**** BEGIN LOGGING AT Wed Aug 04 02:59:57 2010 Aug 04 12:39:16 hello anybody home? Aug 04 12:39:27 I need help changing openvpn port for the fonera Aug 04 12:43:01 hey judaz Aug 04 12:43:11 judaz: Did you solve your SSH / WAN problem> Aug 04 12:43:21 blathijs: sort of Aug 04 12:43:36 blathijs: well, not.. Aug 04 12:43:44 jejeeje Aug 04 12:44:06 i've seen it's needed a firewall line executed Aug 04 12:44:07 right? Aug 04 12:47:11 judaz: For SSH access, you'll need to open up the firewall. You can do that at Settings -> Firewall -> Applications Aug 04 12:47:34 ALso, you'll need a password with a number and a capital letter in it, IIRC Aug 04 12:48:12 You might need to change your password for this, since the Fonera forgets the password strength on a firmware upgrade Aug 04 12:50:26 blathijs: ok, lets see Aug 04 12:51:09 As for changing the OpenVPN port, I think you should change that in /etc/config/openvpn Aug 04 12:51:44 As well as in /Apps/SetupOpenvpn Aug 04 12:51:53 (look for "1194" in both files) Aug 04 12:52:09 brb, lucn Aug 04 12:52:11 lunch Aug 04 12:52:25 ok Aug 04 12:52:31 i've just set myu password Aug 04 12:52:39 i'll restart the fonera Aug 04 13:02:12 blathijs: didnt work.. Aug 04 13:02:19 still times out the ssh connection Aug 04 13:02:52 and, for some reason i cant get to the vpn from work. I guess something is filtering it Aug 04 13:11:34 judaz: Are you testing the SSH connection from the WAN side at home, or from work (e.g., are you sure that something isn't filtering the SSH connection as well?) Aug 04 13:11:52 blathijs: at this instant Aug 04 13:12:02 judaz: You should check if there is a pass_good setting in /etc/config/system Aug 04 13:12:10 im accessing my desktop by a port-forwarding at the fonera Aug 04 13:12:38 root@Fonera:/# cat /etc/config/system | grep pass option 'pass_good' '1' Aug 04 13:12:54 root@Fonera:/# cat /etc/config/system | grep pass Aug 04 13:13:02 option 'pass_good' '1' Aug 04 13:13:04 there it is Aug 04 13:13:33 i guess i have a firmware with no ssh from wan support? Aug 04 13:13:35 can it be? Aug 04 13:33:38 I don't think that's possible Aug 04 13:33:51 judaz: Did you enable SSH in the firewall settings? Aug 04 13:34:37 And I'm still not sure how you're testing the SSH access Aug 04 13:35:00 I don't think you can test WAN access from the LAN port (not even when you use the WAN ip address) Aug 04 13:35:24 * blathijs is off to the shop for a bit Aug 04 13:36:10 blathijs: yes, is enabled Aug 04 13:36:19 what im doing is trying to access Aug 04 13:36:22 the fonera from work Aug 04 13:36:27 disabling port-forwarding Aug 04 13:36:39 (at this moment, port 22 is forwarded to my desktop) Aug 04 13:36:59 judaz: Perhaps your ISP is blocking port 22, then... Aug 04 13:37:35 Oh, if forwarding 22 to your desktop works, then it shouldn't be blocked by your ISP Aug 04 13:38:41 blathijs: yep, true Aug 04 13:38:58 blathijs: maybe i have a firmawre with no support? Aug 04 13:38:59 can it be? Aug 04 13:39:14 i was reading there's a development firmware Aug 04 13:39:26 I have a fonera out of the box, no changes Aug 04 13:39:29 Eh? Aug 04 13:39:36 Then you shouldn't have any SSH support, not even on LAN Aug 04 13:39:43 well. Aug 04 13:39:49 on lan I do Aug 04 13:39:50 jejejeje Aug 04 13:40:06 Is it a new Fonera, or did you buy it second hand? Aug 04 13:40:13 blathijs: new one Aug 04 13:40:20 or that i was told Aug 04 13:40:30 I didnt buy it my self Aug 04 13:40:37 It was sent from fon to a friend Aug 04 13:40:42 there's no fon in Argentina Aug 04 13:40:54 Perhaps he upgraded the firmware before sending it to you or someting Aug 04 13:40:56 and my friend brought it to me from spain Aug 04 13:41:08 maybe.. well, i guess I should change the firmware Aug 04 13:41:17 anyway, you can check the firewall with the command "iptables -n -v -L input_daemon" Aug 04 13:41:34 That should display a few rules concerning port 22 Aug 04 13:41:53 0 0 zone_wan_DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: UPDATE seconds: 180 hit_count: 3 name: DEFAULT side: source Aug 04 13:41:57 2 148 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: SET name: DEFAULT side: source Aug 04 13:42:01 2 148 zone_wan_ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 Aug 04 13:42:12 Yup, that's exactly right Aug 04 13:42:30 not sure what it says jejeje Aug 04 13:42:37 i'm not a good friend of iptables Aug 04 13:42:39 Perhaps the portforward on port 22 you configured is interfering. Did you try removing the port forward and then reboot? Aug 04 13:42:48 blathijs: yep, Aug 04 13:42:51 ill try it again Aug 04 13:43:04 You might want to change the port forward to port 2222 or something permanently anyway Aug 04 13:43:26 blathijs: how? Aug 04 13:43:35 opensshserver? Aug 04 13:43:50 Eh? Just fill in two different port numbers in the port forwarding webgui? Aug 04 13:43:55 ahhh Aug 04 13:44:01 ok Aug 04 13:44:04 mmmm lets see Aug 04 13:44:06 e.g, source port 2222 target port 22 Aug 04 13:44:50 Also, you might want to reflash the firmware, to make sure there are no unexpected differences and that you have the latest version. Aug 04 13:45:01 You would need this version, which is the latest DEV version: http://download.fonosfera.org/LATEST/fonera2.0n-FON2300/20100408_FON2303_2.3.6.0_r1665_DEV.tgz Aug 04 13:45:33 And you might want to do a factory reset after that (Settings -> Advanced IIRC), to make sure there's no weird settings left either Aug 04 13:46:24 But I would only do that firmware update / factory reset when you have physical access, since you're likely to break your WAN access (especially when doing the reset) Aug 04 13:46:30 Now I'm really off to the shop Aug 04 14:17:10 Hi Aug 04 14:17:39 For when can we expect next firmware with onlined fixes? Aug 04 14:30:33 blathijs? Aug 04 14:57:34 judaz: Any progress? :-) Aug 04 15:01:51 blathijs: nope :( Aug 04 15:02:04 it seems that here at work i have everything filtered Aug 04 15:02:16 i need to find some other port different from 1194 for openvpn Aug 04 15:02:20 443 cant be Aug 04 15:02:32 80 maybe Aug 04 15:04:29 judaz: I suspect the Fonera gives proper connection refused messages on closed ports, so you could use nmap to find one that is closed? Aug 04 15:04:42 judaz: If you give me your WAN ip, I can run an nmap for you? Aug 04 15:05:05 blathijs: no, the problem is the internet access here at work Aug 04 15:05:09 not at the fonera Aug 04 15:06:01 blathijs: aseba.dyndns.org Aug 04 15:08:45 judaz: Ah, right. Aug 04 15:09:06 judaz: It also seems that the Fonera does not give connection refused messages as I thought Aug 04 15:10:10 blathijs: :/ well, its not that important the ssh access Aug 04 15:10:16 i need a walktrought for the openvpn Aug 04 15:10:25 judaz: Though if you want to find a port at work, you could just nmap any host that does (if you have nmap there, of course). You could use drsnuggles.stderr.nl, which is mine and gives connection refused messages) Aug 04 15:10:58 This stuff was for finding a port for the OpenVPN access, right? Aug 04 15:11:22 blathijs: right Aug 04 15:11:23 To change the OpenVPN port, you'll need to change the two files I mentioned earlier. I haven't tested it, but I think that should be sufficient. Aug 04 15:11:37 i've changed /etc/config/openvpn Aug 04 15:11:47 root@Fonera:~# /etc/init.d/openvpn restart Aug 04 15:11:47 uci: Entry not found Aug 04 15:11:48 --comp-lzo --persist-key --persist-tun --ca /etc/openvpn/keys/ca.crt --cert /etc/openvpn/keys/Fonera.crt --dev tun-ovpn --dh /etc/openvpn/keys/dh1024.pem --ifconfig-pool-persist /tmp/ipp.txt --keepalive 10 120 --key /etc/openvpn/keys/Fonera.key --max-clients 2 --port 80 --proto udp --server 10.8.0.0 255.255.255.0 --status /tmp/openvpn.clients 15 --status-version 2 --verb 3 --push "route 192.168.10.0 255.255.255.0 10.8.0.5" Aug 04 15:11:54 is that ok? Aug 04 15:12:05 or something went wrong? Aug 04 15:12:18 dunno :-) Aug 04 15:12:30 jaja Aug 04 15:12:41 It's not uncommon for commands to show some errors when run manually, since we generally don't do that :-p Aug 04 15:12:55 I see the right --port 80, so I think that's ok Aug 04 15:13:10 You'll also have to change the other file to make sure the firewall is configured correctly Aug 04 15:14:57 ok, lets see Aug 04 15:15:04 ill restart the fonera Aug 04 15:17:26 <_OldMan_> Hi, I changed only /etc/config/openvpn and that is not working. Aug 04 15:17:26 <_OldMan_> What is the other file I have to change? Aug 04 15:18:23 mmm, noup Aug 04 15:18:43 clearly im doing something wrong Aug 04 15:18:43 jeje Aug 04 15:19:00 judaz: Could you check /etc/config/services to see what the port for openvpn is in there? Aug 04 15:19:18 _OldMan_: /Apps/SetupOpenvpn Aug 04 15:19:30 list 'udp_port' '1194' Aug 04 15:19:48 judaz: Right, change it there as well Aug 04 15:19:52 ja! Aug 04 15:19:53 ok Aug 04 15:19:55 lets se Aug 04 15:20:45 judaz: Apparently the one in /Apps/SetupOpenvpn is only the default value that gets written to /etc/config/services if it's not there yet Aug 04 15:29:55 judaz: And? :-) Aug 04 15:32:06 blathijs: trying Aug 04 15:32:07 :P Aug 04 15:35:21 :( Aug 04 15:36:01 That's a no? :-) Aug 04 15:38:26 blathijs: nope.. didnt work Aug 04 15:38:33 BUT the problem is here at work Aug 04 15:38:58 But you'd expect port 80 to be open Aug 04 15:39:04 though this is udp, of course Aug 04 15:39:11 yes Aug 04 15:39:28 You could try to switch to tcp (in /etc/config/openvpn) Aug 04 15:39:52 You'll have to update the client configuration (.ovpn file) as well, of course Aug 04 15:40:02 blathijs: yep, it is Aug 04 15:40:17 a friend of mine has his openvpn configured on port 22 Aug 04 15:41:07 and works from here Aug 04 15:41:08 strange Aug 04 15:41:48 Perhaps he's also using TCP? Or perhaps UDP is allowed on 22? Aug 04 15:42:41 if i change it to tcp Aug 04 15:42:52 i kill the webgui Aug 04 15:42:53 dont i? Aug 04 15:43:17 Hmm, good point Aug 04 15:43:35 its a tricky thing Aug 04 15:43:36 :P Aug 04 15:45:22 the WebGUI should only be listening on LAN port 80 (wan is only 443), but that is probably arranged in the firewall (so the webgui does occupy port 80) Aug 04 15:45:59 <_OldMan_> I´ll test it tonight. Must be off now. Aug 04 15:46:38 ok Aug 04 15:46:42 ok, i need to go too Aug 04 15:46:51 lets se tomorrow Aug 04 15:46:52 :P Aug 04 15:47:00 bye! blathijs thanks for your help Aug 04 15:47:03 :-) Aug 04 15:47:05 np Aug 04 15:47:09 Ill install the new firmware tonight Aug 04 15:47:15 <_OldMan_> :-D Aug 04 15:47:17 hope i dont break anything Aug 04 15:48:15 There's always a recovery mode :-) Aug 04 17:20:05 new firmware? Aug 04 17:47:52 hi there Aug 04 17:48:19 I was installing apps in fon, until I've had the message Aug 04 17:48:20 No space left on device Aug 04 17:48:51 I was doing it manually by wget ... tar ... tar -C Aug 04 17:49:22 So what can I do now? And how can I unistall things / how can I know what's installed? Aug 04 17:57:29 I read that to recover from this state I have to do Aug 04 17:57:29 mount -o remount /jffs2 Aug 04 18:06:04 Well, after reboot I have the same situation Aug 04 18:06:10 100% of use in / and in /rom Aug 04 18:06:40 I really need advise about how can I revert the situation Aug 04 18:07:42 What I need to install is 1) motion 2) ssmtp 3) mutt and the libraries 4) openssl and 5) ncurses Aug 04 18:08:20 while installing mutt the space has ended, so I suppose that I will need to install to an usb memory Aug 04 18:08:42 but I intalled openssl by mistake, and perhaps uninstalling it there's enough space for mutt and the lib Aug 04 18:09:27 But what have I to do, because the tar limites to copy files to the destinations Aug 04 18:09:37 do I need to manually erase the files then?? Aug 04 18:13:37 well, I'll do this, Aug 04 18:15:20 Barbon: I'm hoping to get it out next week Aug 04 18:15:57 ggerard: There is some docs on the wiki on how to instal to usb Aug 04 18:16:28 ggerard: To clean up your current installation, it's probably easiest to do a factory reset (under Settings -> Advanced in the WebGUI IIRC) Aug 04 18:19:12 ggerard: Perhaps this will help you: http://wiki.fon.com/wiki/F2_Amule#Solution Aug 04 18:19:16 blathijs: I was imaging that that might be the best solution, I'll do this then and let's see what happens Aug 04 18:20:15 That is based on installing stuff with opkg, but it should work with manually untarring as well (the PATH and LD_PRELOAD_PATH bits are most important to get the Fonera to "see" the stuff on the USB disc Aug 04 18:20:37 I'll be away for the night, feel free to stick around and ask questions Aug 04 18:22:38 nice Aug 04 18:22:41 blathijs Aug 04 18:22:48 you can post your result about this? Aug 04 18:22:50 wait Aug 04 18:23:18 here blathijs Aug 04 18:23:19 (quit, have I lost any msg?) Aug 04 18:23:19 http://trac.fonosfera.org/fon-ng/ticket/516 Aug 04 18:23:36 I was typing that there they give instruction to install it through opkg Aug 04 18:23:56 but how can I do it by using the tar instructions? Aug 04 18:23:58 tar xzvf *.ipk tar xzvf data.tar.gz -C / Aug 04 18:37:19 I suspect I'm being quit (ping?) and I'm loosing msg, anyone knows how can I check these? Aug 04 19:47:41 <_OldMan_> OpenVPN on port 5594 working perfectly overhere. Aug 04 19:48:29 <_OldMan_> judaz: dit you change the portnumber in the fonera.ovpn file on your PC??? Aug 04 20:20:32 _OldMan_: I did tell him to :-) Aug 04 20:20:50 _OldMan_: But he was trying to pierce a corporate firewall, not unlikely that it's filtering UDP entirely Aug 04 20:21:50 <_OldMan_> Mmmm, yes, that can be a problem. Aug 04 20:23:33 <_OldMan_> I found 443 and 22 are mostly open becouse the ICT people need them themselves, hi. Aug 04 20:24:20 <_OldMan_> Well, I am happy becouse vpn is working again. Aug 04 20:25:00 <_OldMan_> Tomorrow I´ll look if I can use this solution for motion4fon. Aug 04 20:26:44 _OldMan_: I did send you some suggestions about using /etc/config/services a few weeks back, didn't I? Aug 04 20:26:50 <_OldMan_> Still struggeling with windows 7. This ´run as admin´ is getting verry anoing. Aug 04 20:26:57 heh Aug 04 20:27:12 _OldMan_: Btw, would you mind testing 2.3.6.1 RC1? I'm hoping to have it ready somewhere tomorrow Aug 04 20:27:47 <_OldMan_> No, but if i look @ this openvpn solution i might find the problem. Aug 04 20:28:14 ok :-) Aug 04 20:28:22 If you have questions or problems, feel free to aks Aug 04 20:28:26 s/aks/ask/ Aug 04 20:28:52 <_OldMan_> Is this 2.3.6.2 for 2n Aug 04 20:29:16 2.3.6.1, not .2? Aug 04 20:29:27 and it will be for 2n, yes Aug 04 20:29:45 <_OldMan_> I have only 1 2n, but two 2g Aug 04 20:30:21 right. One should do? :-) Aug 04 20:30:26 <_OldMan_> Ok, Il give it a test, but if it gives to much problems I´ll go back, Aug 04 20:30:32 I got to go now, I'll send you an email :-) Aug 04 20:30:45 (Are you runing 2.3.0 now, then?) Aug 04 20:31:19 <_OldMan_> nope 2.3.6.0 so i think just an improvement. Aug 04 20:31:19 <_OldMan_> Ok, cu later. Aug 04 20:34:59 _OldMan_: Yeah, these should just be a few bugfixes (see http://trac.fonosfera.org/fon-ng/query?group=status&milestone=Firmware+2.3.6.1 ) Aug 04 20:35:04 * blathijs is off **** ENDING LOGGING AT Thu Aug 05 02:59:56 2010