Re: [Efw-user] proxy domains without authentication
Hi m4him wrote: I am using normal authentication which works fine. I am trying to setup Windows Live messenger to not require authentication. I have added the required URLs to the Proxy domains without authentication. There is one problem because MSM uses a random ip address of 207.46.108.* The reason I switched from SafeSquid was for this very feature. SafeSquid does not have the ability to no t authenticate certain sites when authentication is configured. This is a great Endian feature but I need it to work for ip addresses also. This is for domains only (http virtual host). A virtual host can also be an ip address, but not a whole subnet. So add every ip address from that subnet manually. That should work. peter -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.com :: [EMAIL PROTECTED] begin:vcard fn:Peter Warasin n:;Peter Warasin org:Endian GmbH/Srl adr:;;Pillhof 47;Frangart/Frangarto;BZ;I-39010;Italien/Italia email;internet:[EMAIL PROTECTED] tel;work:+39 0471 631763 tel;fax:+39 0471 631764 x-mozilla-html:FALSE url:http://www.endian.com version:2.1 end:vcard - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] traffic shaping
2 Questions and Comment: Question: Why would my downloads slow down to a crawl when I activate traffic shaping? This can not be due to it working properly as my machine was the only machine on the system. It went from nearly 1500kbps to 128kbps. I have a 2 way satellite link with 1544 down and 384 up. I set the shaping to those figures. When I turned off the shaping the speed went back up to 1500 kbps. Download speed: 1544 upload speed: 384 Does the sip proxy have priority? Should I define the ports the sip proxy is using in the traffic shaping port list? Comment: The traffic shaping feature is extremely limited. We need the same features that the dd-wrt firmware for routers has with L7 traffic shaping. If this could be added then Endian would not only stand alone but be far out of reach of other similar products. Also there does not seem to be a way to set a default that all ports not configured would fall into. At the very least we need to be able to assign a range of ports. VOIP is big and VOIP needs traffic shaping. -- View this message in context: http://www.nabble.com/traffic-shaping-tf4936406.html#a14129527 Sent from the efw-user mailing list archive at Nabble.com. - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] proxy domains without authentication
I think I just realized that this is not going to work for me. It seems that you can not put a wild-card in such as .yahoo.com Is there a way to say to not authenticate everything under the domain of yahoo.com so that www.yahoo.com and messenger.yahoo.com both would pass without authentication? Peter Warasin-2 wrote: Hi m4him wrote: I am using normal authentication which works fine. I am trying to setup Windows Live messenger to not require authentication. I have added the required URLs to the Proxy domains without authentication. There is one problem because MSM uses a random ip address of 207.46.108.* The reason I switched from SafeSquid was for this very feature. SafeSquid does not have the ability to no t authenticate certain sites when authentication is configured. This is a great Endian feature but I need it to work for ip addresses also. This is for domains only (http virtual host). A virtual host can also be an ip address, but not a whole subnet. So add every ip address from that subnet manually. That should work. peter -- :: e n d i a n :: open source - open minds -- View this message in context: http://www.nabble.com/proxy-domains-without-authentication-tf4931995.html#a14135627 Sent from the efw-user mailing list archive at Nabble.com. - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] proxy domains without authentication
Hi m4him wrote: I think I just realized that this is not going to work for me. It seems that you can not put a wild-card in such as .yahoo.com Yes you can,. This allows only that host: www.google.com While this allows the whole domain with all of it's subdomains (*.yahoo.com): .yahoo.com Is there a way to say to not authenticate everything under the domain of yahoo.com so that www.yahoo.com and messenger.yahoo.com both would pass without authentication? No, you can't allow a domains with all of it's subdomains without authentication but exclude only some of them. You then need to explicitely list them like this: www.yahoo.com messenger.yahoo.com Does it not work when you add the whole list of ip addresses of that subnet? peter -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.com :: [EMAIL PROTECTED] begin:vcard fn:Peter Warasin n:;Peter Warasin org:Endian GmbH/Srl adr:;;Pillhof 47;Frangart/Frangarto;BZ;I-39010;Italien/Italia email;internet:[EMAIL PROTECTED] tel;work:+39 0471 631763 tel;fax:+39 0471 631764 x-mozilla-html:FALSE url:http://www.endian.com version:2.1 end:vcard - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
I followed the KB and i still can't connect. I am not using EFW's DHCP server. Does that matter? I continue to get the same error messages that I posted earlier. Mon Dec 03 21:51:43 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Dec 03 21:51:43 2007 TLS Error: TLS handshake failed Mon Dec 03 21:51:43 2007 TCP/UDP: Closing socket Mon Dec 03 21:51:43 2007 SIGUSR1[soft,tls-error] received, process restarting Mon Dec 03 21:51:43 2007 Restart pause, 2 second(s) I've included an ASCII network diagram below. EFW Router | | | -- | | RedGreen (201.x.x.x) (192.168.1.5) | | ISP Modem10/100 Switch | Workstations, Linksys Router w/ 4-port switch (LAN side) NOTE: Green is plugged into Linksys router's 4-port switch side so it can communicate with other machines on 192.168.1.0 network. The Linksys is also the DHCP server as of now. Another thing to note is that i have 4 public IPs from network provider so EFW has its own public IP as does the Linksys. Thoughts? Toby. On Dec 3, 2007 5:06 AM, [EMAIL PROTECTED] wrote: It took me several hours to get VPN working. I finally found the KB article: http://kb.endian.com/entry/12/ which works exactly as written. This eliminated one area for troubleshooting. I copied the certificate and named it the same as the article although the name makes no difference as long as it matches the conf file. As you must already know the openvpn section of efw must have an ip range set outside of your dynamic range. Of course it is in the same range as your green interface. I was trying to connect my vpn from my machine on my green interface to my public red interface public address. This did not work with the same error you are getting. I then changed the server in the client.ovpn to my green interface ip and then connect my machine to a wireless gateway router. This put me on a different subnet than my green interface. The gateway router wan connector was connected to the green interface via a switch. I was then able to make a vpn connection. Next I put the gateway wireless router on a public interface giving the wan connector a public ip address. I made a new config for connecting from outside my network via a public interface by changing the server parameter in the ovpn file to my red interface public ip address. Now I could make a vpn connection from the public side of my system. I have two ovpn files. One for connecting within my private net and one for connecting from the public. The other issue I had to overcome was windows vista. I finally noticed that openvpn has a vista release canidate version. I do not know if the xp version would work on vista or not as I had already upgraded before I fixed my other issues. toby-35 wrote: Hello all, I recently installed Endian 2.1.2 community edition and my hope is to use it to replace my existing OpenVPN server that is currently being used as a file server as well. I went throught the OpenVPN configuration process, downloaded cert and created client.ovpn configuration file (see below) and I get the following error message (also, see below) What have I missed? client.ovpn (using Windows XP OpenVPN GUI client) client dev tun proto udp remote 201.x.x.x resolv-retry infinite nobind persist-key persist-tun ca cacert.pem auth-user-pass comp-lzo error message (received on client) Thu Nov 29 10:24:53 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth Password: Thu Nov 29 10:25:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, b ased on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earl ier used 5000 as the default port. Thu Nov 29 10:25:02 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 29 10:25:02 2007 LZO compression initialized Thu Nov 29 10:25:02 2007 UDPv4 link local: [undef] Thu Nov 29 10:25:02 2007 UDPv4 link remote: 201.x.x.x:1194 I later added, ns-cert-type server, to server log to resolve the warning message. Now I connection output looks like the following: Thu Nov 29 10:28:03 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2 006 Enter Auth Username:test Enter Auth
[Efw-user] Upgrading to latest beta...
I am currently running v 2.1.2, but want to upgrade to 2.2 Beta 1 as it has some features I need. Will the installation CD allow me to upgrade, or will it simply wipe my drive? Is there a better way? Thank you, Chris - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
Certainly worth enabling for testing. I once had trouble connecting. I found that the user account I had created had stopped working. I had to delete the account and recreate it. This seemed to occur after I had created and then edited the account, or maybe made some major change to the system. I don’t really know why it stopped working, but after recreating it, it worked. You seem to not be receiving the key (cert), or you’re not sending it. The client is outside the lan? Can you connect by ssh? Also, maybe rename the cert to .cer, or find out why yours are ending in .pem Map looks fine. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of toby Sent: Monday, December 03, 2007 9:54 PM To: [EMAIL PROTECTED] Cc: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN I followed the KB and i still can't connect. I am not using EFW's DHCP server. Does that matter? I continue to get the same error messages that I posted earlier. Mon Dec 03 21:51:43 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Dec 03 21:51:43 2007 TLS Error: TLS handshake failed Mon Dec 03 21:51:43 2007 TCP/UDP: Closing socket Mon Dec 03 21:51:43 2007 SIGUSR1[soft,tls-error] received, process restarting Mon Dec 03 21:51:43 2007 Restart pause, 2 second(s) I've included an ASCII network diagram below. 007 12:20 PM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.13/1167 - Release Date: 12/3/2007 12:20 PM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN
This is very odd. I simply click the Download CA link in web interface and it saves as .pem. Changing the file to .crt and modifying client.ovpn file to reflect the change makes no difference. The only way I can ssh into the EFW box is to ssh into another machine on LAN and then SSH into the GREEN NIC. It would be nice if I could SSH into the RED NIC and just disable root from SSH. Toby. On Dec 4, 2007 12:14 AM, compdoc [EMAIL PROTECTED] wrote: Certainly worth enabling for testing. I once had trouble connecting. I found that the user account I had created had stopped working. I had to delete the account and recreate it. This seemed to occur after I had created and then edited the account, or maybe made some major change to the system. I don't really know why it stopped working, but after recreating it, it worked. You seem to not be receiving the key (cert), or you're not sending it. The client is outside the lan? Can you connect by ssh? Also, maybe rename the cert to .cer, or find out why yours are ending in .pem Map looks fine. *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *toby *Sent:* Monday, December 03, 2007 9:54 PM *To:* [EMAIL PROTECTED] *Cc:* efw-user@lists.sourceforge.net *Subject:* Re: [Efw-user] New efw 2.1.2 installation unable to OpenVPN I followed the KB and i still can't connect. I am not using EFW's DHCP server. Does that matter? I continue to get the same error messages that I posted earlier. Mon Dec 03 21:51:43 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Dec 03 21:51:43 2007 TLS Error: TLS handshake failed Mon Dec 03 21:51:43 2007 TCP/UDP: Closing socket Mon Dec 03 21:51:43 2007 SIGUSR1[soft,tls-error] received, process restarting Mon Dec 03 21:51:43 2007 Restart pause, 2 second(s) I've included an ASCII network diagram below. 007 12:20 PM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.13/1167 - Release Date: 12/3/2007 12:20 PM - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
