**** BEGIN LOGGING AT Thu Jul 12 02:59:58 2012 Jul 12 11:18:02 Hi :) Jul 12 11:19:15 Hi Jon! Jul 12 11:19:51 Just amended #1178 with the smaller pool. Jul 12 11:20:37 I think I'm going to struggle with doing the patch for the static IPs though. Jul 12 11:20:38 Yeah, I noticed. Looks perfect. Jul 12 11:20:46 Cool! Jul 12 11:21:25 I don't really know where to start with adding to the web ui for the clients... Jul 12 11:22:20 Let me have a look Jul 12 11:22:24 OK Jul 12 11:23:58 The luci stuff is in luci/applications/luci-openvpn/luasrc Jul 12 11:24:11 view/openvpn_table.htm currently generates the table Jul 12 11:24:45 But that's currently really just a "display only" table, so it doesn't actually save stuff yet Jul 12 11:25:00 so that needs some non-trivial changes, I guess Jul 12 11:25:18 Yehr Jul 12 11:25:32 Let me just finish something else and then see if I can work out the luci changes later this afternoon (or possibly tomorrow) Jul 12 11:25:59 In the meanwhile, perhaps you can start by manually editing /etc/config/openvpn and working on the other scripts? Jul 12 11:33:50 I'm probably going to be tied up with work all afternoon (I'm on my lunch right now), but this evening I'll take a look, assuming I've not overlooked something the wife and I are supposed to be doing! Jul 12 11:55:06 hehe Jul 12 12:09:43 Is #907 still on track for 2.3.7.0? Jul 12 12:10:49 JonTheNiceGuy: Yes, but I was going to tackle a few OpenVPN related tickets at the same time Jul 12 12:10:54 saves time on testing :-) Jul 12 12:13:53 Fair enough :) Jul 12 12:14:36 I think most people will change the UDP port of the OpenVPN server to UDP53 :) Jul 12 12:16:31 hehe Jul 12 12:16:38 * blathijs is off for lunch, bbl Jul 12 13:35:55 blathijs: Have you seen sslh? I can't see it ever being built into the device, but it's a nice idea for an application :) Jul 12 13:36:12 http://www.rutschle.net/tech/sslh.shtml Jul 12 13:43:34 Hmm, that looks funky Jul 12 13:44:13 Yehr I know. Jul 12 13:44:28 Probably a bit tricky to implement in an easy-to-use manner in the Fonera firmware, though Jul 12 13:44:45 Yehr, I know right... like I said, I can't see it happening... but :) Jul 12 13:45:20 For me in IT Security, biggest issue is that as it's a proxy, it hides the source addresses for everything Jul 12 13:45:52 I wonder if it could be implemented using iptables rules... Jul 12 13:45:54 So, if you've got an HTTPS server, and it gets attacked, you'll only ever see the source IP of 127.0.0.1 or the IP of the host if you're pointing it into your network. Jul 12 13:46:17 If sslh keeps decent logs, that doesn't need to be a problem, though Jul 12 13:47:11 ok, finished my work on not supporting ext4 Jul 12 13:47:21 On not supporting ext4? Jul 12 13:47:31 Yeah, that wasn't a typo Jul 12 13:48:13 ext4 support is considered unstable before 2.6.28, and we run 2.6.21 / 2.6.26, so the Fonera can't meaningfully support ext4 Jul 12 13:48:44 but I only found out about that until after writing the ext4-detection code for mountd, so I figured I might as well leave the detection code in and actually tell the user about filesystems that are unsupported Jul 12 13:49:08 :) Jul 12 13:49:14 (instead of trying to mount ext4 as ext3 and failing, as now) Jul 12 13:50:00 anyway, i'm off to the shop for a bit. If I have some time after that, I'll try to whip up some openvpn-static-ip-luci-stuff Jul 12 13:50:29 OK Jul 12 13:50:42 Oh, with regards to the sslh-in-iptables? http://l7-filter.sourceforge.net/HOWTO Jul 12 14:09:40 Actually, scratch that - won't work with most of the interesting protocols :D Jul 12 15:19:09 hehe Jul 12 15:36:34 Right, going home. Speak later. **** ENDING LOGGING AT Fri Jul 13 02:59:58 2012