Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - huh

Pages: [1] 2 3 ... 16
Users / Re: Dianemo Installation
« on: March 19, 2015, 12:58:57 am »
Quick update/reply to may post.  After update && upgrade on the standard Ubuntu packages (pre-Dianemo) my nics were not supported by default.  Don't fully understand why, but not a Dianemo issue.

That said, Andrew and his Dianemo team were extremely responsive and helpful getting the system up and running- beyond the scope of what I thought my license did/should have included.

In-laws are happy again to have their squeezeboxes running.

Users / Dianemo Installation
« on: March 08, 2015, 01:44:30 am »
Completely changing my post as I've done a complete reinstall of 12.04.

I've tried the dianemo-installer 1.20 and 1.21 (on different installation attempts) and both return the same result.  Ubuntu says, "The system network services are not compatible with this version." 

ifconfig only lists my lo at 127.00.1.  lshw -class network, however lists my wireless adapters in addition to both of my wired connections.  After the 12.04 install, both NICs worked just fine- it was only (guessing) 3/4 of the way through the Dianemo install that it died.

Install log just reflects "Installation FAILED: Nerve Centre".

Any thoughts on getting this back up? 

Here's my lspci -nnk | grep -i -A2 net:

02:00.0 Network controller [0280]: Realtek Semiconductor Co., Ltd. RTL8188EE Wireless Network Adapter [10ec:8179] (rev 01)
   Subsystem: Hewlett-Packard Company Device [103c:197d]
   Kernel driver in use: rtl8188ee
05:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8101E/RTL8102E PCI Express Fast Ethernet controller [10ec:8136] (rev 07)
   Subsystem: Hewlett-Packard Company Device [103c:1982]
   Kernel driver in use: r8169

Next edit- was able to edit /etc/network/interfaces, set eth0 to dhcp, ifup eth0 to not have an ip.  Running just tells me that "package dianemo-orbiter is not configured yet".

OK- recent revisions to the firewall go a long way to getting this accomplished, but I've seen a few bugs:

1) If you use the simple (as compared with "Advanced Firewall Settings") configuration and edit a rule, the "save" text is not clickable, so there is no way to save the changes.
2) If you add a forward rule that applies to TCP and UDF, whatever you put in the "Description" box is saved into the "Limit to IP" box.
3) There isn't an option to type in the source port- in its place is a dropdown for the protocol.  What you type in for the destination port gets entered as the source port when saved.

Anyone else experience this?

12.04, updated tonight (July 19).

Users / Re: zwave network lockups/delays
« on: June 13, 2014, 05:14:40 am »
I've had this when one of my nodes (plug-in dimmer) was unplugged.  I made up the scenario that the system was trying to "talk" to the missing node for a while, would give up and then catch-up with the string of commands.

I have no documentation to support this hypothesis.

Cool, I think that was a yes to my question regarding the input/forward.  Look forward to testing once you get it patched.

Albasco1702- going to try to catch you here rather then IRC as I think we're in vastly different timezones and I'm not sure if my client timed out before you finished your instructions.

What I saw you wrote was to use nat prerouting destination port.  So to forward incoming port 8090 to 80 on, I would do:
destinationport 8090:80 destination ACCEPT

And then
forward destinationport 80 destinationip ACCEPT

I'm guessing this all has to be done using the Advanced Firewall Settings option from the web admin.  Is the 1st part using eth1 (external nic) and the 2nd part using eth0 (external nic)?

Do you have plans of adding the ability to do this to the "simple" firewall version?

The new firewall page is cool- takes care of the things I asked for above. 

That said, how do you use it?  I have a fully updated 1204 system and went to add a new rule.  Selected IPv4 from the dropdown and entered the port I wanted forwarded- all good.  But, the boxes for entering the destination port and ip are not options to type into on Firefox 28.0 (kubuntu box) or rekong (0.9.1)- I haven't tried other browsers.  Even adding the rule and clicking edit doesn't let you modify the forward to port or the destination IP.

Users / Rerip Audio CD
« on: April 04, 2014, 06:04:37 am »
Is there a way to reset the flag on a ripped cd?  I have a cd that didn't rip correctly, but when I put it back in my system (Dianemo), it says the cd is already done being ripped.

Where is that flag stored and how do I reset it?


I tried adding a nas last night, 1204.  Found the nas and win share, put in user/pass and put everything as public.  Overnight let it sit and next am didn't have any media.  I can't reproduce your sym links.

Users / Re: VPN (Need a place for my notes)
« on: March 21, 2014, 04:11:19 pm »
Sorry for the delay- I am able to connect- here's my setup (Android, Samsung Galaxy S4 running 4.4.2).

Code: [Select]
# /etc/ipsec.conf - Openswan IPsec configuration file

version 2.0

config setup


conn L2TP-PSK-noNAT

I have UDP ports 500, 4500 and 1701 set as core input on my firewall.

As for the phone, I added an advanced IPsec VPN.  Plugged in a connection name, selected connection as L2TP pre-share key (IKEv1), plugged in the address and my preshare key.  Saved, clicked connect, put in user and password and it connected.

Connection is quick- watching the auth.log using "tail -f /var/log/auth.log" it connects in 10 lines.  Granted that doesn't mean much, but when connecting before it would be 50+ lines. 

I still have an error:
Code: [Select]
netlink_raw_eroute: WARNING: that_client port 1701 and that_host port 64500 don't match. Using that_client port.

So thinking the 1701 in the firewall is still not correct.

Users / Re: Southern California Linux Expo
« on: February 22, 2014, 05:24:59 pm »
Are you doing a booth at this year's SCALE?

Users / Re: VPN (Need a place for my notes)
« on: February 10, 2014, 04:36:46 am »
Dap-P, this does not work for me on my android or ipad mini- get this:
Code: [Select]
Feb  9 21:29:04 dcerouter pluto[32533]: packet from initial Main Mode message received on but no connection has been authorized with policy=PSK
This is with left=%defaultroute in /etc/ipsec.conf and the 1st entry as %any in /etc/ipsec.secrets.

It works if I change the left in /etc/ipsec.conf to, change the 1st %any to in /etc/ipsec.secrets.

Users / Re: VPN (Need a place for my notes)
« on: February 09, 2014, 05:19:46 pm »

Is there somebody that can confirm changing this line is a working solution?

I'll try this asap, but I think I've been getting a not authorized PSK connection while tailing var/log/auth.log.  Only been able to get around it by editing the ipsec.secrets file and changing the leftmost string to the value set in ipsec.conf (I'm using and then adding PSK after the colon and before the actual PSK.

This is connecting though my android using L2TP IKEv1.  What are you using for your client?

Users / Re: VPN (Need a place for my notes)
« on: February 09, 2014, 04:10:03 am »
Basically guys, what is it going to take, to have VPN work out of the box for the most common platforms? I typically don't have to go into advanced in each of the VPN clients and set things like this.


I think that's the point- right now, in my experience, it has not been straight forward.  In addition to the ports not being automatically added, the config files are not correct when you tag a user to use VPN in the webadmin -> users page.  While my knowledge of VPNs is marginal- at best- I've been researching this and trying different combinations a while to finally get a point of repeatability

The goal, if I could speak for the ones actually doing the work, is to not have any of this duck-tape.  Going to webadmin, set the PSK, allowed users and their passwords and then the viewable folders in a simple 4 step approach that allows win/*nix/mac/android devices connect nearly effortlessly is where I would like to see this go.  I have a variety of clients from the various OS's, a stable 1204 install and periodically the time to play with this.  Anton/Dap-P and Alblasco1702 have the skills to make this work- I'm just filling forum space with my current setup and limitations.

Users / Re: VPN (Need a place for my notes)
« on: February 08, 2014, 04:55:19 am »
Going to put it here so I don't lose it.  This config allows me to connect from the internal network- not yet an external.  This is for a username:password of:  outside:outside.

Also, I have UDP ports 500, 1701 and 4500 set to core input on the core's firewall.

This is not meant to be a guide- this is what pseudo works for me.

Code: [Select]
# /etc/ipsec.conf - Openswan IPsec configuration file

version 2.0

config setup


conn L2TP-PSK-noNAT

Code: [Select]
# RCSID $Id: ipsec.secrets.proto,v 2005/09/28 13:59:14 paul Exp $
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".

x.x.x.x %any: PSK "outside"

Code: [Select]
ipsec saref = no

[lns default]
ip range =
local ip =
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxMCE_VPN_Server
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

Code: [Select]
# Secrets for authenticating l2tp tunnels
* * outside

Code: [Select]
asyncmap 0
name l2tpd
lcp-echo-interval 30
lcp-echo-failure 4

Code: [Select]
# Secrets for authentication using CHAP
outside * outside *

After changes, I use:
Code: [Select]
/etc/init.d/xl2tpd restart
/etc/init.d/ipsec restart
/etc/init.d/pppd-dns restart

Then on my android (Galaxy S4), I have to go to Settings -> More networks -> VPN -> Advanced IPsec VPN and create a VPN connection with the following options:

  • L2TP pre-shared key (IKEv1
  • Pre-shared key (PSK) (as set in /etc/xl2tpd/l2tp-secrets I think)
  • Agressive mode, Perfect forward secrecy and disable split tunnel are all unchecked
  • Group 17 (MODP-6144) under IKE groups
  • IKE lifetime set to 8 hours
  • IPsec encryption and integrity algorithms set to All
  • IPsec lifetime set to 1 hour

Pages: [1] 2 3 ... 16