Sat, 13 May 2006 10:13 AM
I purchased my parents a new router/modem/wireless device the other day. It is a Netgear DG834G, great value for money.Site to Site VPN with Netscreen 5GT and Netgear DG834G
Michael Dale
Anyway the Netgear supports VPN termination, so I decided to setup a VPN between their house and mine. This allows me to run voip over the VPN without the need to worry about port forwarding (which is a real pain with SIP).
So the technical background:
My place:
1) Static IP address (59.167.253.89)
2) Juniper Netscreen 5GT running ScreenOS 5.3.0r2
3) 10.0.0.0/22 (10.0.0.0 - 10.0.3.255)
4) Router on address 10.0.0.254
Parents place:
1) Dynamic IP address
2) Netgear DG834G running firmware V3.01.25 (Has also been tested to work with a DG834 with firmware V2.10.22)
3) 10.0.4.0/24 (10.0.4.0 - 10.0.4.254)
4) Router on address 10.0.4.254
Now the netgear has some limitations with the VPN. The main issue is that it only supports "Main Mode" authentication. Main Mode is designed for site to site VPNs both with static IP addresses. My parents don't have a static IP address.
To get around this the netscreen allows you to point the remote end point (in this case the netgear) to a hostname. So for the netgear site you need to setup a dyndns.org account. For an example we will call this example.dyndns.org.
See below:
So lets setup the netscreen site first.
1) Setup IP Address Objects that point to each site. Under Objects > Addresses > List. In my case
10.0.0.0/22 TRUST (local)
10.0.4.0/25 UNTRUST (remote)
2) Now to setup the VPN Gateway on the netscreen. Under VPNs > AutoKey Advanced > Gateway.
Add a new connection like below:
Select your preshared key here too.
Now select Advanced (note you could use 3DES, but in this case I just use DES):
3) Now you need to setup Phase 2. Under VPNs > AutoKey IKE
Then select advanced:
4) Now we need to create a policy that allows traffic to flow in both directions. This is called a bidirectional VPN policy.
In Policies under Trust to Untrust create this policy.
5) Now time to setup the netgear. Create an auto VPN account
Note the preshared key must be the same for each device.
That should be all you need to do. You can monitor the connection on both sides through the log files. The netscreen outputs a more detailed log so it is best to read this.
If the connection doesn't work it is best to troubleshoot the VPN from a console connection to the netscreen.
To start the debugging process type:
set console dbuf
clear dbuf
debug ike detail
To finish the debugging type:
undebug all
get dbuf stream
Sat, 25 Mar 2006 12:37 PM
Citrix MetaFrame
Michael Dale
For my maths subject at uni we use a program called Mathematica (3d equation modeling etc).
To give access to this program at home the uni uses Citrix MetaFrame (Citrix also developed the system behind Windows Terminal Services).
This program is like Terminal Services but at the application level. It works on both PC and Mac.
Tue, 21 Mar 2006 12:19 PM
PHPBB 3.0
Michael Dale
PHPBB (a popular forum software) has been stuck at version 2.x for a long time now. It has been plagued with many security issues, a long with poor W3C standards.
Version 3 (formally 2.2) which has been running years late is now almost ready for beta testing.
I wonder if this new version will bring phpbb up to standards.
Fri, 24 Feb 2006 10:05 AM
Autumn 2006 Timetable
Michael Dale
| Monday | Tuesday | Wednesday | Thursday | Friday | |
|---|---|---|---|---|---|
| 8am | |||||
| 9am | |||||
| 10am | |||||
| 11am | Requirements Engineering (31475) Lec1, 01 CB02.04.13 | ||||
| 12pm | |||||
| 1pm | |||||
| 2pm | Mobile Programming (31090) | ||||
| 3pm | Mobile Programming (31090) Cmp1, 01 CB10.03.410 | Requirements Engineering (31475) CB10.02.410 (Tut1, 04)/CB10.03.470 (Cmp1, 04) | |||
| 4pm | |||||
| 5pm | Data Structures and Procedural Programming (31473) Cmp1, 06 CB10.03.480 | ||||
| 6pm | Introductory Mathematical Methods (33401) Lec1, 01 CB01.25.19 | Data Structures and Procedural Programming (31473) Lec1, 01 CM05B.01.11 | |||
| 7pm | |||||
| 8pm | |||||
| 9pm |
Thu, 16 Feb 2006 9:04 AM
Sat, 31 Dec 2005 1:34 PM
We got VoIP running internally this morning. We've been unable to get the cisco 7940/60s working (they won't flash) but we've got the 7912 working. Our hold music rules ;)Phone network
Michael Dale
Once we have a SIP provider we can have external access!
woo.
Tue, 15 Nov 2005 6:54 PM
I've done some basic IPv6 stuff in the past, which only involved a single IPv6 address and a connection to aarnet. I was going to look into setting up a tunnel on my router (a m0n0wall box) so that I had both a IPv4 address and a IPv6 address but it didn't support IPv6 stuff.IPv6 again!
Michael Dale
Anyway I've got my cisco 2651 up and connected to the internet and it has full IPv6 support so I decided to give it a go. Aarnet also give you an option to run a full /64 subnet, so I decided to give it a go.
The web interface outputs a shell script that gives you the configuration needed for the router. So I modified by config (with some small changes).
ipv6 unicast-routing
!
interface tunnel0
ipv6 address 2001:0388:f000:0000:0000:0000:0000:0247/128
tunnel source dialer1
tunnel destination 202.158.196.131
tunnel mode ipv6ip
!
ipv6 route ::/0 tunnel0
!
interface FastEthernet 0/0
ipv6 address 2001:0388:c148:1::/64 eui-64
ipv6 nd prefix-advertisement 2001:0388:c148:1::/64 43200 43200 onlink autoconfig
!
The last section (prefix-advertisement) is similar to DHCP, it assigns an IPv6 address to any IPv6 capable computer/OS. So both my Windows 2000 box (with IPv6 kit installed) and Mac OS X system were given a full routed IPv6 address. No dodgy natted connection here, a full routed /64 subnet. :)
The speed of the IPv6 is pretty good seeing as it is running through an aarnet tunnel.
electra:~ michaeldale$ ping vee-six.telstra.net
PING vee-six.telstra.net (203.50.0.254): 56 data bytes
64 bytes from 203.50.0.254: icmp_seq=0 ttl=56 time=21.330 ms
64 bytes from 203.50.0.254: icmp_seq=1 ttl=56 time=19.761 ms
64 bytes from 203.50.0.254: icmp_seq=2 ttl=56 time=21.125 ms
64 bytes from 203.50.0.254: icmp_seq=3 ttl=56 time=19.949 ms
^C
--- vee-six.telstra.net ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 19.761/20.541/21.330/0.693 ms
electra:~ michaeldale$ ping6 vee-six.telstra.net
PING6(56=40+8+8 bytes) 2001:388:c148:1:211:24ff:fe2a:f1b3 --> 2001:360::3
16 bytes from 2001:360::3, icmp_seq=0 hlim=58 time=25.059 ms
16 bytes from 2001:360::3, icmp_seq=1 hlim=58 time=25.874 ms
16 bytes from 2001:360::3, icmp_seq=2 hlim=58 time=23.465 ms
16 bytes from 2001:360::3, icmp_seq=3 hlim=58 time=24.281 ms
^C
--- vee-six.telstra.net ping6 statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 23.465/24.670/25.874 ms
electra:~ michaeldale$ traceroute6 vee-six.telstra.net
traceroute6 to vee-six.telstra.net (2001:360::3) from 2001:388:c148:1:211:24ff:fe2a:f1b3, 30 hops max, 12 byte packets
1 2001:388:c148:1:207:eff:fe80:5cc0 2.565 ms 1.756 ms 1.422 ms
2 2001:388:f000::246 25.438 ms 17.068 ms 19.847 ms
3 gigether0-2-0.bb1.a.syd.aarnet.net.au 37.864 ms 27.464 ms 22.706 ms
4 gigabitethernet3-0.bb3.a.syd.aarnet.net.au 28.522 ms 19.571 ms 17.456 ms
5 eth0.ipv6.broadway.aarnet.net.au 25.852 ms 16.863 ms 19.326 ms
6 2001:388:200:4::2 25.896 ms 23.23 ms 25.435 ms
7 2001:388:200:4::2 26.875 ms !P 23.721 ms !P 27.306 ms !P
And a trace to my mac (the second last hop is my cisco router) from here
traceroute6 to 2001:388:c148:1:211:24ff:fe2a:f1b3 (2001:388:c148:1:211:24ff:fe2a:f1b3) from 2001:1888:0:1:290:27ff:fe9a:4b0b, 64 hops max, 12 byte packets
1 puaiohi-fe1-0-1 1.761 ms 1.923 ms 1.961 ms
2 akepa-e0-0-7 2.737 ms 2.865 ms 2.922 ms
3 tunnel-henet-ca-us 62.519 ms 62.382 ms 62.737 ms
4 3ffe:81d0:ffff:1::1 61.172 ms 61.049 ms 61.039 ms
5 3ffe:80a::b1 63.145 ms 61.613 ms 63.022 ms
6 10gigether0-0-0.bb1.a.syd.aarnet.net.au 237.385 ms 227.818 ms 254.435 ms
7 broker1.a.syd.aarnet.net.au 222.550 ms 222.128 ms 223.146 ms
8 2001:388:f000::247 240.004 ms 238.553 ms 240.206 ms
9 2001:388:c148:1:211:24ff:fe2a:f1b3 241.638 ms 240.077 ms 239.622 m
Tue, 25 Oct 2005 5:58 PM
DCA Project Source
Michael Dale
The source code for the assignment can be found here
Please note that all code (unless stated) is copyright to me.
You may use the code on the following conditions:
- for non-commercial use
- Reference where you got the code from
- Contact me to say you have used the code
This only includes the jsp and java files, not css or html.
The jsp files have been renamed to jsps so that tomcat doesn't process them.
EDIT: here is an example of the XSD file that shows what format the XML data must be in
Wed, 12 Oct 2005 9:20 PM
Uni
Michael Dale
I haven't had the chance to post much this week. I've been very busy with uni assignments. They all involve developing something.
- The first assignment is to create/write a piano synthesizer that can record and playback midi, change instruments, change pitch, increase/decrease volume and handle user settings. Done in Java.
- The second is to develop a natural disaster emergency plan and system (including use cases etc).
- The last is to develop an online CD ordering system in jsp that converts the output to XML and transmits it via sockets to another server which then replies with a summary of the information. This summary must then be read back into the site and displayed.
So yeah I've been pretty busy :)
Wed, 21 Sep 2005 8:42 PM
WordPress.com Golden Ticket
Michael Dale
A long time ago in a galaxy far, far away you entered your email address on http://wordpress.com/ to get a blog.
We're now inviting small groups to use WordPress.com and your email address was selected today!
So yeah I thought I should give it a try, here. I don't plan on moving to it, but I will see how it runs (and hey, it's free bandwidth!).
EDIT: I've also got an invite, if anyone is interested.