zevlag

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 25 total)
  • Author
    Posts
  • in reply to: Missing source code #49735

    zevlag
    Member

    I’m interested in this project.

    Any details on this Fulvio?

    in reply to: Some Virtual Servers hidden from listing – how to delete? #49624

    zevlag
    Member

    Jeff, did this work?

    in reply to: Unable to add more than 100 Virtual Servers #49632

    zevlag
    Member

    I’ve posted a patch in the thread linked above.

    Basically, in router_addpat, and router_patgetlist (or whatever it is, I don’t remember exactly) sort needs to be called with the -n option.

    in reply to: Some Virtual Servers hidden from listing – how to delete? #49623

    zevlag
    Member

    Ok, I have a fix and a solution.

    First the fix, I’ve created fix-vserver-rules-more-than-100-b11.0.1.patch, all it does is add ‘sort -n’ to the script that lists, and adds vserver rules. Works on beta11, probably will apply and work on beta12.

    Now the solution for Jeff:This script does the grep, and the iptables, parses them, then shows the difference.
    Lines beginning with < aren't in iptables.
    Lines beginning with > aren’t in the UI.

    No warranty on this, but it should work. Please check the results before trusting, as I don’t have near as complete a vserver list as you do.

    in reply to: Some Virtual Servers hidden from listing – how to delete? #49622

    zevlag
    Member

    Jeff,
    I’d be glad to give it an attempt for you. Just email me the output of:

    cd /Database/var/register/system/net/router/PAT
    grep . */*

    or just send me that directory tar-balled, or a backup of the config downloaded from the interface. (Setup->Profiles->[put a tick in the radio button for the proper _DB]->Backup Without Logs) – Actually, a backup of the config would be simplest, but whatever works for you.
    and

    iptables -t nat -L -v

    Also, just for the heck of it, I’ll look into the UI scripts and see what might be the cause of that.

    josh – a – t – zevlag.com

    in reply to: Some Virtual Servers hidden from listing – how to delete? #49616

    zevlag
    Member

    Jef,
    If you SSH into the box, access the shell, then:

    cd /Database/var/register/system/net/router/PAT
    grep . */*

    These two commands will show you all the rules that are established. You can delete the directory manually here, and that will remove it from the interface. Then you can follow ppalias’ recommendation to actually disable the rule, or just restart the box.

    I don’t see anything obvious that would limit the number of displayed virtual servers. While you are cd’d to the directory above, if you’ll give me the output of

    ls | sort

    and of the grep then I can do some debuging for you.

    in reply to: view connected pcs #48561

    zevlag
    Member

    You could try something like pinging the network broadcast address and then doing a ‘arp -a’. Or something like nmap.

    in reply to: zeroshell hack ? :( #48556

    zevlag
    Member

    This has been available since January. It was patched in February. Please do not run b11, b12 is a much wiser choice.

    in reply to: Development vmware image #48418

    zevlag
    Member

    Schoopy,

    I know many of us would really love a tutorial/walkthrough on how exactly to do this. This is a feature that is much desired.

    in reply to: OpenVPN disable Comp-LZO #48283

    zevlag
    Member

    Are you on beta 11 or 12? This patch is for beta 12. It could also be due to copy and paste in this forum.

    in reply to: nat reflection #45415

    zevlag
    Member

    I’m about to release a patch to b11/b12 that will allow something like this. Watch for it soon.

    The default rules aren’t actually the ones you want, but it is a good start, they are easily modified.

    in reply to: VERY HIGH (up to 180%) processor load #48483

    zevlag
    Member

    I don’t know if it does, I’m not familiar with the hardware offloading/acceleration for such.

    I have posted a patch on the other thread on how to disable compression.

    in reply to: OpenVPN disable Comp-LZO #48281

    zevlag
    Member

    Ok, here’s the process for you:

    1. At a shell as root# mkdir /Database/patches
    2. # vi /Database/patches/vpn_start-nocomplzo.patch
    3. Paste the large block of code below in to the patch file. Save. Quit.
    4. In webinterface, setup menu, startup/cron tab, in the preboot script put:

    /usr/bin/patch -p0 -d /root < /Database/patches/vpn_start-nocomplzo.patch
    --- kerbynet.cgi/scripts/vpn_start	2009-05-26 18:01:00.000000000 +0200
    +++ kerbynet.cgi/scripts/vpn_start.new 2009-07-22 08:24:44.000000000 +0200
    @@ -70,5 +70,5 @@
    fi
    fi
    MGT=34099
    - bash -c "vpn --dev-type tap --dev VPN99 --mode server --tls-server --proto $PROTO --port $PORT --dh /etc/ssl/dh.pem --ca $REGISTER/system/openvpn/Auth/X509/CAFile --cert $REGISTER/system/openvpn/TLS/cert.pem --key $REGISTER/system/openvpn/TLS/key.pem $NOCERTREQ $AUTHSCRIPT --daemon VPN99_H2L --comp-lzo $POOL --push '$PUSHGW' --push '$REDIRECTGW' --push '$RESOLVER' --push '$PUSHNETS0' $PUSHNETS --client-connect $SCRIPTS/ov_connect --client-disconnect $SCRIPTS/ov_disconnect --mute 3 --management 127.0.0.1 $MGT --keepalive 5 60 --duplicate-cn $PARAM"
    + bash -c "vpn --dev-type tap --dev VPN99 --mode server --tls-server --proto $PROTO --port $PORT --dh /etc/ssl/dh.pem --ca $REGISTER/system/openvpn/Auth/X509/CAFile --cert $REGISTER/system/openvpn/TLS/cert.pem --key $REGISTER/system/openvpn/TLS/key.pem $NOCERTREQ $AUTHSCRIPT --daemon VPN99_H2L $POOL --push '$PUSHGW' --push '$REDIRECTGW' --push '$RESOLVER' --push '$PUSHNETS0' $PUSHNETS --client-connect $SCRIPTS/ov_connect --client-disconnect $SCRIPTS/ov_disconnect --mute 3 --management 127.0.0.1 $MGT --keepalive 5 60 --duplicate-cn $PARAM"
    fi
    in reply to: Can ZeroShell us OS X LDAP to Authenticate users? #48496

    zevlag
    Member

    I have OS X Server replying to RADIUS requests from non Airport base stations, it should be able to respond to ZS as well.

    I want to configure ZS to authenticate my OpenVPN users against my OS X Server RADIUS or LDAP.

    in reply to: VERY HIGH (up to 180%) processor load #48480

    zevlag
    Member

    See this:
    http://openvpn.net/archive/openvpn-users/2007-09/msg00247.html

    You could try turning off compression (http://www.zeroshell.net/eng/forum/viewtopic.php?t=1448&highlight=lzo), but that isn’t an option yet in ZeroShell.

    You might also try changing the openvpn config to use different encryption method (blowfish, 3des, aes)

    Upgrade hardware, or add an encryption/compression offload card.

Viewing 15 posts - 1 through 15 (of 25 total)