[leaf-user] Looking for a VPN Solution

2004-03-23 Thread JamesSturdevant 
I am running Bering 1.2 and am looking for a VPN solution for one of my users.

Her ISP is Earthlink and she reports that here IP address changes 
frequently (every 30 minutes). She will be connecting with a Windows client.

I have Freeswan working for others but their IPs are static. I have tried 
OpenVPN but the LEAF software seg faults when a UDP connection is made from 
a Windows Client and constantly reset if a TCP connection is made. Does 
anyone know what kernel version this code was compiled for?

I know it's a weak solution, but I need to also check out PPTP. Does anyone 
have a version of POPTOP for Bering? All I can locate is the PPTP client.

JamesS



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Looking for a VPN Solution

2004-03-23 Thread James Neave 
Hi,

I have PoPToP for Bering. It's around on the LEAF site somewhere.
It's a bugger to get working, the version on the website has config
files that are not for openSSH. I tracked it all down and have a nice
server working for Win32 clients doing their "dial-in". 

When I get home I'll email you my stuff, sans passwords.

BUT (aha!)

Expect pain if she's running Win2K. I have a few people for whom it just
does not work.

Also, it's a bit flaky in the password department. Most of my users all
have the same username and password, because that's the only way it
works (it just don't work). 
I authenticate by DNS entries in the shorewall rules and my clients have
dynDNS accounts.

If you don't mind that it doesn't offer REAL security (like, keep the
government out), PPTP is nice and painless for your less IT friendly
clients.

James.
-Original Message-
From: JamesSturdevant [mailto:[EMAIL PROTECTED] 
Sent: 23 March 2004 16:24
To: [EMAIL PROTECTED]
Subject: [leaf-user] Looking for a VPN Solution

I am running Bering 1.2 and am looking for a VPN solution for one of my
users.

Her ISP is Earthlink and she reports that here IP address changes 
frequently (every 30 minutes). She will be connecting with a Windows
client.

I have Freeswan working for others but their IPs are static. I have
tried 
OpenVPN but the LEAF software seg faults when a UDP connection is made
from 
a Windows Client and constantly reset if a TCP connection is made. Does 
anyone know what kernel version this code was compiled for?

I know it's a weak solution, but I need to also check out PPTP. Does
anyone 
have a version of POPTOP for Bering? All I can locate is the PPTP
client.

JamesS



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Looking for a VPN Solution

2004-03-23 Thread K.-P. Kirchdörfer 
Am Dienstag, 23. März 2004 17:23 schrieb JamesSturdevant:
> I am running Bering 1.2 and am looking for a VPN solution for one of my
> users.
>
> Her ISP is Earthlink and she reports that here IP address changes
> frequently (every 30 minutes). She will be connecting with a Windows
> client.
>
> I have Freeswan working for others but their IPs are static.

You may look into road-warrior configuration for a dynamic ip address.

kp


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Looking for a VPN Solution

2004-03-23 Thread Martin Hejl 
JamesSturdevant wrote:
I am running Bering 1.2 and am looking for a VPN solution for one of my 
users.

Her ISP is Earthlink and she reports that here IP address changes 
frequently (every 30 minutes). She will be connecting with a Windows 
client.

I have Freeswan working for others but their IPs are static. I have 
tried OpenVPN but the LEAF software seg faults when a UDP connection is 
made from a Windows Client and constantly reset if a TCP connection is 
made. Does anyone know what kernel version this code was compiled for?
It shouldn't matter. For all I know, OpenVPN is completely independant 
of the kernel version (unlike IPSEC), since it runs completely in 
user-space.

Unless there is a compelling reason not to (like, extensive setup 
already done on Bering, or software that's not available for Bering 
uClibc), you might also want to consider switching to Bering uClibc - I 
maintain the OpenVPN package for Bering uClibc (I also wrote a patch to 
enable OpenVPN to work with "ip" instead of "ipconfig", which has found 
it's way into the latest version), and it's been _very_ stable for me 
(I'm currently running two OpenVPN links - one over the internet where 
both ends are dynamic and change IPs once a day, and one over a wireless 
connection, which goes up and down a lot, since it's used for testing 
wireless equipment). I'm not trying to "sell" Bering uClibc to you, I 
just don't like it that a fine piece of software like OpenVPN is being 
dropped in favour of something less secure, just because of a seemingly 
faulty package (and sorry, no, I can't help with fixing the package on 
Bering).

Martin



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Looking for a VPN Solution

2004-03-23 Thread David Pitts 
Eric Spakman has just compiled pptpd for Bering uClib which I have got
working.  I haven't finished testing my set up yet but its looking good!
The .lrp package is in the Testing area of the uClib packages download
page.

So now I have a single 1.44 floppy router/firewall with dhcpd, pump,
ezipupdate, bpalogin, weblet, dropbear (SSH and SCP!) and VPN!!  Plus
some other things that I can probably do without!  

Very functional, cheap, and a lot of fun!!

And for those who think floppies are unreliable, I agree entirely which
is why I keep an executable image of my router disk on a couple of
workstations around the place so I can remake the router disk quickly.
I have been playing with this stuff for a couple of years now and I have
had a couple of disks fail while I have been playing (maybe because I
have been playing??) but none in operation and given that once your
image is settled you should not need to reboot the router for a long
time, floppy reliability is not so much of an issue.  Except maybe if
your router is an environmentally unfriendly area.

Beauuudiful!!

Thanks folks.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012


-Original Message-
From: Martin Hejl [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, 24 March 2004 4:21 AM
To: JamesSturdevant
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Looking for a VPN Solution



JamesSturdevant wrote:
> I am running Bering 1.2 and am looking for a VPN solution for one of 
> my
> users.
> 
> Her ISP is Earthlink and she reports that here IP address changes
> frequently (every 30 minutes). She will be connecting with a Windows 
> client.
> 
> I have Freeswan working for others but their IPs are static. I have
> tried OpenVPN but the LEAF software seg faults when a UDP connection
is 
> made from a Windows Client and constantly reset if a TCP connection is

> made. Does anyone know what kernel version this code was compiled for?
It shouldn't matter. For all I know, OpenVPN is completely independant 
of the kernel version (unlike IPSEC), since it runs completely in 
user-space.

Unless there is a compelling reason not to (like, extensive setup 
already done on Bering, or software that's not available for Bering 
uClibc), you might also want to consider switching to Bering uClibc - I 
maintain the OpenVPN package for Bering uClibc (I also wrote a patch to 
enable OpenVPN to work with "ip" instead of "ipconfig", which has found 
it's way into the latest version), and it's been _very_ stable for me 
(I'm currently running two OpenVPN links - one over the internet where 
both ends are dynamic and change IPs once a day, and one over a wireless

connection, which goes up and down a lot, since it's used for testing 
wireless equipment). I'm not trying to "sell" Bering uClibc to you, I 
just don't like it that a fine piece of software like OpenVPN is being 
dropped in favour of something less secure, just because of a seemingly 
faulty package (and sorry, no, I can't help with fixing the package on 
Bering).

Martin



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Looking for a VPN Solution

2004-03-23 Thread Ping Kwong 
You may want to check out m0n0wall.

http://m0n0.ch/wall

It has PPTP server built in and boots from a CD-ROM while the
configuration is saved to a floppy.  There are some known problems with
some XP clients.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
JamesSturdevant
Sent: Tuesday, March 23, 2004 8:24 AM
To: [EMAIL PROTECTED]
Subject: [leaf-user] Looking for a VPN Solution

I am running Bering 1.2 and am looking for a VPN solution for one of my
users.

Her ISP is Earthlink and she reports that here IP address changes 
frequently (every 30 minutes). She will be connecting with a Windows
client.

I have Freeswan working for others but their IPs are static. I have
tried 
OpenVPN but the LEAF software seg faults when a UDP connection is made
from 
a Windows Client and constantly reset if a TCP connection is made. Does 
anyone know what kernel version this code was compiled for?

I know it's a weak solution, but I need to also check out PPTP. Does
anyone 
have a version of POPTOP for Bering? All I can locate is the PPTP
client.

JamesS





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Looking for a VPN Solution

2004-03-24 Thread Peter Mueller 
> It has PPTP server built in and boots from a CD-ROM while the
> configuration is saved to a floppy.  There are some known 
> problems with some XP clients.

Are they using ppp-2.4.2x and poptop-1.1.4x?  The XP problems can be solved
via iptables clamps (clamp-mss-to-pmtu I believe), or using an ip-up hack.

P


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Looking for a VPN Solution

2004-03-24 Thread Ping Kwong 
Neither.  He is using MPD.  This is based on FreeBSD 4.9.  PoPTop wasn't
an option because it doesn't run in userland and he wants to make it as
secure as possible.

-Original Message-
From: Peter Mueller [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, March 24, 2004 11:15 AM
To: 'Ping Kwong'; 'JamesSturdevant'; [EMAIL PROTECTED]
Subject: RE: [leaf-user] Looking for a VPN Solution

> It has PPTP server built in and boots from a CD-ROM while the
> configuration is saved to a floppy.  There are some known 
> problems with some XP clients.

Are they using ppp-2.4.2x and poptop-1.1.4x?  The XP problems can be
solved
via iptables clamps (clamp-mss-to-pmtu I believe), or using an ip-up
hack.

P



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Looking for a VPN Solution

2004-04-06 Thread JamesSturdevant 
I bit the bullet and converted to Bering uClibc and installed OpenVPN. It 
WORKS!

I guess that the openvpn.lrp on Jacque Nilo's list is for an older version 
of Bering and should either be rebuilt or removed from the list.
JamesS
ps: How does one pronounce uClibc? You See lib See, mu See lib See, or 
domething completely different?
At 09:21 PM 3/23/2004 +0100, Martin Hejl wrote:

Unless there is a compelling reason not to (like, extensive setup already 
done on Bering, or software that's not available for Bering uClibc), you 
might also want to consider switching to Bering uClibc - I maintain the 
OpenVPN package for Bering uClibc (I also wrote a patch to enable OpenVPN 
to work with "ip" instead of "ipconfig", which has found it's way into the 
latest version), and it's been _very_ stable for me (I'm currently running 
two OpenVPN links - one over the internet where both ends are dynamic and 
change IPs once a day, and one over a wireless connection, which goes up 
and down a lot, since it's used for testing wireless equipment). I'm not 
trying to "sell" Bering uClibc to you, I just don't like it that a fine 
piece of software like OpenVPN is being dropped in favour of something 
less secure, just because of a seemingly faulty package (and sorry, no, I 
can't help with fixing the package on Bering).

Martin



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Looking for a VPN Solution

2004-04-06 Thread K.-P. Kirchdörfer 
Am Dienstag, 6. April 2004 19:13 schrieb JamesSturdevant:
> I bit the bullet and converted to Bering uClibc and installed OpenVPN. It
> WORKS!

I'm not surprised, Martin is a good developer and his packages are well 
tested.

> I guess that the openvpn.lrp on Jacque Nilo's list is for an older version
> of Bering and should either be rebuilt or removed from the list.
> JamesS
> ps: How does one pronounce uClibc? You See lib See, mu See lib See, or
> domething completely different?

I think both are alright; see:

http://www.uclibc.org/FAQ.html#naming

kp



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Looking for a VPN Solution

2004-04-07 Thread Martin Hejl 
Hi kp,

K.-P. Kirchdörfer wrote:
Am Dienstag, 6. April 2004 19:13 schrieb JamesSturdevant:

I bit the bullet and converted to Bering uClibc and installed OpenVPN. It
WORKS!


I'm not surprised, Martin is a good developer and his packages are well 
tested.
Blush - too much honour. I obviously do try to test as much as I can, 
but for OpenVPN, most of the honour should go to James Yonan (the 
OpenVPN developer), who wrote an excellent piece of software. All I did 
was to add a minor patch to make things work for Bering uClibc, compile 
it against uClibc and create the package

Martin



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html