[leaf-user] WPA Supplicant and Free Radius

[Roger E McClurg]

It seems a lot of people are using wireless on their LEAF boxes. The best 
way I know to secure wireless is to use WPA. There are a lot of flavors of 
WPA. but all require a WPA aware Radius. To my knowledge Cistron Radius 
(the one currently in LEAF) does not support WPA, but Free Radius does. 
Free Radius is yet another fork of Livingston Radius as is Cistron. The 
main difference is that Free Radius is still being developed and little or 
nothing has been done to Cistron Radius for years. Free Radius is 
configured much like Cistron, and migration from one to the other is very 
easy. 

I am not suggesting that LEAF replaces Cistron Radius with Free Radius, 
but it would be great if Free Radius could be made into an alternate 
Radius for those of us who need WPA. Is this possible?





---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Re: leaf-user digest, Vol 1 #2798 - 2 msgs

[Roger E McClurg]

Ron,

Here is where it is going wrong.
Then syslinux -s /dev/hda1.

Don't syslinux the partition. You want to do this: syslinux -s /dev/hda.

Best Regards,

Roger McClurg





leaf-user-request
@lists.sourceforge.net
Sent by: leaf-user-admin
10/16/2005 11:25 PM
Please respond to leaf-user
 
To: leaf-user@lists.sourceforge.net
cc: 
Subject:leaf-user digest, Vol 1 #2798 - 2 msgs


Date: Sun, 16 Oct 2005 09:45:17 -0500
From: Ron Senykoff <[EMAIL PROTECTED]>
To: "Leaf-User (E-mail)" 
Subject: [leaf-user] LEAF on WRAP won't boot - help please

Hello all,

When I fire up the wrap board, it gets to the "Boot from network,
disk, or quit" screen and when I hit enter for it to continue,
nothing. Absolutely nothing.

Here's how I built it:

I have gone through all the directions related to booting from IDE and
WRAP that I can find. I got console working on a floppy in a regular
box, along with copying over the initrd with ide support. Once all
that was working, I booted the WRAP board using PXE. The network
booting works fine at the console. Once in I fdisk the CF card, create
a new DOS partition table, new primary partition for the whole disk,
set the partition type to FAT (6) and write out. Then mkfs.msdos
/dev/hda1. Then syslinux -s /dev/hda1. Then I write the mbr over Then
I mount both hda1 and a smbmount share where I copy all the contents
(except ldlinux.sys) over from that wonderful floppy. I then modify
leaf.cfg and syslinux.cfg to point to /dev/hda1.

I just tried doing the whole thing by formatting it from a windows box
using the instructions that come with syslinux. No luck there either.


PC Engines WRAP.1C/1D/1E v1.08
640 KB Base Memory
130048 KB Extended Memory

01F0 Master 848A LEXAR ATA FLASH
Phys C/H/S 984/4/32 Log C/H/S 984/4/32
ROM segment 0xe000 length 0x8000 reloc 0x0002
Etherboot 5.3.12 (GPL) http://etherboot.org
Drivers: NATSEMI   Images: NBI PXE   Exports: PXE
Relocating _text from: [00089370,0009b230) to [07eee140,07f0)
Boot from (N)etwork (D)isk or (Q)uit?


This is where it hangs.

Any help is really appreciated.

-Ron







---
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Sensor Monitoring

[Roger E McClurg]

Is there a sensor monitoring package for Bering 1.2 or uClib 2.2.2 similar
to LM_Sensors?  I noted that on the latest Webconf there is a temperature
bar. Does anyone know how we get info to it? I'd really love to be able to
track the temperature and fan speed information that is reported by my
mother board.



---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] lcd4linux problem

[Roger E McClurg]

Martin,

Your memory is pretty good. I loaded the modules, but kept getting errors. 
I did some research and found that the parport_pc module is also required. 
I loaded it, and now I'm getting information on my display. 

Thanks for all the help.

Roger





Martin Hejl 
11/30/2004 01:45 PM
 
To: Roger E McClurg/CEG/[EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject:Re: [leaf-user] lcd4linux problem


Hi Robert,

Roger E McClurg wrote:
> Martin,
> 
> I was installing lcd4linux on the wrong build of Bering. When I swapped 
to 
> the correct CF the software loaded.
> 
> I am using an HD44780. I read the lcd4linux manual, and configured the 
> lcd4linux.conf accordingly. Unfortunately when I start lcd4linux with 
"svi 
> lcd4linux start" I get the following error:
> Starting LCD4linux:grsec: denied use of ioperm() by (lcd4linux:9573) 
> UID(0) EUID(0), parent (lcd4linux:21905) UID(0) EUID(0) 
> 
> Do you have any idea what is wrong?
Yes. You're trying to use the old (deprecated) method of accessing the 
display via port-io (this is "triggered" by specifying something like 
"Port 0x378" in your config file).

Port-IO from userspace is prohibited by the grsecurity patches that are 
applied to the Bering and Bering-uClibc kernels.

There are two ways of getting around it - either use the more modern 
parport device (you need to install the modules ppdev and parport, if I 
recall correctly) and then adjust the config so it will read something 
like "Port /dev/parport0" (or whatever it is on your system - just note 
that on leaf, the parports are not split into directories, like they are 
in the default config of lcd4linux).
Note, I'm going from memory here, since I don't have a leaf box at the 
moment that even has a parallel port, so I can't check.


The other way to get around it (if for some reason you can't make things 
work with parport) is to build your own kernel, whithout 
"CONFIG_GRKERNSEC_IO=y" in your kernel config.

I hope that helps.

Martin




---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] lcd4linux problem

[Roger E McClurg]

Martin,

I was installing lcd4linux on the wrong build of Bering. When I swapped to 
the correct CF the software loaded.

I am using an HD44780. I read the lcd4linux manual, and configured the 
lcd4linux.conf accordingly. Unfortunately when I start lcd4linux with "svi 
lcd4linux start" I get the following error:
Starting LCD4linux:grsec: denied use of ioperm() by (lcd4linux:9573) 
UID(0) EUID(0), parent (lcd4linux:21905) UID(0) EUID(0) 

Do you have any idea what is wrong?

Roger 





Martin Hejl 
11/30/2004 02:01 AM
 
    To:     Roger E McClurg/CEG/[EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject:Re: [leaf-user] lcd4linux problem



Roger E McClurg wrote:
> Hello List,
> 
> I'm trying to use the lcd4linux package in Bering uClibc 2.2.2. The 
> package loads fine, but when I try to start the daemon I get an error 
> "unable to start /usr/sbin/lcd4linux: No such file or directory". I 
> checked /usr/sbin and the file (dated Oct 17) is there. The file 
> permissions are 755. I tried executing the file directly, but still get 
a 
> not found. The package I used came from the ISO image. I tried 
downloading 
> the lcd4linx.lrp package from the Bering uClibc packages page in case 
> there was a newer version. Both had the same result.  Does anyone know 
> what's going wrong?
It's not stated on the packages page (as I just noticed) but lcd4linux 
needs libm.lrp to be installed - could it be that you're missing that 
package?

Martin





---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] lcd4linux problem

[Roger E McClurg]

Hello List,

I'm trying to use the lcd4linux package in Bering uClibc 2.2.2. The 
package loads fine, but when I try to start the daemon I get an error 
"unable to start /usr/sbin/lcd4linux: No such file or directory". I 
checked /usr/sbin and the file (dated Oct 17) is there. The file 
permissions are 755. I tried executing the file directly, but still get a 
not found. The package I used came from the ISO image. I tried downloading 
the lcd4linx.lrp package from the Bering uClibc packages page in case 
there was a newer version. Both had the same result.  Does anyone know 
what's going wrong?

Roger




---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] CF & DOM errors

[Roger E McClurg]

I have a test machine that has a CF.  I can boot from the CF, and access 
it normally, but it gets the following errors:
{DriveReady SeekComplete Error}
{DriveStatus Error}

I have tried a number of different CF brands, but all have the same 
result.

Does anyone have an idea what the problem is?

Best Regards,

Roger McClurg
[EMAIL PROTECTED]



---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering uClibc and GRUB

[Roger E McClurg]

Hi List,

Sorry I bothered you. I finally saw the error and fixed it. uClibC now 
boots properly.

Best Regards,

Roger McClurg
[EMAIL PROTECTED]




---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering uClibc and GRUB

[Roger E McClurg]

Hi List,

I have been running Bering 1.2 from CF using GRUB as a boot loader for a 
while now. I decided to try Bering uClibc 2.2 on the same system.  I tried 
to use the same GRUB configuration for uClibc as I did for 1.2, but that 
did not work. Bering never loaded the RAM drive. I noticed a difference in 
the boot configuration for uClibc when I booted the distribution CD, so I 
tried to incorporate those changes in my grub.conf file. I obviously did 
something wrong as GRUB now gives me this error:

Error 1: Filename must be either an absolute pathname or blocklist

Unfortunately it does not tell me which file it has a problem with.

My grub.conf file looks like this:
color red/blue yellow/blue
root (hd0,0)
timeout 5
default 0

# For booting LEAF
title LEAF Bering uClibc Version 2.2
kernel BOOT_IMAGE=/linux init=/linuxrc rw root=/dev/ram0 
LEAFCFG=/dev/hdc1:msdos \
  syst_size=16M log_size=4M PKGPATH=/dev/hdc1:msdos initrd=initrd.lrp \
 
LRP=root,etc,log,local,modules,keyboard,iptables,shorwall,dnscache,ulogd,weblet
# yes, you need the initrd.lrp line twice, once above, and once here
initrd /initrd.lrp

Is anyone on the list using GRUB with uClibC? If so, can you help me out?
 
Best Regards,

Roger McClurg
[EMAIL PROTECTED]




---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Traffic Shaping

[Roger E McClurg]

I did what I should have in the beginning and read the QOS section of the 
Bering Users Guide (RTFM). As a result I saw that I needed to load the 
modules you specified James. Thanks. 

I loaded all the modules and had a bit more success. The wondershaper 
script still errors out on these lines:

tc class add dev $DEV parent 1:1 classid 1:20 htb rate 
$[9*$UPLINK/10]kbit  burst 6k prio 2
tc class add dev $DEV parent 1:1 classid 1:30 htb rate 
$[8*$UPLINK/10]kbit  burst 6k prio 2

The problem is the rate calculation "$[9*$UPLINK/10]kbit ". TC errors 
with:  Illegal "rate".Since Wondershaper was written for Bash not Ash 
I'm sure the problem is a difference in syntax. Can one of our Ash experts 
can tell me what needs to be changed?

Can anyone else using Wondershaper on Bering give me any tips for adding 
additional ports/protocols to the script?

Thanks
Roger





"James Neave" 
09/02/2004 09:31 AM
 
To: Roger E McClurg/CEG/[EMAIL PROTECTED], 
<[EMAIL PROTECTED]>
cc: 
Subject:RE: [leaf-user] Traffic Shaping


Hi,

Yes, there are lots of modules that you need to load.
They are in /kernel/net/sched.
I can't remember how I found out which ones I needed. Either I loaded
all of them or I used trial and error.

If you look carefully in the script, there is a comment on how to put it
into debug mode, you add an X to one of the very first lines. Can't
remember which though.

If that was helpful, I'll eat my cat.

Regards,

James.

-Original Message-
From: Roger E McClurg [mailto:[EMAIL PROTECTED] 
Sent: 02 September 2004 14:10
To: [EMAIL PROTECTED]
Subject: [leaf-user] Traffic Shaping

I'm trying to setup traffic shaping in Bering 1.2, but I'm running into 
difficulties. I've loaded the tc.lrp package, and the wondershaper htb 
script. When run by Shorewall the script gets errors. In attempting to 
debug the script I entered the commands manually. Even though the
command 
is right out of the Linux Advanced Routing documentation it fails:

  # tc qdisc add dev eth0 root handle 1: htb default 30
   RTNETLINK answers: Invalid argument

Is there an additional package or module needed to make tc work
properly?

Thanks for your help.

Roger



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Traffic Shaping

[Roger E McClurg]

I'm trying to setup traffic shaping in Bering 1.2, but I'm running into 
difficulties. I've loaded the tc.lrp package, and the wondershaper htb 
script. When run by Shorewall the script gets errors. In attempting to 
debug the script I entered the commands manually. Even though the command 
is right out of the Linux Advanced Routing documentation it fails:

  # tc qdisc add dev eth0 root handle 1: htb default 30
   RTNETLINK answers: Invalid argument

Is there an additional package or module needed to make tc work properly?

Thanks for your help.

Roger



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Re: leaf-user digest, Vol 1 #2406 - 5 msgs

[Roger E McClurg]

>Is the firewall blocking rfc1918? Wait a minute, isn't there something
>somewhere that blocks ALL rfc1918 addresses in Shorewall? That norfc
>switch in shorewalls, erm, one of the shorewall files? I know that NTL
>uses many rfc1918 networks, so would shorewall block packets from a DHCP
>server with that address?

Many cable companies use rfc1918 addresses for their DHCP servers. For 
this reason Shorewall has a DHCP parameter in the interfaces file. Just 
add DHCP to the list of parms for your external interface (eth0?) and you 
will be able to access the DHCP server.

Best Regards,

Roger McClurg
[EMAIL PROTECTED]



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] TC for Bering 1.2

[Roger E McClurg]

Hi All,

I was looking to do traffic shaping on Bering 1.2 using tc and Wonder 
Shaper. I'd like to use the htb version. Does anyone know if the tc.lrp 
package for Bering in the shorewall packages list is patched for htb? If 
not, does anyone know where I can get one for Bering 1.2?

Thanks
Roger 


---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] uClibC 2.2.0b4 Problem

[Roger E McClurg]

>The problem is, syslinux seems to read the first part of the 
>syslinux.cfg file which is to tell it to display syslinux.dpy, then 
>default and kernel linux however it doesn't read the rest... ie it 
>doesn't load initrd.lrp, it will then proceed to boot the kernel at 
>which point the kernel will panic and compalin about a missing "root=" 
>command.  This command is contained in syslinux.cfg but it doesn't seem 
>to read it for some reason.

I had this problem with Bering 1.2. After trying a number of versions of 
syslinux, I finally settled on using GRUB. Just attach the CF to a Linux 
using GRUB (I used Redhat), load GRUB onto the CF, and put it back in the 
LEAF machine.

Roger McClurg


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] USB Keyboard

[Roger E McClurg]

>> To: [EMAIL PROTECTED]
>> From: Roger E McClurg <[EMAIL PROTECTED]>
>> Date: Mon, 17 May 2004 16:13:15 -0400
>? Subject: [leaf-user] USB Keyboard
>>
>> Has anyone managed to get a USB keyboard to work with a Bering 1.2
>>machine?
>> I can't seem to find the correct drivers.
>>
>> Roger

>This response is not Bering-centric but it *should* work for Bering also.
>Here's how my modules script loads my needed USB drivers:
>
>---
>usbcore
>usb-ohci
>input
>hid
>keybdev
>---
>
>Above modules were generated by following Kernel build options:
>
>Input core support
>   Input core support --> generates input.o
>   Keyboard support   --> generates keybdev.o
>   Mouse support  --> generates mousedev.o
>
>(mousedev.o for USB mice also works if you need it)
>
>USB Support
>   Support for USB--> generates usbcore.o
>   OHCI ( --> generates usb-ohci.o (HW specific, yours may
>require UHCI)
>   Human Interface device...  --> generates hid.o
>

I was hoping to not have to compile the kernel. Unfortunately both input.o 
and keybdev.o are missing from the Bering 1.2 modules library. Has anyone 
already generated them?

>Other info/findings:
>
>
>I experience repetitive instances of keyed-in characters if I compile all 
of
>the
>above modules into my Kernel. Thus, I had to make do with a script-based
>insmodding
>of USB modules upon startup (LEAF-influence).

I'm a big fan of loadable modules myself.

Roger


---
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] USB Keyboard

[Roger E McClurg]

Has anyone managed to get a USB keyboard to work with a Bering 1.2 machine?
I can't seem to find the correct drivers.

Roger



---
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Shorewall 2.0.2a

[Roger E McClurg]

Tom,
 Is the Shorewall 2.0.2a.lrp package compatible with iptables version 1.2.8
found in Bering 1.2. If the answer is yes, is there anything I should look
out for in upgrading (aside from the upgrade issues on the Shorewall web
site)?

Best Regards,

Roger McClurg
[EMAIL PROTECTED]





This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.





---
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] USB Wireless on Bering

[Roger E McClurg]

Has anyone tried using a USB wireless card with Bering 1.2?

I've got a Linksys WUSB11 v2.6. It uses the AT76C5XX ATMEL drivers. If
anyone has compiled these drivers for Bering I'd appreciate hearing from
you.

Roger




---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Thanks

[Roger E McClurg]

Charles,

I never got around to thanking you for your help over the years, and for 
your contribution to LEAF. I cut my teeth on Dachstein and Eigerstein. I 
used them on a quite a few different platforms, and I learned a lot along 
the way. I appreciate everything you have done, and thought it was high 
time I said so.

Roger




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering 1.2 Throughput Test Results

[Roger E McClurg]

Charles,

I did the test with the converted Bering-Contivity yesterday. I ran the 
VPN as AES then changed to 3DES and ran it again. AES was 6% slower. Any 
ideas why this would be the case?

Best Regards,

Roger McClurg
[EMAIL PROTECTED]




This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. NOTE: Regardless of content, this e-mail shall not operate to 
bind CSC to any order or other contract unless pursuant to explicit 
written agreement or government initiative expressly permitting the use of 
e-mail for such purpose.






Charles Steinkuehler 
04/13/2004 04:13 PM
 
To: Roger E McClurg/CEG/[EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject:Re: [leaf-user] Bering 1.2 Throughput Test Results


Roger E McClurg wrote:

> The next test was to FTP from the PC connected to the OpenBrick E to the 

> PC connected to a 500 Mhz P III running Bering 1.2.  The transfer rate 
was 
> only 12.67 Mb/sec.  The 3DES IPSEC encryption was certainly taking it's 
> toll. 
> 
> Next we replaced both Bering machines with Nortel Contivity 1500 VPN 
> devices. The Contivity is a popular VPN concentrator for small branch 
> offices. It was designed specifically for the purpose of a VPN 
> concentrator. Imagine our surprise when the Contivity transfer rate was 
> only 4.45 Mb/sec. The Bering boxes were running weblet, shorewall, 
> dnscache, dhcpd, ssh, sshd, sftp, snmp, and snmpd in addition to IPSEC, 
> and yet they were almost three times faster than commercial VPN 
> concentrators. 

If you want to have a bit more fun, switch your IPSec links to the new 
AES (ipsec_aes.o) encryption algorithm.  Designed to be more friendly to 
modern CPU's with wide registers and SIMD (Single Instruction Multiple 
Data) instruction sets (3DES is optimized for hardware, and doesn't 
translate nicely into a byte/word oriented general-purpose CPU 
algorithm), you should see a substantial increase in your transfer rates.

3DES is usually not much of a bottleneck (even with the 'slow' Nortel 
devices), as usually the upstream WAN link is substantially slower than 
the potential CPU throughput when compressing, but if you've got fast 
pipes, you'll notice a drastic difference by choosing an alternate 
encryption scheme.

-- 
Charles Steinkuehler
[EMAIL PROTECTED]





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering 1.2 Throughput Test Results

[Roger E McClurg]

Troy,

It's not a dumb question. I just figured it out myself. In the connection 
defaults, or in the specific connection you want to use aes, just add 
esp=aes. Of course the ipsec-aes.o module must be loaded. 

Roger





Troy Aden 
04/14/2004 10:13 AM
 
To: Roger E McClurg/CEG/[EMAIL PROTECTED], Charles Steinkuehler 
<[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject:RE: [leaf-user] Bering 1.2 Throughput Test Results


I am sure this question is a silly one but here it goes.
How do I go about changing the Encryption algorithm in Freeswan IPSec?
I am using Bering Uclibc 2.0. I am using FreeSwan IPSec with PSK's for my
connections. I did not see anything in the procedures for changing the
encryption algorithms that this package uses. I am assuming that I would 
add
the module (ipsec_aes.o) to /lib/modules/. But can anyone please tell me 
the
command that I need to put in the IPSec config file to tell it 
specifically
what algorithm to use? 

Thanks in advance!

Troy

Here is what my config looks like:

config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls:  "none" for (almost) none, "all" for 
lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup
actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes



# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# RSA authentication with keys from DNS.
authby=secret
right=132.125.107.155
rightsubnet=192.168.55.0/16
rightnexthop=132.125.107.254
pfs=yes

conn block
auto=ignore

conn private
auto=ignore

conn private-or-clear
auto=ignore

conn clear
auto=ignore

conn packetdefault
auto=ignore

conn troy
left=139.145.45.166
leftsubnet=10.10.65.0/24
leftnexthop=139.145.45.129
auto=start

Here is what comes up when I start a connection:

ipsec whack --initiate --name test
002 "troy" #152: initiating Main Mode
104 "troy" #152: STATE_MAIN_I1: initiate
106 "troy" #152: STATE_MAIN_I2: sent MI2, expecting MR2
108 "troy" #152: STATE_MAIN_I3: sent MI3, expecting MR3
002 "troy" #152: Main mode peer ID is ID_IPV4_ADDR: '139.145.45.166'
002 "troy" #152: ISAKMP SA established
004 "troy" #152: STATE_MAIN_I4: ISAKMP SA established
002 "troy" #153: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK
117 "troy" #153: STATE_QUICK_I1: initiate
002 "troy" #153: sent QI2, IPsec SA established
004 "troy" #153: STATE_QUICK_I2: sent QI2, IPsec SA established

-Original Message-
From: Roger E McClurg [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 7:13 AM
To: Charles Steinkuehler
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Bering 1.2 Throughput Test Results

My apologies. I should have looked before I asked. It is in the Bering
modules, right where it should be.

Roger

-=-=-=--=-=-=-=-=-=-=-=
Charles,

I'd love to run the tests. Where can I find the ipsec_aes.o module for
Bering 1.2?

Roger





Charles Steinkuehler 
04/13/2004 04:13 PM

To: Roger E McClurg/CEG/[EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject:Re: [leaf-user] Bering 1.2 Throughput Test Results


Roger E McClurg wrote:

> The next test was to FTP from the PC connected to the OpenBrick E to the

> PC connected to a 500 Mhz P III running Bering 1.2.  The transfer rate
was
> only 12.67 Mb/sec.  The 3DES IPSEC encryption was certainly taking it's
> toll.
>
> Next we replaced both Bering machines with Nortel Contivity 1500 VPN
> devices. The Contivity is a popular VPN concentrator for small branch
> offices. It was designed specifically for the purpose of a VPN
> concentrator. Imagine our surprise when the Contivity transfer rate was
> only 4.45 Mb/sec. The Bering boxes were running weblet, shorewall,
> dnscache, dhcpd, ssh, sshd, sftp, snmp, and snmpd in addition to IPSEC,
> and yet they were almost three times faster than commercial VPN
> concentrators.

If you want to have a bit more fun, switch your IPSec links to the new
AES (ipsec_aes.o) encryption algorithm.  Designed to be more friendly to
modern CPU's with wide registers and SIMD (Single Instruction Multiple
Data) instruction sets (3DES is optimized for hardware, and doesn't
translate nicely into a byte/word oriented general-purpose CPU
algorithm), you should see a substantial increase in your transfer rate

Re: [leaf-user] Bering 1.2 Throughput Test Results

[Roger E McClurg]

My apologies. I should have looked before I asked. It is in the Bering 
modules, right where it should be.

Roger

-=-=-=--=-=-=-=-=-=-=-=
Charles,

I'd love to run the tests. Where can I find the ipsec_aes.o module for 
Bering 1.2?

Roger





Charles Steinkuehler 
04/13/2004 04:13 PM
 
To: Roger E McClurg/CEG/[EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject:Re: [leaf-user] Bering 1.2 Throughput Test Results


Roger E McClurg wrote:

> The next test was to FTP from the PC connected to the OpenBrick E to the 

> PC connected to a 500 Mhz P III running Bering 1.2.  The transfer rate 
was 
> only 12.67 Mb/sec.  The 3DES IPSEC encryption was certainly taking it's 
> toll. 
> 
> Next we replaced both Bering machines with Nortel Contivity 1500 VPN 
> devices. The Contivity is a popular VPN concentrator for small branch 
> offices. It was designed specifically for the purpose of a VPN 
> concentrator. Imagine our surprise when the Contivity transfer rate was 
> only 4.45 Mb/sec. The Bering boxes were running weblet, shorewall, 
> dnscache, dhcpd, ssh, sshd, sftp, snmp, and snmpd in addition to IPSEC, 
> and yet they were almost three times faster than commercial VPN 
> concentrators. 

If you want to have a bit more fun, switch your IPSec links to the new 
AES (ipsec_aes.o) encryption algorithm.  Designed to be more friendly to 
modern CPU's with wide registers and SIMD (Single Instruction Multiple 
Data) instruction sets (3DES is optimized for hardware, and doesn't 
translate nicely into a byte/word oriented general-purpose CPU 
algorithm), you should see a substantial increase in your transfer rates.

3DES is usually not much of a bottleneck (even with the 'slow' Nortel 
devices), as usually the upstream WAN link is substantially slower than 
the potential CPU throughput when compressing, but if you've got fast 
pipes, you'll notice a drastic difference by choosing an alternate 
encryption scheme.

-- 
Charles Steinkuehler
[EMAIL PROTECTED]





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering 1.2 Throughput Test Results

[Roger E McClurg]

Charles,

I'd love to run the tests. Where can I find the ipsec_aes.o module for 
Bering 1.2?

Roger





Charles Steinkuehler 
04/13/2004 04:13 PM
 
To: Roger E McClurg/CEG/[EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject:Re: [leaf-user] Bering 1.2 Throughput Test Results


Roger E McClurg wrote:

> The next test was to FTP from the PC connected to the OpenBrick E to the 

> PC connected to a 500 Mhz P III running Bering 1.2.  The transfer rate 
was 
> only 12.67 Mb/sec.  The 3DES IPSEC encryption was certainly taking it's 
> toll. 
> 
> Next we replaced both Bering machines with Nortel Contivity 1500 VPN 
> devices. The Contivity is a popular VPN concentrator for small branch 
> offices. It was designed specifically for the purpose of a VPN 
> concentrator. Imagine our surprise when the Contivity transfer rate was 
> only 4.45 Mb/sec. The Bering boxes were running weblet, shorewall, 
> dnscache, dhcpd, ssh, sshd, sftp, snmp, and snmpd in addition to IPSEC, 
> and yet they were almost three times faster than commercial VPN 
> concentrators. 

If you want to have a bit more fun, switch your IPSec links to the new 
AES (ipsec_aes.o) encryption algorithm.  Designed to be more friendly to 
modern CPU's with wide registers and SIMD (Single Instruction Multiple 
Data) instruction sets (3DES is optimized for hardware, and doesn't 
translate nicely into a byte/word oriented general-purpose CPU 
algorithm), you should see a substantial increase in your transfer rates.

3DES is usually not much of a bottleneck (even with the 'slow' Nortel 
devices), as usually the upstream WAN link is substantially slower than 
the potential CPU throughput when compressing, but if you've got fast 
pipes, you'll notice a drastic difference by choosing an alternate 
encryption scheme.

-- 
Charles Steinkuehler
[EMAIL PROTECTED]





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering 1.2 Throughput Test Results

[Roger E McClurg]

I thought the group might be interested in the results of some throughput 
testing we conducted recently. The purpose of the tests was to determine 
the relative performance of the OpenBrick E platform as a Bering 1.2 
VPN/router. The results were very interesting.

The test process was to FTP a 600Mb binary file between two identical PCs. 
The PCs were on 100Mb LANs connected via the Bering 1.2 VPNs .  Before we 
did the VPN tests, we benchmarked the PCs on the same LAN  so we could get 
an idea of the maximum throughput speed. The PCs transferred the file at 
78.85 Mb/sec. 

The next test was to FTP from the PC connected to the OpenBrick E to the 
PC connected to a 500 Mhz P III running Bering 1.2.  The transfer rate was 
only 12.67 Mb/sec.  The 3DES IPSEC encryption was certainly taking it's 
toll. 

Next we replaced both Bering machines with Nortel Contivity 1500 VPN 
devices. The Contivity is a popular VPN concentrator for small branch 
offices. It was designed specifically for the purpose of a VPN 
concentrator. Imagine our surprise when the Contivity transfer rate was 
only 4.45 Mb/sec. The Bering boxes were running weblet, shorewall, 
dnscache, dhcpd, ssh, sshd, sftp, snmp, and snmpd in addition to IPSEC, 
and yet they were almost three times faster than commercial VPN 
concentrators. 

We recently pulled off the covers from a dead Contivity and found a 
complete PC with a 400 Mhz Celeron processor. Not wanting any usable 
hardware to go to waste, we put in a new (actually an old used) hard disk 
and made the Contivity into a Bering 1.2 VPN concentrator. We then used 
this Contivity in place of the OpenBrick E and ran the first VPN test 
again. This time the throughput was clocked at 13.11 Mb/sec!  Wow! A 
Nortel Contivity converted to Bering 1.2 runs almost 3 times faster than 
one running Nortel software.  It was also slightly faster than the Open 
Brick E with it's little 533 Mhz Via processor. 

I didn't try an unmodified Contivity to the Bering P III. It might be an 
interesting test to try. Maybe later.

Here is a schematic of the tests/results:
PC 
-PC 
  78.85 Mb/sec
PC--OpenBrickP III---PC 
12.67 Mb/sec
PC--ContivityContivity---PC 
4.45 Mb/sec
PC--Bering Contivity-P III---PC 
13.11 Mb/sec

If anyone else has done any benchmarking, I'd like to hear about it. 

My hat is off to the LEAF developers. You have put together one impressive 
collection of software.

Roger


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Open Brick E

[Roger E McClurg]

Bao,

I've tried Lexar and SanDisk. I've tried both DOS and LEAF boot images on 
each of the CFs. I've used both Linux and DOS fdisk programs. I've tried 
every combination imaginable, and in all cases the boot terminates at 
"Verifying DMI Data Pool". Do you have any ideas?

Roger





leaf-user-request
@lists.sourceforge.net
Sent by: leaf-user-admin
04/07/2004 11:03 PM
Please respond to leaf-user
 
To: [EMAIL PROTECTED]
cc: 
Subject:leaf-user digest, Vol 1 #2233 - 3 msgs


Date: Wed, 7 Apr 2004 21:18:45 -0400
From: "Bao C. Ha" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Open Brick E

On Wed, Apr 07, 2004 at 07:47:43PM -0400, Roger E McClurg wrote:

Hi Roger,

> Is anyone running LEAF on the OpenBrick E hardware with compact flash? 
If 
> so, can you please tell me what brand you are using?

Lexar seems to be the best. We do use other brands occasionally.

Bao
-- 
Best Regards.
Bao C. Ha
Hacom OpenBrick Distributor USA http://www.hacom.net
voice: (714) 530-8817 fax: (714) 530-8818
8D66 6672 7A9B 6879 85CD 42E0 9F6C 7908 ED95 6B38






---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Open Brick E

[Roger E McClurg]

Is anyone running LEAF on the OpenBrick E hardware with compact flash? If 
so, can you please tell me what brand you are using?

Roger



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] HDPARM

[Roger E McClurg]

I created an hdparm.lrp package for Bering 1.2. It uses the 5.2 version of 
hdparm from RedHat 9.0. The package includes a script called spindown. 
Spindown will automatically put the HD into standby mode (hdparm -y) at 
the end of the boot process.  I can send it to anyone interested, but if 
the developers think it is useful maybe one of them will agree to put it 
up on Sourceforge.

Roger



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] SCP

[Roger E McClurg]

Erich,

I found the answer. It is not in sshd 3.5p1 but it is in sshd 3.7.1p2. 
Thanks for the help.

Roger






Erich Titl 
04/07/2004 10:41 AM
 
To: Roger E McClurg/CEG/[EMAIL PROTECTED], 
[EMAIL PROTECTED]
cc: 
Subject:Re: [leaf-user] SCP


Roger

At 09:03 07.04.2004 -0400, Roger E McClurg wrote:
>I'm using Bering 1.2 with SSH (OpenSSH_3.5p1,) and SSHD. Problem is that 
>SCP is missing. Does anyone know what happened to SCP in the SSH package? 


For some unknown reason scp is in sshd.lrp

cheers
Erich

THINK 
Püntenstrasse 39 
8143 Stallikon 
mailto:[EMAIL PROTECTED] 
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16






---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] SCP

[Roger E McClurg]

I'm using Bering 1.2 with SSH (OpenSSH_3.5p1,) and SSHD. Problem is that 
SCP is missing. Does anyone know what happened to SCP in the SSH package? 

Roger



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Re: leaf-user digest, Vol 1 #2225 - 7 msgs

[Roger E McClurg]

Date: Thu, 1 Apr 2004 17:33:47 +0700
From: "Thitiporn Pornpirunrak" <[EMAIL PROTECTED]>
To: "LeafUser" <[EMAIL PROTECTED]>
Subject: [leaf-user] How To Mount USB Flash Drive on Bering Stable 1.0??

Hi.. all
I am wondering that how to mount usb drive on bering box..
I have an usb drive and would like to use it for backup data..
I read and understand that I need to add new module..

What module I need to use and how to do that..

Thanx..
--__--__--__--__--__--__--__--__--__--__--__--__--__--__--__--__--

I just added the ability to use USB pen drives on my machine. It is very
easy.
Here is a snip from my modules.conf

#
# SCSI support needed for USB Drives
sd-mod
#
# USB support
# do not forget to mount none /proc/bus/usb -t usbdevfs
usbcore
usb-uhci
usb-storage
#

The usb-uhci module may not be correct for your machine. If it does not
work then try usb-ohci in its place.

Good luck.

Roger



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering on CF

[Roger E McClurg]

Hi All,

I know there was a lot of activity around Bering on Compact Flash a while
back. Did anyone document the process? I can't seem to get syslinux to work
on mine.

Thanks,
Roger



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Sending mail from a script

[Roger E McClurg]

I wish to thank everyone who replied so promptly to my message. I 
appreciate all the help. I knew this had to be simple, but I was having a 
brain freeze. With you help I was able to get the script running in 2 
minutes.

Thanks again to all.

Best Regards,

Roger McClurg
[EMAIL PROTECTED]




This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. NOTE: Regardless of content, this e-mail shall not operate to 
bind CSC to any order or other contract unless pursuant to explicit 
written agreement or government initiative expressly permitting the use of 
e-mail for such purpose.






Charles Steinkuehler 
03/22/2004 05:01 PM
 
To: Roger E McClurg/CEG/[EMAIL PROTECTED]
cc: leaf <[EMAIL PROTECTED]>
Subject:Re: [leaf-user] Sending mail from a script


Roger E McClurg wrote:
> I know that mail messages are normally terminated with a control-d. Can 
> someone please tell me how to end a mail message when it is sent from a 
> script file in Bering?  I know it is a simple trick, but for the life of 

> me I cant remember it.

control-d is the keyboard equivelent for "end-of-file".  You can simply 
pipe something to (or otherwise redirect the input of) the mail command, 
which will correctly identify the end of file, ie:

echo "hello world" | mail -s test [EMAIL PROTECTED]

-or-

mail -s test [EMAIL PROTECTED] http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] LMSENSORS

[Roger E McClurg]

Does anyone know of a lmsensors package for Bering?

Roger





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Sending mail from a script

[Roger E McClurg]

I know that mail messages are normally terminated with a control-d. Can 
someone please tell me how to end a mail message when it is sent from a 
script file in Bering?  I know it is a simple trick, but for the life of 
me I cant remember it.

Roger





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] APKG

[Roger E McClurg]

Does anyone know what ever happened to apkg? It is a replacement for lrpkg 
that has a lot of very nice features including being able to remove a 
package from a running system.  The last version of apkg I know of is 
dated 10/2000 and it ran under Dachstein. 

Best Regards,

Roger McClurg
[EMAIL PROTECTED]




This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. NOTE: Regardless of content, this e-mail shall not operate to 
bind CSC to any order or other contract unless pursuant to explicit 
written agreement or government initiative expressly permitting the use of 
e-mail for such purpose.




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] USB Pen Drive

[Roger E McClurg]

Eric,

You were right! I installed sd-mod and everything worked. Thanks for the 
help. 

Best Regards,

Roger 






Erich Titl 
03/09/2004 12:23 PM
 
To: Roger E McClurg/CEG/[EMAIL PROTECTED], 
[EMAIL PROTECTED]
cc: 
Subject:Re: [leaf-user] USB Pen Drive


Roger

At 16:07 09.03.2004, you wrote:
>Greetings All,
>
>I've been trying to configure a Bering 1.2 system to accept my Lexar
>Jumpdrive (USB pen drive).  I loaded the USB modules as well as scsi-mod.
>I tested with both usb-ohci and usb-uhci. Usb-uhci seems to work. I
>mounted /proc/bus/usb and the devices file shows the Lexar Jumpdrive.
>Everything looks OK in the logs, except no SCSI device is assigned. When 
I
>try to mount the drive with  "mount -t vfat /dev/sda1 /usb", I get:
>"mount: Mounting /dev/sda1 on /usb failed: Device not configured".

You probably miss sd_mod, here is what my lsmod shows:

Module PagesUsed by
ipsec_aes  32376  12
ipsec 256960   2 [ipsec_aes]
sd_mod  9900   0
usb-storage55248   0
scsi_mod   51864   2 [sd_mod usb-storage]
usb-ohci   17656   0 (unused)
usbcore55616   1 [usb-storage usb-ohci]
ip_nat_irc  2176   0 (unused)
ip_nat_ftp  2784   0 (unused)
ip_conntrack_irc2880   1
ip_conntrack_ftp3648   1
3c59x  25104   0
e1000  47632   1
eepro100   17892   1
mii 2092   0 [eepro100]
isofs  17032   0 (unused)
ide-disk9304   0
ide-probe-mod   8476   0
ide-cd 26956   0
ide-mod63076   0 [ide-disk ide-probe-mod ide-cd]
cdrom  26816   0 [ide-cd]

here are the necessary entries in /etc/modules

#
# USB support
# do not forget to mount none /proc/bus/usb -t usbdevfs
usbcore
#usb-uhci
# .. or ..
usb-ohci

#
# usb disk support
#
scsi_mod
usb-storage
sd_mod

I was about to write a micro-howto, but time flies

HTH

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16






---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] USB Pen Drive

[Roger E McClurg]

Greetings All,

I've been trying to configure a Bering 1.2 system to accept my Lexar 
Jumpdrive (USB pen drive).  I loaded the USB modules as well as scsi-mod. 
I tested with both usb-ohci and usb-uhci. Usb-uhci seems to work. I 
mounted /proc/bus/usb and the devices file shows the Lexar Jumpdrive. 
Everything looks OK in the logs, except no SCSI device is assigned. When I 
try to mount the drive with  "mount -t vfat /dev/sda1 /usb", I get: 
"mount: Mounting /dev/sda1 on /usb failed: Device not configured". 

I considered that there might be a hardware incompatibility with the 
computer and the USB drive, so just for grins I mounted a hard drive 
containing Redhat 8 to the Bering PC. Redhat recognized the USB drive and 
let me mount and access the USB drive. 

I have read every scrap of info I can get on Linux and USB, followed all 
the recommendations, and still no dice. I'd appreciate any help I can get 
from the list on this one.

Roger

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
   /etc/modules
#
# USB support
# do not forget to mount none /proc/bus/usb -t usbdevfs
usbcore
usb-uhci
scsi-mod
ide-scsi
usb-storage
vfat

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
lsmod

Module PagesUsed by
ipsec 256960   2
vfat9180   1
usb-storage55248   0 (unused)
ide-scsi7528   0
scsi-mod   51864   2 [usb-storage ide-scsi]
usb-uhci   21376   0 (unused)
usbcore55616   1 [usb-storage usb-uhci]
ip_nat_ftp  2784   0 (unused)
ip_conntrack_ftp3648   1
eepro100   17892   2
mii 2092   0 [eepro100]
pci-scan3532   0 (unused)
ide-probe-mod   8476   0
ide-disk9304   0
ide-mod63076   0 [ide-scsi ide-probe-mod ide-disk]

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
   cat /proc/bus/usb/devices

T:  Bus=01 Lev=00 Prnt=00 Port=00 Cnt=00 Dev#=  1 Spd=12  MxCh= 2
B:  Alloc=  0/900 us ( 0%), #Int=  0, #Iso=  0
D:  Ver= 1.00 Cls=09(hub  ) Sub=00 Prot=00 MxPS= 8 #Cfgs=  1
P:  Vendor= ProdID= Rev= 0.00
S:  Product=USB UHCI Root Hub
S:  SerialNumber=1020
C:* #Ifs= 1 Cfg#= 1 Atr=40 MxPwr=  0mA
I:  If#= 0 Alt= 0 #EPs= 1 Cls=09(hub  ) Sub=00 Prot=00 Driver=hub
E:  Ad=81(I) Atr=03(Int.) MxPS=   8 Ivl=255ms
T:  Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#=  2 Spd=12  MxCh= 0
D:  Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
P:  Vendor=05dc ProdID=0200 Rev= 0.00
S:  Manufacturer=LEXAR   MEDIA 
S:  Product=JUMPDRIVE PRO 
S:  SerialNumber=G449331417090315AA 
C:* #Ifs= 1 Cfg#= 1 Atr=80 MxPwr=200mA
I:  If#= 0 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage
E:  Ad=81(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  /var/log/messages

Mar 7 20:22:30 boris kernel: usb.c: registered new driver usbdevfs 
Mar 7 20:22:30 boris kernel: usb.c: registered new driver hub 
Mar 7 20:22:30 boris kernel: usb-uhci.c: $Revision: 1.275 $ time 19:02:19 
May 11 2003 
Mar 7 20:22:30 boris kernel: usb-uhci.c: High bandwidth mode enabled 
Mar 7 20:22:30 boris kernel: PCI: Found IRQ 9 for device 00:07.2 
Mar 7 20:22:30 boris kernel: PCI: Sharing IRQ 9 with 00:06.0 
Mar 7 20:22:30 boris kernel: usb-uhci.c: USB UHCI at I/O 0x1020, IRQ 9 
Mar 7 20:22:30 boris kernel: u
sb.c: new USB bus registered, assigned bus number 1 
Mar 7 20:22:30 boris kernel: hub.c: USB hub found 
Mar 7 20:22:30 boris kernel: hub.c: 2 ports detected 
Mar 7 20:22:30 boris kernel: usb-uhci.c: v1.275:USB Universal Host 
Controller Interface driver 
Mar 7 20:22:30 boris kernel: SCSI subsystem driver Revision: 1.00 
Mar 7 20:22:30 boris kernel: scsi0 : SCSI host adapter emulation for IDE 
ATAPI devices 
Mar 7 20:22:31 boris kernel: Initializing USB Mass Storage driver... 
Mar 7 20:22:31 boris kernel: usb.c: registered new driver usb-storage 
Mar 7 20:22:31 boris kernel: USB Mass Storage support registered. 
Mar 7 20:22:31 boris kernel: hub.c: new USB device 00:07.2-2, assigned 
address 2 
Mar 7 20:22:32 boris kernel: scsi1 : SCSI emulation for USB Mass Storage 
devices 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# mount -t vfat /dev/sda1 /usb
mount: Mounting /dev/sda1 on /usb failed: Device not configured



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] LEAF DNAT Problem

[Roger E McClurg]

Hi All,

I've been trying to debug a problem with DNAT on the a Bering 1.2 
VPN/Firewall. I originally tried this with H323, but as few people have 
any experience with H323, I tried FTP as both use ip_conntrack modules. 
Getting the same results with both of them, I then tried HTTP which does 
not need a separate ip_conntrack module.. 

I'm not changing port numbers, just passing the native port straight 
through. The DNAT rule is coded  just as the Shorewall documentation says: 

 DNAT net  loc:192.153.64.209 ftp,http,1720,1503
 
In all cases I can connect to the server from clients on the local LAN 
(eth1) and from clients on the VPN (ipsec0). Clients on the same LAN as 
the external inteface (eth0) cannot connect. 

I put sniffers on both interfaces of the firewall, and see packets moving 
in and out as they should. The address translation seems to be working. 
However the results are always the same with every connection type:
 A SYN comes in from the Client, 
 an ACK is sent back from the server,
  then the client sends an RST

Does anyone know what I can be doing wrong that will cause this to happen?


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] LEAF DNAT Problem

[Roger E McClurg]

Tom,

The server can access the Internet and the clients just fine.  The gateway 
is the inside interface of the firewall.

Best Regards,

Roger McClurg
[EMAIL PROTECTED]




This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. NOTE: Regardless of content, this e-mail shall not operate to 
bind CSC to any order or other contract unless pursuant to explicit 
written agreement or government initiative expressly permitting the use of 
e-mail for such purpose.






Tom Eastep 
02/26/2004 05:12 PM
 
To: Roger E McClurg <[EMAIL PROTECTED]>, 
[EMAIL PROTECTED]
cc: 
Subject:Re: [leaf-user] LEAF DNAT Problem


On Thursday 26 February 2004 01:46 pm, Roger E McClurg wrote:
> Hi All,
>
> I've been trying to debug a problem with DNAT on the a Bering 1.2
> VPN/Firewall. I originally tried this with H323, but as few people have
> any experience with H323, I tried FTP as both use ip_conntrack modules.
> Getting the same results with both of them, I then tried HTTP which does
> not need a separate ip_conntrack module..
>
> I'm not changing port numbers, just passing the native port straight
> through. The DNAT rule is coded  just as the Shorewall documentation 
says:
>
>  DNAT net  loc:192.153.64.209 ftp,http,1720,1503
>
> In all cases I can connect to the server from clients on the local LAN
> (eth1) and from clients on the VPN (ipsec0). Clients on the same LAN as
> the external inteface (eth0) cannot connect.
>
> I put sniffers on both interfaces of the firewall, and see packets 
moving
> in and out as they should. The address translation seems to be working.
> However the results are always the same with every connection type:
>  A SYN comes in from the Client,
>  an ACK is sent back from the server,
>   then the client sends an RST
>
> Does anyone know what I can be doing wrong that will cause this to 
happen?

Usually means that the server has the wrong gateway address.

-Tom
-- 
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]






---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] H.323 problem

[Roger E McClurg]

Hi All,

I have a Bering 1.2 system that I trying to use with Netmeeting (H.323). I 
have the  ip_conntrack_h323 and ip_nat_h323 modules loaded, and TCP port 
1720 open in Shorewall from the internet to the local net. I try to 
connect to another PC on the same lan segment as my eth0, but no luck.  I 
get the following error repeated:
H.323_NAT: partial packet 0/6 in 0/0

I know that I'm missing something obvious, but don't know what. Can anyone 
help?



This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. NOTE: Regardless of content, this e-mail shall not operate to 
bind CSC to any order or other contract unless pursuant to explicit 
written agreement or government initiative expressly permitting the use of 
e-mail for such purpose.




---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Re: leaf-user digest, Vol 1 #2165 - 16 msgs

[Roger E McClurg]

>Question: What would be the best VPN package to use ?
>CIPE, IPSEC, something else ??? 
I recommend IPSEC. It is secure and easily managed. I have been running 
numerous IPSEC VPNs from LEAF boxes for years with no problem. These VPNs 
are not just Bering-Bering but also to Cisco and Nortel VPN concentrators, 
Cisco routers, and Check Point firewalls.

>Also - We are "considering" using IP Telephony to tie together the
>phone systems. 

I have an IP phone in my home office running over an IPSEC tunnel 
(Bering-Bering) that runs with absolutely no problem. Even heavy traffic 
loads on the VPN do not cause voice problems.

>The phone vendor recommends getting a
>managed VPN from some provider to ensure quality phone conversations,
>I guess by maintaining and managing the bandwidth between the
>endpoints ... but I am not sure.  If we opt for this option, does it take
>the place of the VPN, so that the provider is doing the VPN part ?
>Any interoperable issues with this setup with Bering ?

If you plan on using Bering on one end why would you use a managed service 
on the other? With a managed service both ends typically managed by the 
same provider. The managed service option is in theory worry free. Many 
corporations use them. A lot of long distance providers offer managed VPNs 
along with their service. You might want to check with your company's LD 
carrier. 

Personally I'd opt for Bering. It is inexpensive and easily managed. If 
you have a Linux server available you can use SNMP to collect data from 
the VPN end points and display the information on a web page. I have 
configured such a server and monitor many VPNs from a single page. All of 
the VPN information (including configuration info) is available to me from 
a modified version of Weblet. I secure everything by passing all 
management traffic through it's own VPN tunnel. If you are interested in 
how it's done just let me know. 
--
Roger McClurg 



Best Regards,

Roger McClurg
[EMAIL PROTECTED]


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering and MRTG [faked-from][sls]

[Roger E McClurg]

I use the netsnmp packages from Charles Steinkuehler's Dachstein CD. They 
work just fine under Bering 1.2. You can find the packages here: 

netsnmpd.lrp : 
http://leaf-project.org/devel/cstein/files/diskimages/dachstein-CD/CD-Contents/netsnmpd.lrp

netsnmpu.lrp : 
http://leaf-project.org/devel/cstein/files/diskimages/dachstein-CD/CD-Contents/netsnmpu.lrp

Best Regards,

Roger McClurg
---
Subject: RE: [leaf-user] Bering and MRTG [faked-from][sls]
From: Ronny Aasen <[EMAIL PROTECTED]>
To: leaf <[EMAIL PROTECTED]>
Organization: 
Date: 11 Sep 2003 14:13:58 +0200

On Wed, 2003-09-10 at 22:13, Charles Holbrook wrote:
> Packages are listed on leaf.sourceforge.net under the Bering-uClibc 1.x
> downloads.  As far as configuring the snmpd.conf file you COULD use it
> straight out of the box with no modifications and it would work.  There
> is a single tweak that you might want to do to allow a more "robust"
> walk of the snmp tree.  Trace back your community name through the
> groups to it's persmissions, change that from system to .1 and that will
> allow you to walk all of the tree without having to specify anything in
> the snmpwalk command.  I would however suggest making one change to the
> conf script and that is for the community name.

the snmp package in the tarballs on leaf.sf.net.
Is any of those compatible with regular Bering 1.2 (glibc)


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering lost it's NICs

[Roger E McClurg]

It happened to me again this weekend. This time on the new PC. Just as in 
Francois' case the default route changed. In my case it went from eth0 
(connected to a cable modem) to ipsec0.  There has to be some explanation 
for this behavior, and a way to keep it from happening.

Best Regards,

Roger McClurg


Reply-To: <[EMAIL PROTECTED]>
From: "Francois BERGERET" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: RE: [leaf-user] Bering lost it's NICs
Date: Sat, 13 Sep 2003 21:38:26 +0200

Dear Leaf Users and developpers,

Always searching how to resolve this problem...
We are several to have it and not read any solution to correct it.
For now, I can say that when this problem occures, the "manual" solution, 
excepting a complete reboot of my Soekris/Bering card, is
to delete the default route, which have switched curiously from ppp0 to 
ipsec0, and to add a new default route assigning ppp0 again
! And Bering works again, always alive !

So, how can I do that automaticaly ?
May be this occures with a little drop of my IPS link ?
If yes, just to survey the up/down of ppp0 and del/add default route 
systematicaly when ppp0 is up again could resolve this ?
But, to do that correctly, how to assign the IP address of mu ISP gateway 
which is not always the same at each PPPoE connection ? I
have tempt an idiot command with %defaultroute, but, this variable seems 
to be not authorized at this place...
What could be the correct solution ?

Any idea guys ?

Best Regards,
Francois BERGERET,
France.



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering and MRTG

[Roger E McClurg]

Stephen,

MRTG and Bering 1.2 work great together. I monitor a number of Bering 
VPN/Routers with MRTG. It is simple. If you load both the netsnmpd 
(daemon)and netsnmpu (client) packages you can test your snmp at the 
Bering console. Snmpd.conf does not need much modification. Just make sure 
you have a community name that will let you have access to everything you 
want snmp to see. See my snippet from snmpd.conf below which allows snmp 
to access everything defined in the mib:
#
#
# community configuration
#
# commName  readV   writeV
#
community publicxmini   -
community "your community name" all all


Verify that you can do an snmpwalk and get the data on the Bering box. 
Once you can see the snmp data locally it's time to put MRTG to work. 
Point MRTG at your Bering box with the correct community name and it will 
be able to report on all network adapters including virtual adapters like 
ipsec0.

Roger

>From: "Stephen Pritchard" <[EMAIL PROTECTED]>
>Reply-to: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Date: Tue, 9 Sep 2003 03:09:21 +1200
>Subject: [leaf-user] Bering and MRTG
>
>I would like to use our Linux based MRTG system to monitor the network
>traffic on a seperate LEAF Bering 1.2 system. I have looked at converting
>it to Bering culibc and using the snmpd package. Unfortunatley I cannot
>figure out how to configure the snmp daemons.
>
>Does any one have either some example Bering snmp configurations for
>monitor network traffic? or does anyone know another way of setting up 
MRTG
>to monitor the Bering system?.
>
>Thanks
>
>-Stephen



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering lost it's NICs

[Roger E McClurg]

I reported this same problem some months ago. I used Dachstein for a year 
with no problem. As soon as I changed over to Bering 1.2 the internal NIC 
would cease responding after it got any kind of a load. Transferring a 1 
meg file would do it. No one on the list seemed to have the problem except 
me. 

It looks like the problem is in the Bering drivers for the particular 
NICs. The NIC that had the problem for me was a 3Com 3C509. I tried 
downloading the drivers from the Bering site again just to be sure I 
didn't have a corrupted driver (Yep, I made sure they were for the same 
kernel). No matter the driver I had the exact same problem. 

I didn't have the time keep slogging at the problem, so I went back to 
Dachstein and the problem went away. Eventually I loaded Bering on a 
different computer with newer NICs and had no problems at all.

Roger

>To: [EMAIL PROTECTED]
>Subject: RE: [leaf-user] Bering lost it's NICs
>From: "J. James" <[EMAIL PROTECTED]>
>Date: Tue, 02 Sep 2003 09:44:23 +0300
>
>Hi
>
>It's nice to see someone else also having the same problem... I'm sorry: 
I 
>just read about a pop star visiting a local jail and the first thing he 
>said to the audience was "nice to see so many of you here today"  ;-)
>
>> I have the same problem from Bering V1.1 and now Bering V1.2.
>> All nics ok except eth0 with PPPoE providers, on two differents boxes
>> ...
>> Are you using PPPoE ?
>
>No. And maybe I should also tell that I've used the same hardware with 
the 
>old LRP firewall with no problems.
>
>But surely we can't be the only two unlucky Bering users - can we? Any 
help 
>would be greatly appreciated. After all I chose Linux/Bering for it's 
>stability.






---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] More Bash Help

[Roger E McClurg]

While you are answering BASH questions Charles, do you think you can 
answer a couple more? Sorry Charles. No good deed goes unpunished ;-)

A while back we came upon the idea of modifying the IPSEC updown script to 
add the internal IP address of the LEAF machine as the source in the IP 
route generated by the updown script. This allowed us to use only one 
tunnel to communicate instead of two (LAN-LAN and Gateway-Gateway). Back 
then we coded the info in manually into the updown script. Now that Bering 
uses the current version of FreeSwan we have updown scripts that can be 
passed custom parameters. Charles can you (or anyone in the LEAF 
community) tell me how to go about modifying the script to pass the 
internal address? If so how do I code the parm in ipsec.conf? I've tried 
to do this, but my tests have been dismal failures (possibly owing to my 
minimal understanding of BASH).

I am also working on updates to weblet to allow remote monitoring of both 
the status and the current configuration of a LEAF machine. So far most 
everything I have been able to do. I can display all the important config 
files except one. I can't get weblet to display snmpd.conf. I checked the 
file and directory permissions and they are the same for snmpd.conf as for 
other files such as sshd_config, yet one displays and the other does not. 
I'm running on Bering 1.2 and weblet runs as user sh-httpd. The BASH 
command I use is:   $(cat /etc/snmp/snmpd.conf)   The command runs 
just fine when I run it from the console, but them I'm running as root not 
as sh-httpd.  What am I doing wrong? 

Best Regards,

Roger McClurg
[EMAIL PROTECTED]




This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. NOTE: Regardless of content, this e-mail shall not operate to 
bind CSC to any order or other contract unless pursuant to explicit 
written agreement or government initiative expressly permitting the use of 
e-mail for such purpose.




---
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Strange happenings with Bering 1.2

[Roger E McClurg]

I've installed a number of Bering 1.2 systems all connected by Ipsec VPNs 
and they work fine. All including the "strange" one are quite similar. 
While migrating yet another system from Dachstein to Bering I've 
encountered a couple of strange things and wondered if anyone had any 
ideas what might be going on. 

The LEAF system in question is a simple firewall/VPN gateway with only two 
NICs. It has a cable modem on eth0 and a switch connecting a handful of 
PCs on eth1. 

The first strange thing that happened was that the NICs swapped device 
IDs. What was eth0 became eth1 and vice versa. I always thought that which 
NIC became eth0 was BIOS dependent not kernel dependent. The swap did not 
present a big problem, it is just a curiosity. Has anyone else seen this 
happen when going from Dachstein 1.02 to Bering 1.2?

The second strange thing is a  problem. Please understand that this system 
ran months under Dachstein with no failures, and switching back to 
Dachstein makes the problem go away. It seems that every time any kind of 
load is placed on the system (say a 10 meg download), the inside NIC, eth1 
a (3Com 3c509),  stops responding. If the load stays low, the system runs 
normally. Do an FTP or pull something of any size down from the Web and 
eth1 goes away.  I have looked in very log file and I can find no error 
messages.

 When the problem happens I can not access the LEAF eth1 interface from 
any of the PCs, nor can I ping any of the local PCs from the LEAF console. 
While eth1 is down eth0 is up and running. From the LEAF console I can 
ping the Internet and hosts over the VPNs, I continue to be able to 
collect SNMP data from the LEAF across the VPN. In short everything seems 
to be working just as it should except eth1 is dead..
 
In trying to fix the problem I have tried the usual things. I have tried 
shutting down and restarting eth1 with ifconfig, done a network restart, 
restarted Shorewall, everything I could think of that might be the 
problem. Nothing brings back eth1. The only thing that seems to work is a 
reboot. I am at the point of grasping at straws on this one. 
 
If anyone on the list has seen this before, or can tell me where to start 
looking, or what tests to perform to provide the list with more useful 
information, please let me know.

Best Regards,
Roger McClurg



---
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Multiple VPNs in Bering 1.2

[Roger E McClurg]

My current  firewall uses Dachstein 1.02 and acts as a central site VPN 
device. I have numerous VPNs using the ipsec0 interface. Each VPN has a 
fixed address and of course different subnets.  I wish to replace the 
current firewall with Bering 1.2, but I am having problems configuring the 
VPNs on Shorewall.  I've read the Shorewall docs, but they are directed 
more toward road-warrier VPNs, not numerous lan-lan tunnels. Can anyone 
(Tom?) show me how to do this, or point me to some existing documentation?

Roger



---
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] OSPF

[Roger E McClurg]

OK people. Time for a dumb question. How do I do OSPF routing under Bering 
1.1? 

Best Regards,

Roger McClurg
[EMAIL PROTECTED]



---
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Anyone using VIA?

[Roger E McClurg]

What version(s) of LEAF are you using? 

Best Regards,

Roger McClurg
[EMAIL PROTECTED]





tmassey
@obscorp.com
03/13/2003 12:36 AM

 
To: Roger E McClurg/CEG/[EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject:Re: [leaf-user] Anyone using VIA?


[EMAIL PROTECTED] wrote on 03/13/2003 09:55:22 AM:

> Hi All,
> 
> I was just wondering how may of you are using or experimenting with the 
> Open Brick-E or any of the new VIA Mini ITX mother boards/CPUs.  I know 
> that lots of people have benchmarked the 1Gig VIAs against a  P4 (not 
much 
> comparison there), but I was wondering if  anyone has done any 
> benchmarking of the VIAs against a comparable (in general computing 
> capability) Intel platform for LEAF use. 

I use a lot of Eden-based LEAF firewalls.  I love them to death:  zero 
moving parts!  Performance isn't great:  an Eden is only about 2/3 the 
speed of an Intel, but seeing as it's 533MHz, even a 400MHz Intel is 
overkill, even with several VPN's.

So, I'm very happy.






---
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Anyone using VIA?

[Roger E McClurg]

Hi All,

I was just wondering how may of you are using or experimenting with the 
Open Brick-E or any of the new VIA Mini ITX mother boards/CPUs.  I know 
that lots of people have benchmarked the 1Gig VIAs against a  P4 (not much 
comparison there), but I was wondering if  anyone has done any 
benchmarking of the VIAs against a comparable (in general computing 
capability) Intel platform for LEAF use. 

 I will be getting a few of the OpenBrick-Es to experiment with soon, and 
thought I'd solicit any comments. What versions of LEAF are being used, 
what do you like or dislike, where are the land mines?  Please pass along 
your two cents worth.

Best Regards,

Roger McClurg
[EMAIL PROTECTED]



---
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Re:Using a wireless router with LEAF (Dachstein, Bering)

[Roger E McClurg]

Peter,

Might I recommend a Linksys wireless access point not a router. Your LEAF 
box is all the router you need. Disable the DHCP daemon on the access 
point, let it DHCP for it's address from the LEAF box, and  enable all the 
security you can including limiting access to only MAC addresses of your 
wireless NICs. I have done this with great success.

Best Regards,

Roger McClurg
[EMAIL PROTECTED]

--__--__--

Message: 11
Date: Tue, 4 Feb 2003 19:53:16 -0800 (PST)
From: Peter Nosko <[EMAIL PROTECTED]>
Subject: Re: [leaf-user] Using a wireless router with LEAF (Dachstein, 
Bering)
To: leaf <[EMAIL PROTECTED]>

(Re-rounting back to the list)

--- Ray Olszewski <[EMAIL PROTECTED]> wrote:
> There are several ways to "go about this", depending on undetailed 
> characteristics of "this" and what "the [wireless] router" actually is.

pn] Thanks for the reply, Ray.  Yes, by "this" I mean a linksys wireless 
router.  I installed this
one (http://linksys.com/Products/product.asp?grid=33&scid=35&prid=415) for a friend 
directly to
their DSL bridge, replacing a netgear "wired" router they had.  It feeds a 
hub just like the old
router did for their internal wired clients.

pn] I thought I might be able to make use of one too.  It can be 
configured for an external
dynamic IP assignment, and since I'm using a DHCP server behind my 
Dachstein firewall/router
(upgrading soon to Bearing), all my internal clients are also setup for 
dynamic IP assignment. 
Continuing along that line, I figured if I take my existing notebook 
connection from the hub of
the internal network to feed this wireless router, it would get one my 
10.x.x.x addresses
dynamically (like the notebook did) and assign the notebook with a 
wireless card one of it's own
NAT'ed (preconfigured for 192.168.x.x) addresses.

pn] I'm thinking my notebook "wouldn't know the difference" and I'd still 
have the same protection
from my firewall as before, no?  However, would I still have "transparent" 
access to the other,
er, Windoze clients on the internal network?  Again, I'm thinking it 
would, looking like it has
the IP of the linksys router to the rest of the internal network.  Am I 
right?
pn] If adding a separate NIC to the LEAF router/firewall adds something I 
missed in your previous
explanations, please smack me and say it again. But I think this would 
complicate my access to the
other internal clients.

pn] BTW, I have a DMZ so I'm already at a 3-NIC system, but adding one 
more just adds to the fun, eh?

=

-
Peter Nosko ([EMAIL PROTECTED])
This is a good place for a tagline.


---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Dachstein 1.02 and PCMCIA

[Roger E McClurg]

I'm willing to go with Bering, if someone can tell me how to get it up and 
running via PCMCIA quickly.  I need a firewall doing DHCP on eth0 for it's 
IP address, and running DHCPD on eth1. The only gotcha is that I also have 
to run a squid proxy on eth1.  Anyone got squid running on Bering?

Roger




"Todd Pearsall" 
01/20/2003 03:55 PM

 
    To: Roger E McClurg/CEG/CSC@CSC
cc: 
Subject:Re: [leaf-user] Dachstein 1.02 and PCMCIA


I haven't done pcmcia with Dachstein, but I have with Bering.  If you 
don't
have to Dachstein, try Bering the newer kernel has better support for 
things
like pcmcia and usb.

- Todd

- Original Message -
From: "Roger E McClurg" <[EMAIL PROTECTED]>
To: "Charles Steinkuehler" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Monday, January 20, 2003 3:10 PM
Subject: [leaf-user] Dachstein 1.02 and PCMCIA


> I need to create a LEAF firewall using Dachstein 1.02 on a laptop with 2
> PCMCIA NICs.
>
> Charles can you help me, or do you know who can?  Is it possible to do
> this and boot from the CD without having to recompile the kernel?   I'm
> running out of time, the machine has to be operational by Jan 31 and it 
is
> but a small part of what has to be done.
>
> Roger
>
>
> ---
> This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
> are you planning your Web Server Security? Click here to get a FREE
> Thawte SSL guide and find the answers to all your  SSL security issues.
> http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
> 
> leaf-user mailing list: [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>






---
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Dachstein 1.02 and PCMCIA

[Roger E McClurg]

I need to create a LEAF firewall using Dachstein 1.02 on a laptop with 2 
PCMCIA NICs. 

Charles can you help me, or do you know who can?  Is it possible to do 
this and boot from the CD without having to recompile the kernel?   I'm 
running out of time, the machine has to be operational by Jan 31 and it is 
but a small part of what has to be done.

Roger 


---
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Dachstein PCMCIA

[Roger E McClurg]

I'm trying with little success to get PCMCIA NICs working with Dachstein.

Does anyone know of a Dachstein pcmcia.lrp package?

Roger




---
This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will
allow you to extend the highest allowed 128 bit encryption to all your 
clients even if they use browsers that are limited to 40 bit encryption. 
Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Netmeeting and IP Telephony behind Dachstein

[Roger E McClurg]

I have a user who would like to access Netmeeting and IP telephony 
services from his PC through a Dachstein 1.02 firewall.  IP telephony 
works outbound but not inbound. That is, the far end can hear him, but he 
can't hear them. I suspect  a UDP firewall rule might need changing (right 
now they are set to the defaults).  Netmeeting does not work. Does anyone 
(Charles?) know what needs to be done to make these services work? 

Best Regards,

Roger McClurg
[EMAIL PROTECTED]



---
This SF.NET email is sponsored by: Take your first step towards giving 
your online business a competitive advantage. Test-drive a Thawte SSL 
certificate - our easy online guide will show you how. Click here to get 
started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] ipsec connect to this?

[Roger E McClurg]

Michael,

I've have been running VPN tunnels between my Dachstein machines and
Cisco's for some time. It is no problem. Yes you should use tunnel mode.
Telling you otherwise only proves the person you are dealing with does not
understand what he/she is saying. Here is an explanation I pulled down for
you:

- - - - - - - - - - - - - - -

Also from my reading ("IPSec", ISBN 0-13-011898-2) transport mode is
host to host, whereas tunnel mode goes "through" the hosts (simple
but it's an important difference). That is in transport mode the data
payload is encrypted, AH/ESP is tacked on, etc and the packet is
simply sent to the other system. In tunnel mode the entire packet is
taken, encrypted, AH/ESP is tacked on, and that is loaded as the data
payload and bundled off to another system (think of someone being
clubbed on the head, shoved into a large sack, bundled into a van and
driven off). In some ways tunnel mode is "more secure" because the
attacker can't actually see the IP's/etc it's really for. If you want
a good book on IPSec I'd highly recocmend this one, it covers the
protocol and theory really well.

- -Kurt Seifried
- - - - - - - - - - - - - - - - -

Best Regards,

Roger McClurg

--

Date: Fri, 08 Nov 2002 01:16:01 -0600
From: "Michael D. Schleif" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Organization: mds resource
To: LEAF <[EMAIL PROTECTED]>
Subject: Re: [leaf-user] ipsec connect to this?


Correct me if I am wrong; but, isn't transport mode solely for
host-to-host vpn's?

Everything seems to be OK in auth.log and ipsec look appears OK, when I
use tunnel mode -- however, we cannot ping nor telnet nor ftp to the
other side.  tcpdump shows outgoing requests; but, nothing comes back.
Unfortunately, the other side is not cooperative, because he insists
that we must use a cisco like he is, and he's determined to prove that
to us all ;<

When I select type=transport, auth.log process never completes and no
``IPSec SA is established ...'' appears.

What do you think?

"Michael D. Schleif" wrote:
>
> Received following set of requirements for one of our DCD's to connect
> to a remote non-DCD site:
>
> ISAKMP Policy:
> Encryption: 3DES
> Hash: MD5
> Authentication: pre shared keys
> Diffie Helman group 1 or 2
>
> Use the following key: 
> IPSec GW Address: 204.235.103.2
>
> Destination Network: 204.235.101.128 255.255.255.240
>
> IPSec Policy
> ESP Transform: 3DES
> ESP Authentication Transform: md5-hmac
>
> IPSec mode is transport. Please be sure to apply NAT *BEFORE*
IPSec.
> Private Addresses leaked onto the the network will be rejected.
>
> We have not setup ipsec to non-DCD before.
>
> Is this doable?
>
> Is above information adequate?
>
> Is there anything unusual to this setup?

--

Best Regards,

mds
mds resource
888.250.3987

Dare to fix things before they break . . .

Our capacity for understanding is inversely proportional to how much we
think we know.  The more I know, the more I know I



---
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Multiple Processors

[Roger E McClurg]

Charles,

Do you have any experience running Dachstein on a server with multiple
processors? I just got handed one and would love to be able to use both
processors to handle a large number of VPNs. With over 600 Meg of RAM it
should really sing.

Best Regards,

Roger



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Re: 1.68 Meg Floppy Image of CROM binary

[Roger E McClurg]

Thanks for the info Charles. You always come through.

Best Regards,

Roger McClurg
[EMAIL PROTECTED]



   

"Charles   

Steinkuehler"    To:     "Roger E McClurg" <[EMAIL PROTECTED]>  

 

@steinkuehlerSubject: Re: 1.68 Meg Floppy Image of 
CROM binary 
.net>  

   

10/07/02   

10:12 AM   

   

   





> I've got an old PC running the 1.02 Dachstein CD. It can't boot from
the CD
> so I use a floppy boot disk. Herein lies the problem. I am running
IPSEC on
> this machine and am just barely fitting the backups on the floppy. I'd
like
> to run a couple more applications on the PC but have no room to store
the
> configuration backups on the floppy.
>
> Is there a 1.68 Meg floppy image of the CD boot binary available? If
not
> how do I go about creating such a beast?

There isn't a 1.68 Meg image of the CD Boot disk available, but it's a
minor tweak to turn a standard Dachstein disk into one (all packages are
identical between the CD and floppy versions of Dachstein...only
differences are boot options and media type).  Simply edit syslinux.cfg,
and set the PKGPATH parameter to include the CD-ROM
(PKGPATH=/dev/cdrom:iso9660).  Leave the BOOT= parameter as-is (should
be set to 1680K floppy if you start with a Dachstein floppy image), and
you're all set.

Of course, you'll probably want to replace the standard "full" packages
of etc, modules, etc. on the default Dachstein distribution with your
existing partial backups rather than re-create them from scratch.

As a bonus, your 1680K floppy will boot faster than the 1440K disk.
Since there's more data on each track, it takes fewer revolutions of the
floppy media to load the initial system image.

> As always, thanks for the help.
>
> BTW. Have you had a chance to rebuild your network, or are your
machines
> still in the garage?

I've got one or two systems back online, but not enough to do any real
test networks :<

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)







---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] 1.68 Meg Floppy Image of CROM binary

[Roger E McClurg]

Charles,

I've got an old PC running the 1.02 Dachstein CD. It can't boot from the CD
so I use a floppy boot disk. Herein lies the problem. I am running IPSEC on
this machine and am just barely fitting the backups on the floppy. I'd like
to run a couple more applications on the PC but have no room to store the
configuration backups on the floppy.

Is there a 1.68 Meg floppy image of the CD boot binary available? If not
how do I go about creating such a beast?

As always, thanks for the help.

BTW. Have you had a chance to rebuild your network, or are your machines
still in the garage?

Roger



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Dachstein v1.03 CD?

[Roger E McClurg]

Charles,
I would be happy to do what I can to help.

Best Regards,

Roger McClurg
[EMAIL PROTECTED]



   

"Charles   

Steinkuehler"To: <[EMAIL PROTECTED]>, 
Roger E
Subject: Re: [leaf-user] Dachstein v1.03 
CD?  
   

09/03/2002 

12:49 PM   

   

   





> I have not heard about the updated Dachstein CD with the security
fixes in
> it in a while. Is anyone still working on this?

Saddly, no.  I'm hoping I may be able to spare some time to get
something into a releaseable state (my schedule is finally beginning to
free up a bit), or perhaps enlist others to help.

Charles Steinkuehler
[EMAIL PROTECTED]






---
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Dachstein v1.03 CD?

[Roger E McClurg]

I have not heard about the updated Dachstein CD with the security fixes in
it in a while. Is anyone still working on this?

Best Regards,

Roger McClurg
[EMAIL PROTECTED]




---
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Dlink 570

[Roger E McClurg]

This is a bit off topic, but does anyone know where I can get a couple of
Dlink 570TX NICs? Just when I need them, they stop making them.

Best Regards,

Roger McClurg
[EMAIL PROTECTED]




---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Weblet changes

[Roger E McClurg]

Sean,

I updated a CGI script for Weblet and sent it to Charles. Charles made some
changes to it, and was going to include it in the new CD. I'm sure he would
be happy to send it to you.

Best Regards,

Roger McClurg
[EMAIL PROTECTED]



   Bringing you mounds of caffeinated joy
  >>> http://thinkgeek.com/sf<<<


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Dachstein-CD update

[Roger E McClurg]

Charles,

Don't forget the Weblet updates.

Best Regards,
Roger



___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Unable to Route

[Roger E McClurg]

Charles,

I'm hoping you have a quick answer on this one. I'm running DCD 1.02. I had
the system up and running with two VPNs happily passing data, and then the
thunderstorm came. Don't think it was the culprit, but on reboot etc.lrp
was unreadable. Even though I keep telling people to back up their config
floppies, I didn't get a roundtuit for this one. So I rebuilt the
network.conf , and other etc files. And rebooted. Now the firewall works
just fine.  The VPN gets established, but when the updown script runs Pluto
reports that it is unable to route. The firewall rules look OK. Everything
looks fine, but there is something I am missing and it's driving me nuts.
I even tried an "ipsec auto --route" with the same results: "unable to
route".  Is there something simple and obvious that I'm missing here?

I just thought I'd ask before I got to the trouble of rebuilding everything
from scratch. I've built a dozen leafs now and never hit this issue.

Best Regards,

Roger


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Windows Network Browsing works!

[Roger E McClurg]

Charles,

I thought I'd let you know that I got Windows Network Browsing (SMB)
working. In the process I learned an incredible amount from the Samba docs
(thanks for pointing me there).

I spent quite a while sniffing the network and examining packets. The
culprit seems to be the cisco router doing IPSEC and inside NAT. I believe
it was the NAT that was the killer, although I have not gone back to prove
it. With the Cisco in place I could not get any Master Browser (Win NT, Win
98, or Samba) on my side of the tunnel to get the browse list from the
other side. Once I replaced the Cisco with another DCD machine running a
subnet of the far end network, my Local Master Browsers ( all of them in
turn) were able to get the browse list with all 25,000 servers. The speed
is very close to that on the corporate LAN. Printing, browsing, everything
works just as it should.

For those who are interested in doing the same thing:

*   You need a local Master Browser. Although Win 95, and 98 try at this,
it works best if you use Samba or NT. Win 2K and XP also work, but they
have to be in hybrid mode for earlier versions of Windows operating systems
to work with them. Samba or NT are much easier to set up.

*   If the network you are accessing has WINS servers, be sure to pass the
WINS server IP address(es) to your remote LAN. The easiest way to do this
is to put the WINS information in dhcpd.conf. If the network does not have
WINS servers you have a lot of work to do. Start reading Samba
documentation.

The local Master Browser passes the NETBIOS names of servers to your
Windows PCs, the WINS servers provide the NETBIOS name to IP address
conversion for your PC.

Samba contains some excellent overview documents about Windows (SMB)
networking.  Anyone attempting to route a Windows Browse List should read
these documents.

Roger




leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE:[Leaf-user] NT networking over LEAF IPSEC VPN

[Roger E McClurg]

The problem I have is that I am looking at LEAF as an option for small
offices, warehouses, etc. to access resources on corporate networks. I deal
with quite large enterprises. One of them has a huge network of over 25,000
servers in dozens of domains, all with trust relationships. Users want to
be able to run logon scripts which will map their most commonly used
drives, but also to browse this huge network so they can find and access
other resources anywhere in the world. It all makes for a rather large
complicated browse list.

It is a tough first routed SMB problem to solve, but once I get it working
other networks should be a bit easier.

I have to say that Charles experiences and expertise make this job a whole
lot easier. Thanks Charles.

Best Regards,

Roger McClurg
[EMAIL PROTECTED]



   

Brock Nanson   

 cc: Roger E McClurg/CEG/CSC@CSC   

 Subject: RE:[Leaf-user] NT networking 
over LEAF IPSEC VPN 
04/19/2002 

06:01 PM   

   

   





Roger,

I may have been one of those who replied on the FreeS/WAN list.  Your
posting has actually prompted me to revisit the whole issue.  In brief,
I think I said that the transfer speeds were fine so long as WINS and
browsing was left out of the equation.  At least that seems to be the
case.  However, as you know, this precludes using network neighbourhood.

Do you need free run of network neighbourhood, or could you get by with
several mapped drives?  These could be done automagically with a logon
script.

If you want to do some testing, contact me off-list and we can set up a
tunnel to try some of these things if you like (samba, wins, browsing
etc.).  I have a LEAF gateway at home, but don't really want to mess
with the production ones with these tests!

I'm suspicious that some of the speed trouble may be related to the way
smb works.  If you look at the man page for dhcp-options(5) you will see
references to several netbios items.  The one that caught my attention
was 'all-subnets-local' which suggested an MTU adjustment...

Brock

> Message: 1
> Date: Fri, 19 Apr 2002 14:11:42 -0400
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: [Leaf-user] NT networking over LEAF IPSEC VPN
>
> I posted the problem below on the FreeS/WAN users list and
> got a number of replies including agreement from others who
> have tried, but no one said "Hey I have NT (SMB) running
> across an IPSEC VPN".  The best suggestions I got were to
> create a WINS (SAMBA) server on the remote side. I agree that
> should solve the problem, but when one talks about adding
> potentially hundreds of new SAMBA servers to a domain with
> trust relationships to thousands of servers this presents a
> big problem.
>
> The setup is simple: one or many Windows PC on the remote
> end,  dozens of NT domains on the local end, and DCD-Cisco
> Router in between.  Has anyone here at LEAF gotten SMB
> networking to propagate properly through an IPSEC tunnel? I
> can map drives and access file shares.
> It is   s  l  o  w  but it works.  What I can't do is view
> network browse
> lists, do network printing, in short almost the entire gamut of SMB.
>
> WINS information is passed by the DHCP server to the PCs. I
> have tried putting server info in LMHOSTS files. None of it
> helps. Has anyone solved this problem before?
>
> Roger
>
> -=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-
>
> Date: Wed, 17 Apr 2002 12:00:47 -0400
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: [Users] NT networking over a FreeS/WAN tunnel
>
> I am running a tunnel from a Dachstein firewall to a Cisco
> router. WINS servers are on the inside of the Cisco and
> Windows machines on the inside of the Dachstein. The Cisco
> router NATs the Tunnel addresses to routable addresses on its
> inside interface.
>
> Everything seems to be working fine through the tunnel (TCP,
> ICMP, UDP) except the NT networking. DHCP on the Dachstein
> passes the correct Wins information to the Windows PCs. I can
> logon (usually). I can map drives on servers, if I know in
> advance the server/share n