Re: VPN and shared directories in Win XP

2009-05-12 Thread Yuriy A. Dmitrishin 
ICMP packets with size 32 ... 63600 bytes comes with 0% of loses. Large 
packets (> 63600 bytes) have 25...75% of loses.


- Original Message - 
From: "Steven Surdock" 

To: "Yuriy A. Dmitrishin" ; 
Sent: Tuesday, May 12, 2009 3:27 PM
Subject: Re: VPN and shared directories in Win XP



Check for large packets, specifically UDP and port 88.  Test by seeing
how big of pings you can get through using the -l option (assuming
you're pinging from the XP host.)

-Steve S.


-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf

Of

Yuriy A. Dmitrishin
Sent: Tuesday, May 12, 2009 2:50 AM
To: misc@openbsd.org
Subject: VPN and shared directories in Win XP

Hi.
I have VPN connection between 2 offices with subnets 192.168.1.0/24

and

192.168.2.0/24. I can ping 192.168.2.2 from 192.168.1.66 and vice

versa.

But
when I try to open shared directory (e.g., \\192.168.2.2\Shared from
192.168.1.66 and vice versa) I get error message, but I can easily

open

shared
directory from the host from the same subnet.
Here's a part of log:
all tcp 192.168.2.2:445 <- 192.168.1.66:2596   CLOSED:SYN_SENT
all tcp 192.168.1.66:2596 -> 192.168.2.2:445   SYN_SENT:CLOSED
all tcp 192.168.2.2:139 <- 192.168.1.66:2597   CLOSED:SYN_SENT
all tcp 192.168.1.66:2597 -> 192.168.2.2:139   SYN_SENT:CLOSED

Thanks for your help.

Best, Yuriy A. Dmitrishin.

VPN and shared directories in Win XP

2009-05-11 Thread Yuriy A. Dmitrishin 
Hi.
I have VPN connection between 2 offices with subnets 192.168.1.0/24 and
192.168.2.0/24. I can ping 192.168.2.2 from 192.168.1.66 and vice versa. But
when I try to open shared directory (e.g., \\192.168.2.2\Shared from
192.168.1.66 and vice versa) I get error message, but I can easily open shared
directory from the host from the same subnet.
Here's a part of log:
all tcp 192.168.2.2:445 <- 192.168.1.66:2596   CLOSED:SYN_SENT
all tcp 192.168.1.66:2596 -> 192.168.2.2:445   SYN_SENT:CLOSED
all tcp 192.168.2.2:139 <- 192.168.1.66:2597   CLOSED:SYN_SENT
all tcp 192.168.1.66:2597 -> 192.168.2.2:139   SYN_SENT:CLOSED

Thanks for your help.

Best, Yuriy A. Dmitrishin.

Re: VNC and PF

2009-04-16 Thread Yuriy A. Dmitrishin 

Looks like it's my mistake.

This rule doesn't work when I connecting from my LAN, but only from ext. 
network.


Best, Yuriy A. Dmitrishin.

Re: VNC and PF

2009-04-16 Thread Yuriy A. Dmitrishin 

Here's another rule. It redirects port to Remote Administrator (like VNC):
# pfctl -s nat|grep 4899
rdr on tun0 inet proto tcp from any to any port = 54545 -> 192.168.0.246 
port 4899


This redirection works fine.
Putting a "pass" between "rdr" and "on" in my rule doesn't help.

Best, Yuriy A. Dmitrishin.

VNC and PF

2009-04-16 Thread Yuriy A. Dmitrishin 
Hi.

I try to redirect VNC port in my LAN:
$ pfctl -s nat|grep 5900
rdr on tun0 inet proto tcp from any to any port = 59001 -> 192.168.0.10 port
5900

But I cannot connect with VNC-viewer to address 66.66.66.66:59001 (66.66.66.66
as my ext addr.).

Thanks for your help.

Best, Yuriy A. Dmitrishin.

Re: OpenVPN server refuses connections

2009-03-04 Thread Yuriy A. Dmitrishin 
> > /etc/openvpn/server.conf:
> > local 192.168.0.1
> >
> > /etc/openvpn/client.conf
> > remote 66.66.66.66 1194
>
> ?
Yes, this is my mistake.
 local 66.66.66.66
Now it works, thanks.

-- 
P! QP2P0P6P5P=P8P5P<, P.QP8P9 PP

OpenVPN server refuses connections

2009-03-04 Thread Yuriy A. Dmitrishin 
Hi. I'm using OpenVPN server with such configuration:

/etc/openvpn/server.conf:

daemon openvpn
local 192.168.0.1
port 1194
proto udp
dev tun1
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key  # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem
server 10.10.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway local def1"
keepalive 10 120
cipher BF-CBC# Blowfish (default)
comp-lzo
max-clients 10
user _openvpn
group _openvpn
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append  /var/log/openvpn.log
verb 3

Here's my log:

Fri Feb 20 12:46:10 2009 OpenVPN 2.0.9 i386-unknown-openbsd4.3 [SSL] [LZO]
built on Oct 24 2008
Fri Feb 20 12:46:10 2009 Diffie-Hellman initialized with 1024 bit key
Fri Feb 20 12:46:10 2009 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0
EL:0 ]
Fri Feb 20 12:46:10 2009 gw 66.66.66.66
Fri Feb 20 12:46:10 2009 /sbin/ifconfig tun1 destroy
Fri Feb 20 12:46:10 2009 /sbin/ifconfig tun1 create
Fri Feb 20 12:46:10 2009 NOTE: Tried to delete pre-existing tun/tap
instance -- No Problem if failure
Fri Feb 20 12:46:10 2009 /sbin/ifconfig tun1 10.10.10.1 10.10.10.2 mtu 1500
netmask 255.255.255.255 up
Fri Feb 20 12:46:10 2009 TUN/TAP device /dev/tun1 opened
Fri Feb 20 12:46:10 2009 /sbin/route add -net 10.10.10.0 10.10.10.2 -netmask
255.255.255.0
add net 10.10.10.0: gateway 10.10.10.2
Fri Feb 20 12:46:10 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135
ET:0 EL:0 AF:3/1 ]
Fri Feb 20 12:46:10 2009 GID set to _openvpn
Fri Feb 20 12:46:10 2009 UID set to _openvpn
Fri Feb 20 12:46:10 2009 UDPv4 link local (bound): 192.168.0.1:1194
Fri Feb 20 12:46:10 2009 UDPv4 link remote: [undef]
Fri Feb 20 12:46:10 2009 MULTI: multi_init called, r=256 v=256
Fri Feb 20 12:46:10 2009 IFCONFIG POOL: base=10.10.10.4 size=62
Fri Feb 20 12:46:10 2009 IFCONFIG POOL LIST
Fri Feb 20 12:46:10 2009 Initialization Sequence Completed

Now I'm trying to make a connection on my Linux mashine.

/etc/openvpn/client.conf:

client
dev tun
proto udp
remote 66.66.66.66 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client1.crt
key /etc/openvpn/keys/client1.key
ns-cert-type server
comp-lzo
verb 3
ping 10
ping-restart 60

$ openvpn --config /etc/openvpn/client.conf
Wed Mar  4 10:15:51 2009 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2]
[EPOLL] [PKCS11] built on Oct 15 2008
Wed Mar  4 10:15:51 2009 /usr/bin/openssl-vulnkey -q -b 1024 -m 
Wed Mar  4 10:15:52 2009 LZO compression initialized
Wed Mar  4 10:15:52 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0
ET:0 EL:0 ]
Wed Mar  4 10:15:52 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135
ET:0 EL:0 AF:3/1 ]
Wed Mar  4 10:15:52 2009 Local Options hash (VER=V4): '41690919'
Wed Mar  4 10:15:52 2009 Expected Remote Options hash (VER=V4): '530fdded'
Wed Mar  4 10:15:52 2009 Socket Buffers: R=[112640->131072]
S=[112640->131072]
Wed Mar  4 10:15:52 2009 UDPv4 link local: [undef]
Wed Mar  4 10:15:52 2009 UDPv4 link remote: 66.66.66.66:1194
Wed Mar  4 10:15:52 2009 read UDPv4 [ECONNREFUSED]: Connection refused
(code=111)
Wed Mar  4 10:15:54 2009 read UDPv4 [ECONNREFUSED]: Connection refused
(code=111)
Wed Mar  4 10:15:56 2009 read UDPv4 [ECONNREFUSED]: Connection refused
(code=111)
^CWed Mar  4 10:16:24 2009 event_wait : Interrupted system call (code=4)
Wed Mar  4 10:16:24 2009 TCP/UDP: Closing socket
Wed Mar  4 10:16:24 2009 SIGINT[hard,] received, process exiting

Thanks for your help.
--
P! QP2P0P6P5P=P8P5P<, P.QP8P9 PP

Re: ping: sendto: No buffer space avaible

2008-11-23 Thread Yuriy A. Dmitrishin 
P QP>P>P1QP5P=P8P8 P>Q Saturday 22 November 2008 18:26:42 P2Q 
P=P0P?P8QP0P;P8:
> On Sat, Nov 22, 2008 at 08:36:44AM +0200, Yuriy A. Dmitrishin wrote:
> > Hi.
> >
> > I get such message every morning when I come to my work.
> >
> > I try to increase limits in pf.conf: set limit { states 5, frags
> > 5, src-nodes 5 } but it doesn't solve this problem.
> >
> > My ip: 193.239.143.252.
> >
> > Routing table:
> > default193.239.143.193UGS 314062  -  
> > tun0
>
> Are you using OpenVPN?
No. I'm using ppp client.


-- 
P! QP2P0P6P5P=P8P5P<, P.QP8P9 PP

ping: sendto: No buffer space avaible

2008-11-21 Thread Yuriy A. Dmitrishin 
Hi.

I get such message every morning when I come to my work.

I try to increase limits in pf.conf: set limit { states 5, frags 5, 
src-nodes 5 } but it doesn't solve this problem.

My ip: 193.239.143.252.

Routing table: 
default193.239.143.193UGS 314062  -   tun0
127/8  127.0.0.1  UGRS00  33208   lo0
127.0.0.1  127.0.0.1  UH  3  815  33208   lo0
172.16.9.1 172.16.50.254  UGHS214395  -   vr0
172.16.50/24   link#1 UC  10  -   vr0
172.16.50.254  fe:2a:a9:73:5a:0e  UHLc10  -   vr0
192.168.0/24   link#2 UC  60  -   vr1
192.168.0.200:0e:2e:0d:2f:52  UHLc0 1170  -   vr1
192.168.0.500:0c:76:b5:b6:cf  UHLc113167  -   vr1
192.168.0.20   00:18:f3:07:d6:e8  UHLc07  -   vr1
192.168.0.200  00:50:70:74:3e:1d  UHLc0   80  -   vr1
192.168.0.222  00:50:70:74:3d:bc  UHLc0   39  -   vr1
192.168.0.246  00:03:47:e3:7d:92  UHLc0   36  -   vr1
193.239.143.193193.239.143.252UH  10   1500   tun0
224/4  127.0.0.1  URS 00  33208   lo0

Dmesg:
OpenBSD 4.3-stable (ROUTER.i386) #2: Tue Oct 14 21:20:56 EEST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/ROUTER.i386
cpu0: Intel(R) Celeron(TM) CPU 1200MHz ("GenuineIntel" 686-class) 1.20 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem  = 402157568 (383MB)
avail mem = 384663552 (366MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/18/01, BIOS32 rev. 0 @ 0xfb130, 
SMBIOS rev. 2.2 @ 0xf0800 (38 entries)
bios0: vendor Award Software International, Inc. version "6.00 PG" date 
10/18/2001
bios0: FASTFAME TECHNOLOGY CO.,LTD. 3IDF 3IEF
apm0 at bios0: Power Management spec V1.2 (slowidle)
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0xdf94
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfded0/176 (9 entries)
pcibios0: PCI Exclusive IRQs: 5 7 10 11 12
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82815 Host" rev 0x04
agp0 at pchb0: aperture at 0xe000, size 0x240
ppb0 at pci0 dev 1 function 0 "Intel 82815 AGP" rev 0x04
pci1 at ppb0 bus 1
vga0 at pci1 dev 0 function 0 "ATI Mach64 GZ" rev 0x3a
wsdisplay0 at vga0 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x11
pci2 at ppb1 bus 2
vr0 at pci2 dev 4 function 0 "VIA VT6105 RhineIII" rev 0x8b: irq 11, address 
00:1e:58:9f:f8:16
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 9: OUI 
0x004063, model 0x0034
vr1 at pci2 dev 5 function 0 "VIA VT6105 RhineIII" rev 0x8b: irq 10, address 
00:1e:58:9f:f8:02
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 9: OUI 
0x004063, model 0x0034
pcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x11
pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x11: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 78533MB, 160836480 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
"Intel 82801BA SMBus" rev 0x11 at pci0 dev 31 function 3 not configured
"Intel 82801BA AC97" rev 0x11 at pci0 dev 31 function 5 not configured
isa at pcib0 not configured
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
midi0 at pcppi0: 
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask f3e5 netmask ffe5 ttymask ffe7
mtrr: Pentium Pro MTRR support
root on wd0a swap on wd0b dump on wd0.

Thanks for your help.

--
Best, Yuriy A. Dmitrishin.

Local mail relay

2008-11-20 Thread Yuriy A. Dmitrishin 
Hi.

I have a router with ip 192.168.0.1 and I get such messages in maillog when 
cron try to send report:

router sm-msp-queue[3879]: mAFNUix6020927: to=root, delay=4+12:59:18, 
xdelay=00:00:00, mailer=relay, pri=19473085, relay=[127.0.0.1], dsn=4.0.0, 
stat=Deferred: Connection refused by [127.0.0.1]

How can I tell it send to [EMAIL PROTECTED] if mail relay is on another 
server (ip 192.168.0.2)? I'm not familiar with sendmail.

Thanks for your help.

--
Best, Yuriy A. Dmitrishin.

Issues with FTP and PF

2008-11-17 Thread Yuriy A. Dmitrishin 
Hi.

I have ftp server on vsftpd on ip 192.168.0.2 and a router 192.168.0.1. All
ftp connections to 192.168.0.2 are fine but connections to my ext. ip (e.g.
78.78.78.78) are refused.

Here's part of my pf.conf:

# WAN
vpn_if="tun0"
# LAN
int_if="vr1"
# External Address
ext_addr="78.78.78.78"
# Server IP's
Srv="192.168.0.2"

# NAT / Redirection
nat on $vpn_if from $int_if:network to any -> ($vpn_if)

# FTP
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $vpn_if proto tcp from any to any port 21 -> $Srv
rdr on $vpn_if proto tcp from any to any port 3:30099 -> $Srv

# Actions with FTP
pass in on $vpn_if inet proto tcp to $ext_addr port 21 \
 flags S/SA keep state
 pass out on $int_if inet proto tcp to $Srv port 21 \
 user proxy flags S/SA keep state
anchor "ftp-proxy/*"

Here's my rc.conf.local:

ftpproxy_flags="-R 192.168.0.2 -p 21 -b 78.78.78.78"

Thanks for your help.

--
Best, Yuriy A. Dmitrishin.
--
P! QP2P0P6P5P=P8P5P<, P.QP8P9 PP