl problem - Bering uClibc 2.3] (Bob 
von Knobloch)
   2. Re: CF Card maintenance (Bob von Knobloch)
   3. Openvpn (Bob von Knobloch)
   4. Re: R: [leaf-user] Openvpn (Bob von Knobloch)
   5. Re: R: [leaf-user] Openvpn (Erich Titl)
   6. Re: R: [leaf-user] Openvpn (Bob von Knobloch)
   7. OpenVPN on Bering (Bob von Knobloch)
   8. Re: R: [leaf-user] Openvpn (Erich Titl)
   9. Re: OpenVPN on Bering (Erich Titl)
  10. Re: OpenVPN on Bering (Martin Hejl)

--__--__--

Message: 1
Date: Wed, 18 Jan 2006 17:47:03 +0100
From: Bob von Knobloch <[EMAIL PROTECTED]>
To: LEAF Request <leaf-user@lists.sourceforge.net>
Subject: Re: [Fwd: Re: [leaf-user] Re: ntpsimpl problem - Bering uClibc 2.3]

Erich Titl schrieb:
  
Bob von Knobloch wrote:
...

  
    
Thanks for the information Erich, I have now removed ntpdate (as it is
deprecated by ntp.org), but I suppose your solution might well be just
as appropriate to ntsimpl. I can't find the mails about this, could you
please send me your solution (or a pointer as to where I might find it)?
Many thanks,
Bob
    
      
something along the following lines should do. You may want to play with
the loops and sleep values to find your settings.

######################################################################################
# delay until a default route is available,
# this should probably be done in a separate init script
######################################################################################
net_if=ppp0
sleep=10
loops=20
while [ $loops -gt 0 ]
do
        ip route | grep default > /dev/null;
        [ $? -eq 0 ] && break;
        ifdown $net_if > /dev/null;
        sleep 1;
        ifup $net_if > /dev/null;
        sleep $sleep;
        loops=$(( $loops - 1 ));
done
######################################################################################

  
    
Erich, I have now tested it and altered the timeouts to 5 Seconds with 
40 loops. This seems to work well with t-online adsl. I inserted it in 
/etc/init.d/ntp under the start script.
Many thanks,
Bob


--__--__--

Message: 2
Date: Wed, 18 Jan 2006 17:48:23 +0100
From: Bob von Knobloch <[EMAIL PROTECTED]>
To: LEAF Request <leaf-user@lists.sourceforge.net>
Subject: Re: [leaf-user] CF Card maintenance

Erich Titl schrieb:
  
Bob von Knobloch wrote:
  
    
Erich Titl schrieb:

    
      
Bob von Knobloch wrote:
 

      
        
...

  
    
  
      
        
My laptop won't run Linux sadly (too many MS-dependant BIOS features).
So it's XP or DOS or any mini-Linux on CD that supports PCMCIA - do you
know any 
    
      
Try Knoppix, it worked for me :-)

On Bering-uclibc you could load the hdsupp package which has a fdisk and
syslinux command, so basically you can do everything on your LEAF box.
Just don't forget to save and reinstall your system and packages.

I normally use a USB reader/writer which is easy to use on LINUX.

cheers

Erich

  
    
Knoppix seems to work just fine with my laptop.
Thanks,
Bob


--__--__--

Message: 3
Date: Wed, 18 Jan 2006 18:03:46 +0100
From: Bob von Knobloch <[EMAIL PROTECTED]>
To: LEAF Request <leaf-user@lists.sourceforge.net>
Subject: [leaf-user] Openvpn

I am trying to get openvpn working on my WRAP box, but am hitting 
problems during installation. I am using Bering uClibc 2.3 and sourcing 
all packages from the current ISO.
I am using Kapeka's 'How-To' as an installation guide but am not sure 
how up-to-date it is.

Progress:
All packages & modules installed OK.
/etc/easyrsa/vars reconfigured for my system.
'build-ca' issued  (had to mkdir /etc/openvpn/keys - didn't exist) & 
root ca Cert. generated.
'build-dh' issued & Diffie-Hellmann '.pem' file created.

Problem:
'build-key-server' issued, generates private key, prompts for Cert. 
details, then throws an error
    "Using configuration from /etc/easyrsa/openssl.cnf
    /etc/openvpn/keys/index.txt: No such file or directory"

 I can find no reference as to what should be in this file, can anyone help?

Thanks

Bob von Knobloch


--__--__--

Message: 4
Date: Wed, 18 Jan 2006 19:27:45 +0100
From: Bob von Knobloch <[EMAIL PROTECTED]>
To: LEAF Request <leaf-user@lists.sourceforge.net>
Subject: Re: R: [leaf-user] Openvpn

Thank you Gianni, the text was not clear that this should be run first.
My next stumbling block (referring to the HOW-TO) is in 7.5.1.
An entry like:
"route 192.168.25.0 255.255.255.0 vpn_gateway"
or similar must be made, but where is this to be made (there is no 
example in /etc/openvpn/server.conf) and which IP 'vpn_gateway' refers 
to is not mentioned (tunnel address or 'real' address).
How do I kill the client (comment out 'client' ??).
Thanks
Bob

Lists dumbware schrieb:
  
The first step is to run a "clean-all" command.
It creates the lkeys dir and the index.txt file as well as serial file

Be careful that this command erase all keys dir if it exists!!

Ciao
Gianni

  
    
I am trying to get openvpn working on my WRAP box, but am 
hitting problems during installation. I am using Bering 
uClibc 2.3 and sourcing all packages from the current ISO.
I am using Kapeka's 'How-To' as an installation guide but am 
not sure how up-to-date it is.

    
      
  
    



--__--__--

Message: 5
Date: Wed, 18 Jan 2006 21:20:26 +0100
From: Erich Titl <[EMAIL PROTECTED]>
To: Bob von Knobloch <[EMAIL PROTECTED]>
CC: LEAF Request <leaf-user@lists.sourceforge.net>
Subject: Re: R: [leaf-user] Openvpn

Bob

Bob von Knobloch wrote:
  
Thank you Gianni, the text was not clear that this should be run first.
My next stumbling block (referring to the HOW-TO) is in 7.5.1.
An entry like:
"route 192.168.25.0 255.255.255.0 vpn_gateway"
or similar must be made, but where is this to be made (there is no 
example in /etc/openvpn/server.conf) and which IP 'vpn_gateway' refers 
to is not mentioned (tunnel address or 'real' address).
How do I kill the client (comment out 'client' ??).
Thanks
Bob
    

If you go to http://openvpn.net/ you will find complete instructions on 
how to install and configure openvpn. The site is extremely well documented.

cheers

Erich




--__--__--

Message: 6
Date: Wed, 18 Jan 2006 21:46:42 +0100
From: Bob von Knobloch <[EMAIL PROTECTED]>
To: LEAF Request <leaf-user@lists.sourceforge.net>
Subject: Re: R: [leaf-user] Openvpn

Erich Titl schrieb:
  
Bob

Bob von Knobloch wrote:
    
Thank you Gianni, the text was not clear that this should be run first.
My next stumbling block (referring to the HOW-TO) is in 7.5.1.
An entry like:
"route 192.168.25.0 255.255.255.0 vpn_gateway"
or similar must be made, but where is this to be made (there is no 
example in /etc/openvpn/server.conf) and which IP 'vpn_gateway' 
refers to is not mentioned (tunnel address or 'real' address).
How do I kill the client (comment out 'client' ??).
Thanks
Bob
      
If you go to http://openvpn.net/ you will find complete instructions 
on how to install and configure openvpn. The site is extremely well 
documented.

cheers

Erich


    
Of course I was there but I must disagree, I find the documentation not 
so good.
Bob


--__--__--

Message: 7
Date: Wed, 18 Jan 2006 22:33:09 +0100
From: Bob von Knobloch <[EMAIL PROTECTED]>
To: LEAF Request <leaf-user@lists.sourceforge.net>
Subject: [leaf-user] OpenVPN on Bering

Does anyone know what this error message from OpenVPN in (daemon.log) 
might actually mean?

Wed Jan 18 22:30:07 2006 TCP/UDP: Socket bind failed on local address 
[undef]:1194: Address already in use

I have not specified a specific address and certainly have nothing 
running on port 1194.

Thanks
Bob



--__--__--

Message: 8
Date: Wed, 18 Jan 2006 22:37:39 +0100
From: Erich Titl <[EMAIL PROTECTED]>
To: Bob von Knobloch <[EMAIL PROTECTED]>
CC: LEAF Request <leaf-user@lists.sourceforge.net>
Subject: Re: R: [leaf-user] Openvpn

Bob von Knobloch wrote:
  
Erich Titl schrieb:

    
...
  
      
Of course I was there but I must disagree, I find the documentation not 
so good.
    

OK, I built a number of openvpn connections for my wrap boxes. I must 
admit, I am still using a derivative of Bering glibc and I compiled the 
openvpn package myself.

I did not have a problem setting up openvpn using the config files from 
the openvpn site, which are really full of comments and many examples.

Be aware that there are differences in the set up between openvpn 1.x 
and 2.x. I could not find the HowTo you referenced, so I am not clear 
what exactly your problem is (except, of course, that is does not work).

- Which Openvpn Version are you using
- Show us your config files
- Schow us your logs

even better, show them on the openvpn mailing list, all subscripbers 
there (I am there too :-)) read openvpn problems every day and they are 
extremely helpful (as of course everyone in the LEAF list)

cheers

Erich






--__--__--

Message: 9
Date: Wed, 18 Jan 2006 22:39:50 +0100
From: Erich Titl <[EMAIL PROTECTED]>
To: Bob von Knobloch <[EMAIL PROTECTED]>
CC: LEAF Request <leaf-user@lists.sourceforge.net>
Subject: Re: [leaf-user] OpenVPN on Bering

Bob von Knobloch wrote:
  
Does anyone know what this error message from OpenVPN in (daemon.log) 
might actually mean?

Wed Jan 18 22:30:07 2006 TCP/UDP: Socket bind failed on local address 
[undef]:1194: Address already in use

I have not specified a specific address and certainly have nothing 
running on port 1194.
    

looks like a lost openvpn server process, does it show on

ps -ef

cheers

Erich




--__--__--

Message: 10
Date: Wed, 18 Jan 2006 23:26:09 +0100
From: Martin Hejl <[EMAIL PROTECTED]>
To: Bob von Knobloch <[EMAIL PROTECTED]>
CC: LEAF Request <leaf-user@lists.sourceforge.net>
Subject: Re: [leaf-user] OpenVPN on Bering

Hi Bob,

  
Does anyone know what this error message from OpenVPN in (daemon.log)
might actually mean?

Wed Jan 18 22:30:07 2006 TCP/UDP: Socket bind failed on local address
[undef]:1194: Address already in use

I have not specified a specific address and certainly have nothing
running on port 1194.
    
could it be that you have several "*.conf" files in /etc/openvpn/ that
all use the same port (or that all use the default port, which amounts
to the same thing)?
For example, some "server.conf" and another file with your custom
config? The init script will try to start a daemon for each *.conf file
found in /etc/openvpn, if I recall correctly (it's been a while since I
played with openvpn)

Do a "netstat -an |grep 1194" to see if something is already listening
on that port.

To answer your question - the error message actually means that
_something_ else is already listening on that port, so openvpn failed to
start. If you have not specified a specific address (I guess you mean
port? Or do you want openvpn to only listen on a specific interface?) it
will default to 1194, since that's the port number that was assigned to
OpenVPN by IANA.

I hope that helps.

Martin



--__--__--

_______________________________________________
leaf-user mailing list
leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user


End of leaf-user Digest

  
Thanks Erich and Martin, you had the right idea, it was a lost process. 
I believed that nothing was running on 1194 - indeed the daemon.log 
entry reported that openvpn had exited (never believe log entries). It 
didn't however, it left a background Daemon running (my fault, of 
course, I had commented the client.conf file completely out, thinking 
that would stop my box being a client. It does not stop the client 
Daemon being launched.). Killed it and now I get a tunnel up. Got some 
tunnel routing problems, but I'll take them over to OpenVPN now, it's 
definitely not a LEAF issue.
BTW I have now got 2 WRAP systems up and running with pretty full 
features, using Bering uClibc 2.3 - Thanks again.
Bob


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/