Menu
▾
▴
devil-linux-discuss — General Mailing List for all discussions
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(59) |
Sep
(57) |
Oct
(5) |
Nov
(45) |
Dec
(21) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(13) |
Feb
(22) |
Mar
(14) |
Apr
(7) |
May
(33) |
Jun
(57) |
Jul
(25) |
Aug
(40) |
Sep
(53) |
Oct
(58) |
Nov
(75) |
Dec
(22) |
| 2003 |
Jan
(101) |
Feb
(101) |
Mar
(103) |
Apr
(125) |
May
(85) |
Jun
(57) |
Jul
(62) |
Aug
(42) |
Sep
(76) |
Oct
(214) |
Nov
(290) |
Dec
(274) |
| 2004 |
Jan
(187) |
Feb
(172) |
Mar
(313) |
Apr
(209) |
May
(169) |
Jun
(147) |
Jul
(118) |
Aug
(193) |
Sep
(227) |
Oct
(125) |
Nov
(246) |
Dec
(191) |
| 2005 |
Jan
(244) |
Feb
(175) |
Mar
(165) |
Apr
(130) |
May
(217) |
Jun
(122) |
Jul
(188) |
Aug
(235) |
Sep
(165) |
Oct
(133) |
Nov
(209) |
Dec
(88) |
| 2006 |
Jan
(66) |
Feb
(89) |
Mar
(108) |
Apr
(91) |
May
(29) |
Jun
(45) |
Jul
(64) |
Aug
(42) |
Sep
(44) |
Oct
(81) |
Nov
(64) |
Dec
(9) |
| 2007 |
Jan
(24) |
Feb
(122) |
Mar
(55) |
Apr
(50) |
May
(84) |
Jun
(13) |
Jul
(80) |
Aug
(70) |
Sep
(78) |
Oct
(45) |
Nov
(56) |
Dec
(42) |
| 2008 |
Jan
(65) |
Feb
(3) |
Mar
(51) |
Apr
(151) |
May
(54) |
Jun
(72) |
Jul
(73) |
Aug
(47) |
Sep
(55) |
Oct
(123) |
Nov
(16) |
Dec
(4) |
| 2009 |
Jan
(23) |
Feb
(39) |
Mar
(27) |
Apr
(36) |
May
(35) |
Jun
(51) |
Jul
(11) |
Aug
(14) |
Sep
(40) |
Oct
(67) |
Nov
(38) |
Dec
(13) |
| 2010 |
Jan
(15) |
Feb
(35) |
Mar
(40) |
Apr
(11) |
May
(26) |
Jun
(10) |
Jul
(5) |
Aug
(50) |
Sep
(86) |
Oct
(67) |
Nov
(36) |
Dec
(11) |
| 2011 |
Jan
(50) |
Feb
(6) |
Mar
(13) |
Apr
(13) |
May
(29) |
Jun
(27) |
Jul
(26) |
Aug
(27) |
Sep
(21) |
Oct
(7) |
Nov
(27) |
Dec
(4) |
| 2012 |
Jan
(11) |
Feb
(20) |
Mar
(48) |
Apr
(18) |
May
(8) |
Jun
(19) |
Jul
|
Aug
(15) |
Sep
(3) |
Oct
(4) |
Nov
(5) |
Dec
(1) |
| 2013 |
Jan
(13) |
Feb
(7) |
Mar
(4) |
Apr
(25) |
May
(2) |
Jun
(8) |
Jul
(4) |
Aug
(8) |
Sep
(7) |
Oct
|
Nov
(5) |
Dec
(10) |
| 2014 |
Jan
|
Feb
|
Mar
(6) |
Apr
(20) |
May
(5) |
Jun
|
Jul
(2) |
Aug
|
Sep
(8) |
Oct
(21) |
Nov
(4) |
Dec
(7) |
| 2015 |
Jan
(10) |
Feb
(9) |
Mar
(4) |
Apr
|
May
|
Jun
|
Jul
|
Aug
(5) |
Sep
(11) |
Oct
|
Nov
(17) |
Dec
(32) |
| 2016 |
Jan
(10) |
Feb
(15) |
Mar
(4) |
Apr
(7) |
May
(10) |
Jun
(11) |
Jul
(15) |
Aug
(26) |
Sep
(13) |
Oct
(10) |
Nov
(16) |
Dec
(6) |
| 2017 |
Jan
(9) |
Feb
(3) |
Mar
|
Apr
(2) |
May
(2) |
Jun
|
Jul
|
Aug
(3) |
Sep
(3) |
Oct
(6) |
Nov
(8) |
Dec
|
| 2018 |
Jan
(12) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Matthew H. <mat...@va...> - 2007-05-29 09:52:01
|
We do two kinds of headless install. First is the copying of configuration. The second is using the serial console. Surely you have a serial port and a lappy? -----Original Message----- From: dev...@li... [mailto:dev...@li...] On Behalf Of Heiko Zuerker Sent: 27 May 2007 15:08 To: dev...@li... Subject: Re: [Devil-Linux-discuss] Question about headless installation Hey, On Fri, May 25, 2007 17:51, Jeremy wrote: > Hello list, I had a quick question about doing a headless > installation and can't seem to find any info on doing such a thing in the > documentation on the site. earlier today, I downloaded > devil-linux-1.2.13-i486.tar.bz2 and understand all the parts about how to > get it going, but, I will not be able to connect either a monitor or > keyboard, so will need to install it through either ssh or telnet or some > other means. I am sort of a newbie with linux and can get help with the > installation part, but, want to know if a headless install can even be > done. If someone can just point me to a place to read up on it, that will > also be wonderful. We don't support a headless installation, just a headless operation. The only thing you could do is prepare the configuration on another box (like a temporary DL installation) and then just move the etc.tar.bz2 from the config media to the other machine. --=20 Regards Heiko Zuerker http://www.devil-linux.org ------------------------------------------------------------------------ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Devil-linux-discuss mailing list Dev...@li... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
|
From: Martin G. <sou...@gl...> - 2007-05-28 03:46:14
|
Michiel, Please keep us all posted as I too have observed this behavior and=20 couldn't find a solution. Martin Michiel Peene wrote: > Serge, > =20 > Thanks for the info! I don't know much about the setkey program, so I=20 > just told what the other IT support side said to me :-) > =20 > It's correct that the ipsec auto --status shows the current keys, and=20 > all is correct in here. > =20 > The citation you've sent is however very interesting. I'm currently=20 > trying it out changing the rekeymargin and rekeyfuzz, to make sure it's= =20 > our side that renegotiates each time. We'll see what it will do. > =20 > Thanks a lot! > Michiel >=20 >=20 > =20 > 2007/5/24, Serge Leschinsky <fi...@in...=20 > <mailto:fi...@in...>>: >=20 > Hi Michiel, >=20 > Michiel Peene wrote: > > Hi, > > > > Is there a build 1.3 available yet? can't seem to find it on the= > website? > 1.3 is still beta (or even alpha). >=20 > > > > Problem we have with current version of OpenSwan is that the Tun= nel > > works fine, until a new IKE key is renegotiated, then it apparen= tly > > times out, unless we delete the IKE key on the other side of the= > tunnel > > (Checkpoint FW1). It worked fine for over 3 years, but since 3 > months we > > have this problem. > > IT Support from the other side of the tunnel said I need to use > setkey > > -D to delete the IKE key on our side and to see what happens > then, but > > I don't find a way to do this with the current openswan debuggin= g > tools. >=20 > I'm not sure I understood you correct.... >=20 > man 8 setkey > -D Dump the SAD entries. If -P is also specified, the SPD= > entries are > dumped. If -p is specified, the ports are displayed. >=20 >=20 > I may be wrong, but 'ipsec auto --status' should show the same to > 'setkey -D'. >=20 > I guess this citation may be useful for you as well. > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= > A more subtle type of error is one where initially things seem to > work but after > a while the system goes down. Which endpoint is responding and whic= h is > initiating is clear when you start the connection, but the > responding end might > just start the next rekey a little bit before the initiator, and > thus become the > initiator itself. You can try and trigger these kind of errors by > setting the > ikelifetime=3D, rekeyfuzz=3D, and lifetime=3D options to very short= > periods of time, > such as one minute, and waiting for a few rekeys to occur. >=20 > If you have determined that the switching of initiator and responde= r > at rekey > time is the problem, you can resolve this by lowering the IKE and > IPsec key > lifetimes on the initiator end, ensuring that the initiator stays > the initiator. > See the man page of ipsec.conf for help on the options lifetime=3D,= > ipseclifetime=3D > and rekeyfuzz=3D. If you are the responder, and do not control the > initiator, you > can also set rekey=3Dno to prevent becoming an initiator. After > changing these > parameters to fix these issues in the future, you will need to > reload the > currently stuck connection. If you want to be the responder, a simp= le > ipsec auto =96replace connname > will do. If you want to set yourself as the initiator, you will als= o > need to > ipsec auto =96up connname the connection. > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= >=20 > PS. I'm sure ipsec folks (openswan mail list) can help you more > professionally . >=20 > -- > Serge >=20 >=20 >=20 > -------------------------------------------------------------------= ------ >=20 > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > <mailto:Dev...@li...> > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >=20 >=20 >=20 > -----------------------------------------------------------------------= - >=20 > -----------------------------------------------------------------------= -- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ >=20 >=20 > -----------------------------------------------------------------------= - >=20 > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
|
From: Heiko Z. <he...@zu...> - 2007-05-27 21:13:46
|
Yo, On Sun, May 27, 2007 16:00, Kari Mattsson wrote: > Heiko Zuerker wrote: > >> Hey, >> >> >> I got approval from VMWare to include the modules from the "VMWare >> Server". >> > > Jep. That answers my question nicely :-) > Actually I presumed it is VMware Server, as that is their "free" product. > > >> I'm usually including the latest version of it. Okay sometimes we lag a >> little bit behind, but the modules most of the time don't even change. >> >> >> I would just ignore the warning message. >> > > If running DL on ESX, you don't have a choice... and it really doesn't > matter, as it works perfectly. > > Thanks! Welcome ! > a side note: When ever you upgrade to Sagator 0.9.0, when it is ready, you > will have to add quite a lot more stuff to DL. Sagator 0.9.0 has an > optional nice WebUI for quarantine management/requeueing/etc. Yeah I hope it's done soon, can't wait for it! -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Kari M. <kar...@tr...> - 2007-05-27 21:00:20
|
Heiko Zuerker wrote: > Hey, > > I got approval from VMWare to include the modules from the "VMWare Server". Jep. That answers my question nicely :-) Actually I presumed it is VMware Server, as that is their "free" product. > I'm usually including the latest version of it. Okay sometimes we lag a > little bit behind, but the modules most of the time don't even change. > > I would just ignore the warning message. If running DL on ESX, you don't have a choice... and it really doesn't matter, as it works perfectly. Thanks! a side note: When ever you upgrade to Sagator 0.9.0, when it is ready, you will have to add quite a lot more stuff to DL. Sagator 0.9.0 has an optional nice WebUI for quarantine management/requeueing/etc. > cu > Heiko > > On Sat, May 26, 2007 03:23, Kari Mattsson wrote: > >> Heiko: When you upgrade VMware Tools on DL, could you please state which >> version you are upgrading to. >> >> There are at least three somewhat different versions of Tools: >> >> >> - VMware ESX Server >> - VMware Server (supersedes GSX Server) >> - VMware Workstation >> - VMware Player ?might be same as Workstation? >> >> >> We are running DL on both server versions. On ESX 3.0.1 it complains >> about "old version of VMware Tools". This is with March version of 1.2.14. >> Despite complains, everything works ok. >> >> >> --kari |
|
From: Heiko Z. <he...@zu...> - 2007-05-27 14:12:18
|
Hey, I got approval from VMWare to include the modules from the "VMWare Server". I'm usually including the latest version of it. Okay sometimes we lag a little bit behind, but the modules most of the time don't even change. I would just ignore the warning message. cu Heiko On Sat, May 26, 2007 03:23, Kari Mattsson wrote: > > Heiko: When you upgrade VMware Tools on DL, could you please state which > version you are upgrading to. > > There are at least three somewhat different versions of Tools: > > > - VMware ESX Server > - VMware Server (supersedes GSX Server) > - VMware Workstation > - VMware Player ?might be same as Workstation? > > > We are running DL on both server versions. On ESX 3.0.1 it complains > about "old version of VMware Tools". This is with March version of 1.2.14. > Despite complains, everything works ok. > > > --kari > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Heiko Z. <he...@zu...> - 2007-05-27 14:08:16
|
Hey, On Fri, May 25, 2007 17:51, Jeremy wrote: > Hello list, I had a quick question about doing a headless > installation and can't seem to find any info on doing such a thing in the > documentation on the site. earlier today, I downloaded > devil-linux-1.2.13-i486.tar.bz2 and understand all the parts about how to > get it going, but, I will not be able to connect either a monitor or > keyboard, so will need to install it through either ssh or telnet or some > other means. I am sort of a newbie with linux and can get help with the > installation part, but, want to know if a headless install can even be > done. If someone can just point me to a place to read up on it, that will > also be wonderful. We don't support a headless installation, just a headless operation. The only thing you could do is prepare the configuration on another box (like a temporary DL installation) and then just move the etc.tar.bz2 from the config media to the other machine. -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: drew e. <dre...@gm...> - 2007-05-26 18:10:17
|
Got it. Deep down in the configuration of a virtual switch there is a security feature that by default prohibits promiscuos mode and you have to find it and set it to allow promiscuous mode before bridging will work. I wonder what the next roadblock will be in this project. On 5/26/07, drew einhorn <dre...@gm...> wrote: > I seem to be running into one problem after another. > > Eventually I will be doing NAT to map high ports (50000+) > to well known ports (ssh, http, etc.)on different VMs. > > But I want to start simple and just bridge eth0 and eth1. > > It looks to me like I have it set up correctly, > but I don't see any traffic flowing through the bridge. > > I have vmware network: > > Public1 connected to a 3-bit public subnet x.x.x.x/29 via eth0 > > Private1 is connected to 10.0.0.0/8 via eth1, this will eventually > be subnetted, and > a couple different subnets will share the same interface, but > I'm saving all that for a bit later after I get the basics working. > > We will only have a few public ip numbers, and a lot of VMs to connect to. > > # cat /etc/sysconfig/nic/ifcfg-eth0 > DEVICE=eth0 > ONBOOT=yes > MODULE="vmxnet" > DHCP=no > IP=0.0.0.0 > > # cat /etc/sysconfig/nic/ifcfg-eth1 > DEVICE=eth1 > ONBOOT=yes > MODULE="vmxnet" > DHCP=no > IP=0.0.0.0 > > # cat /etc/sysconfig/nic/ifcfg-br0 > DEVICE=br0 > ONBOOT=yes > MODULE=bridge > DHCP=no > IP=10.0.0.13 > NETMASK=255.0.0.0 > BROADCAST=10.255.255.255 > BR_IF="eth0 eth1" > > # ifconfig eth0 > eth0 Link encap:Ethernet HWaddr 00:0C:29:0F:EF:F0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > Interrupt:18 Base address:0x10a4 > > #ifconfig eth1 > eth1 Link encap:Ethernet HWaddr 00:0C:29:0F:EF:FA > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:12 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:720 (720.0 b) TX bytes:0 (0.0 b) > Interrupt:19 Base address:0x1424 > > #ifconfig br0 > br0 Link encap:Ethernet HWaddr 00:0C:29:0F:EF:F0 > inet addr:10.0.0.13 Bcast:10.255.255.255 Mask:255.0.0.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > Interfaces are up, but not packets are flowing through them. > > Is there a firewall somewhere I'm not aware of. Or am I doing something > stupid. It wouldn't be the first time. > > -- > Drew Einhorn > -- Drew Einhorn |
|
From: drew e. <dre...@gm...> - 2007-05-26 16:39:19
|
I seem to be running into one problem after another.
Eventually I will be doing NAT to map high ports (50000+)
to well known ports (ssh, http, etc.)on different VMs.
But I want to start simple and just bridge eth0 and eth1.
It looks to me like I have it set up correctly,
but I don't see any traffic flowing through the bridge.
I have vmware network:
Public1 connected to a 3-bit public subnet x.x.x.x/29 via eth0
Private1 is connected to 10.0.0.0/8 via eth1, this will eventually
be subnetted, and
a couple different subnets will share the same interface, but
I'm saving all that for a bit later after I get the basics working.
We will only have a few public ip numbers, and a lot of VMs to connect to.
# cat /etc/sysconfig/nic/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
MODULE="vmxnet"
DHCP=no
IP=0.0.0.0
# cat /etc/sysconfig/nic/ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
MODULE="vmxnet"
DHCP=no
IP=0.0.0.0
# cat /etc/sysconfig/nic/ifcfg-br0
DEVICE=br0
ONBOOT=yes
MODULE=bridge
DHCP=no
IP=10.0.0.13
NETMASK=255.0.0.0
BROADCAST=10.255.255.255
BR_IF="eth0 eth1"
# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:0F:EF:F0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:18 Base address:0x10a4
#ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0C:29:0F:EF:FA
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:720 (720.0 b) TX bytes:0 (0.0 b)
Interrupt:19 Base address:0x1424
#ifconfig br0
br0 Link encap:Ethernet HWaddr 00:0C:29:0F:EF:F0
inet addr:10.0.0.13 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interfaces are up, but not packets are flowing through them.
Is there a firewall somewhere I'm not aware of. Or am I doing something
stupid. It wouldn't be the first time.
--
Drew Einhorn
|
|
From: Dick M. <di...@li...> - 2007-05-26 11:20:04
|
ee...@fr... wrote: Thanks for you comments. >>> Anybody using this modem with DL? I just want to know DL plays with it > without difficulty. > never know draytek even exists ... anyway a little googleling gives me that : > > http://www.draytek.co.uk/support/kb_vigor100_setup.html Yes, well - that doesn't tell you much about the real thing. It seems it's a work in progress ;-) My unit came without any documentation of any sort and there's no user guide on the Draygor site either. It's not a problem though because it's all pretty obvious and it works well. > basically, as I remember there are three things to setup in the > /etc/ppp/pppoe.conf : the ethernet device the modem is plugged in, your > connection username and if you want permanent or on-demand connection ... vi it, > it's fully commented! If you're running a DNS server then you want to stop pppoe overwriting resolve.conf. DNSTYPE=NOCHANGE > Or if you need to access to your modem web interface, set eth0 to start with > ip 192.168.1.2 for exemple, and ensure that other networks connected to your > DL box don't use this network! Again you need to stop dhcp setting a default route (if you use the dhcp in the modem). This can be done in /etc/sysconfig/network/dhcp The final gotcha is that to access the modem web interface from the internal net you need to give it a default route. You have to resort to telnet to set that. You also need to use telnet to set a password for it. Again it's not too difficult as it gives help prompts with a trailing ? on the command line. You can also get modem status using telnet which gives an alternative to the web interface. Altogether not bad - pretty easy to configure in DL and works just fine. Final job is to get pppoe to start at boot time. Dick |
|
From: Kari M. <kar...@tr...> - 2007-05-26 08:23:42
|
Heiko: When you upgrade VMware Tools on DL, could you please state which version you are upgrading to. There are at least three somewhat different versions of Tools: - VMware ESX Server - VMware Server (supersedes GSX Server) - VMware Workstation - VMware Player ?might be same as Workstation? We are running DL on both server versions. On ESX 3.0.1 it complains about "old version of VMware Tools". This is with March version of 1.2.14. Despite complains, everything works ok. --kari |
|
From: drew e. <dre...@gm...> - 2007-05-26 06:10:41
|
OK, I found the vmxnet module. That works much better. On 5/25/07, drew einhorn <dre...@gm...> wrote: > Got past that problem. Had to get into the BIOS which was easier > said than done and change the boot order. > > Now I've got to get my virtual nics configured. > > VMware is emulating a couple of AMD 79c970. > > It complains that: > > lance.c: Module autoprobing not allowed. Append "io=0xNNN" value(s). > > How do I figure out what NNN is? > > > > > > On 5/19/07, Heiko Zuerker <he...@zu...> wrote: > > > > On Sat, May 19, 2007 14:51, drew einhorn wrote: > > > Trying to install Devil Linux on a VMware ESX to provide a firewall > > > among other things for the other virtual machines inside this server. > > > > > > Unfortunately it will not boot. Instead of seeing the boot messages > > > on the console, I just see the console briefly change shape like the video > > > mode is changing, Then a black screen with a single underscore or hyphen > > > near the upper left corner of the screen. > > > > > > Think I've seen something like this when VMware was unhappy with a video > > > mode, but don't remember what I did about it. > > > > I'm using DL a lot under the GSX Server and it works just fine. > > Are you trying to boot in Standard VGA? Did you wait like a minute or two > > to see what happens? > > > > -- > > > > Regards > > Heiko Zuerker > > http://www.devil-linux.org > > > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > Devil-linux-discuss mailing list > > Dev...@li... > > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > > > > -- > Drew Einhorn > -- Drew Einhorn |
|
From: drew e. <dre...@gm...> - 2007-05-26 04:03:44
|
Got past that problem. Had to get into the BIOS which was easier said than done and change the boot order. Now I've got to get my virtual nics configured. VMware is emulating a couple of AMD 79c970. It complains that: lance.c: Module autoprobing not allowed. Append "io=0xNNN" value(s). How do I figure out what NNN is? On 5/19/07, Heiko Zuerker <he...@zu...> wrote: > > On Sat, May 19, 2007 14:51, drew einhorn wrote: > > Trying to install Devil Linux on a VMware ESX to provide a firewall > > among other things for the other virtual machines inside this server. > > > > Unfortunately it will not boot. Instead of seeing the boot messages > > on the console, I just see the console briefly change shape like the video > > mode is changing, Then a black screen with a single underscore or hyphen > > near the upper left corner of the screen. > > > > Think I've seen something like this when VMware was unhappy with a video > > mode, but don't remember what I did about it. > > I'm using DL a lot under the GSX Server and it works just fine. > Are you trying to boot in Standard VGA? Did you wait like a minute or two > to see what happens? > > -- > > Regards > Heiko Zuerker > http://www.devil-linux.org > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > -- Drew Einhorn |
|
From: Jeremy <l8...@gm...> - 2007-05-25 23:06:47
|
Thanks so much, I will give it a look. |
|
From: <ee...@fr...> - 2007-05-25 23:02:03
|
Hi, Jeremy a écrit : > Hello list, I had a quick question about doing a headless > installation and can't seem to find any info on doing such a thing in > the documentation on the site. earlier today, I downloaded > devil-linux-1.2.13-i486.tar.bz2 and understand all the parts about > how to get it going, but, I will not be able to connect either a > monitor or keyboard, so will need to install it through either ssh or > telnet or some other means. I am sort of a newbie with linux and can > get help with the installation part, but, want to know if a headless > install can even be done. If someone can just point me to a place to > read up on it, that will also be wonderful. Don't know exactly about it but I've seen some messages in the past on this List about serial console ... maybe this could do the trick. Search about this in the ML archives Good Luck, MaNU -- |
|
From: Jeremy <l8...@gm...> - 2007-05-25 22:51:18
|
Hello list, I had a quick question about doing a headless installation and can't seem to find any info on doing such a thing in the documentation on the site. earlier today, I downloaded devil-linux-1.2.13-i486.tar.bz2 and understand all the parts about how to get it going, but, I will not be able to connect either a monitor or keyboard, so will need to install it through either ssh or telnet or some other means. I am sort of a newbie with linux and can get help with the installation part, but, want to know if a headless install can even be done. If someone can just point me to a place to read up on it, that will also be wonderful. |
|
From: <ee...@fr...> - 2007-05-25 22:12:17
|
Hi, Dick Middleton a écrit : > Dick Middleton wrote: >> Anybody using this modem with DL? I just want to know DL plays with it without >> difficulty. > > Ah well! That drew a blank. never know draytek even exists ... anyway a little googleling gives me that : http://www.draytek.co.uk/support/kb_vigor100_setup.html now I know two things about it : it is ethernet modem and it has a web interface to configure extra settings . Next is to use rp-pppoe (included in DL) ... ther is a lot of stuff about configuring it out there ... google (or yahoo, or ...) is your friend ;) basically, as I remember there are three things to setup in the /etc/ppp/pppoe.conf : the ethernet device the modem is plugged in, your connection username and if you want permanent or on-demand connection ... vi it, it's fully commented! the other(s) files to edit are /etc/ppp/chap-secrets and/or pap-secrets depending on your ISP authentication server ... to be sure fill both with your adsl credentials. > > Instead can someone advise me how to setup the DL config for use with pppoe. > I'm assuming that eth0 has to be set to no dhcp with ip address etc unset. Also > the firewall settings need to be changed to use ppp0 instead of eth0. Is that > right? Is that all? Don't know about DL Firewall as I used a custom made before switching to shorewall but basically the idea is that eth0 doesn't "exist" ... use ppp0 to reference about the internet. You should set the eth0 if not to start at system setup in /etc/sysconfig/nic/ifcfg-eth0 (ONBOOT=no) Or if you need to access to your modem web interface, set eth0 to start with ip 192.168.1.2 for exemple, and ensure that other networks connected to your DL box don't use this network! Have Fun! MaNU -- |
|
From: Dick M. <di...@li...> - 2007-05-25 19:58:02
|
Dick Middleton wrote: > Anybody using this modem with DL? I just want to know DL plays with it without > difficulty. Ah well! That drew a blank. Instead can someone advise me how to setup the DL config for use with pppoe. I'm assuming that eth0 has to be set to no dhcp with ip address etc unset. Also the firewall settings need to be changed to use ppp0 instead of eth0. Is that right? Is that all? Dick |
|
From: Heiko Z. <he...@zu...> - 2007-05-25 15:38:53
|
Hey, I have uploaded a new testing release with the latest changes to DL. If your requested change was taken care of, please verify it and confirm that it's working now. ftp://ftp.devil-linux.org/pub/devel/testing -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Michiel P. <mi...@pe...> - 2007-05-25 07:48:16
|
Serge, Thanks for the info! I don't know much about the setkey program, so I just told what the other IT support side said to me :-) It's correct that the ipsec auto --status shows the current keys, and all i= s correct in here. The citation you've sent is however very interesting. I'm currently trying it out changing the rekeymargin and rekeyfuzz, to make sure it's our side that renegotiates each time. We'll see what it will do. Thanks a lot! Michiel 2007/5/24, Serge Leschinsky <fi...@in...>: > > Hi Michiel, > > Michiel Peene wrote: > > Hi, > > > > Is there a build 1.3 available yet? can't seem to find it on the > website? > 1.3 is still beta (or even alpha). > > > > > Problem we have with current version of OpenSwan is that the Tunnel > > works fine, until a new IKE key is renegotiated, then it apparently > > times out, unless we delete the IKE key on the other side of the tunnel > > (Checkpoint FW1). It worked fine for over 3 years, but since 3 months w= e > > have this problem. > > IT Support from the other side of the tunnel said I need to use setkey > > -D to delete the IKE key on our side and to see what happens then, but > > I don't find a way to do this with the current openswan debugging tools= . > > I'm not sure I understood you correct.... > > man 8 setkey > -D Dump the SAD entries. If -P is also specified, the SPD > entries are > dumped. If -p is specified, the ports are displayed. > > > I may be wrong, but 'ipsec auto --status' should show the same to 'setkey > -D'. > > I guess this citation may be useful for you as well. > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > A more subtle type of error is one where initially things seem to work bu= t > after > a while the system goes down. Which endpoint is responding and which is > initiating is clear when you start the connection, but the responding end > might > just start the next rekey a little bit before the initiator, and thus > become the > initiator itself. You can try and trigger these kind of errors by setting > the > ikelifetime=3D, rekeyfuzz=3D, and lifetime=3D options to very short perio= ds of > time, > such as one minute, and waiting for a few rekeys to occur. > > If you have determined that the switching of initiator and responder at > rekey > time is the problem, you can resolve this by lowering the IKE and IPsec > key > lifetimes on the initiator end, ensuring that the initiator stays the > initiator. > See the man page of ipsec.conf for help on the options lifetime=3D, > ipseclifetime=3D > and rekeyfuzz=3D. If you are the responder, and do not control the > initiator, you > can also set rekey=3Dno to prevent becoming an initiator. After changing > these > parameters to fix these issues in the future, you will need to reload the > currently stuck connection. If you want to be the responder, a simple > ipsec auto =96replace connname > will do. If you want to set yourself as the initiator, you will also need > to > ipsec auto =96up connname the connection. > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > PS. I'm sure ipsec folks (openswan mail list) can help you more > professionally . > > -- > Serge > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > |
|
From: Serge L. <fi...@in...> - 2007-05-24 11:05:53
|
Hi Michiel,
Michiel Peene wrote:
> Hi,
>
> Is there a build 1.3 available yet? can't seem to find it on the website?
1.3 is still beta (or even alpha).
>
> Problem we have with current version of OpenSwan is that the Tunnel
> works fine, until a new IKE key is renegotiated, then it apparently
> times out, unless we delete the IKE key on the other side of the tunnel
> (Checkpoint FW1). It worked fine for over 3 years, but since 3 months we
> have this problem.
> IT Support from the other side of the tunnel said I need to use setkey
> -D to delete the IKE key on our side and to see what happens then, but
> I don't find a way to do this with the current openswan debugging tools.
I'm not sure I understood you correct....
man 8 setkey
-D Dump the SAD entries. If -P is also specified, the SPD entries are
dumped. If -p is specified, the ports are displayed.
I may be wrong, but 'ipsec auto --status' should show the same to 'setkey -D'.
I guess this citation may be useful for you as well.
=========================================================================
A more subtle type of error is one where initially things seem to work but after
a while the system goes down. Which endpoint is responding and which is
initiating is clear when you start the connection, but the responding end might
just start the next rekey a little bit before the initiator, and thus become the
initiator itself. You can try and trigger these kind of errors by setting the
ikelifetime=, rekeyfuzz=, and lifetime= options to very short periods of time,
such as one minute, and waiting for a few rekeys to occur.
If you have determined that the switching of initiator and responder at rekey
time is the problem, you can resolve this by lowering the IKE and IPsec key
lifetimes on the initiator end, ensuring that the initiator stays the initiator.
See the man page of ipsec.conf for help on the options lifetime=, ipseclifetime=
and rekeyfuzz=. If you are the responder, and do not control the initiator, you
can also set rekey=no to prevent becoming an initiator. After changing these
parameters to fix these issues in the future, you will need to reload the
currently stuck connection. If you want to be the responder, a simple
ipsec auto –replace connname
will do. If you want to set yourself as the initiator, you will also need to
ipsec auto –up connname the connection.
=========================================================================
PS. I'm sure ipsec folks (openswan mail list) can help you more professionally .
--
Serge
|
|
From: Michiel P. <mi...@pe...> - 2007-05-24 08:03:30
|
Hi, Is there a build 1.3 available yet? can't seem to find it on the website? Problem we have with current version of OpenSwan is that the Tunnel works fine, until a new IKE key is renegotiated, then it apparantly times out, unless we delete the IKE key on the other side of the tunnel (Checkpoint FW1). It worked fine for over 3 years, but since 3 months we have this problem. IT Support from the other side of the tunnel said I need to use setkey -D to delete the IKE key on our side and to see what happens then, but I don't find a way to do this with the current openswan debugging tools. I will update the firewall to version 1.12.13 anyway next tuesday if there's no build 1.3 available, maybe a new openswan version will automatically solve the problem for us. Thanks a lot! Michiel 2007/5/23, Serge Leschinsky <fi...@in...>: > > Hi, > > Michiel Peene wrote: > > > I'm having troubles with ipsec key negotiations and need the ipsec > tools. > > According to the change logs, it should be included in version 1.2 (the > > build we're currently running), however, I cannot seem to find them. > openswan has it's own tools for key negotiations debugging. See > http://wiki.openswan.org/index.php/Openswan/Debug > > > > Can someone tell me what Build I need to have the ipsec tools (setkey > > most importantly) available? > ipsec tools package (and 2.6 kernel ipsec stack) is available in 1.3, but > for > 1.2 you can use openswan. > > -- > Serge > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > |
|
From: Serge L. <fi...@in...> - 2007-05-23 14:34:41
|
Hi, Oliver Niesner wrote: > But after i tried to socksify i've got: > > socksify ssh example.net > ssh: stack smashing attack in function sys_readvAborted > > Any ideas how i can solve this? could you please show the /etc/socks.conf you used ? -- Serge |
|
From: Serge L. <fi...@in...> - 2007-05-23 13:05:34
|
Hi, Michiel Peene wrote: > I'm having troubles with ipsec key negotiations and need the ipsec tools. > According to the change logs, it should be included in version 1.2 (the > build we're currently running), however, I cannot seem to find them. openswan has it's own tools for key negotiations debugging. See http://wiki.openswan.org/index.php/Openswan/Debug > Can someone tell me what Build I need to have the ipsec tools (setkey > most importantly) available? ipsec tools package (and 2.6 kernel ipsec stack) is available in 1.3, but for 1.2 you can use openswan. -- Serge |
|
From: Serge L. <fi...@in...> - 2007-05-23 13:00:20
|
Hi, fe...@fr... wrote: > > Module: Library search path is /usr/lib > radiusd.conf[1546] Failed to link to module 'rlm_exec': rlm_exec.so: cannot > open shared object file: No such file or directory Thank you! I'll try to fix it by the next release. -- Serge |
|
From: <fe...@fr...> - 2007-05-23 11:36:41
|
Hello, Has anyone used a USB WIFI adaptor succesfully with DL? If yes with which drivers. Thank in advance. Nouveau: le premier abonnement ADSL sans taxe mensuelle! Changez d=E8s =E0 pr=E9sent pour sunrise ADSL free. http://www.sunrise.ch/fr/privatkunden/iminternetsurfen/adsl/adsl_abosundp= reise/adsl_gelegenheitssurfer/adsl_free.htm |
50 messages has been excluded from this view by a project administrator.
