[leaf-user] Problems booting from ZIP Drive (PKGPATH & LRP empty or unset?)
Hi Everybody I have the following Problem: I wanted to make LEAF Bering uClibc 2.2.1 to run off a 100 MB ZIP Disk. I downloaded and used the initrd_ide_cd.lrp provided on Leaf.sourceforge.net It boots from the ZIP Disk (with boot I mean that it loads the Bering Logo) It boots till it gets to LINUXRC: LINUXRC: Mounting a 6M TMPFS filesystem... LINUXRC: PKGPATH is empty or unset. Can not install packages. LINUXRC: LRP= is empty or unset. Can not install packages. A more complete copy of the output on the screen: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. RAMDISK: Compressed image found at block 0 Freeing initrd memory: 384k freed VFS: Mounted root (minix filesystem). Freeing unused kernel memory: 64k freed LINUXRC: Bering - Initrd - V2.2.1 uClibc-0.9.20 Using /boot/lib/modules/ide-disk.o Using /boot/lib/modules/ide-cd.o Using /boot/lib/modules/ide-detect.o hda: IOMEGA ZIP 250 ATAPI, ATAPI FLOPPY drive ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 Using /boot/lib/modules/isofs.o LINUXRC: Mounting a 6M TMPFS filesystem... LINUXRC: PKGPATH is empty or unset. Can not install packages. LINUXRC: LRP= is empty or unset. Can not install packages. .: 285: Can't open /var/lib/lrpkg/root.dev.own Kernel panic: Attempted to kill init! I have looked through the Archives and read posts on this error and on how to create a bootable ZIP disk. But unfortunately I wasn't able to create one. So after some failed attempts and a lot of fiddling I decided to open a post. Chris --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Problems booting from ZIP Drive (PKGPATH & LRP em pty or unset?)
Hi! > -Original Message- > From: Wright, Christopher [mailto:[EMAIL PROTECTED] > It boots from the ZIP Disk (with boot I mean that it loads > the Bering Logo) > > It boots till it gets to LINUXRC: > > LINUXRC: Mounting a 6M TMPFS filesystem... > LINUXRC: PKGPATH is empty or unset. Can not install packages. > LINUXRC: LRP= is empty or unset. Can not install packages. Did you properly edit the syslinux.cfg and leaf.cfg files? Luis Correia Bering uClibc Team Member PGP Fingerprint: BC44 D7DA 5A17 F92A CA21 9ABE DFF0 3540 2322 21F6 Key Server: http://pgp.mit.edu > > > A more complete copy of the output on the screen: > > NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. > RAMDISK: Compressed image found at block 0 > Freeing initrd memory: 384k freed > VFS: Mounted root (minix filesystem). > Freeing unused kernel memory: 64k freed > LINUXRC: Bering - Initrd - V2.2.1 uClibc-0.9.20 > Using /boot/lib/modules/ide-disk.o > Using /boot/lib/modules/ide-cd.o > Using /boot/lib/modules/ide-detect.o > hda: IOMEGA ZIP 250 ATAPI, ATAPI FLOPPY drive > ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 > Using /boot/lib/modules/isofs.o > LINUXRC: Mounting a 6M TMPFS filesystem... > LINUXRC: PKGPATH is empty or unset. Can not install packages. > LINUXRC: LRP= is empty or unset. Can not install packages. > .: 285: Can't open /var/lib/lrpkg/root.dev.own > Kernel panic: Attempted to kill init! > > > I have looked through the Archives and read posts on this > error and on how > to create a bootable ZIP disk. But unfortunately I wasn't > able to create > one. > > So after some failed attempts and a lot of fiddling I decided > to open a > post. > > > Chris > > > --- > This SF.net email is sponsored by: IT Product Guide on > ITManagersJournal > Use IT products in your business? Tell us what you think of > them. Give us > Your Opinions, Get Free ThinkGeek Gift Certificates! Click to > find out more > http://productguide.itmanagersjournal.com/guidepromo.tmpl > -- > -- > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] IPsec and NAT traversal: Bering 1.2 and Linksys BEFSR41
Hello! I'm trying to set up a VPN between a Windows 2000 notebook and a Bering 1.2 LEAF firewall, running SuperFreeS/WAN 1.99.6.2. On this firewall, I have two tunnels set up. One is a tunnel between two LEAF firewalls bridiging two subnets, and works great. The other is a tunnel designed for road warrior usage. I'm using the Windows 2000 VPN tool (http://vpn.ebootis.de/) on the 2000 notebook to try to connect to my LEAF firewall. If I connect the notebook directly to the Internet with a real-world IP, it works great. If, however, I put it behind a router (in this case, a Linksys BEFSR41) it does not work. I've made sure that IPsec passthru is turned on in the Linksys, and it is. I can browse the Internet from behind the router, but not connect to the VPN. Here is the relevant parts of my firewall's ipsec.conf: config setup interfaces=%defaultroute klipsdebug=none plutodebug=none plutoload=%search plutostart=%search uniqueids=yes conn %default keyingtries=3 conn RoadWarrior authby=secret left= leftsubnet=/22 leftnexthop= leftfirewall=yes right=%any keylife=30m auto=add Also, here is the Windows computer's ipsec.conf: conn AmherstOfficeToRoadWarrior left= leftsubnet=/255.255.252.0 right=%any presharedkey= network=lan rekey=1800S/3K auto=start pfs=yes Like I said, the VPN works when not behind the router, so I know that the IP's and shared secret are correct. Here are the errors I get on the LEAF firewall. I'm typing these by hand, so I'm only including what look to be the interesting parts. If you need more, let me know. "RoadWarrior"[1] #3 responding to Main Mode from unknown peer "RoadWarrior"[1] #3 Main mode peer ID is ID_IPV4_ADDR: "RoadWarrior"[1] #3 No suitable connection for peer ' "RoadWarrior"[1] #3 sending notiviation INVALID_ID_INFORMATION to :500 These lines repeat several times. As you can see, the LEAF firewall sees the packets as coming from the Linksys IP address (because of NAT), but the packets themselves say that the endpoint has the IP address of an internal-to-the-Linksys IP. Obviously, this is not correct. What do I need to do to make this work? I was told that the IP passthru was supposed to be transparent and just plug-in-and-go. I've *never* found anything related to IPsec plug-in-and-go: why should this be any different? :) Any suggestions would be *greatly* appreciated! Thank you! Tim Massey --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPsec and NAT traversal: Bering 1.2 and Linksys BEFSR41
Timothy J. Massey wrote: Hello! I'm trying to set up a VPN between a Windows 2000 notebook and a Bering 1.2 LEAF firewall, running SuperFreeS/WAN 1.99.6.2. On this firewall, I have two tunnels set up. One is a tunnel between two LEAF firewalls bridiging two subnets, and works great. The other is a tunnel designed for road warrior usage. I'm using the Windows 2000 VPN tool (http://vpn.ebootis.de/) on the 2000 notebook to try to connect to my LEAF firewall. If I connect the notebook directly to the Internet with a real-world IP, it works great. If, however, I put it behind a router (in this case, a Linksys BEFSR41) it does not work. I've made sure that IPsec passthru is turned on in the Linksys, and it is. I can browse the Internet from behind the router, but not connect to the VPN. Here is the relevant parts of my firewall's ipsec.conf: config setup interfaces=%defaultroute klipsdebug=none plutodebug=none plutoload=%search plutostart=%search uniqueids=yes conn %default keyingtries=3 conn RoadWarrior authby=secret left= leftsubnet=/22 leftnexthop= leftfirewall=yes right=%any keylife=30m auto=add Also, here is the Windows computer's ipsec.conf: conn AmherstOfficeToRoadWarrior left= leftsubnet=/255.255.252.0 right=%any presharedkey= network=lan rekey=1800S/3K auto=start pfs=yes Like I said, the VPN works when not behind the router, so I know that the IP's and shared secret are correct. Here are the errors I get on the LEAF firewall. I'm typing these by hand, so I'm only including what look to be the interesting parts. If you need more, let me know. "RoadWarrior"[1] #3 responding to Main Mode from unknown peer "RoadWarrior"[1] #3 Main mode peer ID is ID_IPV4_ADDR: "RoadWarrior"[1] #3 No suitable connection for peer ' "RoadWarrior"[1] #3 sending notiviation INVALID_ID_INFORMATION to :500 These lines repeat several times. As you can see, the LEAF firewall sees the packets as coming from the Linksys IP address (because of NAT), but the packets themselves say that the endpoint has the IP address of an internal-to-the-Linksys IP. Obviously, this is not correct. What do I need to do to make this work? I was told that the IP passthru was supposed to be transparent and just plug-in-and-go. I've *never* found anything related to IPsec plug-in-and-go: why should this be any different? :) Any suggestions would be *greatly* appreciated! Thank you! Your problem may have nothing to do with IP addresses. Based on the limited information above, I'd start checking your configuration files on both ends, looking to make sure the peer names match. The linux IPSec implementation is *VERY* picky about how connection names are matched. The "No suitable connection for peer " error typically means IPSec can't find a valid tunnel description in your configuration file that matches what the client's trying to setup, ie: your connection descriptions on each end don't match. Note that the peer ID defaults to the IP address, which can be a bad thing (espeically for road-warrior clients), so I usually assign actual names to the machines in question. Depending on how you're authenticating, this can also allow you to specify unique connection descriptions for different road-warrior clients, despite the fact that you don't know their IP in advance (if you use certs or rsa keys, but not pre-shared-secrets). An example of setting the peer name on the linux side: [EMAIL PROTECTED] [EMAIL PROTECTED] Note the "@" symbol, which prevents ipsec from trying to resolve the domain name and use the IP address as the peer name instead. For details, see the IPSec man pages: leftid how the left participant should be identified for authentication; defaults to left. Can be an IP address (in any ipsec_ttoaddr(3) syntax) or a fully-qualified domain name preceded by @ (which is used as a literal string and not resolved). You have to have a connection description with matching [left|right]id's, and matching tunnel specifications (ie: subnet-host, host-host, or subnet-subnet, with identical IPs) to avoid the "No suitable connection" error. -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ssh access from inside being rejected.
Hey, I installed the sshd module on my bering 2.2.1 test box and gernerated keys etc. I can't seem to connect to it from my local network. I'm running my local network on 192.168.10.0/24. That caused me some grief on a few other packges until I changed their configs. But from what I can tell I've got all that fixed up OK. I can connect to the fw weblet application no problem. When I try to connect to the sshd from the internet I see stuff in my logs as I would expect. When I do it from the loc network I see immediate rejects and I can't find anything in any logs. So I installed the ssh client on the firewall. If I try to connect to localhost I just hang there. If I try to connect to the loc interface I get reject UNKNOWN. I've looked through the rules and it seems like it should work. I even changed the interfaces file under shorewall to be more explicit about the loc and fw interfaces. Any clues? Any more information I should provide? Thanks, glenn --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ssh access from inside being rejected.
"Glenn A. Thompson" wrote: > > Hey, > > I installed the sshd module on my bering 2.2.1 test box and gernerated > keys etc. I can't seem to connect to it from my local network. > I'm running my local network on 192.168.10.0/24. That caused me some > grief on a few other packges until I changed their configs. > But from what I can tell I've got all that fixed up OK. > I can connect to the fw weblet application no problem. > When I try to connect to the sshd from the internet I see stuff in my > logs as I would expect. > When I do it from the loc network I see immediate rejects and I can't > find anything in any logs. > So I installed the ssh client on the firewall. If I try to connect to > localhost I just hang there. > If I try to connect to the loc interface I get reject UNKNOWN. > I've looked through the rules and it seems like it should work. I even > changed the interfaces file under shorewall to be more explicit about > the loc and fw interfaces. > > Any clues? Any more information I should provide? > Thanks, > glenn What does your output look like when you turn on verbose mode: ssh -v and how is your sshd_config configured? We'll need that to begin with.. If you have changed other configuration files, other than those connected with ssh, sshd you'll have to provide info with that as well. Is sshd actually running? Try "netstat -an" and "ps ax" and see what gives.. Regards, -- Patrick Benson Stockholm, Sweden --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ssh access from inside being rejected.
I set the log level to debug in the sshd_config file. It forks a child and seems to negotiate a protocol level and then no more log entries. It may just be dying. Again any clues would be helpful Thanks Glenn Glenn A. Thompson wrote: Hey, I installed the sshd module on my bering 2.2.1 test box and gernerated keys etc. I can't seem to connect to it from my local network. I'm running my local network on 192.168.10.0/24. That caused me some grief on a few other packges until I changed their configs. But from what I can tell I've got all that fixed up OK. I can connect to the fw weblet application no problem. When I try to connect to the sshd from the internet I see stuff in my logs as I would expect. When I do it from the loc network I see immediate rejects and I can't find anything in any logs. So I installed the ssh client on the firewall. If I try to connect to localhost I just hang there. If I try to connect to the loc interface I get reject UNKNOWN. I've looked through the rules and it seems like it should work. I even changed the interfaces file under shorewall to be more explicit about the loc and fw interfaces. Any clues? Any more information I should provide? Thanks, glenn --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ssh access from inside being rejected.
Glenn A. Thompson wrote: I installed the sshd module on my bering 2.2.1 test box and gernerated keys etc. I can't seem to connect to it from my local network. I'm running my local network on 192.168.10.0/24. That caused me some grief on a few other packges until I changed their configs. But from what I can tell I've got all that fixed up OK. I can connect to the fw weblet application no problem. When I try to connect to the sshd from the internet I see stuff in my logs as I would expect. When I do it from the loc network I see immediate rejects and I can't find anything in any logs. So I installed the ssh client on the firewall. If I try to connect to localhost I just hang there. If I try to connect to the loc interface I get reject UNKNOWN. I've looked through the rules and it seems like it should work. I even changed the interfaces file under shorewall to be more explicit about the loc and fw interfaces. Any clues? Any more information I should provide? You probably already checked that, but could it be an issue with /etc/hosts.allow needing to be updated with the new net? It could also be that sshd is trying to do a DNS lookup on the IP of the box that's connecting - that would surely _seem_ like it's just died. Martin --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ssh access from inside being rejected.
"Glenn A. Thompson" wrote: > > I set the log level to debug in the sshd_config file. > It forks a child and seems to negotiate a protocol level and then no > more log entries. > It may just be dying. > Again any clues would be helpful There are two FAQ's that may be helpful: http://www.snailbook.com/faq/ http://www.openssh.com/faq.html Regards, -- Patrick Benson Stockholm, Sweden --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ssh access from inside being rejected.
No it actually segfaulted when I ran it in debug mode. Martin Hejl wrote: Glenn A. Thompson wrote: I installed the sshd module on my bering 2.2.1 test box and gernerated keys etc. I can't seem to connect to it from my local network. I'm running my local network on 192.168.10.0/24. That caused me some grief on a few other packges until I changed their configs. But from what I can tell I've got all that fixed up OK. I can connect to the fw weblet application no problem. When I try to connect to the sshd from the internet I see stuff in my logs as I would expect. When I do it from the loc network I see immediate rejects and I can't find anything in any logs. So I installed the ssh client on the firewall. If I try to connect to localhost I just hang there. If I try to connect to the loc interface I get reject UNKNOWN. I've looked through the rules and it seems like it should work. I even changed the interfaces file under shorewall to be more explicit about the loc and fw interfaces. Any clues? Any more information I should provide? You probably already checked that, but could it be an issue with /etc/hosts.allow needing to be updated with the new net? It could also be that sshd is trying to do a DNS lookup on the IP of the box that's connecting - that would surely _seem_ like it's just died. Martin --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
