Re: Ok, so help me fix OpenVPN (was: WAP/Router...)
Here are the scripts I use to start and stop 50 tap# interfaces. On Tue, Jul 7, 2009 at 4:28 PM, Mark Komarinski wrote: > I'll give it another go, and maybe y'all can help. > > First, the basics. > > Server is Debian Lenny 64-bit (IP address 192.168.1.10). > > Tomato router at 192.168.1.1 (it's a /24 network) > > I want to have bridging so that the clients can automagically see CIFS > shares (important for wife-compliance). > > From what I've seen with using TAP (bridging), I want to have another > IP address for OpenVPN to bind to. > > Who has a similar setup and some config files I can look at? I have the > port forwarding set on the router, and clients can connect, but all > connections to 192.168.1.0/24 just drop. tap0 gets created when openvpn > starts, but the interface never gets assigned nor raised. > > Anyone have a working bridge-start/bridge-stop and server.conf I can > take a look at? > > -Mark > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ > -- John Abreau / Executive Director, Boston Linux & Unix AIM abreauj / JABBER j...@jabber.blu.org / YAHOO abreauj / SKYPE zusa_it_mgr Email j...@blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 bridge-start Description: Binary data bridge-stop Description: Binary data ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Ok, so help me fix OpenVPN (was: WAP/Router...)
I'll give it another go, and maybe y'all can help. First, the basics. Server is Debian Lenny 64-bit (IP address 192.168.1.10). Tomato router at 192.168.1.1 (it's a /24 network) I want to have bridging so that the clients can automagically see CIFS shares (important for wife-compliance). From what I've seen with using TAP (bridging), I want to have another IP address for OpenVPN to bind to. Who has a similar setup and some config files I can look at? I have the port forwarding set on the router, and clients can connect, but all connections to 192.168.1.0/24 just drop. tap0 gets created when openvpn starts, but the interface never gets assigned nor raised. Anyone have a working bridge-start/bridge-stop and server.conf I can take a look at? -Mark ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
On Jul 7, 2009, at 3:49 PM, Ben Scott wrote: > On Tue, Jul 7, 2009 at 1:49 PM, Joshua Judson Rosen > wrote: >> You might be surprised how little it takes, actually ... > > I might at that. > > It also depends on the speed of the network. If you're connecting > via a relatively slow Internet link, you don't need much CPU power to > keep up. > >> ... 100-MHz system Pentium ... >> ... It looks like these Linksys routers are at least as fast: ... > > That's not really apples-to-apples; all the LinkSys routers are MIPS > architecture, and tuned for low-power and low-cost. Clock rate alone > doesn't tell the whole story. > > All the above said, if you could get acceptable performance out of a > 100 MHz Pentium, that's promising. :) > >> And they have to have enough computing-power to run WPA, right? > > Wireless crypto may be implemented in dedicated hardware in the > wireless chipset, not on the general-purpose processor (where Linux > and OpenVPN run), so that may not mean anything. I've not actually paid attention to most of this thread, but thought I'd throw something in wrt the performance of the wrt... I have a wrt54gs... I tried using it (under openwrt) with our ipsec (cisco- based) vpn at work. I got it working under both vpnc and openswan, but the performance was TERRIBLE. Like, 400kbps max throughput with vpnc, 1.2Mbps throughput with openswan. That's all 3des encryption though, not sure what openvpn uses, and/or if aes might be hardware accelerated, etc., etc. But when you have a 20Mbps link, and can saturate it when using a vpn client on your laptop, its definitely sub- par... -- Jarod Wilson ja...@wilsonet.com ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
Ben Scott writes: > > And they have to have enough computing-power to run WPA, right? > > Wireless crypto may be implemented in dedicated hardware in the > wireless chipset, not on the general-purpose processor (where Linux > and OpenVPN run), so that may not mean anything. Yes, WiFi crypto will definately be done in hardware. If you're going to use openvpn without a hardware assist, (like a HiFn, etc.. ) cpu performance may be of concern. Hardware assist in openssl is usually hard to find in general. Shouldn't be an issue for occasional single user connectivity though, unless you need many mbps. I have my openvpn links use blowfish instead of AES for the data channel because it's less cpu intensive especially for small block sizes. For comparision, I use a Soekris net4801 (266Mhz NSC/AMD Geode) for my router/firewall and openvpn endpoints. It does IPv4 forwarding fine, up only up to about 50mbps for large packets. Definately not good for LAN-LAN, but fine for LAN-WAN. Throw in openvpn, the crypto and compression will drop the vpn data to a few mbps. Good for connectivity, just not performance. -- Dave ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
On Tue, Jul 7, 2009 at 1:49 PM, Joshua Judson Rosen wrote: > You might be surprised how little it takes, actually ... I might at that. It also depends on the speed of the network. If you're connecting via a relatively slow Internet link, you don't need much CPU power to keep up. > ... 100-MHz system Pentium ... > ... It looks like these Linksys routers are at least as fast: ... That's not really apples-to-apples; all the LinkSys routers are MIPS architecture, and tuned for low-power and low-cost. Clock rate alone doesn't tell the whole story. All the above said, if you could get acceptable performance out of a 100 MHz Pentium, that's promising. :) > And they have to have enough computing-power to run WPA, right? Wireless crypto may be implemented in dedicated hardware in the wireless chipset, not on the general-purpose processor (where Linux and OpenVPN run), so that may not mean anything. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Router recommendations?
Ben Scott wrote: > Hi everybody! > > It appears the radio in my WRT54G (ver 2) has gone insane. It > appears in SSID lists but connects are never successful. I've tried > loading OEM firmware and it didn't help. So, I thought I'd ask: What > would people here recommend as a replacement? > > I'd like to run "open" Linux firmware on whatever I get. I know I > could just get a WRT54GL, but I'm wondering if other brands/models are > "better". I'm not currently looking to have it do anything more than > be an Internet gateway and WAP, but if I can pay the same and get > more, or pay less and get the same, I'm all for that. :) I suppose a > USB port for various kinds of future expansion would be nice. > > I'm also wondering about 802.11n. It seems like now would be the > time to invest in new technology, and lots of "Draft-N" stuff is out > there. On the other hand, 802.11n seems to be in perpetual > development. I know they've made major changes to it once > (invalidating a bunch of old "Pre-N" stuff). And I know there's a > patent issue with the current stuff. I'd hate to pay more for > something that ends up being a dead-end. I also don't have any other > 802.11n hardware, so the extra capability would go unused at first. > > Opinions and thoughts welcomed. :) > > -- Ben > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ > Quite a few people liked the Asus WL-500G router (32 MB ram/8 MB flash). Not too expensive and even has a couple of USB ports. Check it out here: http://www.newegg.com/Product/Product.aspx?Item=N82E16833320030 -Alex ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Tool to automatically update symlinks when moving files
[on-list reply to messages sent off-list; with author's permission] On Tue, Jul 7, 2009 at 7:29 AM, wrote: >> Using absolute symlinks may be appropriate, depending on what you're >> trying to do. > > Do you mean "absolute symbolic links" or "hard links"? The former. Symlinks (symbolic links) are very different beasts from hard links. Here's the full story. Some of this is likely to be review; if you just want the punch line, skip to the next quoted message portion. INODES AND HARD LINKS In the standard Unix filesystem model, the fundamental building block is the inode. Each inode has number, unique within that filesystem. File data (the "contents" of the file) is associated with an inode, as are permissions, datestamps, and other metadata. (Traditionally, inodes were fixed-size records in a fixed-size table, allocated when the filesystem was made. Some newer filesystems allocate inodes dynamically. Some filesystems don't really have inodes at all; to use them in a Unix-like system, the filesystem driver has to synthesize inode numbers.) What we see as "file names" are just entries in a directory which reference the inode. Each such reference is a "hard link". Most of the time, a "data file" has just the one hard link. But you can have multiple directory entries linked to a single inode. Those are typically created with the ln(1) command (without the "-s" switch). Since hard links are to inodes, they cannot cross filesystem boundaries. Each inode has a reference count, which is the number of hard links to the inode. When a hard link is created, the count is incremented; when a hard link is removed, the count is decremented. When that count drops to zero, the filesystem driver deallocates the storage from the inode and marks it as free. This is why the system call to "delete a file" is named unlink(2). Traditionally, directories are themselves stored "in" inodes. When the names of other directories appear in a directory, that's just a hard link to the directory in question. That includes "." and "..". The "." entry in a directory is just a hard link to itself. The ".." entry is a link to the parent directory for each directory, except the root directory, where ".." is another link to itself. This assumption is built-in to Unix; as you've discovered, many Unix tools depend on this to navigate the filesystem properly. Hard links target inodes, and all hard links are created equal. As far as the filesystem is concerned, there is no "original file" -- one hard link to the same inode is as good as another. Thus, renaming "other files" which also happen to link to the same inode doesn't matter -- all you're really doing is changing the text in a directory entry somewhere. SYMLINKS Symlinks are totally different. They exist only as directory entries; they normally don't consume inodes (unless the target is very long). Symbolic links reference the name of another filesystem entity -- another directory entry. Since they don't use inode numbers, they can cross filesystem boundaries. Unlike hard links, symlinks are "second class citizens" in the filesystem . Each symlink has a clear "source" and "target". That target is the "real" "file"; the symlink is just a reference. If you move or rename the target, the symlink will now point at something that doesn't exist. Symlinks can be relative or absolute. Absolute symlinks specify the taget by including the full path, all the way from the root. You can identify them because they start with a leading slash (/). Relative symlinks are relative to the directory that contains them, and do not have a leading slash. The can reference "upwards" in the directory tree, though, by using "..". For example, suppose in directory "/bin", we have two symlinks, as below. "foo" is absolute; "bar" is relative: foo -> /etc/passwd bar -> ../etc/pasdwd Relative symlinks are useful because if a host's filesystem is mounted beneath another filesystem, they keep pointing to the same files. In the above example, "bar" will always point to that host's password file, even if that host's root is mounted on another system. Conversely, absolute symlinks are useful because they keep pointing to the same files, even if they are moved. If I move "foo" to "/usr/local/bin/", it will still point to the same system password file, while "bar" would point to a presumably-non-existent "/usr/local/etc/passwd". This technique can also be used to have a file which always references the host examining the file. On Tue, Jul 7, 2009 at 1:34 PM, wrote: > I think I know where you were going... fixing-up absolute symlinks > would be easier than fixing-up relative ones, right? If you're trying to maintain various partial forks of a directory branch, or something like that, then absolute symlinks should be easier to maintain. For example, if you've got: /master/bin/baz and "baz" is always going to be there, you could cr
Re: WAP/Router for use with OpenVPN
Ben Scott writes: > > Myself, I've never tried to run OpenVPN on a bitty box like a > LinkSys router. CPU power would be my concern; crypto takes lots of > cycles. You might be surprised how little it takes, actually--I ran a small-corporate OpenVPN server with about a dozen frequent (I'm not actually sure how many simultaneous) users, if I recall correctly, a 100-MHz system Pentium that I build out of parts scavenged from the company's rubbish-heap. It looks like these Linksys routers are at least as fast: http://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions And they have to have enough computing-power to run WPA, right? (how does WPA compare to SSL?) -- Don't be afraid to ask (Lf.((Lx.xx) (Lr.f(rr. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
On Tue, Jul 7, 2009 at 12:07 PM, Ben Scott wrote: > Tom is convinced that UDP through NAT causes instability in the > space-time continuum or something. ;-) He and I had a long argument > about it on this list once. (As I understand it, his point was that > UDP, being unidirectional, doesn't guarantee that port numbers will be > symmetrical, and thus you can't count on UDP returning over NAT > reliably. Which is true, so far as it goes. My point was that in > practice, port numbers usually are symmetrical. Certainly OpenVPN > works that way.) Hey, I'm just trying to do my part to save the time space continuum. :-D In reality, after a conversation with some of the IT guys in texas, they actually intentionally remap their UDP ports on outgoing packets. Some pointy-haired boss with just enough knowledge to be dangerous decided it was a security precation. > Since we're on the subject: It's generally recommended to avoid > tunneling TCP over TCP, which is what you end up doing if you run > OpenVPN over TCP. It's often not a problem if the connection is > reliable, but if you encounter packet loss or congestion, both TCP > layers end up retrying together, which tends to compound the original > problem. The reliability of the connection is really relative. Congestion issues aside, generally speaking, you have a pretty decent connection, or you have a reeaaly bad connection which is going to potentially bring your thruput to unusable levels. -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
On Tue, Jul 7, 2009 at 12:13 PM, Ben Scott wrote: > On Tue, Jul 7, 2009 at 12:03 PM, Thomas Charron wrote: >> The UDP packets are mapped by to<=>from IP ... > Your firewall or NAT was broken or misconfigured. A proper > implementation looks at not just the IP addresses, but the source and > destination port numbers. Looking at just the IP addresses would also > break TCP. Not mine. :-D But someones, yes. -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
On Tuesday 07 July 2009 12:16:18 pm Drew Van Zandt wrote: > Doing OpenVPN over TCP is, in my experience, human-noticeably slow in > comparison to UDP; I have seen no issues with multiple machines behind the > same NAT. I run my company's OpenVPN endpoint on both UDP and TCP. I send out configurations using UDP because it works in almost all circumstances, but there was once, with an employee travelling somewhere in Europe, where the hotel firewall/NAT didn't do anything for UDP connections. That's the only time it's ever been used and it may never be used again. The TCP connection is just too much slower to use on a regular basis. -N ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Router recommendations?
Hi everybody! It appears the radio in my WRT54G (ver 2) has gone insane. It appears in SSID lists but connects are never successful. I've tried loading OEM firmware and it didn't help. So, I thought I'd ask: What would people here recommend as a replacement? I'd like to run "open" Linux firmware on whatever I get. I know I could just get a WRT54GL, but I'm wondering if other brands/models are "better". I'm not currently looking to have it do anything more than be an Internet gateway and WAP, but if I can pay the same and get more, or pay less and get the same, I'm all for that. :) I suppose a USB port for various kinds of future expansion would be nice. I'm also wondering about 802.11n. It seems like now would be the time to invest in new technology, and lots of "Draft-N" stuff is out there. On the other hand, 802.11n seems to be in perpetual development. I know they've made major changes to it once (invalidating a bunch of old "Pre-N" stuff). And I know there's a patent issue with the current stuff. I'd hate to pay more for something that ends up being a dead-end. I also don't have any other 802.11n hardware, so the extra capability would go unused at first. Opinions and thoughts welcomed. :) -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
Doing OpenVPN over TCP is, in my experience, human-noticeably slow in comparison to UDP; I have seen no issues with multiple machines behind the same NAT. --DTVZ On Tue, Jul 7, 2009 at 12:03 PM, Thomas Charron wrote: > On Tue, Jul 7, 2009 at 11:35 AM, Drew Van Zandt > wrote: > > It *is* really easy. No idea what multiple people using it has to do > with > > anything, as I forward only one UDP port through my router and have many > > people connected to my VPN. Even the initial config is easy enough for > > nontechnical friends to handle, now that I've written up simple > directions. > > Once it's set up, they don't have to do *anything*, every time they boot > > they're on the VPN and have samba shares mapped on their Windows boxes. > On > > rare occasion they might have to retype their share passwords. > > I had tried it initially, and in my case, had two systems which > where behind a NAT, VPNing into the system which was behind a > firewall, and bad things happened. The UDP packets are mapped by > to<=>from IP, and when multiple people are using it with the same one, > it got all sorts of confused. > > Of course, that was three years ago. Perhaps they fixed the issue > since then. *shrug* I like using it over TCP personally. > > -- > -- Thomas > ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
On Tue, Jul 7, 2009 at 12:03 PM, Thomas Charron wrote: > The UDP packets are mapped by to<=>from IP ... Your firewall or NAT was broken or misconfigured. A proper implementation looks at not just the IP addresses, but the source and destination port numbers. Looking at just the IP addresses would also break TCP. Linux IP Tables does the right thing. So did the old IP Chains (kernel 2.2) within it's limited NAT capabilities ("IP masquerading"). -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
On Tue, Jul 7, 2009 at 11:27 AM, Thomas Charron wrote: >> I forward just TCP, as I have multiple people VPNing in, but you could >> also forward UDP if that isn't an issue. On Tue, Jul 7, 2009 at 11:35 AM, Drew Van Zandt wrote: > No idea what multiple people using it has to do with anything, as I forward > only one UDP port through my router and have many people connected to > my VPN. Tom is convinced that UDP through NAT causes instability in the space-time continuum or something. ;-) He and I had a long argument about it on this list once. (As I understand it, his point was that UDP, being unidirectional, doesn't guarantee that port numbers will be symmetrical, and thus you can't count on UDP returning over NAT reliably. Which is true, so far as it goes. My point was that in practice, port numbers usually are symmetrical. Certainly OpenVPN works that way.) Since we're on the subject: It's generally recommended to avoid tunneling TCP over TCP, which is what you end up doing if you run OpenVPN over TCP. It's often not a problem if the connection is reliable, but if you encounter packet loss or congestion, both TCP layers end up retrying together, which tends to compound the original problem. Myself, I've never tried to run OpenVPN on a bitty box like a LinkSys router. CPU power would be my concern; crypto takes lots of cycles. But I can say OpenVPN is quite NAT friendly. We've been running it that way for years at work. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
On Tue, Jul 7, 2009 at 11:35 AM, Drew Van Zandt wrote: > It *is* really easy. No idea what multiple people using it has to do with > anything, as I forward only one UDP port through my router and have many > people connected to my VPN. Even the initial config is easy enough for > nontechnical friends to handle, now that I've written up simple directions. > Once it's set up, they don't have to do *anything*, every time they boot > they're on the VPN and have samba shares mapped on their Windows boxes. On > rare occasion they might have to retype their share passwords. I had tried it initially, and in my case, had two systems which where behind a NAT, VPNing into the system which was behind a firewall, and bad things happened. The UDP packets are mapped by to<=>from IP, and when multiple people are using it with the same one, it got all sorts of confused. Of course, that was three years ago. Perhaps they fixed the issue since then. *shrug* I like using it over TCP personally. -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
On Tue, 2009-07-07 at 10:36 -0400, Tom Buskey wrote: > > > On Mon, Jul 6, 2009 at 9:58 PM, Mark Komarinski > wrote: > I have two early WRT54G systems that work really nice. One > acts as both > router to the Internet and AP for access to my internal > network, the > other one for when visitors show up and/or have a 802.11b > device. > > I'm now looking to install OpenVPN with bridging so my wife > can fire up > a client on her netbook and get access to her files that are > on the home > server. From what I've seen, the older WRT54Gs don't have > enough memory > and/or CPU to handle doing that. > > The additional problem is that Tomato doesn't have OpenVPN on > it, so I > have to find another firmware. Tomato has a nice web-based > GUI that > makes it really easy to configure and get easy stats on. > > So here I am. Does anyone have this working now, and if so, > what > hardware/software combination are you using? > > -Mark > > I can think of some work arounds: > > 1) Run OpenVPN on the home server and redirect the ports on Tomato. > I'm not familiar enough with OpenVPN to know if this is possible. > > 2) Use SSH redirects to the server. I've seen this with batch scripts > on windows. On Linux, I've used SSHFS. > > > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ Take a look at DD-WRT[1]. I run v24-vpn on several Linksys 54GL's and have found that with DD-WRT the router preforms much better then Cisco's firmware. No more reboots, lockups, slowdowns, etc... As for VPN, I only have a single tunnel running between my home and office, but I have yet to notice any issues with throughput or crashes. Everything seems to be just fine with it. :] As for storage for larger images and files, there's at least one hack[2] to add a SD card to the WRT54GL. I have yet to add a SD card to one of mine, but as soon as I have an extra unit I can spare, I'm turning on the iron. HTH ~k [1] http://www.dd-wrt.com [2] http://www.powco.net/wrt/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
This should be mad simple. Just forward port 1194. Pesonally, I forward just TCP, as I have multiple people VPNing in, but you could also forward UDP if that isn't an issue. It *is* really easy. No idea what multiple people using it has to do with anything, as I forward only one UDP port through my router and have many people connected to my VPN. Even the initial config is easy enough for nontechnical friends to handle, now that I've written up simple directions. Once it's set up, they don't have to do *anything*, every time they boot they're on the VPN and have samba shares mapped on their Windows boxes. On rare occasion they might have to retype their share passwords. --DTVZ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
On Tue, Jul 7, 2009 at 10:51 AM, Mark Komarinski wrote: > On 07/07/2009 10:36 AM, Tom Buskey wrote: >> 1) Run OpenVPN on the home server and redirect the ports on Tomato. >> I'm not familiar enough with OpenVPN to know if this is possible. > I've gone full OpenVPN retard. I tried setting it up, but I don't have > it working at all. Most likely some problem with routing that I'm > unable to figure out. I've spent part of the weekend trying to figure > out what was going on, then decided my time was better spent doing > something else and just find an already-existing box that ease my > configuration issues. This should be mad simple. Just forward port 1194. Pesonally, I forward just TCP, as I have multiple people VPNing in, but you could also forward UDP if that isn't an issue. >> 2) Use SSH redirects to the server. I've seen this with batch scripts >> on windows. On Linux, I've used SSHFS. >> > That would be fine for me. But the solution has to be wife-friendly. > Anything more complicated than "double-click this, enter your password, > and your home directory magically appears" and its usefulness > disappears. There are other services I'd want to access like my > squeezecenter server, so having a list of SSH redirects becomes a bit of > a burden to maintain. Does she run Windows? Once you have the configuration set up on the box, it is literally mad easy. I can forward my configuration files later if you'd like. I'm personally using signed certificates instead of passwords, but I could do some tests on my local configuration to use password authentication instead. -- -- Thomas ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
On Tue, Jul 7, 2009 at 10:51 AM, Mark Komarinski wrote: > On 07/07/2009 10:36 AM, Tom Buskey wrote: > >> >> I can think of some work arounds: >> >> Thanks, but... > >> 1) Run OpenVPN on the home server and redirect the ports on Tomato. I'm >> not familiar enough with OpenVPN to know if this is possible. >> > I've gone full OpenVPN retard. I tried setting it up, but I don't have it > working at all. Most likely some problem with routing that I'm unable to > figure out. I've spent part of the weekend trying to figure out what was > going on, then decided my time was better spent doing something else and > just find an already-existing box that ease my configuration issues. > >> 2) Use SSH redirects to the server. I've seen this with batch scripts on >> windows. On Linux, I've used SSHFS. >> >> That would be fine for me. But the solution has to be wife-friendly. > Anything more complicated than "double-click this, enter your password, and > your home directory magically appears" and its usefulness disappears. There > are other services I'd want to access like my squeezecenter server, so > having a list of SSH redirects becomes a bit of a burden to maintain. > I've seen a batch file solution with a local lmhosts file swapped in/out. It supported sales guys onto a network with a double ssh gateway. I'm sure your wife is at least an order of magnitude more clued then the sales guys. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
On 07/07/2009 10:36 AM, Tom Buskey wrote: > > I can think of some work arounds: > Thanks, but... > 1) Run OpenVPN on the home server and redirect the ports on Tomato. > I'm not familiar enough with OpenVPN to know if this is possible. I've gone full OpenVPN retard. I tried setting it up, but I don't have it working at all. Most likely some problem with routing that I'm unable to figure out. I've spent part of the weekend trying to figure out what was going on, then decided my time was better spent doing something else and just find an already-existing box that ease my configuration issues. > 2) Use SSH redirects to the server. I've seen this with batch scripts > on windows. On Linux, I've used SSHFS. > That would be fine for me. But the solution has to be wife-friendly. Anything more complicated than "double-click this, enter your password, and your home directory magically appears" and its usefulness disappears. There are other services I'd want to access like my squeezecenter server, so having a list of SSH redirects becomes a bit of a burden to maintain. -Mark ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Notes from CentraLUG, 6-July 2009, Philip Sbogna and WINE
Eight people made it to the July meeting of the Central New Hampshire Linux User Group, www.centralug.org, held at its July location of the Hopkinton Town Library. Philip Sbrogna spoke and demonstrated Wine[1], the Microsoft Windows (tm) API emulator for Linux. Phil showed us how the install and configuration occurs, using a first-person shooter installed from CD. We talked about the structure of the files installed (in the home directory, under .wine), how to reset the Windows configuration (delete everything under .wine and run wine again to rebuild the default structure), where the registry files are stored (in the directory above the drive_c directory), add-on tools that can help get specific applications running (Winetools[2], Wine-doors[3], Winetricks [4]). Members had lots of questions, on- and off-topic, and discussion was vigorous and educational. Tentative August meeting: a cookout, somewhere off I-93 exit 23. Stay tuned for details. Thanks to Philip for making the trip and making a great presentation (despite projector difficulties) and to the Hopkinton Town Library for the facilities. [1] http://www.winehq.org/ [2] http://von-thadden.de/Joachim/WineTools/ [3] http://wddb.wine-doors.org/ [4] http://wiki.winehq.org/winetricks -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: WAP/Router for use with OpenVPN
On Mon, Jul 6, 2009 at 9:58 PM, Mark Komarinski wrote: > I have two early WRT54G systems that work really nice. One acts as both > router to the Internet and AP for access to my internal network, the > other one for when visitors show up and/or have a 802.11b device. > > I'm now looking to install OpenVPN with bridging so my wife can fire up > a client on her netbook and get access to her files that are on the home > server. From what I've seen, the older WRT54Gs don't have enough memory > and/or CPU to handle doing that. > > The additional problem is that Tomato doesn't have OpenVPN on it, so I > have to find another firmware. Tomato has a nice web-based GUI that > makes it really easy to configure and get easy stats on. > > So here I am. Does anyone have this working now, and if so, what > hardware/software combination are you using? > > -Mark > I can think of some work arounds: 1) Run OpenVPN on the home server and redirect the ports on Tomato. I'm not familiar enough with OpenVPN to know if this is possible. 2) Use SSH redirects to the server. I've seen this with batch scripts on windows. On Linux, I've used SSHFS. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
WRT used to steal the declaration of independence?
I don't know if y'all have seen the film "National Treasure". (WARNING: POTENTIAL SPOILER!) But in the movie, when they're trying to steal the declaration of independence there's a shot of them using a hacked Linksys router. The shot is very brief, but it is definitely a Linksys. My guess is that they took a real hacked WRT, removed the faceplate, stuck a piece of duct tape on top, and called it a prop. r...@wrt # ipkg install declarationofindependence ipkg: error: the declaration of independence is unstealable I guess they must have used some custom software. :) ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/