Messages

I also dont know who made that page in the web-admin, but i made that script. I dont know if it is adapted to be used with the webadmin.

But the webadmin page is on my to-do list, please be patient a little longer.

Regards,
Dap-P

You could try to use 'netstat' and see where these connections are coming from.

If you dont have port 5060 forwarded, and you have a firewall rule, it must from somewhere in your internal lan, or from the core itself.


-Anton

Would you mind if we took what we there and added a simple interface in the web admin?

-golgoj4

Sure) If it is not finished by the time i have time  , i will pick up where you guys left off.

Anton.

MTU 576 is the minimum size for IPv6, maybe that has something to do with it?

I know IPv6 can automatically adjust the MTU size, for an unfragmented end-to-end connection

Anton.

I find the synology software very good. But the hardware is very expensive imho.

Recently i migrated my FreeNAS server to http://xpenology.com/ which is a x64 variant of the Synology software.
You can run this on any 64-bit PC, and in my opinion works perfectly.

Anton.

What was the final disposition of this. Does someone want to make it into a formal device so users dont have to hit a forum to enable the feature?
-golgoj4

Soon i will have the time to finish this. in a couple months.

I am not sure if a VPN on the internal network will work in any circumstance, with this setup
Can you try from outside your LinuxMCE network?

Anton

After some more testing, these are my findings:

in /etc/ipsec.conf 2 lines need to change
rightsubnet=vhost:%priv into rightsubnet=vhost:%priv,%no
rightprotoport=17/%any into rightprotoport=17/0

If someone can test this (also with an iphone/ipad)
If it is not working on an apple device, can you add the following lines in the "conn L2TP-PSK" section of /etc/ipsec.conf
dpddelay=10
dpdtimeout=90
dpdaction=clear
And see if it is working?

ofcourse you need to enable the port in the firewall also,
iptables -A INPUT -m policy --dir in --pol ipsec -p udp --dport 1701 -j ACCEPT
to allow l2tp traffic out of the ipsec tunnel
and allow udp port 500 and 4500 in the webadmin

Anton

After some more research, the only thing that seems to need a change is the ipsec.conf.
Better said, only the last line in /etc/ipsec.conf
If you change that from

Code Select Expand

rightprotoport=17/%any to

Code Select Expand

rightprotoport=17/0 it seems to work for me.

i've tried changing the template (/usr/pluto/templates/ipsec.conf.tmpl) But if i then use the webadmin to configure things, it leaves me with an empty /etc/ipsec.conf file.

Is there somebody that can confirm changing this line is a working solution?

I've been able to setup VPN with android clients, after some fiddling with the conf files

For now, i use these :
/etc/ipsec.conf http://paste.ubuntu.com/6864517/
/etc/xl2tpd/xl2tpd.conf http://paste.ubuntu.com/6864407/
(just replace the listen-addr with your external interface ip)

And a password without special characters in /etc/ppp/chap-secrets

Still need to find out what settings are actually necessary for the setup.

Anton

For wireless connectivity, perhaps this site can also help you:
http://www.cyberciti.biz/faq/debian-linux-wpa-wpa2-wireless-wifi-networking/

Anton

Hi all,
I am trying to make VPN work, and i just need a place to put my notes, and perhaps sometimes some help/advice/testers
I dont have a lot of time, and my head is filled with a lot of things lately, so thats why i dump this here

This is what i know for now:

VPN is working if the Core has a public addressable IP, ie not 192.168.x.x, 10.x.x.x, 172.16.x.x
It is working with and without NAT, (protocol 50 or udp port 4500)

What you need to make it work:

In firewall, allow udp 500, udp 4500, and ip 50 (protocol 50)

And you need to accept 1701 out of the IPSEC tunnel:
iptables -A INPUT -m policy --dir in --pol ipsec -p udp --dport 1701 -j ACCEPT


There needs to be a ppp-up script that allows the remote end in iptables. Next time i work on VPN, i'll try to make it.
could be that just ifup ppp0 is enough -> need to test

It's possible that for devices to use 'internet' over VPN masquerading is needed:
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.80.0/24 -j MASQUERADE


Conclusions:
- If VPN is working internally, it is working with a public outside ip
- Is setup with a private outside ip, 1701 traffic doesn't want to go through the ipsec tunnel, and thus failing
  This could be because i have only tested this with android clients, i need to try with windows, or mac (or linux)
- It's easiest to setup with firewall disabled.
- There is still some work that need to be done on scripting and automatic adding of firewall rules.


Anton

Perhaps this could be of use : http://wiki.linuxmce.org/index.php/Squeezeslave_on_the_core

And again an update, this is fully functional for me.
Changed to a little different downloadurl, and put some some different filters in there.

In theory, what garagevibes sayd is possible, only i want this script to do all this automaticly.

Now, if only your country gets detected, the website should filter by popular stations.
Can you UK-based guys test this?

Anton

Again, an update. I dont know if this is working for everybody, but i hope so

Anton