Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - huh

Pages: [1] 2 3 ... 16
1
Users / Rerip Audio CD
« on: April 04, 2014, 06:04:37 am »
Is there a way to reset the flag on a ripped cd?  I have a cd that didn't rip correctly, but when I put it back in my system (Dianemo), it says the cd is already done being ripped.

Where is that flag stored and how do I reset it?

Thanks

2
I tried adding a nas last night, 1204.  Found the nas and win share, put in user/pass and put everything as public.  Overnight let it sit and next am didn't have any media.  I can't reproduce your sym links.

3
Users / Re: VPN (Need a place for my notes)
« on: March 21, 2014, 04:11:19 pm »
Sorry for the delay- I am able to connect- here's my setup (Android, Samsung Galaxy S4 running 4.4.2).

/etc/ipsec.conf
Code: [Select]
# /etc/ipsec.conf - Openswan IPsec configuration file

version 2.0

config setup
  nat_traversal=yes
  virtual_private=%4:192.168.80.0/24
  oe=off
  protostack=netkey

conn L2TP-PSK-NAT
  rightsubnet=vhost:%priv,%no
  also=L2TP-PSK-noNAT
  dpddelay=10
  dpdtimeout=90
  dpdaction=clear

conn L2TP-PSK-noNAT
  authby=secret
  pfs=no
  auto=add
  keyingtries=3
  rekey=no
  ikelifetime=8h
  keylife=1h
  type=transport
  left=%defaultroute
  leftprotoport=17/1701
  right=%any
  rightprotoport=17/0

I have UDP ports 500, 4500 and 1701 set as core input on my firewall.

As for the phone, I added an advanced IPsec VPN.  Plugged in a connection name, selected connection as L2TP pre-share key (IKEv1), plugged in the address and my preshare key.  Saved, clicked connect, put in user and password and it connected.

Connection is quick- watching the auth.log using "tail -f /var/log/auth.log" it connects in 10 lines.  Granted that doesn't mean much, but when connecting before it would be 50+ lines. 

I still have an error:
Code: [Select]
netlink_raw_eroute: WARNING: that_client port 1701 and that_host port 64500 don't match. Using that_client port.

So thinking the 1701 in the firewall is still not correct.

4
Users / Re: Southern California Linux Expo
« on: February 22, 2014, 05:24:59 pm »
Are you doing a booth at this year's SCALE?

5
Users / Re: VPN (Need a place for my notes)
« on: February 10, 2014, 04:36:46 am »
Dap-P, this does not work for me on my android or ipad mini- get this:
Code: [Select]
Feb  9 21:29:04 dcerouter pluto[32533]: packet from 192.168.80.182:60500: initial Main Mode message received on 192.168.80.1:500 but no connection has been authorized with policy=PSK
This is with left=%defaultroute in /etc/ipsec.conf and the 1st entry as %any in /etc/ipsec.secrets.

It works if I change the left in /etc/ipsec.conf to 192.168.80.1, change the 1st %any to 192.168.80.1 in /etc/ipsec.secrets.

6
Users / Re: VPN (Need a place for my notes)
« on: February 09, 2014, 05:19:46 pm »

Is there somebody that can confirm changing this line is a working solution?

I'll try this asap, but I think I've been getting a not authorized PSK connection while tailing var/log/auth.log.  Only been able to get around it by editing the ipsec.secrets file and changing the leftmost string to the value set in ipsec.conf (I'm using 192.168.80.1) and then adding PSK after the colon and before the actual PSK.

This is connecting though my android using L2TP IKEv1.  What are you using for your client?

7
Users / Re: VPN (Need a place for my notes)
« on: February 09, 2014, 04:10:03 am »
Basically guys, what is it going to take, to have VPN work out of the box for the most common platforms? I typically don't have to go into advanced in each of the VPN clients and set things like this.

-Thom

I think that's the point- right now, in my experience, it has not been straight forward.  In addition to the ports not being automatically added, the config files are not correct when you tag a user to use VPN in the webadmin -> users page.  While my knowledge of VPNs is marginal- at best- I've been researching this and trying different combinations a while to finally get a point of repeatability

The goal, if I could speak for the ones actually doing the work, is to not have any of this duck-tape.  Going to webadmin, set the PSK, allowed users and their passwords and then the viewable folders in a simple 4 step approach that allows win/*nix/mac/android devices connect nearly effortlessly is where I would like to see this go.  I have a variety of clients from the various OS's, a stable 1204 install and periodically the time to play with this.  Anton/Dap-P and Alblasco1702 have the skills to make this work- I'm just filling forum space with my current setup and limitations.

8
Users / Re: VPN (Need a place for my notes)
« on: February 08, 2014, 04:55:19 am »
Going to put it here so I don't lose it.  This config allows me to connect from the internal network- not yet an external.  This is for a username:password of:  outside:outside.

Also, I have UDP ports 500, 1701 and 4500 set to core input on the core's firewall.

This is not meant to be a guide- this is what pseudo works for me.

/etc/ipsec.conf
Code: [Select]
# /etc/ipsec.conf - Openswan IPsec configuration file

version 2.0

config setup
  nat_traversal=yes
  virtual_private=%4:192.168.80.0/24
  oe=off
  protostack=netkey

conn L2TP-PSK-NAT
  rightsubnet=vhost:%priv
  also=L2TP-PSK-noNAT


conn L2TP-PSK-noNAT
  authby=secret
  pfs=no
  auto=add
  keyingtries=3
  rekey=no
  ikelifetime=8h
  keylife=1h
  type=transport
  left=192.168.80.1
  leftprotoport=17/1701
  right=%any
  rightprotoport=17/%any

/etc/ipsec.secrets
Code: [Select]
# RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".

x.x.x.x %any: PSK "outside"

/etc/xl2tpd/xl2tpd.conf
Code: [Select]
[global]
ipsec saref = no

[lns default]
ip range = 192.168.80.200-192.168.80.210
local ip = 192.168.80.1
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxMCE_VPN_Server
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

/etc/xl2tpd/l2tp-secrets
Code: [Select]
# Secrets for authenticating l2tp tunnels
* * outside


/etc/ppp/options.xl2tpd
Code: [Select]
refuse-mschap-v2
refuse-mschap
ms-dns 192.168.80.1
asyncmap 0
auth
lock
hide-password
local
#debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4


/etc/ppp/chap-secrets
Code: [Select]
# Secrets for authentication using CHAP
outside * outside *

After changes, I use:
Code: [Select]
/etc/init.d/xl2tpd restart
/etc/init.d/ipsec restart
/etc/init.d/pppd-dns restart

Then on my android (Galaxy S4), I have to go to Settings -> More networks -> VPN -> Advanced IPsec VPN and create a VPN connection with the following options:

  • L2TP pre-shared key (IKEv1
  • Pre-shared key (PSK) (as set in /etc/xl2tpd/l2tp-secrets I think)
  • Agressive mode, Perfect forward secrecy and disable split tunnel are all unchecked
  • Group 17 (MODP-6144) under IKE groups
  • IKE lifetime set to 8 hours
  • IPsec encryption and integrity algorithms set to All
  • IPsec lifetime set to 1 hour

9
Developers / Re: Firewall
« on: February 04, 2014, 08:52:38 pm »
Ability to edit and suspend rules would be awesome.  Right now you have to delete and readd to make changes.

10
Users / Re: VPN (Need a place for my notes)
« on: January 29, 2014, 07:59:46 pm »
Please let me know if you need testers- following the directions on the wiki I was able to get my android phone to connect to the VPN. 

I was never able to get the standard Win VPN to connect as I think they use ipsec ikev2 and openswan is only ikev1.  I was trying to replace openswan with strongswan to get ikev2 and broke my install... haven't tried it since reinstall.


11
Users / Re: Pandora - Through SqueezeSlave or other method?
« on: January 22, 2014, 05:07:28 pm »
You can do what we do- use LMCE to host the Squeezebox server, but then use the free Logitech Squeezebox app to control the audio for the 3rd party plugins.  I haven't tried Pandora, but Sirius XM works great.  Big kicker is LMCE doesn't know something anything is playing on the devices, so this is a band-aid and not an integrated solution.

Biggest problem we had was Sirius was coming in as WMA (iirc) and if you look online there are a whole lot of steps to getting it to work- or there used to be.  Turns out there's now a 3rd party WMA plugin available through Squeezebox that fixes all of this.  I don't remember the steps off hand- if you log into the server on port 9000 there is a way to show the available 3rd party plugins and in that list will be WMA.  Again, can't remember if that was the format or if you'd even have a problem using Pandora.

12
Installation issues / Re: PXE boot MD
« on: January 14, 2014, 05:00:04 am »
Did you install from a DVD?  If so, did you run
Code: [Select]
sh /usr/pluto/bin/Diskless_CreateTBZ.sh ?  This was not yet baked into the DVDs last time I installed (around a month ago)?/

13
Developers / Re: Transmission torrent on LinuxMCE
« on: January 13, 2014, 03:14:59 am »
Something like this has been on my list of items to try to tackle for a while.  Like to have something the continually scrubs whatever folders you specify looking for particular media.  Originally this came from someone wanting to setup a photo-booth that automatically added pictures to the screensaver as they were taken.  Seems like a similar approach could be used?!?  Is there a better/preferred method?

14
Developers / Re: Transmission torrent on LinuxMCE
« on: January 12, 2014, 06:44:21 pm »
This is working great OOTB on my recent 1204 installation.  From here, I was able to get a username and password to connect from Win boxes:  http://forum.linuxmce.org/index.php/topic,12739.0.html

Is there a trick to getting LMCE to pick up the files and display them?  h.264 file is not being found.

15
Users / Re: Automatic adding Internet Radio streams to LinuxMCE
« on: January 11, 2014, 05:02:50 am »
Lake to the game, but I just tried this and it worked great.  Only tried a couple stations and they work great.

Pages: [1] 2 3 ... 16