Crowdedplace – Page 6 – Open Source packages. Plugins and patches for Icinga & Nagios. SNMP tools.

August 3, 2010April 28, 2018

iPhone / iPad VPNs to Ubuntu Server 8.04/10.04 (v1.1)

Hi everyone,

lately I have been testing more than one IPsec configuration and I’m not convinced by what is currently provided by Ubuntu/Debian and I now don’t think OpenSWAN to be the best solution available.

Actually I ran into the following issues while trying OpenSWAN and StrongSWAN as provided by Ubuntu 8.04 and 10.04:

Ubuntu 8.04 LTS (openswan 2.4.9): client connections are dropped after 60 minutes (see http://lists.openswan.org/pipermail/users/2009-July/017098.html)
Ubuntu 10.04 LTS (openswan 2.6.23): responses to L2TP requests are not encapsulated in IPsec; since the original L2TP request was encapsulated in IPsec any client located behind a NAT-device (ADSL router, internal company network et. al.) won’t be able to receive the response – the response will be dropped by the NAT-device (see http://bugs.xelerance.com/view.php?id=1004)
Ubuntu 8.04 LTS (strongswan 4.1.9) and Ubuntu 10.04 LTS (strongswan 4.3.2): NAT-T support is not enabled in the binary; this is defined as “not safe” in the build script “debian/rules” which is more or less a bit of a headache, since everyone of us trying to use a mobile device from WIFI networks will at some point in time need support for this

While trying out different versions of OpenSWAN I stumbled from one issue (and bug) into the next. I finally decided to settle for StrongSWAN and followed Niels’ advice (see http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/) on how to re-build a StrongSWAN package with NAT-T support.

Even though I’m no security expert, I believe it to be a bad choice by the original package maintainers not to include NAT-T support. It should be up to us sys-admins to decide whether or not we want to activate it. If you don’t compile support for it into the binary, you take the choice for this vital component (IMHO) away from us! Just put “nat_traversal=no” and a nice comment about it “possibly” not being safe into the package’s default configuration file!

PLEASE NOTICE: StrongSWAN’s NAT-T “possibly not being safe” does not refer to an implementation issue with this feature but to the specification itself!!

I guess not everyone has a mind to re-build the whole package, so I’ll provide pre-compiled StrongSWAN packages with activated NAT-T support for Ubuntu 8.04 LTS / 10.04 LTS.

(4 votes, average: 4.75 out of 5)

DOWNLOADS: iPhone / iPad VPN and firewall example configuration (6529 downloads )

Whatever you think about this short post – please drop me a note at info@crowdedplace.com or otherwise simple use the yellow button at the right… 🙂

July 8, 2010April 28, 2018

iPhone / iPad VPNs to Ubuntu Server 8.04/10.04 (v1.0)

Initialization of change-relevant information in domain objects after calls to loadDB added. Some more cleanups to various methods as suggested by Luca.

Thanks again!

This covers L2TP over IPsec (as supported by iPhone/iPad) and securing L2TP with iptables.

The story began a few days ago as I stumbled across the idea of having VPN connections from my iPhone/iPad to my servers. Even though there is loads of information about it on the net, there is nothing that really covers it thoroughly the way I needed it. To tell the truth: there is nearly nil information available on how to configure iptables on a 2.6 kernel to shield L2TP… well here is a try to help some of you guys.

Beware – these are examples are meant to allow you to create a 1:1 VPN to a single host/server. In order to build a VPN tunnel (1:n through a firewall) you will have to modify this a bit. If anyone is interested, let me know!

1 Star 2 Stars 3 Stars 4 Stars 5 Stars (1 votes, average: 5.00 out of 5)
Loading...
DOWNLOAD: iPhone / iPad VPN and firewall example configuration (5755 downloads )

May 15, 2010April 28, 2018

PHP EPP library IT-NIC (v2.11)

Initialization of change-relevant information in domain objects after calls to loadDB added. Some more cleanups to various methods as suggested by Luca.

Thanks again!

(5 votes, average: 5.00 out of 5)

DOWNLOAD: EPP library IT-NIC (PHP) (4257 downloads )

April 27, 2010April 28, 2018

PHP EPP library IT-NIC (v2.10)

Some more code cleanup provided by Luca!

(6 votes, average: 5.00 out of 5)

DOWNLOAD: EPP library IT-NIC (PHP) (3912 downloads )

April 10, 2010April 28, 2018

PHP EPP library IT-NIC (v2.9)

Two more bugs found by Luca have been corrected.

1) Using an “in_array” comparision containing a boolean TRUE will cause this to match ANY string passed to it, since “in_array” does not do type-safe comparisons. This error relates to the values for “consentforpublishing” and has caused every contact (where it was manually assigned a string value) to be created with it set to ‘TRUE’ instead of whatever was your intention!

2) The storage driver will not save the “consentforpublishing” information correctly. The SQL-type for it was defined to be MySQL’s tinyint by the schema provided in all versions. Since all doStore() calls will encapsulate every variable in between two single apostrophes (ie. ‘value’), this has caused every contact to be saved with “consentforpublishing” set to ‘0’.

ATTENTION! Everyone using the storage driver provided with an implementation up to 2.9 will therefor have lost information about the “consentforpublishing” value. Everyone is strongly advised to UPGRADE and check backups and set things straight with!

(1 votes, average: 5.00 out of 5)

DOWNLOAD: EPP library IT-NIC (PHP) (3923 downloads )

April 9, 2010April 28, 2018

PHP EPP library IT-NIC (v2.8.1)

Removed a minor error from the update-domain template which caused the removal of NS records to fail. Also updated both CLI examples for updating NS and tech-c records in order to support adding or removing of multiple values in one go.

Thanks Marco for pointing both out!

Cleaned up the ‘CLI-generic-update-domain-authinfo.php’ example and combined a common interface to all major update operations inside of a single example called ‘CLI-generic-domain-script.php’.

(2 votes, average: 5.00 out of 5)

DOWNLOAD: EPP library IT-NIC (PHP) (3764 downloads )

March 30, 2010April 28, 2018

PHP EPP library IT-NIC (v2.7)

Adding NS records and technical contacts that already exist will no longer be treated as a change to the domain. By accident print_r-statements were left behind in release 2.6; this has been corrected.

Cleanup of lines 224 and 225 in Contact.php causing an E_NOTICE if using sanity_check() with a phone number that has no dot (.) as a separator. Thanks to Luca!
1 Star 2 Stars 3 Stars 4 Stars 5 Stars (1 votes, average: 5.00 out of 5)
Loading...

DOWNLOAD: EPP library IT-NIC (PHP) (3943 downloads )

March 26, 2010April 28, 2018

PHP EPP library IT-NIC (v2.6)

The changes applied to Domain.php between r45 and r57 have been undone and simplified by using array_diff. The library should now correctly handle multiple technical contacts (also by using array_diff’s). Technical contact handling has been adapted in both the create and update domain templates. Thanks Marco for your input! Please pay attention that a get()-method-call for the value of ‘tech’ will still result in a string instead of an array when only one contact is set. This may cause some issues if you end up with a domain that owns more than one, so better DON’T rely on it being a string! Please see the included sample files “CLI-generic-fetch-domain.php”, “CLI-generic-update-domain-techc.php” and “028-enhanced-db-layout.php”.

The library should now correctly handle multiple technical contacts. Technical contact handling has been adapted in both the create and update domain templates. The changes applied to Domain.php between r45 and r57 have been undone and simplified in the same way. Thanks Marco for your input!

Please pay attention that a get()-method-call for the value of ‘tech’ will still result in a string instead of an array when only one contact is set. This may cause some issues if you end up with a domain that owns more than one, so better DON’T rely on it being a string and have a look at the example provided in “CLI-generic-fetch-domain.php”!

Last not least there are 2 new sample files “CLI-generic-update-domain-techc.php” and “028-enhanced-db-layout.php” that you may find useful.

(1 votes, average: 5.00 out of 5)

DOWNLOAD: EPP library IT-NIC (PHP) (3676 downloads )

March 16, 2010April 28, 2018

PHP EPP library IT-NIC (v2.5)

XML configuration can now be supplied as a XML String parameter to Client class.

Some minor changes and one bug fixed (adding NS records through domain update).

(2 votes, average: 5.00 out of 5)

DOWNLOAD: EPP library IT-NIC (PHP) (3662 downloads )

March 4, 2010April 28, 2018

PHP EPP library IT-NIC (v2.4)

Added support for changing single values on registrant fields. If a contact has already information stored in these fields they become read-only, but single fields that are still empty may be set (see paragraph 3.2.1.1 of technical guidelines). Adjusted Contact.php class and update-contact template to allow for these specific operations. Thanks Robin!

An example for this is now available as well.

(1 votes, average: 5.00 out of 5)

DOWNLOAD: EPP library IT-NIC (PHP) (3677 downloads )