Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - huh

Pages: 1 [2] 3 4 ... 17
Users / Re: VPN (Need a place for my notes)
« on: February 10, 2014, 04:36:46 am »
Dap-P, this does not work for me on my android or ipad mini- get this:
Code: [Select]
Feb  9 21:29:04 dcerouter pluto[32533]: packet from initial Main Mode message received on but no connection has been authorized with policy=PSK
This is with left=%defaultroute in /etc/ipsec.conf and the 1st entry as %any in /etc/ipsec.secrets.

It works if I change the left in /etc/ipsec.conf to, change the 1st %any to in /etc/ipsec.secrets.

Users / Re: VPN (Need a place for my notes)
« on: February 09, 2014, 05:19:46 pm »

Is there somebody that can confirm changing this line is a working solution?

I'll try this asap, but I think I've been getting a not authorized PSK connection while tailing var/log/auth.log.  Only been able to get around it by editing the ipsec.secrets file and changing the leftmost string to the value set in ipsec.conf (I'm using and then adding PSK after the colon and before the actual PSK.

This is connecting though my android using L2TP IKEv1.  What are you using for your client?

Users / Re: VPN (Need a place for my notes)
« on: February 09, 2014, 04:10:03 am »
Basically guys, what is it going to take, to have VPN work out of the box for the most common platforms? I typically don't have to go into advanced in each of the VPN clients and set things like this.


I think that's the point- right now, in my experience, it has not been straight forward.  In addition to the ports not being automatically added, the config files are not correct when you tag a user to use VPN in the webadmin -> users page.  While my knowledge of VPNs is marginal- at best- I've been researching this and trying different combinations a while to finally get a point of repeatability

The goal, if I could speak for the ones actually doing the work, is to not have any of this duck-tape.  Going to webadmin, set the PSK, allowed users and their passwords and then the viewable folders in a simple 4 step approach that allows win/*nix/mac/android devices connect nearly effortlessly is where I would like to see this go.  I have a variety of clients from the various OS's, a stable 1204 install and periodically the time to play with this.  Anton/Dap-P and Alblasco1702 have the skills to make this work- I'm just filling forum space with my current setup and limitations.

Users / Re: VPN (Need a place for my notes)
« on: February 08, 2014, 04:55:19 am »
Going to put it here so I don't lose it.  This config allows me to connect from the internal network- not yet an external.  This is for a username:password of:  outside:outside.

Also, I have UDP ports 500, 1701 and 4500 set to core input on the core's firewall.

This is not meant to be a guide- this is what pseudo works for me.

Code: [Select]
# /etc/ipsec.conf - Openswan IPsec configuration file

version 2.0

config setup


conn L2TP-PSK-noNAT

Code: [Select]
# RCSID $Id: ipsec.secrets.proto,v 2005/09/28 13:59:14 paul Exp $
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".

x.x.x.x %any: PSK "outside"

Code: [Select]
ipsec saref = no

[lns default]
ip range =
local ip =
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxMCE_VPN_Server
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

Code: [Select]
# Secrets for authenticating l2tp tunnels
* * outside

Code: [Select]
asyncmap 0
name l2tpd
lcp-echo-interval 30
lcp-echo-failure 4

Code: [Select]
# Secrets for authentication using CHAP
outside * outside *

After changes, I use:
Code: [Select]
/etc/init.d/xl2tpd restart
/etc/init.d/ipsec restart
/etc/init.d/pppd-dns restart

Then on my android (Galaxy S4), I have to go to Settings -> More networks -> VPN -> Advanced IPsec VPN and create a VPN connection with the following options:

  • L2TP pre-shared key (IKEv1
  • Pre-shared key (PSK) (as set in /etc/xl2tpd/l2tp-secrets I think)
  • Agressive mode, Perfect forward secrecy and disable split tunnel are all unchecked
  • Group 17 (MODP-6144) under IKE groups
  • IKE lifetime set to 8 hours
  • IPsec encryption and integrity algorithms set to All
  • IPsec lifetime set to 1 hour

Developers / Re: Firewall
« on: February 04, 2014, 08:52:38 pm »
Ability to edit and suspend rules would be awesome.  Right now you have to delete and readd to make changes.

Users / Re: VPN (Need a place for my notes)
« on: January 29, 2014, 07:59:46 pm »
Please let me know if you need testers- following the directions on the wiki I was able to get my android phone to connect to the VPN. 

I was never able to get the standard Win VPN to connect as I think they use ipsec ikev2 and openswan is only ikev1.  I was trying to replace openswan with strongswan to get ikev2 and broke my install... haven't tried it since reinstall.

Users / Re: Pandora - Through SqueezeSlave or other method?
« on: January 22, 2014, 05:07:28 pm »
You can do what we do- use LMCE to host the Squeezebox server, but then use the free Logitech Squeezebox app to control the audio for the 3rd party plugins.  I haven't tried Pandora, but Sirius XM works great.  Big kicker is LMCE doesn't know something anything is playing on the devices, so this is a band-aid and not an integrated solution.

Biggest problem we had was Sirius was coming in as WMA (iirc) and if you look online there are a whole lot of steps to getting it to work- or there used to be.  Turns out there's now a 3rd party WMA plugin available through Squeezebox that fixes all of this.  I don't remember the steps off hand- if you log into the server on port 9000 there is a way to show the available 3rd party plugins and in that list will be WMA.  Again, can't remember if that was the format or if you'd even have a problem using Pandora.

Installation issues / Re: PXE boot MD
« on: January 14, 2014, 05:00:04 am »
Did you install from a DVD?  If so, did you run
Code: [Select]
sh /usr/pluto/bin/ ?  This was not yet baked into the DVDs last time I installed (around a month ago)?/

Developers / Re: Transmission torrent on LinuxMCE
« on: January 13, 2014, 03:14:59 am »
Something like this has been on my list of items to try to tackle for a while.  Like to have something the continually scrubs whatever folders you specify looking for particular media.  Originally this came from someone wanting to setup a photo-booth that automatically added pictures to the screensaver as they were taken.  Seems like a similar approach could be used?!?  Is there a better/preferred method?

Developers / Re: Transmission torrent on LinuxMCE
« on: January 12, 2014, 06:44:21 pm »
This is working great OOTB on my recent 1204 installation.  From here, I was able to get a username and password to connect from Win boxes:,12739.0.html

Is there a trick to getting LMCE to pick up the files and display them?  h.264 file is not being found.

Users / Re: Automatic adding Internet Radio streams to LinuxMCE
« on: January 11, 2014, 05:02:50 am »
Lake to the game, but I just tried this and it worked great.  Only tried a couple stations and they work great.

Installation issues / Re: can't create Md under lmce1204
« on: December 25, 2013, 06:55:18 am »
edit diskless create tbz, check where the apt-get update line is, and at the end type || :

and re-run it.

Did this work for you?  I too am having an error creating a MD- the MD gets an ip address, but is "Unable to locate configuration file".  There isn't an "apt-get update line" in /usr/pluto/bin/

Edit:  I take that back- I think it is on line 417:
Code: [Select]
       LC_ALL=C chroot $TEMP_DIR apt-get -y -qq update || :[/s]

My mistake- didn't realize you needed to run the diskless create on the current snapshots- to get it to run I had to use:
Code: [Select]
sudo -i /usr/pluto/bin/
Thanks again phenigma!

Users / Re: Samsung Galaxy s3- anyone able to use orbiter
« on: November 17, 2013, 04:46:25 am »
My S4 works great.  No experience with an S3.

Developers / Re: Workshop Video: How are devices made plug and play?
« on: July 16, 2013, 11:45:56 pm »
Yes, it will probably be very helpful when I get a 1204 setup running, but waiting for qorbiter and lmce's new DVD to start.  Still want to build a sirius xm plugin...

Putting in a feature request to add "Edit" and "Disable" buttons to each line in Advanced->Firewall. 

Right now you can add the address to forward the ports, but to disable those (even temporarily) you need to delete the line.  Also, if you choose to change the address where a port is being forwarded, currently you must delete the existing and recreate the rule.  A edit option that made the cells editable and a radio button to reflect the enabled rules would be very helpful- similar to what's found on a typical residential router.

Pages: 1 [2] 3 4 ... 17