Re: tmpfs

2016-07-31 Thread Steve Clement 
For Trumps sake Kids, put some gloves on and do it like proper coders or grab
a drink together and talk it out…

Hugs,

Steve


> On 31 Jul 2016, at 19:54, mxb  wrote:
>
> Who gives a sh*t?!
> Ppl supporting OpenBSD community what matters - with userbase without users
is
> like masturbating.
>
> Ppl like me test public diffs on live equipment, donate money and buy CDs
so
> Theo can continue to milk this project
> so he can bike in Canadian woods.
>
> As we speak it in Russia:
> “His long tongue will some day shorten his neck”.
>
> Good advice for him is to pledge() his mouth before someone else do it.
>
> The beauty in globalization is that distances and time get shorter.
> Even time-to-market AND market itself.
>
> With his big mouth like THIS he might get it turbulent.
> He actually did, buy pulling off DARPA feed.

Re: wireless router

2016-07-27 Thread Steve Clement 
Another good tool is flashrd for any Soekris needs:
http://www.nmedia.net/flashrd/

This make deployment even more smooth. Even the upgrades are nice. But mostly
it comes with a mindset of preserving the flashdisk.

Cheers,


* On Tue, Jul 26, 2016 at 07:15:06PM -0500, Edgar Pettijohn
<ed...@pettijohn-web.com> wrote:
> I just wanted to thank OpenBSD for making it so easy to
> turn my Soekris box into a wireless router for my home.
>
> I've been fighting it for a couple of weekends now. It
> seems the problem was it was easier than I expected, so
> all of my problems were self made.
>
> Thanks!
> --
> Edgar Pettijohn
>

--
--
Steve Clement
https://www.twitter.com/SteveClement
mailto:st...@localhost.lu
.lu: +352 20 333 55 65

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: ispec - PSK - issues

2016-07-25 Thread Steve Clement 
Your link talks more about 6.0

But this is probably it:
https://code.google.com/p/android/issues/detail?id=196939

Testing in Cyanogenmod would be next.

But the look and feel of all of these issues, I fear OpenVPN would have been
(perhaps less secure) but better to config and mostly use…

Darn those non-compliant peeps :)

I will test further once I recovered ;)

Thanks,

> On 25 Jul 2016, at 22:06, Maurice Janssen <maur...@z74.net> wrote:
>
> On Mon, Jul 25, 2016 at 04:54:09PM +0200, Steve Clement wrote:
>> I tried to connect my Nexus 5 with Android 6.0.1 but that plainly failed,
no
>> clue what the correct config should be, so I haven???t reproduced it under
the
>> Droid.
>
> There seems to be an issue with Android 6.0.1 and L2TP/IPSEC connetions:
> https://code.google.com/p/android/issues/detail?id=194269
>
> --
> Maurice

--
Steve Clement
https://www.twitter.com/SteveClement
mailto:st...@localhost.lu
.lu: +352 20 333 55 65

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

ispec - PSK - issues

2016-07-25 Thread Steve Clement 
Dear List,

I tried to setup a simple road warrior VPN setup for my MacOS machine and
found the following issue.

When using spaces in the pre-shared key the MacOS VPN client (racoon) cannot
connect, this might well be a MacOS issue, but still worth sharing.
(iOS is also playing funny, there I am more stable: iOS 9.3.2 - 13F69)


## OpenBSD vpn 6.0 GENERIC#1898 i386 (Snapshot 20 July 2016)
## Darwin Steves-13-inch-MacBook 16.0.0 Darwin Kernel Version 16.0.0: Sat Jul
9 23:23:38 PDT 2016; root:xnu-3777.0.0.0.1~27/RELEASE_X86_64 x86_64


ipsec.conf has this line:

ike passive esp transport proto udp from $public_ip to any port l2tp main auth
"hmac-sha2-256" enc "aes-256" group modp1024 quick auth "hmac-sha2-256" enc
"aes-256" psk “PSK"

Messages output (PSK NO SPACES):

Jul 25 16:07:02 vpn isakmpd[80810]: attribute_unacceptable: GROUP_DESCRIPTION:
got MODP_2048, expected MODP_1024
Jul 25 16:07:02 vpn isakmpd[80810]: attribute_unacceptable: HASH_ALGORITHM:
got SHA, expected SHA2_256
Jul 25 16:07:02 vpn isakmpd[80810]: attribute_unacceptable: HASH_ALGORITHM:
got MD5, expected SHA2_256
Jul 25 16:07:02 vpn isakmpd[80810]: attribute_unacceptable: HASH_ALGORITHM:
got SHA2_512, expected SHA2_256
Jul 25 16:07:02 vpn isakmpd[80810]: attribute_unacceptable: GROUP_DESCRIPTION:
got MODP_1536, expected MODP_1024
Jul 25 16:07:02 vpn isakmpd[80810]: attribute_unacceptable: HASH_ALGORITHM:
got SHA, expected SHA2_256
Jul 25 16:07:02 vpn isakmpd[80810]: attribute_unacceptable: HASH_ALGORITHM:
got MD5, expected SHA2_256
Jul 25 16:07:03 vpn npppd[51700]: l2tpd ctrl=13 logtype=Started RecvSCCRQ
from=85.93.205.98:51860/udp tunnel_id=13/48 protocol=1.0 winsize=4
hostname=Steves-13-inch-MacBook.office.lan vendor=(no vendorname) firm=
Jul 25 16:07:03 vpn npppd[51700]: l2tpd ctrl=13 call=25707 logtype=PPPBind
ppp=9
Jul 25 16:07:06 vpn npppd[51700]: ppp id=9 layer=base logtype=TUNNELSTART
user="steve" duration=3sec layer2=L2TP layer2from=85.93.205.98:51860
auth=MS-CHAP-V2  ip=10.0.0.129 iface=pppx0
Jul 25 16:07:06 vpn npppd[51700]: ppp id=9 layer=base Using pipex=yes

Failing line in ipsec.conf:

ike passive esp transport proto udp from $public_ip to any port l2tp main auth
"hmac-sha2-256" enc "aes-256" group modp1024 quick auth "hmac-sha2-256" enc
"aes-256" psk “PSK 2”

Messages output (PSK SPACES):

Jul 25 16:10:23 vpn isakmpd[80810]: attribute_unacceptable: GROUP_DESCRIPTION:
got MODP_2048, expected MODP_1024
Jul 25 16:10:23 vpn isakmpd[80810]: attribute_unacceptable: HASH_ALGORITHM:
got SHA, expected SHA2_256
Jul 25 16:10:23 vpn isakmpd[80810]: attribute_unacceptable: HASH_ALGORITHM:
got MD5, expected SHA2_256
Jul 25 16:10:23 vpn isakmpd[80810]: attribute_unacceptable: HASH_ALGORITHM:
got SHA2_512, expected SHA2_256
Jul 25 16:10:23 vpn isakmpd[80810]: attribute_unacceptable: GROUP_DESCRIPTION:
got MODP_1536, expected MODP_1024
Jul 25 16:10:23 vpn isakmpd[80810]: attribute_unacceptable: HASH_ALGORITHM:
got SHA, expected SHA2_256
Jul 25 16:10:23 vpn isakmpd[80810]: attribute_unacceptable: HASH_ALGORITHM:
got MD5, expected SHA2_256
Jul 25 16:10:23 vpn isakmpd[80810]: message_parse_payloads: reserved field
non-zero: af
Jul 25 16:10:23 vpn isakmpd[80810]: dropped message from 85.93.205.98 port
61021 due to notification type PAYLOAD_MALFORMED
Jul 25 16:10:26 vpn isakmpd[80810]: message_parse_payloads: reserved field
non-zero: af
Jul 25 16:10:26 vpn isakmpd[80810]: dropped message from 85.93.205.98 port
61021 due to notification type PAYLOAD_MALFORMED
Jul 25 16:10:30 vpn isakmpd[80810]: message_parse_payloads: reserved field
non-zero: af
Jul 25 16:10:30 vpn isakmpd[80810]: dropped message from 85.93.205.98 port
61021 due to notification type PAYLOAD_MALFORMED
Jul 25 16:10:33 vpn isakmpd[80810]: message_parse_payloads: reserved field
non-zero: af
Jul 25 16:10:33 vpn isakmpd[80810]: dropped message from 85.93.205.98 port
61021 due to notification type PAYLOAD_MALFORMED
Jul 25 16:10:45 vpn isakmpd[80810]: message_parse_payloads: reserved field
non-zero: af
Jul 25 16:10:45 vpn isakmpd[80810]: dropped message from 85.93.205.98 port
61021 due to notification type PAYLOAD_MALFORMED



I tried to connect my Nexus 5 with Android 6.0.1 but that plainly failed, no
clue what the correct config should be, so I haven’t reproduced it under the
Droid.

If someone is more passionate about this I can share some more logs. But
something works for me now and my patience wore thin.

Cheers,

--
Steve Clement
https://www.twitter.com/SteveClement
mailto:st...@localhost.lu
.lu: +352 20 333 55 65

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]