Re: [leaf-user] EZ-IPUPD -> DynDNS.org blocked because of abuse
There is a file with a .cache extension on /etc. This should contain the current IP address, and stop ez-ipupd from posting the current IP over and over again. Somewhere in the docs lies the answer. Livio cpu memhd wrote: As the topic says, I was blocked because of abuse: "The abuse system automatically blocks any hostname that repeatedly tries to update a hostname from the same IP. This is done to conserve bandwidth and prevent computers from updating every 5 minutes, regardless of whether or not their IP address had changed." Does EZ-IPUPD attempt to update DynDNS at regular intervals or every reboot? What should I do to prevent it from causing this problem? My account will be "automatically deleted" if this continues. Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Openvpn problems executing up-script
Jean-Pierre on the openvpn list gave me this pointer -- hope it helps anyone else using openvpn (and lacks the openvpn decoder ring, as I do ;-). The command line parameters are " According to the manpage for the --up command: cmd tun_dev tun_mtu link_mtu ifconfig_local_ip if- config_remote_ip [ init | restart ] So that 1576 is your link mtu. I believe it is of no use here... " Since I *think* the purpose of tun_mtu might be to set the tun_mtu, as I did in the openvpn.conf file, I might try: /sbin/ip link set mtu $3 dev $1 /sbin/ip route add $4/32 via dev $1 Thanks Erich! (et Jean-Pierre aussi) Rick. -Original Message- From: Erich Titl [mailto:[EMAIL PROTECTED] Sent: Sunday, December 05, 2004 4:59 AM To: Tibbs, Richard Subject: Re: [leaf-user] Openvpn problems executing up-script Rick Tibbs, Richard wrote: >Dear list: I experimented a bit making the script >#!/bin/sh -e >/sbin/ip route add $1 $2 $3 $4 $5 $6 >But same outcome "... shell failed with error status 1." > >I checked the -e parameter and it is stops the script immediately if any >command fails. >Higher up in daemon.log openvpn calls the script this way: >Dec 4 21:55:39 firewall openvpn[9273]: /etc/openvpn/openvpn.up tun0 >1500 1576 10.1.1.1 10.1.1.2 init > >10.1.1.1 is the local vpn endpoint and 10.1.1.2 is intended to be my >laptop over wireless. Looking at the openvpn howto, and the ip man >page, (http://annys.eines.info/cgi-bin/man/man2html?ip+8) I am thinking >I must need something like > >/sbin/ip route add $4/32 mtu $2 nexthop dev $1 > > try /sbin/ip link set mtu $2 dev $1 /sbin/ip route add $4/32 via dev $1 cheers Erich --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] New openvpn problem (formerly up-script)
Dear list. I tried the following command line /sbin/ip link set mtu 1500 dev tun0 Problem is, there is no device tun0 even though daemon.log says Dec 4 21:55:38 firewall openvpn[9273]: MTU DYNAMIC mtu=1450, flags=2, 1576 -> 1450 Dec 4 21:55:38 firewall openvpn[9273]: TUN/TAP device tun0 opened Dec 4 21:55:38 firewall openvpn[9273]: ip link set dev tun0 up mtu 1500 Dec 4 21:55:39 firewall openvpn[9273]: ip addr add dev tun0 local 10.1.1.1 peer 10.1.1.2 Dec 4 21:55:39 firewall openvpn[9273]: /etc/openvpn/openvpn.up tun0 1500 1576 10.1.1.1 10.1.1.2 init Dec 4 21:55:39 firewall openvpn[9273]: script failed: shell command exited with error status: 1 Logged in as root, I tried typing ip link set dev tun0 up mtu 1500 and I get the message SIOCSIFMTU: Operation not supported by device. ( this happens no matter what mtu I type) The only command that does not give me some nastygram from IP is ip link set tun0 But nothing shows up, if I type ip link sho firewall: -root- # ip link show 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: dummy0: mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:02:e3:13:02:78 brd ff:ff:ff:ff:ff:ff 4: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:02:e3:12:7d:94 brd ff:ff:ff:ff:ff:ff 6: ipsec0: mtu 16260 qdisc pfifo_fast qlen 10 link/ether 00:02:e3:13:02:78 brd ff:ff:ff:ff:ff:ff 7: ipsec1: mtu 0 qdisc noop qlen 10 link/ipip 8: ipsec2: mtu 0 qdisc noop qlen 10 link/ipip 9: ipsec3: mtu 0 qdisc noop qlen 10 link/ipip What is wrong here? Rick. --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Anyone used channel bonding?
I actually did find that post and found that it was basically the text from bonding.txt in the kernel documentation. I've compiled ifenslave and the compile seems to go well, but I can't get it to run. I'm wondering if I need to do something special since I'm running uClibc (Bering uClibc 2.2.2 to be exact). I just compiled it on a RedHat box then copied the binary over. (It seems to run properly on the RedHat box.) Is that the wrong way to go about things? -Original Message- From: Mr. listman [mailto:[EMAIL PROTECTED] Sent: Sunday, December 05, 2004 12:13 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] Anyone used channel bonding? i think this link should be of great help to you, additionally, if u go to the archieves, and do a search on "BOND" you'll come up with lots of interested articles http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg05182.html >Has anyone used channel bonding on LEAF before? I've read through > >/usr/src/linux/Documentation/networking/bonding.txt and I've searched > >all >over, but haven't found >much. I've got the bonding.o module loaded >without >a problem, but there's a userspace tool, >ifenslave, that I'm having >trouble with. Ifenslave.c comes with the kernel source, so I compiled it >and _ Play online games with your friends with MSN Messenger http://messenger.msn.nl/ --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Anyone used channel bonding?
...forgot to cc: the list Joe Nelson wrote: I actually did find that post and found that it was basically the text from bonding.txt in the kernel documentation. I've compiled ifenslave and the compile seems to go well, but I can't get it to run. I'm wondering if I need to do something special since I'm running uClibc (Bering uClibc 2.2.2 to be exact). I just compiled it on a RedHat box then copied the binary over. (It seems to run properly on the RedHat box.) Is that the wrong way to go about things? Yes, unless you compile a statically linked version that includes all library dependencies. As it stands, the error you're getting likely indicates the ifenslave can't run because several libraries it's dependent on are missing. Use "ldd ifenslave" on the redhat box to see which libraries are required, and/or compile against uClibc (see the Bering uClibc documentation for how to setup an appropriate compile environemnt). -- Charles Steinkuehler [EMAIL PROTECTED] --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] GW-GW and roadwarrior IPSEC together on Bering/Super-Freeswan
Hi, I've got two Bering boxen joined with a super-freeswan-1.99.6.2 VPN connection. As a GW-GW tunnel they are running great. Very stable! I want to allow roadwarriors (WinXP pro) to tunnel into one of the gateways as well. What additional entries do I need to add to that ipsec.conf file? All of the examples I've seen so far show either configuration but it's not apparent (at least for me) how to have both types of tunnels running at the same time. Here's the ipsec.conf listing for the gateway I want to add the roadwarrior entries to: # /etc/ipsec.conf - FreeS/WAN IPsec configuration file # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=%defaultroute # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes conn new-old keyingtries=0 authby=secret left=63.130.102.68 leftsubnet=192.168.0.0/24 right=24.180.196.21 rightsubnet=192.168.1.0/24 rightnexthop=%defaultroute pfs=yes auto=start Thanks for your help, Stephen --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] New openvpn problem (formerly up-script)
Did you specify 'tun' module inside /etc/modules? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tibbs, Richard Sent: Sunday, December 05, 2004 11:18 AM To: [EMAIL PROTECTED] Subject: [leaf-user] New openvpn problem (formerly up-script) Dear list. I tried the following command line /sbin/ip link set mtu 1500 dev tun0 Problem is, there is no device tun0 even though daemon.log says Dec 4 21:55:38 firewall openvpn[9273]: MTU DYNAMIC mtu=1450, flags=2, 1576 -> 1450 Dec 4 21:55:38 firewall openvpn[9273]: TUN/TAP device tun0 opened Dec 4 21:55:38 firewall openvpn[9273]: ip link set dev tun0 up mtu 1500 Dec 4 21:55:39 firewall openvpn[9273]: ip addr add dev tun0 local 10.1.1.1 peer 10.1.1.2 Dec 4 21:55:39 firewall openvpn[9273]: /etc/openvpn/openvpn.up tun0 1500 1576 10.1.1.1 10.1.1.2 init Dec 4 21:55:39 firewall openvpn[9273]: script failed: shell command exited with error status: 1 Logged in as root, I tried typing ip link set dev tun0 up mtu 1500 and I get the message SIOCSIFMTU: Operation not supported by device. ( this happens no matter what mtu I type) The only command that does not give me some nastygram from IP is ip link set tun0 But nothing shows up, if I type ip link sho firewall: -root- # ip link show 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: dummy0: mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:02:e3:13:02:78 brd ff:ff:ff:ff:ff:ff 4: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:02:e3:12:7d:94 brd ff:ff:ff:ff:ff:ff 6: ipsec0: mtu 16260 qdisc pfifo_fast qlen 10 link/ether 00:02:e3:13:02:78 brd ff:ff:ff:ff:ff:ff 7: ipsec1: mtu 0 qdisc noop qlen 10 link/ipip 8: ipsec2: mtu 0 qdisc noop qlen 10 link/ipip 9: ipsec3: mtu 0 qdisc noop qlen 10 link/ipip What is wrong here? Rick. --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] GW-GW and roadwarrior IPSEC together on Bering/Super-Freeswan
Stephen Lee wrote: Hi, I've got two Bering boxen joined with a super-freeswan-1.99.6.2 VPN connection. As a GW-GW tunnel they are running great. Very stable! I want to allow roadwarriors (WinXP pro) to tunnel into one of the gateways as well. What additional entries do I need to add to that ipsec.conf file? All of the examples I've seen so far show either configuration but it's not apparent (at least for me) how to have both types of tunnels running at the same time. Here's the ipsec.conf listing for the gateway I want to add the roadwarrior entries to: # /etc/ipsec.conf - FreeS/WAN IPsec configuration file # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=%defaultroute # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes conn new-old keyingtries=0 authby=secret left=63.130.102.68 leftsubnet=192.168.0.0/24 right=24.180.196.21 rightsubnet=192.168.1.0/24 rightnexthop=%defaultroute pfs=yes auto=start Just add a new connection section(s) with appropriate entries for your road warrior(s). Note if the road-warriors have dynamic IP's and you wish to use shared secret authentication, *ALL* road-warrior systems will have to share the same connection description and the same secret! If you can use certificates or PSK's, you can make a unique connection description for each system. NOTE: If you wind up with lots of connection specifications, you may want to eliminate duplicated information from each of the (ie: the local IP address and nexthop entries). You can do this with the special 'default' connection, or use the also= and include= settings in the connection description. -- Charles Steinkuehler [EMAIL PROTECTED] --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Observation: [leaf-user] Webconf.lrp Beta 3 available
Nathan Angelacos wrote: Beta 3 of webconf.lrp for Bering-uClibc is now available. This version splits out the weblet functions from extra plugins. http://cvs.sourceforge.net/viewcvs.py/leaf/devel/nangel/webconf/lrp/webconf.lrp contains only weblet-like monitoring functions, plus tools to back up the modules. The "pretty shorewall" logs feature is now included in the logfiles.cgi. If its not good enough, or if there are other things that are missing, please let me know. Is the method to switch from/to Basic/Expert taken out in purpose from this? Link to "Home" needs to be also in the General section on the left not only in the bottom of the right page. Documentation in http://cvs.sourceforge.net/viewcvs.py/leaf/devel/nangel/webconf/doc/webconf-configuration.html needs to mention the location to place the *.lwp packages and the fact that not all packages need to be specificly loaded. Some packages are automatically found from the /. -M --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] EZ-IPUPD -> DynDNS.org blocked because of abuse
I a while ago spent major time trying to get EZ-IPUPD to work and in the end gave up and wrote my own scripts to do it. The latest versions are sitting at here www.help.co.nz/leaf/check_ip.zip I use it as follows: Every 10 minutes /etc/init.d/multicron runs the main script /usr/sbin/check_ip this script checks to see it the IP of the domainname it finds in /etc/dyndns.conf has changed and if it has then does a ping to that dyndns name and double checks BEFORE updating dydns with the new IP ( had to to the ping check as I too was getting abuse status ). Now I dont claim to be any expert in writing scripts but this works and works well on quite a few bering installed firewalls. I'm always open for input... Bruce > Date: Sat, 4 Dec 2004 21:59:02 -0800 (PST) > From: cpu memhd <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: [leaf-user] EZ-IPUPD -> DynDNS.org blocked because of abuse > > As the topic says, I was blocked because of abuse: > > "The abuse system automatically blocks any hostname that repeatedly > tries to update a hostname from the same IP. This is done to conserve > bandwidth and prevent computers from updating every 5 minutes, > regardless of whether or not their IP address had changed." > > Does EZ-IPUPD attempt to update DynDNS at regular intervals or every > reboot? What should I do to prevent it from causing this problem? My > account will be "automatically deleted" if this continues. Thanks. > --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Graphical Approach - Bearing
Reggie, I don't think webconf is that much different from what you want. Webconf is capable of loading lwp (plugin) packages, which contain PHP like scripting to give a nice webfrontend to specific lrp packages. Because webconf is work in progress, only a few lwp packages are available yet (dropbear.lwp is one of them). Webconf will automatically load those lwps on the package device if a corresponding lrp is loaded, but it's also possible to create special lwp files to extend the functionality of webconf itself (f.e. webipv6.lwp for ipv6 statistics). This way webconf is as flexible and modular as Bering(-uClibc) itself, you can choose to have a webfrontend by using lwp files, editing by hand by using the shell frontend or mixing the two. Loading extra plugins for added functionality, etc. I think you only saw the shell frontend by now and didn't see the full capabilities of webconf, please take a look at: http://cvs.sourceforge.net/viewcvs.py/*checkout*/leaf/devel/nangel/web conf/doc/webconf-howto.html?rev=1.4 and http://cvs.sourceforge.net/viewcvs.py/leaf/devel/nangel/webconf/lrp/ To see what is possible and available right now. Ofcourse you are welcome to help to create lwp packages. Regards, Eric Spakman Bering-uClibc team member > To the Developers of Leaf > > I've bean using the LRP variant for some years now, started out with > Dachstein, and used every other upgrade since then to the now Bearing > uClibc. > > Normally it takes me some months of testing, before a firewall application > passes my approval, when i started testing Dachstein back then, many others > passed my list, Smoothwall, Coyotee, Freesco...but they all was NADA, > Nothing to boast about. I ended up sticking with Dachstein, cause it did > just wat i needed it to do, and it was modular, making it even beter, and > best of all, the support received from the list, someone was always there to > give a helping hand. > > Anyway, as time goes on, i continue to check other firewall apps to see > what's cooking in the Mini-Linux firewalll world. > > ALso, i have decided to take Leaf to the JOB, as firewall it was perfectly > welcome, but seeing must peeps, has no knowledge about LINUX they gladly > rejects anything name LINUX, when it comes to them.. > > Thefore i was forced to look for a simple solution, that my collegues can > administrator without the aches and pain.. > > I came up with 2 options, Coyote and m0n0wall, of which coyotee's firewall, > is not the best option to configure, so i stuck to m0n0wall, it's very > simple to configure, and it's all webbase.. > > i have play with webconfig.lrp, but basically this is only a front-end > shell, u'll still need to knowledge to configure the items on bearing. > > my question to the developers, won't it be possbile to make bearing a better > webbase applicatiion using .php orso, more graffical (or don't this fall > into your mission statemen) basicall most of the top firewall manufactures > are going this way, it's selling, if u take those linksys home routers, > even the simple hobbyist can configure them > > Do hope i haven't touched any toes, but after looking at m0nowall, i was > amused, and enjoyed the layout, and the workings..but i love bearing still, > cause of the modular approach, which m0n0wall is lacking.. > > regards > reggie > > _ > Play online games with your friends with MSN Messenger > http://messenger.msn.nl/ > > > > --- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ > > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] New openvpn problem (formerly up-script)
Yes, I have loaded tun.o into lib modules and the etc/modules has tun specified. And, lsmod reveals firewall: -root- # lsmod Module PagesUsed by ipsec 256960 2 ide-disk9304 0 tun 3488 0 ip_nat_irc 2176 0 (unused) ip_nat_ftp 2784 0 (unused) ip_conntrack_irc2880 1 ip_conntrack_ftp3648 1 natsemi15208 2 isofs 17032 0 ide-probe-mod 8476 0 ide-cd 26956 0 ide-mod63076 0 [ide-disk ide-probe-mod ide-cd] cdrom 26912 0 [ide-cd] -Original Message- From: M Lu [mailto:[EMAIL PROTECTED] Sent: Sunday, December 05, 2004 12:58 PM To: Tibbs, Richard; [EMAIL PROTECTED] Subject: RE: [leaf-user] New openvpn problem (formerly up-script) Did you specify 'tun' module inside /etc/modules? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tibbs, Richard Sent: Sunday, December 05, 2004 11:18 AM To: [EMAIL PROTECTED] Subject: [leaf-user] New openvpn problem (formerly up-script) Dear list. I tried the following command line /sbin/ip link set mtu 1500 dev tun0 Problem is, there is no device tun0 even though daemon.log says Dec 4 21:55:38 firewall openvpn[9273]: MTU DYNAMIC mtu=1450, flags=2, 1576 -> 1450 Dec 4 21:55:38 firewall openvpn[9273]: TUN/TAP device tun0 opened Dec 4 21:55:38 firewall openvpn[9273]: ip link set dev tun0 up mtu 1500 Dec 4 21:55:39 firewall openvpn[9273]: ip addr add dev tun0 local 10.1.1.1 peer 10.1.1.2 Dec 4 21:55:39 firewall openvpn[9273]: /etc/openvpn/openvpn.up tun0 1500 1576 10.1.1.1 10.1.1.2 init Dec 4 21:55:39 firewall openvpn[9273]: script failed: shell command exited with error status: 1 Logged in as root, I tried typing ip link set dev tun0 up mtu 1500 and I get the message SIOCSIFMTU: Operation not supported by device. ( this happens no matter what mtu I type) The only command that does not give me some nastygram from IP is ip link set tun0 But nothing shows up, if I type ip link sho firewall: -root- # ip link show 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: dummy0: mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:02:e3:13:02:78 brd ff:ff:ff:ff:ff:ff 4: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:02:e3:12:7d:94 brd ff:ff:ff:ff:ff:ff 6: ipsec0: mtu 16260 qdisc pfifo_fast qlen 10 link/ether 00:02:e3:13:02:78 brd ff:ff:ff:ff:ff:ff 7: ipsec1: mtu 0 qdisc noop qlen 10 link/ipip 8: ipsec2: mtu 0 qdisc noop qlen 10 link/ipip 9: ipsec3: mtu 0 qdisc noop qlen 10 link/ipip What is wrong here? Rick. --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] New openvpn problem (formerly up-script)
Thanks, Martin... But, no, I upgraded to openvpn 1.6 (compiled by E. Titl, with lzo statically linked, thx). Jaques Nilo's is 1.4 Is it possible 1.6 supports ifconfig (that command no longer fails) but has a problem with iproute? The first command you suggest for my script would use the link mtu instead of the tunnel mtu, would it not? Openvpn uses ip commands that would do that (see log listing in my previous post)... But, one thing I have fouled up is the order of the args -- forgot they started at $0. Shouldn't it be: /sbin/ip link set dev $0 up mtu $1 /sbin/ip addr add dev $0 local $4 peer $5 /sbin/ip route add 192.168.1.3/32 via $4 Now my boot floppy has become corrupted... aaarrgghhh... fortunately saved a copy and can generate a new one. Rick -Original Message- From: Martin Hejl [mailto:[EMAIL PROTECTED] Sent: Sunday, December 05, 2004 1:27 PM To: Tibbs, Richard Subject: Re: [leaf-user] New openvpn problem (formerly up-script) Hi Richard, Tibbs, Richard wrote: > > Dear list. > I tried the following command line > /sbin/ip link set mtu 1500 dev tun0 > > Problem is, there is no device tun0 even though daemon.log says > Dec 4 21:55:38 firewall openvpn[9273]: MTU DYNAMIC mtu=1450, flags=2, > 1576 -> 1450 > Dec 4 21:55:38 firewall openvpn[9273]: TUN/TAP device tun0 opened > Dec 4 21:55:38 firewall openvpn[9273]: ip link set dev tun0 up mtu 1500 > Dec 4 21:55:39 firewall openvpn[9273]: ip addr add dev tun0 local > 10.1.1.1 peer 10.1.1.2 > Dec 4 21:55:39 firewall openvpn[9273]: /etc/openvpn/openvpn.up tun0 > 1500 1576 10.1.1.1 10.1.1.2 init > Dec 4 21:55:39 firewall openvpn[9273]: script failed: shell command > exited with error status: 1 > > Logged in as root, I tried typing > ip link set dev tun0 up mtu 1500 > and I get the message > SIOCSIFMTU: Operation not supported by device. > ( this happens no matter what mtu I type) > > The only command that does not give me some nastygram from IP is > ip link set tun0 Ok, I'm going to assume you're still using Jaques' OpenVPN package, the one that doesn't support iproute2 directly, and hence you're trying to do what OpenVPN normally does automatically (bringing up the interface, setting routes and so on) via the up-script Try putting the following in your up-script (that's what I inferred from the source of OpenVPN 1.6 - so, those would be the commands generated, if you were using OpenVPN 1.6). /sbin/ip link set dev $0 up mtu $2 /sbin/ip addr add dev $1 local $4 peer $5 /sbin/ip route add 192.168.1.3/32 via $4 After those have been executed, you should have a tun interface with an assigned IP and a route pointing to the remote machine (I'm actually not sure if "192.168.1.3/32" is correct - I _think_ that's how a host-route was specified, but since I always connected two subnets with openvpn, I never had to do that). I hope that helps Martin --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] New openvpn problem (formerly up-script)
Hi Richard, Tibbs, Richard wrote: But, no, I upgraded to openvpn 1.6 (compiled by E. Titl, with lzo statically linked, thx). Jaques Nilo's is 1.4 Ah, ok. Is it possible 1.6 supports ifconfig (that command no longer fails) but has a problem with iproute? Depends on how Erich compiled it. There's a parameter for ./configure of OpenVPN that makes it either use ifconfig or iproute. The fact that your log shows "ip link set dev tun0 up mtu 1500" suggests that iproute support is already enabled in your version of openvpn (otherwise, there would be "ifconfig tun0 whatever" in the log). And if iproute support is enabled, then there's no need for ifconfig (since it will never be called). Actually, when you say "that command no longer fails", what exactly do you mean? The latest log you sent doesn't contain any references to ifconfig that I see (so how could that fail?). But if you're using a version that supports iproute (which it apparently does), I don't understand why you want/need to mess with the up-script at all - with all the installations of openvpn that I've used so far, I _never_ needed to use the up-script. All I do on all my setups is to specify the appropriate "ifconfig" and "route" line in the config (don't let yourself be confused - despite the fact that the parameter is called "ifconfig" in the config file, if OpenVPN is properly compiled for iproute support it will generate the proper ip commands) and everyhing is set up by OpenVPN. To summarize - with the OpenVPN package from Erich (I'm going to assume that he compiled that with iproute support - everything I've seen so far suggests that's the case) there should be no need for an up-script, unless you need to do something unusual. But, one thing I have fouled up is the order of the args -- forgot they started at $0. Shouldn't it be: /sbin/ip link set dev $0 up mtu $1 /sbin/ip addr add dev $0 local $4 peer $5 /sbin/ip route add 192.168.1.3/32 via $4 Well, everything that I've learned suggests that $0 is the name of the script being run - so, the first parameter to the script would actually be in $1 Martin P.S. After what sounds like a pretty rough ride to get OpenVPN to work, it may be a good idea to take a step back, dump everything (the OpenVPN config and scripts) and start from scratch, closely following the docs on the OpenVPN site - for a typical setup, OpenVPN should be extremely easy, and I fear many of your problems come from trying to use workarounds for problems that are no longer there (due to using OpenVPN 1.6). Just an idea. --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] wrt54g (wireless router) between leaf box and lan
I have placed a wireless linksys wrt54g router between my bering leaf box and my local network. The ethernet network between leaf and wrt54g I have assigned to network 192.168.10.x and the local network is 192.169.1.x, From the local network (some hosts directly wired to wrt54g eth switch and others wireless) I can ping the wrt54g and the leaf box. I can also see the embedded web server on the leaf boxfrom the lan/wlan. However, I cannot ping or connect to any address on the internet from my local network. I can also ping the leaf box from the wrt54g but cannot ping a real internet host. NAT is turned on on the leaf box and is on by default on the wrt54g (there may be a undocumented way to turn it off). Or this may not be an issue. My question is should this theoretically work and, if so, what might I be doing wrong? Tks, -gene P/S: My leaf box has been working fine for years and would like to keep using it. I would just as soon the linksys box could just act as a dumb "wireless hub" and continue using the leaf box as is. However, the wrt54g does work ok as the main router (without the leaf box) but requires custom firmware to add things like sshd, shorewall etc. --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] New openvpn problem (formerly up-script)
Ah, that would explain..Yes, I meant that no ifconfig command fails.. I checked and there is no ifconfig line in daemon.log -- my mistake. But, there is the line in openvpn.conf: ifconfig 10.1.1.1 10.1.1.2 That looks like it having the intended effect, being translated into ip route command lines. As you suggest I will remove the up script and use a route line in openvpn.cfg Thanks very much Martin... I am laughing out loud that I have come full circle. First, with 1.4 I didn't know I needed to supply the up script. Now with 1.6 it is apparently unnecessary. Post you later with an update. If nothing seems to work I might do what you suggest --- just drop back to ground zero and rebuild everything from scratch. In mirth, :-)) Rick. -Original Message- From: Martin Hejl [mailto:[EMAIL PROTECTED] Sent: Sunday, December 05, 2004 4:31 PM To: Tibbs, Richard Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] New openvpn problem (formerly up-script) Hi Richard, Tibbs, Richard wrote: > But, no, I upgraded to openvpn 1.6 (compiled by E. Titl, with lzo > statically linked, thx). Jaques Nilo's is 1.4 Ah, ok. > Is it possible 1.6 > supports ifconfig (that command no longer fails) but has a problem with > iproute? Depends on how Erich compiled it. There's a parameter for ./configure of OpenVPN that makes it either use ifconfig or iproute. The fact that your log shows "ip link set dev tun0 up mtu 1500" suggests that iproute support is already enabled in your version of openvpn (otherwise, there would be "ifconfig tun0 whatever" in the log). And if iproute support is enabled, then there's no need for ifconfig (since it will never be called). Actually, when you say "that command no longer fails", what exactly do you mean? The latest log you sent doesn't contain any references to ifconfig that I see (so how could that fail?). But if you're using a version that supports iproute (which it apparently does), I don't understand why you want/need to mess with the up-script at all - with all the installations of openvpn that I've used so far, I _never_ needed to use the up-script. All I do on all my setups is to specify the appropriate "ifconfig" and "route" line in the config (don't let yourself be confused - despite the fact that the parameter is called "ifconfig" in the config file, if OpenVPN is properly compiled for iproute support it will generate the proper ip commands) and everyhing is set up by OpenVPN. To summarize - with the OpenVPN package from Erich (I'm going to assume that he compiled that with iproute support - everything I've seen so far suggests that's the case) there should be no need for an up-script, unless you need to do something unusual. > But, one thing I have fouled up is the order of the args -- forgot they > started at $0. Shouldn't it be: > /sbin/ip link set dev $0 up mtu $1 > /sbin/ip addr add dev $0 local $4 peer $5 > /sbin/ip route add 192.168.1.3/32 via $4 Well, everything that I've learned suggests that $0 is the name of the script being run - so, the first parameter to the script would actually be in $1 Martin P.S. After what sounds like a pretty rough ride to get OpenVPN to work, it may be a good idea to take a step back, dump everything (the OpenVPN config and scripts) and start from scratch, closely following the docs on the OpenVPN site - for a typical setup, OpenVPN should be extremely easy, and I fear many of your problems come from trying to use workarounds for problems that are no longer there (due to using OpenVPN 1.6). Just an idea. --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] EZ-IPUPD -> DynDNS.org blocked because of abuse
Am Sonntag, 5. Dezember 2004 06:59 schrieb cpu memhd: > As the topic says, I was blocked because of abuse: > > "The abuse system automatically blocks any hostname that repeatedly > tries to update a hostname from the same IP. This is done to > conserve bandwidth and prevent computers from updating every 5 > minutes, regardless of whether or not their IP address had > changed." > > Does EZ-IPUPD attempt to update DynDNS at regular intervals or > every reboot? What should I do to prevent it from causing this > problem? My account will be "automatically deleted" if this > continues. Thanks. I think the daemon mode never really worked (for Bering falvours). I start it instead from ppp/ip-up (where in 99% of the cases I do have a new ip address assigned by my ISP). See for some info: http://leaf.sourceforge.net/doc/guide/bucu-ezipupd.html kp --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Resolved: Openvpn probs.
Ok, much thanks to everyone, especially Martin. I have now a working tun0 link. What works in openvpn.conf is shown below. I did a little documentation for my own sanity. I am still confused by one thing. In the openvpn 2.x readme (installed on my winXP wireless laptop) it says " * To get OpenVPN 2.0 to talk with the 1.5/1.6 versions, put this in the 1.x config file: tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 key-method 2 * For TLS usage, --key-method 2 is now the default. Use --key-method 1 to communicate with 1.x. " The last sentence seems to contradict the 1.x configs above it. I assume they mean to say key-method 1 the first time. Thanks again, Rick # Sample OpenVPN configuration file for # using a pre-shared static key. # # ' or ';' may be used to delimit comments. # Use a dynamic tun device. dev tun # For compatability with 2.x openvpn clients/servers tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 # When using TLS-security (tls-server) uncomment this for 2.x #key-method 2 local 216.x.y.z #(anonymized...) # Remote peer (wireless internal w/o RU vpn) remote 192.168.1.3 # 10.1.1.1 is our local VPN endpoint # 10.1.1.2 is our remote VPN endpoint (home wlan) # ifconfig command is for backward compat. even though ip(2) is supported ifconfig 10.1.1.1 10.1.1.2 # 10.1.10.1 is our local VPN endpoint (for office sub) # 10.1.10.2 is our remote VPN endpoint for offic subnet #ifconfig 10.1.10.1 10.1.10.2 # don't use in 1.6 or beyond: up /etc/openvpn/openvpn.up # instead use a route command for the wireless laptop on internal net. # the rest of the route params default to mask=/32, nexthop=ifconfig parm 2. route 192.168.1.3 #tls-server --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Resolved: Openvpn probs.
Still don't understand one thing: Why can't I set up a tunnel manually at the command line? Mystified, Rick. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tibbs, Richard Sent: Sunday, December 05, 2004 5:58 PM To: [EMAIL PROTECTED] Subject: [leaf-user] Resolved: Openvpn probs. Ok, much thanks to everyone, especially Martin. I have now a working tun0 link. What works in openvpn.conf is shown below. I did a little documentation for my own sanity. I am still confused by one thing. In the openvpn 2.x readme (installed on my winXP wireless laptop) it says " * To get OpenVPN 2.0 to talk with the 1.5/1.6 versions, put this in the 1.x config file: tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 key-method 2 * For TLS usage, --key-method 2 is now the default. Use --key-method 1 to communicate with 1.x. " The last sentence seems to contradict the 1.x configs above it. I assume they mean to say key-method 1 the first time. Thanks again, Rick # Sample OpenVPN configuration file for # using a pre-shared static key. # # ' or ';' may be used to delimit comments. # Use a dynamic tun device. dev tun # For compatability with 2.x openvpn clients/servers tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 # When using TLS-security (tls-server) uncomment this for 2.x #key-method 2 local 216.x.y.z #(anonymized...) # Remote peer (wireless internal w/o RU vpn) remote 192.168.1.3 # 10.1.1.1 is our local VPN endpoint # 10.1.1.2 is our remote VPN endpoint (home wlan) # ifconfig command is for backward compat. even though ip(2) is supported ifconfig 10.1.1.1 10.1.1.2 # 10.1.10.1 is our local VPN endpoint (for office sub) # 10.1.10.2 is our remote VPN endpoint for offic subnet #ifconfig 10.1.10.1 10.1.10.2 # don't use in 1.6 or beyond: up /etc/openvpn/openvpn.up # instead use a route command for the wireless laptop on internal net. # the rest of the route params default to mask=/32, nexthop=ifconfig parm 2. route 192.168.1.3 #tls-server --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] wrt54g (wireless router) between leaf box and lan
On Sun, 2004-12-05 at 22:40, Gene Smith wrote: > I have placed a wireless linksys wrt54g router between my bering leaf > box and my local network. The ethernet network between leaf and wrt54g I > have assigned to network 192.168.10.x and the local network is > 192.169.1.x, From the local network (some hosts directly wired to > wrt54g eth switch and others wireless) I can ping the wrt54g and the > leaf box. I can also see the embedded web server on the leaf boxfrom the > lan/wlan. However, I cannot ping or connect to any address on the > internet from my local network. I can also ping the leaf box from the > wrt54g but cannot ping a real internet host. > > NAT is turned on on the leaf box and is on by default on the wrt54g > (there may be a undocumented way to turn it off). Or this may not be an > issue. My question is should this theoretically work and, if so, what > might I be doing wrong? > Can you provide the routes set on one of your client machines ?? Could be just a routing problem... > Tks, > -gene > > P/S: My leaf box has been working fine for years and would like to keep > using it. I would just as soon the linksys box could just act as a dumb > "wireless hub" and continue using the leaf box as is. However, the > wrt54g does work ok as the main router (without the leaf box) but > requires custom firmware to add things like sshd, shorewall etc. > > > --- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ > > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] wrt54g (wireless router) between leaf box and lan
Sorry to be dropping into this late; I missed the original posting. At 02:47 AM 12/6/2004 +0100, Arne Bernin wrote: On Sun, 2004-12-05 at 22:40, Gene Smith wrote: > I have placed a wireless linksys wrt54g router between my bering leaf > box and my local network. The ethernet network between leaf and wrt54g I > have assigned to network 192.168.10.x and the local network is > 192.169.1.x, Is this network info a typo? (169 for 168) If not ... it's not smart to use public addresses on private LANs. From the local network (some hosts directly wired to > wrt54g eth switch and others wireless) I can ping the wrt54g and the > leaf box. I can also see the embedded web server on the leaf boxfrom the > lan/wlan. However, I cannot ping or connect to any address on the > internet from my local network. I can also ping the leaf box from the > wrt54g but cannot ping a real internet host. > > NAT is turned on on the leaf box and is on by default on the wrt54g > (there may be a undocumented way to turn it off). Or this may not be an > issue. My question is should this theoretically work and, if so, what > might I be doing wrong? > Can you provide the routes set on one of your client machines ?? Could be just a routing problem... Probably is a routing problem, but more likely on the Linksys, not the client. What does the Linksys think its default gateway is? It should be the LEAF router's internal IP address. Could also be a routing problem on the client end, but that sounds less likely if (a) the client can read the LEAF router itself and (b) the Linksys is NAT'ing external connections ... both things you write above. > Tks, > -gene > > P/S: My leaf box has been working fine for years and would like to keep > using it. I assume from this that the LEAF host itself remains able to reach the Internet. It, for example, can ping Internet sites successfully ... and clients connected directly to it (not theough the Linksys) also can. If not, you may have a routing problem on the LEAF router itself. (I'm surmising that you recently changed its LAN network from 192.168.1.0/24 to 192.168.10.0/24, so I'm really asking if you verified that the LEAF router itself still routes properly after you made that change.) I would just as soon the linksys box could just act as a dumb > "wireless hub" and continue using the leaf box as is. However, the > wrt54g does work ok as the main router (without the leaf box) but > requires custom firmware to add things like sshd, shorewall etc. I haven't used a Linksys this way, but I have used an older D-Link Wireless-B router as only an AP (what I think you mean by "a dumb 'wireless hub'"), not a (NAT'ing) router. To do this, I connected the D-Link to my LAN using one of its internal 802.3 ports, not its external port. And I assigned a static address by hand to my wireless client (I'm not sure how well DHCP works in this bridging setting). Worked fine in tests; didn't maintain it that way after the test due to the lousy security on 802.11b, so I can't tell you about long-term performance. --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] wrt54g (wireless router) between leaf box and lan (solved)
Gene Smith wrote, On 12/05/2004 04:40 PM: I have placed a wireless linksys wrt54g router between my bering leaf box and my local network. The ethernet network between leaf and wrt54g I have assigned to network 192.168.10.x and the local network is 192.169.1.x, From the local network (some hosts directly wired to wrt54g eth switch and others wireless) I can ping the wrt54g and the leaf box. I can also see the embedded web server on the leaf boxfrom the lan/wlan. However, I cannot ping or connect to any address on the internet from my local network. I can also ping the leaf box from the wrt54g but cannot ping a real internet host. NAT is turned on on the leaf box and is on by default on the wrt54g (there may be a undocumented way to turn it off). Or this may not be an issue. My question is should this theoretically work and, if so, what might I be doing wrong? Tks, -gene P/S: My leaf box has been working fine for years and would like to keep using it. I would just as soon the linksys box could just act as a dumb "wireless hub" and continue using the leaf box as is. However, the wrt54g does work ok as the main router (without the leaf box) but requires custom firmware to add things like sshd, shorewall etc. Went back and looked at this list's archives closer and discovered a thread where it was talked about connecting a similar linksys box without using the "internet" connector. You can just connect the leaf output (local) ethernet to any of the 4 wired eth switch inputs on the wrt54g. I have always used static local addresses so I set the wrt54g (internet and local to be safe) to the static address 192.168.1.1 and I set my local hosts (wired and wireless) to their static address and set the wrt54g to "router" as opposed to "gateway" mode under advanced routing options. Also under advanced routing I disabled dynamic routing and set no static routes. I don't run a dhcp server in the leaf box but that would probably also work for assigning local address. Possibly the wrt54g address could be dynaically assigned too. All my local host point to leaf as their gateway and dns host. At sometime I hope to get around to upgrading the wrt54g to have functionality similar to leaf (openWRT, sveasoft etc.) but for now this does seem to work (possibly a bit slower since packets have to traverse an additional stack and leaf box is pretty weak). Any consideration of porting leaf to wrt54g or its bigger bro. wrt54gs which are (embedded) linux boxes too? --gene --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ANN: leaf-project.org website
Everyone, I just upgraded our website. It still is missing old announcements. I also need to create user accounts for our project members. Please let me know if you see any problems. Thanks. -- Mike Noyes http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: [leaf-devel] ANN: leaf-project.org website
On Sun, 2004-12-05 at 18:47, Mike Noyes wrote: > Everyone, > I just upgraded our website. It still is missing old announcements. I > also need to create user accounts for our project members. > > Please let me know if you see any problems. Thanks. Everyone, I'm still having some path issues. I'll update in a while. -- Mike Noyes http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] wrt54g (wireless router) between leaf box and lan
Ray Olszewski wrote, On 12/05/2004 09:24 PM: Sorry to be dropping into this late; I missed the original posting. At 02:47 AM 12/6/2004 +0100, Arne Bernin wrote: On Sun, 2004-12-05 at 22:40, Gene Smith wrote: > I have placed a wireless linksys wrt54g router between my bering leaf > box and my local network. The ethernet network between leaf and wrt54g I > have assigned to network 192.168.10.x and the local network is > 192.169.1.x, Is this network info a typo? (169 for 168) If not ... it's not smart to use public addresses on private LANs. Yeah, typo. From the local network (some hosts directly wired to > wrt54g eth switch and others wireless) I can ping the wrt54g and the > leaf box. I can also see the embedded web server on the leaf boxfrom the > lan/wlan. However, I cannot ping or connect to any address on the > internet from my local network. I can also ping the leaf box from the > wrt54g but cannot ping a real internet host. > > NAT is turned on on the leaf box and is on by default on the wrt54g > (there may be a undocumented way to turn it off). Or this may not be an > issue. My question is should this theoretically work and, if so, what > might I be doing wrong? > Can you provide the routes set on one of your client machines ?? Could be just a routing problem... Well, I have changed setup now using info from one of your old posts. It now works! See my reply to myself in this thread. Probably is a routing problem, but more likely on the Linksys, not the client. What does the Linksys think its default gateway is? It should be the LEAF router's internal IP address. Could also be a routing problem on the client end, but that sounds less likely if (a) the client can read the LEAF router itself and (b) the Linksys is NAT'ing external connections ... both things you write above. > Tks, > -gene > > P/S: My leaf box has been working fine for years and would like to keep > using it. I assume from this that the LEAF host itself remains able to reach the Internet. It, for example, can ping Internet sites successfully ... and clients connected directly to it (not theough the Linksys) also can. If not, you may have a routing problem on the LEAF router itself. (I'm surmising that you recently changed its LAN network from 192.168.1.0/24 to 192.168.10.0/24, so I'm really asking if you verified that the LEAF router itself still routes properly after you made that change.) Yes I had changed the address as you describe but never tried running ping from the leaf box. (I had forgotten that it had it!) I had changed them on the ram disk and restarted service (networking, shorewall, reloaded eth drivers, etc) but could not get outside from any host. Currently I can ping yahoo.com from any host except the linksys since its current route table shows default route going out throught the "WAN/Internet" port which is not attached, Not sure how to fix this, but not a big deal. I would just as soon the linksys box could just act as a dumb > "wireless hub" and continue using the leaf box as is. However, the > wrt54g does work ok as the main router (without the leaf box) but > requires custom firmware to add things like sshd, shorewall etc. I haven't used a Linksys this way, but I have used an older D-Link Wireless-B router as only an AP (what I think you mean by "a dumb 'wireless hub'"), not a (NAT'ing) router. Yeah an "AP", not up on all the buzzwords :) To do this, I connected the D-Link to my LAN using one of its internal 802.3 ports, not its external port. And I assigned a static address by hand to my wireless client (I'm not sure how well DHCP works in this bridging setting). Worked fine in tests; didn't maintain it that way after the test due to the lousy security on 802.11b, so I can't tell you about long-term performance. Yes, this is more or less what you and others (Camille) talked about way back in an old post but she never reported that it work quite right. It works fine for me (see detailed reply with subject "solved'). Also, have not tried dynamic since I have always historically used static internal addresses. I think she was using interal DNS. I may try it at some point. --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: [leaf-devel] ANN: leaf-project.org website
On Sun, 2004-12-05 at 19:02, Mike Noyes wrote: > On Sun, 2004-12-05 at 18:47, Mike Noyes wrote: > > I just upgraded our website. It still is missing old announcements. I > > also need to create user accounts for our project members. > > > > Please let me know if you see any problems. Thanks. > > I'm still having some path issues. I'll update in a while. Everyone, leaf.sourceforge.net is working properly, but something isn't quite right with leaf-project.org. I'll work on it tomorrow. -- Mike Noyes http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] wrt54g (wireless router) between leaf box and lan
At 10:07 PM 12/5/2004 -0500, Gene Smith wrote: [...] Currently I can ping yahoo.com from any host except the linksys since its current route table shows default route going out throught the "WAN/Internet" port which is not attached, Not sure how to fix this, but not a big deal. It may not be fixable. (I don't think it was on the D-Link I tested way back when.) But since you are not using this device as a router, and it is pretty worthless as a workstation (isn't it? Linksys makes some pretty fancy stuff these days, but not *that* fancy, right?), its own routing table doesn't really matter. From the rest of your reply, it reads like you have everything fixed except for this trivial detai. Good. --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html