Re: [Server-devel] Trying to access a school server from the outside world
I thought I had already set you up for using the Amazon passthrough. But here are the steps: 1. There is a user at the https://50.17.210.12:943/admin/ port with username:gonzalo and a password I will send separately. 2. Sign on there and change your password. You can use this sign on at any time to see if the "sora server" client connection is available at the passthrough. 3. Then you will need to create a new user without administrative privileges that will become the server's client connection to the vpn. The generation of the keys for the "sora server" is triggered by accessing https://50.17.210.12:943/ (without admin), and logging on with the credentials you created when you set up the "sora server" user. 4. When you make this https:// access, the amazon openvpn application will offer to let you download the openvpn client application. I have usually "yum installed" openvpn already. Hit refresh, and you will be given a choice to download an unattended access key file. 5. Download the "cient.ovpn" file and change it so something similar to the username you created. Place it in the /etc/openvpn/ directory of "sora server" Sorry I missed your request when it came 3 days ago. On Sat, Jun 13, 2015 at 7:54 PM, Gonzalo Odiard wrote: > Could I use your passthrough server to access Sora server? > What we should do setup it? > > Gonzalo > > On Sat, Jun 13, 2015 at 4:16 PM, George Hunt > wrote: > >> Typically a server is behind some sort of NAT device, and some sort of >> firewall, and most likely has a variable ip address assigned by the ISP's >> dhcpd. The trick is to have the server initiate an outgoing conversation >> to a device on the internet that is always on. I purchased a micro >> instance on amazon cloud for the purpose. >> >> The amazon instance generates keys for clients which permits passthrough >> conversations between any clients. There's two levels of authentication -- >> 1. need a vpn key to connect to the amazon instance, and 2. need >> authentication at the ssh port of the target (preferably a public key in >> .ssh/authorized_keys on the target -making dictionary attacks less likely). >> >> But I'm becoming a fan of teamviewer. You need to install Xorg, and I >> usually install XFCE because it's pretty light weight. Up until now, I've >> resisted a GUI for servers. >> >> >> >> On Sat, Jun 13, 2015 at 2:25 PM, Tim Moody wrote: >> >>> I should also have mentioned that we have started using TeamViewer on >>> some of the servers which allows a session on the server without using the >>> vpn hub. >>> >>> ___ >>> Server-devel mailing list >>> Server-devel@lists.laptop.org >>> http://lists.laptop.org/listinfo/server-devel >>> >> >> >> ___ >> Server-devel mailing list >> Server-devel@lists.laptop.org >> http://lists.laptop.org/listinfo/server-devel >> >> > > > -- > Gonzalo Odiard > > SugarLabs - Software for children learning > ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Trying to access a school server from the outside world
Thanks! On Tue, Jun 16, 2015 at 12:51 PM, George Hunt wrote: > I thought I had already set you up for using the Amazon passthrough. But > here are the steps: > > >1. There is a user at the https://50.17.210.12:943/admin/ port with >username:gonzalo and a password I will send separately. >2. Sign on there and change your password. You can use this sign on at >any time to see if the "sora server" client connection is available at the >passthrough. >3. Then you will need to create a new user without administrative >privileges that will become the server's client connection to the vpn. The >generation of the keys for the "sora server" is triggered by accessing >https://50.17.210.12:943/ (without admin), and logging on with the >credentials you created when you set up the "sora server" user. >4. When you make this https:// access, the amazon openvpn application >will offer to let you download the openvpn client application. I have >usually "yum installed" openvpn already. Hit refresh, and you will be given >a choice to download an unattended access key file. >5. Download the "cient.ovpn" file and change it so something similar >to the username you created. Place it in the /etc/openvpn/ directory of >"sora server" > > Sorry I missed your request when it came 3 days ago. > > > On Sat, Jun 13, 2015 at 7:54 PM, Gonzalo Odiard > wrote: > >> Could I use your passthrough server to access Sora server? >> What we should do setup it? >> >> Gonzalo >> >> On Sat, Jun 13, 2015 at 4:16 PM, George Hunt >> wrote: >> >>> Typically a server is behind some sort of NAT device, and some sort of >>> firewall, and most likely has a variable ip address assigned by the ISP's >>> dhcpd. The trick is to have the server initiate an outgoing conversation >>> to a device on the internet that is always on. I purchased a micro >>> instance on amazon cloud for the purpose. >>> >>> The amazon instance generates keys for clients which permits passthrough >>> conversations between any clients. There's two levels of authentication -- >>> 1. need a vpn key to connect to the amazon instance, and 2. need >>> authentication at the ssh port of the target (preferably a public key in >>> .ssh/authorized_keys on the target -making dictionary attacks less likely). >>> >>> But I'm becoming a fan of teamviewer. You need to install Xorg, and I >>> usually install XFCE because it's pretty light weight. Up until now, I've >>> resisted a GUI for servers. >>> >>> >>> >>> On Sat, Jun 13, 2015 at 2:25 PM, Tim Moody wrote: >>> I should also have mentioned that we have started using TeamViewer on some of the servers which allows a session on the server without using the vpn hub. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel >>> >>> >>> ___ >>> Server-devel mailing list >>> Server-devel@lists.laptop.org >>> http://lists.laptop.org/listinfo/server-devel >>> >>> >> >> >> -- >> Gonzalo Odiard >> >> SugarLabs - Software for children learning >> > > -- Gonzalo Odiard SugarLabs - Software for children learning ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Trying to access a school server from the outside world
I would need access 'lascahobas' server, because the new server is not available yet. Could you provide me the client information needed? Sorry to bother, I didn't used openvpn before. Gonzalo On Tue, Jun 16, 2015 at 12:51 PM, George Hunt wrote: > I thought I had already set you up for using the Amazon passthrough. But > here are the steps: > > >1. There is a user at the https://50.17.210.12:943/admin/ port with >username:gonzalo and a password I will send separately. >2. Sign on there and change your password. You can use this sign on at >any time to see if the "sora server" client connection is available at the >passthrough. >3. Then you will need to create a new user without administrative >privileges that will become the server's client connection to the vpn. The >generation of the keys for the "sora server" is triggered by accessing >https://50.17.210.12:943/ (without admin), and logging on with the >credentials you created when you set up the "sora server" user. >4. When you make this https:// access, the amazon openvpn application >will offer to let you download the openvpn client application. I have >usually "yum installed" openvpn already. Hit refresh, and you will be given >a choice to download an unattended access key file. >5. Download the "cient.ovpn" file and change it so something similar >to the username you created. Place it in the /etc/openvpn/ directory of >"sora server" > > Sorry I missed your request when it came 3 days ago. > > > On Sat, Jun 13, 2015 at 7:54 PM, Gonzalo Odiard > wrote: > >> Could I use your passthrough server to access Sora server? >> What we should do setup it? >> >> Gonzalo >> >> On Sat, Jun 13, 2015 at 4:16 PM, George Hunt >> wrote: >> >>> Typically a server is behind some sort of NAT device, and some sort of >>> firewall, and most likely has a variable ip address assigned by the ISP's >>> dhcpd. The trick is to have the server initiate an outgoing conversation >>> to a device on the internet that is always on. I purchased a micro >>> instance on amazon cloud for the purpose. >>> >>> The amazon instance generates keys for clients which permits passthrough >>> conversations between any clients. There's two levels of authentication -- >>> 1. need a vpn key to connect to the amazon instance, and 2. need >>> authentication at the ssh port of the target (preferably a public key in >>> .ssh/authorized_keys on the target -making dictionary attacks less likely). >>> >>> But I'm becoming a fan of teamviewer. You need to install Xorg, and I >>> usually install XFCE because it's pretty light weight. Up until now, I've >>> resisted a GUI for servers. >>> >>> >>> >>> On Sat, Jun 13, 2015 at 2:25 PM, Tim Moody wrote: >>> I should also have mentioned that we have started using TeamViewer on some of the servers which allows a session on the server without using the vpn hub. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel >>> >>> >>> ___ >>> Server-devel mailing list >>> Server-devel@lists.laptop.org >>> http://lists.laptop.org/listinfo/server-devel >>> >>> >> >> >> -- >> Gonzalo Odiard >> >> SugarLabs - Software for children learning >> > > -- Gonzalo Odiard SugarLabs - Software for children learning ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] XO1.5 as Access Point using thinfirm
Thanks to James Cameron's work on FC22 kernel, I have an image of XSCE running in an SD card on an XO1.5. The regular libertas driver works as a client. There is documentation for using a special driver, and special firmware at http://wiki.laptop.org/go/Libertas_Thinfirmware_HOWTO: http://wiki.laptop.org/go/Thinfirm_1.5 http://wiki.laptop.org/go/Test_Report Which I have attempted to follow. I have added config items(below) and created a new kernel. Questions; 1. The libertas_tf module loads via modprobe (after rmmod libertas cfg80211) Does this mean that it has found the firmware? 2. After blacklisting libertas, and a reboot, there is a new device sit0, which may indicate that the proper network driver is not being found/loaded.(dmesg is quiet about libertastf) 3. Are there incompatabilities between libertas_sdio and libertas_usb -- should it be one or the other? CONFIG_LIBERTAS_THINFIRM=m CONFIG_LIBERTAS=m CONFIG_LIBERTAS_USB=m CONFIG_LIBERTAS_SDIO=m CONFIG_LIBERTAS_DEBUG=y CONFIG_LIBERTAS_MESH=y CONFIG_FW_LOADER=y CONFIG_MAC80211=m CONFIG_MAC80211_HAS_RC=y CONFIG_MAC80211_RC_MINSTREL=y CONFIG_MAC80211_RC_MINSTREL_HT=y CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" CONFIG_MAC80211_LEDS=y ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] XO1.5 as Access Point using thinfirm
On Tue, Jun 16, 2015 at 02:45:58PM -0400, George Hunt wrote: > Thanks to James Cameron's work on FC22 kernel, Just to clarify, my work was on porting the latest kernel to the XO-1.5, not on Fedora 22. I've done no tests of Fedora 22. > I have an image of XSCE running in an SD card on an XO1.5. > > The regular libertas driver works as a client. > > There is documentation for using a special driver, and special > firmware at > > http://wiki.laptop.org/go/Libertas_Thinfirmware_HOWTO: > http://wiki.laptop.org/go/Thinfirm_1.5 > http://wiki.laptop.org/go/Test_Report On the XO-1.5, XO-1.75 and XO-4 version 9.0.7.p2 of the thin firmware is embedded in the Open Firmware dropin filesystem, in case you ever need it and don't have internet handy; ok copy rom:sd8686.bin u:\lbtf_sdio.bin It is used by Open Firmware for NANDblaster and wireless access. You can test this firmware and the hardware by typing; ok select /wlan:force ok d# 11 " xoap" start-ap A network xoap should then be visible on other laptops. The test network has no associate, authenticate, or DHCP service, so it is not particularly useful alone. The purpose of this test network is to make sure your hardware and firmware is working. You can add associate and authenticate support by rebooting and typing: ok select /wlan:force ok do-ap This kind of access point is useful for antenna and packet testing. See http://wiki.laptop.org/go/Antenna_testing You can also test the later firmware by setting an environment variable before the select command; ok setenv wlan-fw u:\p3.bin Once you have verified working hardware, firmware, and both antenna, you're all set to test in the operating system. ;-) (The second antenna becomes way more critical when using an XO as access point or NANDblaster transmitter. The coax can be damaged without visible evidence.) > Which I have attempted to follow. I have added config items(below) > and created a new kernel. > Questions; > > 1. The libertas_tf module loads via modprobe (after rmmod libertas > cfg80211) Does this mean that it has found the firmware? Don't know. Look at the interrupt count for the device in /proc/interrupts; if there are lots of interrupts, I'd say the module has communicated with the wireless card. After that it's a matter of looking at the module source and enabling debug modes. > 2. After blacklisting libertas, and a reboot, there is a new device > sit0, which may indicate that the proper network driver is not > being found/ loaded.(dmesg is quiet about libertastf) I agree. It may be that the kernel support for this isn't as tested in 4.1 as it was in previous versions. Thanks for investigating. > 3. Are there incompatabilities between libertas_sdio and > libertas_usb -- should it be one or the other? The design of the kernel modules supports both the USB8388 wireless card on the XO-1, and the SD8686 wireless card on the XO-1.5. Unless you plan to use the (deprecated, unavailable) external USB83833 active antenna devices, you can omit the USB support. I doubt it will have any effect. -- James Cameron http://quozl.linux.org.au/ ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
