MacBook

Michael Dale

Well the MacBook is finally out. I'm contemplating getting one. Also I've noticed that my last post broke IE and really anyone running sub 1600x1050. Sorry about that, go buy a bigger screen ;) On another note, I got an email from one of my friends at usyd:

Sydney Uni is selling original iMacs for $50!!! I don't know if you have any use for super cheap old computers, but I thought I'd tell you anyway. The School of Languages is trying to get rid of them. Maybe for spare parts, extra storage space (although the one I saw I had a hard drive of a whopping 4 GB - not much storage space there!)???? Anyway, I thought you might like to know.

So if anyone wants cheap macs. I think I've got enough. On last count we now have 6 macs in the house :)

Site to Site VPN with Netscreen 5GT and Netgear DG834G

Michael Dale

I purchased my parents a new router/modem/wireless device the other day. It is a Netgear DG834G, great value for money.

Anyway the Netgear supports VPN termination, so I decided to setup a VPN between their house and mine. This allows me to run voip over the VPN without the need to worry about port forwarding (which is a real pain with SIP).

So the technical background:

My place:
1) Static IP address (59.167.253.89)
2) Juniper Netscreen 5GT running ScreenOS 5.3.0r2
3) 10.0.0.0/22 (10.0.0.0 - 10.0.3.255)
4) Router on address 10.0.0.254

Parents place:
1) Dynamic IP address
2) Netgear DG834G running firmware V3.01.25 (Has also been tested to work with a DG834 with firmware V2.10.22)
3) 10.0.4.0/24 (10.0.4.0 - 10.0.4.254)
4) Router on address 10.0.4.254

Now the netgear has some limitations with the VPN. The main issue is that it only supports "Main Mode" authentication. Main Mode is designed for site to site VPNs both with static IP addresses. My parents don't have a static IP address.

To get around this the netscreen allows you to point the remote end point (in this case the netgear) to a hostname. So for the netgear site you need to setup a dyndns.org account. For an example we will call this example.dyndns.org.

See below:


So lets setup the netscreen site first.

1) Setup IP Address Objects that point to each site. Under Objects > Addresses > List. In my case
10.0.0.0/22 TRUST (local)
10.0.4.0/25 UNTRUST (remote)




2) Now to setup the VPN Gateway on the netscreen. Under VPNs > AutoKey Advanced > Gateway.
Add a new connection like below:

Select your preshared key here too.

Now select Advanced (note you could use 3DES, but in this case I just use DES):



3) Now you need to setup Phase 2. Under VPNs > AutoKey IKE



Then select advanced:


4) Now we need to create a policy that allows traffic to flow in both directions. This is called a bidirectional VPN policy.

In Policies under Trust to Untrust create this policy.



5) Now time to setup the netgear. Create an auto VPN account



Note the preshared key must be the same for each device.



That should be all you need to do. You can monitor the connection on both sides through the log files. The netscreen outputs a more detailed log so it is best to read this.

If the connection doesn't work it is best to troubleshoot the VPN from a console connection to the netscreen.

To start the debugging process type:


To finish the debugging type:

PHPBB 3.0

Michael Dale

PHPBB (a popular forum software) has been stuck at version 2.x for a long time now. It has been plagued with many security issues, a long with poor W3C standards.

Version 3 (formally 2.2) which has been running years late is now almost ready for beta testing.

I wonder if this new version will bring phpbb up to standards.

Computers of the future?

Michael Dale

Computers of the future?

Phone network

Michael Dale

We got VoIP running internally this morning. We've been unable to get the cisco 7940/60s working (they won't flash) but we've got the 7912 working. Our hold music rules ;) Once we have a SIP provider we can have external access! woo.

IPv6 again!

Michael Dale

I've done some basic IPv6 stuff in the past, which only involved a single IPv6 address and a connection to aarnet. I was going to look into setting up a tunnel on my router (a m0n0wall box) so that I had both a IPv4 address and a IPv6 address but it didn't support IPv6 stuff. Anyway I've got my cisco 2651 up and connected to the internet and it has full IPv6 support so I decided to give it a go. Aarnet also give you an option to run a full /64 subnet, so I decided to give it a go. The web interface outputs a shell script that gives you the configuration needed for the router. So I modified by config (with some small changes). The last section (prefix-advertisement) is similar to DHCP, it assigns an IPv6 address to any IPv6 capable computer/OS. So both my Windows 2000 box (with IPv6 kit installed) and Mac OS X system were given a full routed IPv6 address. No dodgy natted connection here, a full routed /64 subnet. :) The speed of the IPv6 is pretty good seeing as it is running through an aarnet tunnel. _{electra:~ michaeldale$ ping vee-six.telstra.net PING vee-six.telstra.net (203.50.0.254): 56 data bytes 64 bytes from 203.50.0.254: icmp_seq=0 ttl=56 time=21.330 ms 64 bytes from 203.50.0.254: icmp_seq=1 ttl=56 time=19.761 ms 64 bytes from 203.50.0.254: icmp_seq=2 ttl=56 time=21.125 ms 64 bytes from 203.50.0.254: icmp_seq=3 ttl=56 time=19.949 ms ^C --- vee-six.telstra.net ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/stddev = 19.761/20.541/21.330/0.693 ms electra:~ michaeldale$ ping6 vee-six.telstra.net PING6(56=40+8+8 bytes) 2001:388:c148:1:211:24ff:fe2a:f1b3 --> 2001:360::3 16 bytes from 2001:360::3, icmp_seq=0 hlim=58 time=25.059 ms 16 bytes from 2001:360::3, icmp_seq=1 hlim=58 time=25.874 ms 16 bytes from 2001:360::3, icmp_seq=2 hlim=58 time=23.465 ms 16 bytes from 2001:360::3, icmp_seq=3 hlim=58 time=24.281 ms ^C --- vee-six.telstra.net ping6 statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 23.465/24.670/25.874 ms electra:~ michaeldale$ traceroute6 vee-six.telstra.net traceroute6 to vee-six.telstra.net (2001:360::3) from 2001:388:c148:1:211:24ff:fe2a:f1b3, 30 hops max, 12 byte packets 1 2001:388:c148:1:207:eff:fe80:5cc0 2.565 ms 1.756 ms 1.422 ms 2 2001:388:f000::246 25.438 ms 17.068 ms 19.847 ms 3 gigether0-2-0.bb1.a.syd.aarnet.net.au 37.864 ms 27.464 ms 22.706 ms 4 gigabitethernet3-0.bb3.a.syd.aarnet.net.au 28.522 ms 19.571 ms 17.456 ms 5 eth0.ipv6.broadway.aarnet.net.au 25.852 ms 16.863 ms 19.326 ms 6 2001:388:200:4::2 25.896 ms 23.23 ms 25.435 ms 7 2001:388:200:4::2 26.875 ms !P 23.721 ms !P 27.306 ms !P} And a trace to my mac (the second last hop is my cisco router) from here _{traceroute6 to 2001:388:c148:1:211:24ff:fe2a:f1b3 (2001:388:c148:1:211:24ff:fe2a:f1b3) from 2001:1888:0:1:290:27ff:fe9a:4b0b, 64 hops max, 12 byte packets 1 puaiohi-fe1-0-1 1.761 ms 1.923 ms 1.961 ms 2 akepa-e0-0-7 2.737 ms 2.865 ms 2.922 ms 3 tunnel-henet-ca-us 62.519 ms 62.382 ms 62.737 ms 4 3ffe:81d0:ffff:1::1 61.172 ms 61.049 ms 61.039 ms 5 3ffe:80a::b1 63.145 ms 61.613 ms 63.022 ms 6 10gigether0-0-0.bb1.a.syd.aarnet.net.au 237.385 ms 227.818 ms 254.435 ms 7 broker1.a.syd.aarnet.net.au 222.550 ms 222.128 ms 223.146 ms 8 2001:388:f000::247 240.004 ms 238.553 ms 240.206 ms 9 2001:388:c148:1:211:24ff:fe2a:f1b3 241.638 ms 240.077 ms 239.622 m}

Routing

Michael Dale

This week I've had a bit of a chance to play with some new hardware I was given. I am well enough to be up and doing stuff again, its great :) So yeah I've picked up a Cisco 2611 and Cisco 827-4v router. The first one is a modular router that has two 10mbit Ethernet ports, it has been upgraded to 64mb and has a fairly new IOS on it. The 827 is an ADSL1 router with 4 analog telephone adapters (ATA) built in. I'm trying to setup a RIP routing network between the 2611 and a OpenBSD box. I'm currently looking at two pieces of software to do this, Zebra and Xorp. These both sit on top of another operating system and handle routing. It has been pretty interesting. I have been impressed with the Cisco gear. Once you'd had a real chance to play with it they work well. I like how the whole configuration is in one file, that makes life nice and easy. I did do CCNA way back at school, but I'm required to do some Cisco stuff at UNI and I need to refresh my memory. On another topic. I've run out of Ethernet ports at home, so I thought I'd spend a bit of money and get myself a cheap 24 port 100mbit managed switch. The switch I have purchased also does basic vlans, so that should be very helpful. The switch has cost me about $160 (yes very cheap) and can be found here. I should get that in the next week or so.

rdesktop for N2200 with Linux-2200

Michael Dale

Tom Quinn has successfully put together a working copy of rdesktop for the IBM thin client. I have repackaged it into a tar.gz and have since tested it on my thin client. To install download this file to your thin client in the root of the drive / http://www.bluetrait.com/files/N2200/rdesktop-linux2200.tar.gz then from a command line run: You should now be able to start rdesktop by running it from /usr/bin/rdesktop. The command I use to start it is: Now Tom said that he had problems getting it into full screen, I did not have this problem. Let me know if it is a problem for you. Also the key mapping for the backspace key still does not work. When I get a chance I will look into it. If you'd like this to run on startup modify .xinitrc in root and add the rdesktop start command.

To the mac cave

Michael Dale

Shamelessly ripped from the latest Atomic Mag

Installing "Linux-2200" onto the IBM Netvista N2200 (8363)

Michael Dale

I thought the documentation on installing Linux onto the N2200 wasn’t great so I decided to write up something myself.

Please note that I did not write or compile this software, the original source of this program can be found here.

Things you’ll need:

• A Netvista N2200 thin client
• A Linux box (I used a live Ubuntu CD has I don’t have any Linux systems)
• A Compact Flash (CF) card (min 64mb)
• A card reader or some way of modifying the CF card on your Linux system
• linux-2200-0.2.1.tar.gz (29mb)
• Latest BIOS for N2200 (520k)

Getting the files

Local Mirror of Linux-2200 (Aust): http://www.bluetrait.com/files/N2200/linux-2200-0.2.1.tar.gz
Original Location: ftp://ftp.berlios.de/pub/linux-2200/linux-2200-0.2.1.tar.gz
Latest BIOS for N2200: http://www.bluetrait.com/files/N2200/bflash.2200

Make sure you have all this stuff before you start.

Notes:

You will need to be logged in as root for most of this installation, if you feel you may break something use a live CD.

I used Ubuntu 4.10 on my PC as that is what I had on CD at the time. This can be downloaded from here.
If you don’t feel like downloading a 600mb ISO you could try damn small linux, this should work too, although I haven’t tried it
(Note: Some people have had issues with Fedora 4 and 5 when creating the image on the CF card).

Some people have had problems with certain CF cards, although many have gotten theirs to work after reformatting the card and trying again. If you have a camera that supports CF, try formatting the card in this first.

Installing Linux-2200

The first step is to create a partition on your CF card. I used fdisk to do this. In most cases the CF card is seen as a SCSI device and will be in the form /dev/sdX where X is the SCSI number (a,b,c etc). If you have no other SCSI devices it should be /dev/sda, if you have a multi format card reader (or USB stick plugged in) it maybe /dev/sdb /dev/sde etc.

Create a new Linux partition (you want it set to partition 1) Then write and close. Now you can create the Linux file system.

(1 being the partition) Now you can mount the drive

Now extract the linux-2200 tar file to a place onto your hard drive:

open the folder linux-2200-0.2.1 Copy everything inside it to your CF.

If you need to update your N2200 BIOS copy bflash.2200 to the root of the CF card too. Now un-mount the CF card.

Put the CF card into your N2200.

If you need to upgrade your N2200 BIOS press ESC on start up and choose to boot off the flash card and point the system to boot from /bflash.2200. Then restart the system. The BIOS should be upgraded and the system will restart. Go back into the BIOS and make sure the system now boots off /linux.2x00 (not 2200). Linux-2200 should now be running on your system .

Installing software

The following is taken from here:

You must have a Debian Woddy Linux.

First look where the app (for example:Nedit) you needed is:
$ whereis nedit
nedit: /usr/X11R6/bin/nedit

copy nedit to your card

cp /usr/X11R6/bin/nedit /yourcard/usr/X11R6/bin

look which libraries needed by Nedit
$ ldd /usr/X11R6/bin/nedit
libXm.so.1 => /usr/lib/libXm.so.1 (0x40021000)
libXpm.so.4 => /usr/X11R6/lib/libXpm.so.4 (0x4014b000)
libXext.so.6 => /usr/X11R6/lib/libXext.so.6 (0x4015a000)
libXt.so.6 => /usr/X11R6/lib/libXt.so.6 (0x40167000)
libSM.so.6 => /usr/X11R6/lib/libSM.so.6 (0x401b1000)
libICE.so.6 => /usr/X11R6/lib/libICE.so.6 (0x401b9000)
libX11.so.6 => /usr/X11R6/lib/libX11.so.6 (0x401cf000)
libm.so.6 => /lib/libm.so.6 (0x402a9000)
libc.so.6 => /lib/libc.so.6 (0x402ca000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

look if the libaries are on your card, otherwise copy the missing libraries to yourcard. Make sure the libary isn't a link.

example:/usr/X11R6/lib/libXt.so.6

ls -l /usr/X11R6/lib/libXt.so.6
lrwxrwxrwx 1 root root 12 4. Apr 2004
/usr/X11R6/lib/libXt.so.6 -> libXt.so.6.0

you see /usr/X11R6/lib/libXt.so.6 is linked to libXt.so.6.0

to copy both (the lib and the link) make

cp -a /usr/X11R6/lib/libXt.so* /yourcard/usr/X11R6/lib

In this case (nedit) thats all. Some apps needed more files (configuration files, etc) or depend on other apps, then you have to look into the docs,to google or to find it out by "try and error".

Software included

• Dillo 0.8.3 (web browser)
• XMMS 1.2.7
• Fluxbox window manager
• Nedit
• Un-patched 2.4.21 Kernel

Hardware differences

I have both a N2200 EXX and an WXX.

The EXX is the standard Ethernet version with no flash card by default. The WXX is the Windows CE version with a 16mb flash card.

Unfortunately my WXX doesn’t power on, it seems as though about 7 capacitors have blown on the system. I am looking into replacing them although I don’t know if this will bring it back to life.

The capacitors are 1500 microfarad at 6.3volts (although voltage isn’t an issue as long as it is at least 6.3volts).
It seems that is was fairly common on the N2200, although I think it maybe only the WXX model as my 4 EXX systems are fine.

Have a look at the photos below, the WXX is on the left (blown capacitors are in lower left).



The 16mb flash card in the WXX contains Windows CE although this doesn’t work on the EXX model. Apart from that (and the small motherboard differences) the systems are almost identical. Each system has a Cyrix MediaGX subsystem (Video and CPU).

• CPU at 233MHz with 16k L1 memory (no L2)
• 3mb shared video card (up to 1280x1024)
• 32mb ram on board with a standard SDRAM slot, which can handle up to 256mb (288mb total)
• Compact Flash slot
• Ethernet
• 2x USB 1.1
• External power brick
• Microphone and Headphone slots
• Small internal speaker
• Completely silent, no fans (CRT monitor makes more noise)

Setting up Linux-2200

Linux-2200 is a very basic Linux install based on Debian. It is quickly done and probably needs a little work. Here are some configuration changes I did to the system after I installed it. Make sure you make these changes to the flash card (and not the ram disc). Fixed the keyboard mapping as it is set to a German style keyboard.

• Delete the line “loadkmap < /key.map” from /etc/inti.d/rcS
• Remove /usr/X11R6/lib/X11/xkb

Changed the DNS settings

• change the IP address in /etc/resolv.conf to an ip address for your local (or ISP) DNS server

Performance

A quick note on performance

• System boots very quickly
• Runs happily on the base 32mb ram (although I’d recommend 64mb)
• XMMS plays mp3s without problems, although can skip if you are doing more than a few things
• Faster than I expected for a 233MHz Cyrix system with no L2 cache

Things to do

There are some issues with Linux-2200, for example the web browser included (dillo) at its current version does not support CSS and many other things. I plan on getting firefox running on it, so I will update this page when/if it gets done. I would also like to redistribute Linux-2200 with some small changes (including the fixes above and firefox)

Other Software for the N2200

• rdesktop

Other Links

• Photos
• Useful Forum Thread