followup on m0n0wall
This is a followup on the MonadLUG meeting a few months back on open source firewalls. I was particularly impressed with m0n0wall from the talk and have installed it at a small office and it works great. They have an XML config file, boot from CD (config on floppy/flash) and a very nice GUI. It's working great at that location and the client loves everything about it. Cisco should be this good. So, I was all psyched to use it for a larger client installation and I hit a major snag, which is a FreeBSD limitation. This client has their DMZ IP's bridged to the WAN connection, so their servers have real IP addresses, not NAT'ed addresses. This is for historical reasons but it's so ingrained that short of their ISP and its netblocks going poof, it's never going to change, and would require hundreds of man-hours to change. They ought to, but it won't happen. But m0n0wall can do bridging... So, they also have a LAN which is NAT'ed. They have a few hundred devices on their 10. network there which ride a NAT'ed address out to the Internet. And m0n0wall can do that. Here's where you get the gotcha - under BSD due to the way the bridge device and the ipnat device work, you can't talk from a NAT'ed device on one interface to a bridged device on another. Packets go out but don't know how to get back. The BSD network gurus have looked at it, said, 'dang, that should be possible,' but have decided it would be way too hard to get working. So, for this client I'll be using a linux-based firewall, probably IPCop, which I don't believe (but need to prove to myself in the lab) has this problem. -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Help build the new GNHLUG Internet server
Hello GNHLUG! A project has been started to enhance GNHLUG's Internet presence. The initial focus of this project will be to configure and deploy a new server. The plan is the server will eventually host the GNHLUG web and mailing list servers, as well as be home to future GNHLUG ideas. To make this happen, we need help! We need people who have experience with Linux/Unix system administration. This is more than just a need for manpower. We want to make this project a group effort, with the explicit goal of making this a case study in "How to do Linux right". So if you've got good *nix system administration experience, or even just know a few things that might help, please consider joining our effort! Initially, things we will be using include: SSH, Apache, Sendmail, TWiki, GNU Mailman. In the future, we may also use: Postfix, PHP, Python, Zope, Plone, *SQL, and whatever else brings something useful to the table. If you think you might be interested in joining, visit: http://wiki.gnhlug.org/twiki2/bin/view/Organizational/ServerPeople Thanks! -- Ben Scott, GNHLUG Server Project Coordinator ___ gnhlug-announce mailing list gnhlug-announce@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-announce ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: OpenVPN bridging with only one interface?
On 2/9/06, John Abreau <[EMAIL PROTECTED]> wrote: > However, OpenVPN itself works fine on Windows. The TUN driver doesn't > work on Windows, so you need to use the TAP driver instead. I'm using the TUN driver on Win32 with OpenVPN 2.0.5 without any trouble (that I know of). -- Ben "Fairly new to OpenVPN" Scott ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: OpenVPN bridging with only one interface?
Thomas Charron wrote: Hehe, no, I went looking at it doesn't look like there is any Win32 solution that's compatible with OpenSSH VPN tunneling. It was more a curiosity sake on my side. Most of the time we're out of the office (away from home), we're on laptops running Win32. I know, I know, but it can't be helped.. Thomas Oops, I didn't notice you were referring to OpenSSH instead of OpenVPN. Ignore my previous message. -- John Abreau / Executive Director, Boston Linux & Unix ICQ 28611923 / AIM abreauj / JABBER [EMAIL PROTECTED] / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: OpenVPN bridging with only one interface?
Thomas Charron wrote: Hehe, no, I went looking at it doesn't look like there is any Win32 solution that's compatible with OpenSSH VPN tunneling. It was more a curiosity sake on my side. Most of the time we're out of the office (away from home), we're on laptops running Win32. I know, I know, but it can't be helped.. Thomas If you're looking for something other than OpenVPN to run on a Windows client that will be compatible with OpenVPN on the server end, then yes, you're out of luck. However, OpenVPN itself works fine on Windows. The TUN driver doesn't work on Windows, so you need to use the TAP driver instead. -- John Abreau / Executive Director, Boston Linux & Unix ICQ 28611923 / AIM abreauj / JABBER [EMAIL PROTECTED] / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: OpenVPN bridging with only one interface?
On 2/9/06, Bill McGonigle <[EMAIL PROTECTED]> wrote: On Feb 9, 2006, at 15:56, Thomas Charron wrote:> Aye, I've used it before.Cool - any gotchas? As it's only been out a week I haven't had the pleasure yet - thomas.geekpoints++ . It works well, but it can be tricky to set up. Basically, it uses a virtual network card. In reality, it's not ALL that different from tunneling a PPP connection over an existing port. > But does it do Windows? ;-)I'm sorry, I thought I was on a different mailing list. :) If that is one of Mark's requirements he didn't mention it. I hope we don't haveto _assume_ Windows now. Hehe, no, I went looking at it doesn't look like there is any Win32 solution that's compatible with OpenSSH VPN tunneling. It was more a curiosity sake on my side. Most of the time we're out of the office (away from home), we're on laptops running Win32. I know, I know, but it can't be helped.. Thomas
Re: OpenVPN bridging with only one interface?
On Thu, Feb 09, 2006 at 04:26:19PM -0500, Bill McGonigle wrote: > On Feb 9, 2006, at 15:56, Thomas Charron wrote: > > > Aye, I've used it before. > > Cool - any gotchas? As it's only been out a week I haven't had the > pleasure yet - thomas.geekpoints++ . > > >But does it do Windows? ;-) > > I'm sorry, I thought I was on a different mailing list. :) If that is > one of Mark's requirements he didn't mention it. I hope we don't have > to _assume_ Windows now. Pfft. Windows is in a VMWare slice or on my gaming machine at home. Then again, maybe cygwin's openssh would do it. Nice that OpenSSH supports VPNs, but I don't really feel like recompiling that for all my machines (or building packages for them). I'll look more into the routing and see what I can come up with. -Mark signature.asc Description: Digital signature
Re: OpenVPN bridging with only one interface?
On Feb 9, 2006, at 15:56, Thomas Charron wrote: Aye, I've used it before. Cool - any gotchas? As it's only been out a week I haven't had the pleasure yet - thomas.geekpoints++ . But does it do Windows? ;-) I'm sorry, I thought I was on a different mailing list. :) If that is one of Mark's requirements he didn't mention it. I hope we don't have to _assume_ Windows now. -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: OpenVPN bridging with only one interface?
On 2/9/06, Bill McGonigle <[EMAIL PROTECTED]> wrote: On Feb 9, 2006, at 10:39, Thomas Charron wrote:> Currently, at the house we have no VPN> capabilities beyond SSH tunneling, but a definate goal is to provide > full> fledged VPN connectivity.Also note the current release of OpenSSH provides layer2/3 vpnfunctionality. I haven't set it up yet. There's a README.tun in thedistribution. Aye, I've used it before. But does it do Windows? ;-) Thomas
Re: OpenVPN bridging with only one interface?
On Feb 9, 2006, at 11:10, Ben Scott wrote: Unfortunately, that's not really much help. First of all, clock rates are a really poor way to compare CPUs of different architectures. If you have straight integer code (Rijndael is all table lookups, shifts, and XOR's) and the CPU's are of similar architectures (scalar-type, bits, dispatch types), in the same price category (affects caches and such) typically clock speed is proportional to performance, well within an order of magnitude, despite the flavor of instructions. In the case of MIPS32 (WRT54G) and StrongARM (Sonicwall) Rijndael runs in 730 and 690 clocks respectively, so pretty close. Of course, a Cell processor will do it in under a hundred, so it's all a matter of context. More importantly, a lot of VPN appliances use ASICs that off-load the crypto from the CPU. The WRT54G has no such accelerator. So you're comparing apples to orange juice. :) You're right - the Sonicwall does have a VPN ASIC to offload VPN processing, so it's at least apples to Sunny Delight, maybe artificially-flavored orange Pez. -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf smime.p7s Description: S/MIME cryptographic signature
Re: IT Documentation Engine for Non-Geeks?
On 2/9/06, Christopher Schmidt <[EMAIL PROTECTED]> wrote: > Basic Auth can't be saved by my browser, so I lose my credentials and am > too lazy to look them up, so I can no longer edit the Wiki. Which Wiki? The GNHLUG site? There's password reset info on the site. Or just create a new account like everyone else does. ;-) Short version of password reset: 1. Go here and fill out the form: http://wiki.gnhlug.org/twiki2/bin/view/TWiki/ResetPassword 2. Mail the result to me. :) -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: IT Documentation Engine for Non-Geeks?
I use TWiki for some small-team collaboration and it is serving us fantasticly. Dragon skin is pretty minimal and the skins are easily customized. You may also want to check XWiki. It's a Java-based solution developed by someone that used to be a TWiki fan. Very active mailing list and is pretty stable ( even though they call it pre-release still ). My only reason for not jumping on it is there is no easy way to convert all my data from TWiki to XWiki so until I have Free Time... :-/ -Lawrence ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: OpenVPN bridging with only one interface?
On 2/9/06, Bill McGonigle <[EMAIL PROTECTED]> wrote: > Also note the current release of OpenSSH provides layer2/3 vpn > functionality. Interesting. A quick check shows that it's still TCP based. Running a layer 3 tunnel over TCP tends to suck a lot in a number of situations (lots of UDP; packet loss; high latency). I've just been putting OpenVPN into production deployment myself. In general, I find it works impressively well. I guess the X.509 certificate setup confuses a lot of people, but I already know far too much about that (thanks to IPsec), so that didn't faze me. I'm still seeing some issues with path-MTU-discovery brain-damage on the Internet in general, but that's a universal problem. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: IT Documentation Engine for Non-Geeks?
On Thu, Feb 09, 2006 at 11:09:21AM -0500, Larry Cook wrote: > Bill, > > >As much as I like the GNHLUG Twiki, that's not it, it scares people from > >_this_ group away. > > I'm curious, what about it scares people. Is it just the text formatting > syntax? TWiki 4.0 now includes a beta version of a WYSIWYG editor. Basic Auth can't be saved by my browser, so I lose my credentials and am too lazy to look them up, so I can no longer edit the Wiki. -- Christopher Schmidt Web Developer ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: IT Documentation Engine for Non-Geeks?
On 2/9/06, Bill McGonigle <[EMAIL PROTECTED]> wrote: > I'm leaning towards a Wiki but would welcome other suggestions. Check out the Plone server SLUG has running their site (http://slug.gnhlug.org). It's very GUI for a web app, and it's ownership-orientated approach well likely work well in a business environment. Try the nifty AJAX search box and WYSIWYG HTML editor. :) > As much as I like the GNHLUG Twiki, that's not it, it scares people > from _this_ group away. As I've said before, I really feel that the GNHLUG website's problems stem not from TWiki, but from bad design on the part of the people running the site (and I include myself foremost in that group). That being said, I do find the default TWiki skin "too busy", but it's easy to create a more minimalist skin. As a user, I've grown found of MediaWiki (Wikipedia) . I like a number of things about the web UI and the wiki syntax dialect. However, I believe it is limited in terms of access control and "plug-in" type extensions, which make it less suitable for a business. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: OpenVPN bridging with only one interface?
On Feb 9, 2006, at 10:39, Thomas Charron wrote: Currently, at the house we have no VPN capabilities beyond SSH tunneling, but a definate goal is to provide full fledged VPN connectivity. Also note the current release of OpenSSH provides layer2/3 vpn functionality. I haven't set it up yet. There's a README.tun in the distribution. -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf smime.p7s Description: S/MIME cryptographic signature
Re: OpenVPN bridging with only one interface?
On 2/9/06, Bill McGonigle <[EMAIL PROTECTED]> wrote: >> However, crypto is resource intensive -- especially CPU intensive. >> The WRT54G is a fairly bitty box; trying to use it for that may drag >> down performance on everything. > > Just for a frame of reference, the WRT54G has a 216MHz MIPS CPU, and > the SonicWall Pro's I've worked with have a 233MHz StrongARM. Unfortunately, that's not really much help. First of all, clock rates are a really poor way to compare CPUs of different architectures. More importantly, a lot of VPN appliances use ASICs that off-load the crypto from the CPU. The WRT54G has no such accelerator. So you're comparing apples to orange juice. :) > Speaking of which, only the 3rd party firmwares seem to use this CPU > properly. Now that's interesting. I'll have to give the 3rd party firmware a try. I haven't bothered with my WRT54G because I haven't percieved a need yet. Sounds like I would get some benefit after all. I wonder what the differences are to cause such a result. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: IT Documentation Engine for Non-Geeks?
Bill, As much as I like the GNHLUG Twiki, that's not it, it scares people from _this_ group away. I'm curious, what about it scares people. Is it just the text formatting syntax? TWiki 4.0 now includes a beta version of a WYSIWYG editor. Larry ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: OpenVPN bridging with only one interface?
On 2/8/06, Mark Komarinski <[EMAIL PROTECTED]> wrote: All the examples for OpenVPN that I've seen assume that the OpenVPNserver is on both the public and private network. That's not what I'm doing as my OpenVPN server is sitting behind my NAT box and has only oneinterface - that on the private network already.(client) <-> (Internet) <-> (NAT box) <-> (OpenVPN server)Anyone doing this, or am I just missing the concepts here? This really interests me personally, as I would really like to implement this sort of setup as well. Currently, at the house we have no VPN capabilities beyond SSH tunneling, but a definate goal is to provide full fledged VPN connectivity. Thomas
IT Documentation Engine for Non-Geeks?
Does anyone have recommendations for documentation engines for non-geeks to track IT stuff? For example, Bob, Mary and Joe in Marketing use the shared IMAP account 'marketing' to handle e-mails. There needs to be a place that those three folks can go look up what the password is for the account, but have it access controlled. They should be able to create this bit of information themselves. It doesn't need to be highly structured like IRM, and RT isn't the right tool in this case. Bugzilla is right out. I'm leaning towards a Wiki but would welcome other suggestions. If a Wiki is the right tool - does anyone have a feel for which Wiki [syntax,structure] is easiest for the average user to learn? As much as I like the GNHLUG Twiki, that's not it, it scares people from _this_ group away. Kwiki has worked well for me in the past but I'm open to other suggestions. Thanks, -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf smime.p7s Description: S/MIME cryptographic signature
Re: Notebook Network Issues
On Feb 9, 2006, at 09:55, Thomas M. Albright wrote: /etc/modprobe.conf says: alias eth0 tulip but trying 'insmod eth0' returns insmod: can't read 'eth0': no such file or directory and trying 'insmod tulip' returns insmod: can't read 'tulip': no such file or directory I think depmod can help here. I had a similar issue on a FC3->FC4 upgrade: sudo depmod -ae -F /boot/System.map-[your `uname -a` kernel version here] seemed to do it. -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf smime.p7s Description: S/MIME cryptographic signature
Re: OpenVPN bridging with only one interface?
On Feb 9, 2006, at 09:38, Ben Scott wrote: However, crypto is resource intensive -- especially CPU intensive. The WRT54G is a fairly bitty box; trying to use it for that may drag down performance on everything. Just for a frame of reference, the WRT54G has a 216MHz MIPS CPU, and the SonicWall Pro's I've worked with have a 233MHz StrongARM. In no way take that as any kind of recommendation for a SonicWall Pro, but they can handle several concurrent VPN sessions. Mix in key size, cipher, number of users, and stir. Speaking of which, only the 3rd party firmwares seem to use this CPU properly. I had bought my parents a WRT54Gv4 last summer but left it with the stock firmware until DD-WRTv23 matured sufficiently to deploy over-the-wire-from-360-miles-away. Their 'net speed was pretty bad and our h.323 videophone was spotty and choppy with both the out-of-the-box and latest-from-website firmwares. I thought it was their cable modem. So, last night I loaded on the final version of DD-WRTv23 and the thing blazes - twice the throughput and the video phone works perfectly. Go, Free Software!. I'd like to know how many people are on their internal team. -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf smime.p7s Description: S/MIME cryptographic signature
Re: Notebook Network Issues
Ben said: > Boot the machine with the card removed. > Check the logs and/or dmesg for problems with PCMCIA. 'dmesg | grep -i pcmcia' came back empty So I tried restarting PCMCIA: /etc/init.d/pcmcia restart hutting down PCMCIA services: done. Starting PCMCIA services: cardmgr [2579]: open_sock(socket 2) failed: bad file descriptor cardmger [2579]: watching 2 sockets done. When I instered the card i saw: PCI: Enabling device :05:00.0 ( -> 0003) lsmod before and after only showed one change: yenta_socket changed from 'Used by 0' to 'Used by 1' /etc/modprobe.conf says: alias eth0 tulip but trying 'insmod eth0' returns insmod: can't read 'eth0': no such file or directory and trying 'insmod tulip' returns insmod: can't read 'tulip': no such file or directory My routing tables look good, the firewall has been flushed, and I still can't ping even inside the network. -- TARogue (Linux user number 234357) -Give a man a fish & he's fed for a day. Teach him to fish & he'll spend all day drinking beer getting sunburned. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: OpenVPN bridging with only one interface?
On 2/8/06, Mark Komarinski <[EMAIL PROTECTED]> wrote: > All the examples for OpenVPN that I've seen assume that the OpenVPN > server is on both the public and private network. According to Ye Olde FAQ, this should work. See: http://openvpn.net/faq.html#singlenic Now, your subject line says "bridging" (i.e., layer 2). Do you really mean that, or will a routed network do? Routing is generally a better solution, and I suspect bridging with a single interface will make some things confusing, if not actually broken. Now, Neil Joseph Schelly is correct in that putting OpenVPN on your NAT box would make things conceptually simpler, and the WRT54G should, in theory, be able to run OpenVPN. However, crypto is resource intensive -- especially CPU intensive. The WRT54G is a fairly bitty box; trying to use it for that may drag down performance on everything. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Video Capture in Linux
Ok...I have come to the conclusion that a USB solution in my price range is probably not going to work under Linux. The devices I am finding all appear to need Win-only software to function and often do not even appear as an attached device. I found one discussion of the Hauppauge USB solution being used under LInux, but that's at the outer bounds of my price range and the discussion complained of a lot of dropped frames. So... I will probably go with a PCI card solution. I am leaning toward Hauppauge because, as mentioned, they have a good rep under MythTV discussions and other Linux-support chats. Now I'm just trying to decide if there's a valid reason to bypass the PV-150 ( which I see people mention as getting in the < $100 range ) or go with the 250. The 250 has a better software bundle but that doesn't matter to me and the specs LOOK identical as far as capture goes. Does anyone have personal experience ( or at least second-hand experience ) between the 150 and 250 that they could share? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: OpenVPN bridging with only one interface?
On Thursday 09 February 2006 08:52 am, Mark Komarinski wrote: > Is there an OpenVPN server for the Linksys WRT54G? The firmware I saw > implied it was client-only. > > -Mark The software is the same - different config file. If it can do one, then it should be able to do both. That said, I have no experience with hacking the WRT54G, but I'm reasonably sure that doesn't impair my answer. -N ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: OpenVPN bridging with only one interface?
On Wed, Feb 08, 2006 at 08:31:22PM -0500, Neil Joseph Schelly wrote: > In this scenario, the client will run an OpenVPN client to get into the > private network. The OpenVPN server would be easiest to add to the NAT box - > that's what I do for my own setup in fact. The reason is that machines on > the private network will need to be able to route to the machines through the > OpenVPN connection, and you'll need to add static routes (assuming the NAT > box is the default route gateway) for the VPN clients to the machines in the > private network. You'll also need to setup some form of routing on the > OpenVPN box so that it will forward packets (again something the NAT box is > already doing). Is there an OpenVPN server for the Linksys WRT54G? The firmware I saw implied it was client-only. -Mark signature.asc Description: Digital signature
Re: Information security, recycling and irony
A little Google on : data recovery shredded stasihttp://en.wikipedia.org/wiki/Paper_shredder http://www.heingartner.com/shred/Picking_Up_the_Pieces.htmhttp://www.theregister.co.uk/2003/11/18/shredded_stasi_documents_could/ http://www.churchstreet-technology.com/On 2/8/06, Paul Lussier < [EMAIL PROTECTED]> wrote:Tom Buskey <[EMAIL PROTECTED] > writes:> There's a company in Germany that can reconstitute shreaded paper. If it's> in strips, it's $4/pound. Crosscut is more of course.>> They got thier start with East German Stasi materials. They're working on > stuff that was hand shreaded because the shreader broke.Do you have a link for this? I'd love to know more :)--Seeya,Paul-- A strong conviction that something must be done is the parent of many bad measures. - Daniel Webster
