www.chilliwave.com

Wifi Network Distribution and Billing Server
It is currently Sat Jan 18, 2020 11:14 am

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 34 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post subject: How to ssh/gui in to repeaters
PostPosted: Thu Feb 19, 2009 4:44 am 
Offline
User avatar

Joined: Thu Sep 11, 2008 11:07 pm
Posts: 616
Location: Australia
I've seen this asked a few times in here and heres a

simple solution.

If you need to access your routers in the

field(including repeaters) just like you can if they're local. Then you need them to call you to break through the nat and create the link.

(THIS HAS ONLY BEEN LIGHTLY TESTED USE AT YOUR OWN RISK)
There's still a couple of problems I'm sure you guys can

help with.
1. When the router is in vpn mode it routes all traffic

to your vpn server, including web requests. I need an

iptables rule that will fix that, bring on the ideas.

2. It also allowes vpn access from all the users on the

router to your vpn network. I've just limited what they

can access if they are quick enough to realize, but

iptables rules should fix this too.

3. Not sure what else but it's a built in function for

dd-wrt shouldn't be too many problems but test test test before putting in the field!



Firstly you need to setup a vpn server to accept the

connections. I've just used an xp pro box for this but

you can use whatever you want as long as it supports

pptp connections.

http://wireless.gumph.org/content/6/4/0 ... -user.html
Go through the four pages of that and you should have a

vpn server running. Once you can verify you have a pptp

server running by connecting with a laptop then move on

to the routers. This will not work if the laptop is on

the same network as the server. You need to have 2

internet connections, one for the server and one for the

routers/laptop. For testing you can use dialup/3g for

the second connection if you only have one connection.


Code:
nvram set pptpd_client_srvsub=192.168.123.0
nvram set pptpd_client_srvip=yourdomainnameorexternalip
nvram set pptpd_client_srvsubmsk=255.255.255.0
nvram set pptpd_client_srvpass=vpnuserspassword
nvram set pptpd_client_enable=1
nvram set pptpd_client_srvuser=vpnusername



(AFTER MODIFYING TO YOUR SETTINGS) Put that in the nvram

box of the routers config page and click the configure

button, After about 3 minutes you have a pptp vpn

connection to your router. That gives you a local ip

address to the router so you can ssh, gui control or

view the webcam attached etc., even on repeaters.
After you have put that in the router for the first time

all you have to do to switch it on and off is change

this command in the nvram box

nvram set pptpd_client_enable=1

1= ON
0= OFF

Switch it off when finished and
Cheers :D


Top
 Profile  
 
 Post subject:
PostPosted: Thu Feb 19, 2009 8:44 am 
Offline
Site Admin
User avatar

Joined: Fri Mar 17, 2006 4:52 pm
Posts: 4413
Location: Bend, Oregon
This is pretty slick, I must say.. Very impressive.. I hope I can get up to speed with you on this asap and refine it to run inside the router.. This would be the ticket for the video cameras..

I am sure that is what you are working on, and I like this lateral thinking you have going on this..

I will give this a shot and chime in on it..

Good job, to say the very least... 8)

Chuck


Top
 Profile  
 
 Post subject:
PostPosted: Thu Feb 19, 2009 1:06 pm 
Offline

Joined: Thu Mar 06, 2008 6:17 pm
Posts: 809
Location: Ansbach, Germany
I will get right on this, looks like exactly what I was talking to Chuck about. I'm going to setup a test network this week and go around the neighborhood with repeaters and camera's and see how fast I can build a network :)


Top
 Profile  
 
 Post subject:
PostPosted: Fri Feb 20, 2009 6:34 pm 
Offline
User avatar

Joined: Thu Sep 11, 2008 11:07 pm
Posts: 616
Location: Australia
Ok I've been testing this and it appears dd-wrt does a pretty good job of still redirecting all web request around the vpn and out through the routers proper gateway and not through your vpn network as I previously thought. :D.
The wireless clients tend to get dropped off and have to sign in again when you switch it on and off.
I can't tell how much of a performance hit the routers take on this because I'm testing it with dialup and thats a performance hit on its own. :lol:
The problems I see for you fosterchild will be these.
1. Xp pro only supports 1 concurrent vpn connection so we need a better vpn server. Because we may want gui access to the routers the enchilada server isn't ideal if it's a slice. Does the companion dvd have a pptp vpn server in it that accepts multiple connections?
2. If I'm looking at one router at a time then I can just use the one vpn user/pass for all routers. I could easily just put these settings in the firmware build so it was in all the routers and I just had to switch it on and off. (A radio button in the router config would be good Chuck.) :) :) If we have multiple connections we will need a unique user/pass for each router.
Let me know if you get a test running fosterchild.
Cheers


Top
 Profile  
 
 Post subject:
PostPosted: Fri Feb 20, 2009 6:50 pm 
Offline
User avatar

Joined: Thu Sep 11, 2008 11:07 pm
Posts: 616
Location: Australia
This looks like the ticket fosterchild.
http://swik.net/Ubuntu/OnlyUbuntu+Tutorials/Howto+setup+PPTP+server+(VPN)+on+Ubuntu+7.10/cdslc
Unless someone knows of a pptp server that will handle multiple users all with the same username and password.
edit. I can't get that link to be active in the post because it has those brackets in it.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Feb 20, 2009 11:13 pm 
Offline
User avatar

Joined: Thu Sep 11, 2008 11:07 pm
Posts: 616
Location: Australia
I got it working finally on my developement enchilada server.
What the previous link doesn't tell you is
1. You have to run the pptpd as root.
Code:
killall pptpd
sudo pptpd

How can I fix this Chuck so it runs as root every startup?

2. pptpd is only set to accept mppe at 128 bit encryption so you need to put this in the mppe encryption box on the router

Code:
mppe required,no40,no56,stateless


I tried this below in the nvram box but only ended up with mppe in the router. I need to know how to deal with the space between mppe and required.
Code:
nvram set pptpd_client_srvsec=mppe required,no40,no56,stateless


In the /etc/ppp/chap-secrests file you need to put the users in this format
Code:
vpnuser pptpd vpnpassword *

Just replace the vpnuser and vpnpassword with your info.

In the /etc/pptpd.conf change the bottom bits to look like this but use your vpn servers local lan ip's

Code:
localip 192.168.123.36
remoteip 192.168.123.234-238,192.168.123.245


We can probably do away with the 192.168.123.245 and change the range one to 234-238 to 234-245 but I haven't tested that yet.


Restart pptpd
Code:
killall pptpd
sudo pptpd


Point port 1723 from your router to the vpn server.

go to the /var/logs/syslog and you should see a part where your vpn client router has been given an ip from the range you specified in the /etc/pptpd.conf file.

To do
give the routers the same ip each time they connect up so you don't have to work out which one is which.
Change the scripts that run during firmware build on the server to
1. grab the router name for the vpnuser id
2. grab the router password for the vpn password
3. fix this and put it in the scripts nvram set pptpd_client_srvsec=mppe required,no40,no56,stateless
4. work out a way for users to manually add their vpn server wan ip address/domainname and and vpn servers local lan subnet details. Maybe with Chucks help I could get this info in the "server setup" page.
Cheers :D


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 21, 2009 12:39 am 
Offline

Joined: Thu Mar 06, 2008 6:17 pm
Posts: 809
Location: Ansbach, Germany
I'm still messing with this myself and trying to get a grasp on the concept. I went the easy route and within webmin under PPTP server I installed the needed package on the test Enchilada server. I then went in and created a username and password for a test user.

Then on the dd-wrt router I turned on PPTP client and did my best to fill out the information. I went back to the test server, which happened to be the online demo on Chuck's VPS and could see the router connecting to the PPTP server. What I don't undestand at the moment is how the router get's a lan address or how it's actually on the Lan along with the VPS server. The router was in repeater mode and connected to my home internet signal, but when I plugged into or connected wirelessly I was not on the VPN of the remote server.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 21, 2009 12:45 am 
Offline
User avatar

Joined: Thu Sep 11, 2008 11:07 pm
Posts: 616
Location: Australia
This is the part that gives out the lan ip's to the routers
localip 192.168.123.36
remoteip 192.168.123.234-238,192.168.123.245

localip is the lan ip of the vpn server.
remoteip is the range that the server dishes out to the routers.

/etc/pptpd.conf


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 21, 2009 12:46 am 
Offline
User avatar

Joined: Thu Sep 11, 2008 11:07 pm
Posts: 616
Location: Australia
It's probably not going to work on the slice because there is no lan to connect you to. :?


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 21, 2009 12:56 am 
Offline

Joined: Thu Mar 06, 2008 6:17 pm
Posts: 809
Location: Ansbach, Germany
That's what me and Chuck were talking about. Why couldn't the slice dish out some ip's not being used by other slices? Like if Chuck had more ip's to give out and the router's were on the same range of other Slice's? Maybe I'm confused and should just start with a test setup on my house, probably be easier. You should setup a test server and Zoneminder at your house and then tell me what to put into my router here and see if we can get it working and have it all setup inside Zoneminder. Then I'll walk around and find some open networks and see if it will also connect back to your VPN.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 21, 2009 1:05 am 
Offline
User avatar

Joined: Thu Sep 11, 2008 11:07 pm
Posts: 616
Location: Australia
I would need to give you remote desktop access to the server. I'll have a look at that but I don't have zoneminder and vpn on the same system at the moment because the zm on the enchilada server doesn't work and fills the log with errors. If you've got a companion dvd installed somewhere follow my directions above after using the packet manager to install pptpd and I can point a router at your vpn server for you to play with.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 21, 2009 1:09 am 
Offline

Joined: Thu Mar 06, 2008 6:17 pm
Posts: 809
Location: Ansbach, Germany
Just PM me access to your Enchilada and I will fix Zoneminder. It will take me like 10 mins max and you will have the latest and greatest install and we can proceed with testing. I'll check back later today after my son's BP and get your all fixed up.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 21, 2009 1:18 am 
Offline
User avatar

Joined: Thu Sep 11, 2008 11:07 pm
Posts: 616
Location: Australia
I'll have to give you remote desktop access and it's a test server that doesn't have any ports forwarded to it other than the vpn port. To change it over would mean shutting down my production server and remapping ports. I can't do that at the moment. :(


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 21, 2009 3:09 am 
Offline
User avatar

Joined: Thu Sep 11, 2008 11:07 pm
Posts: 616
Location: Australia
I'm installing a vm of the zoneminder dvd and I'll setup the vpn server on there too so you can test your cameras can phone home. :)


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 21, 2009 4:37 am 
Offline
User avatar

Joined: Thu Sep 11, 2008 11:07 pm
Posts: 616
Location: Australia
Ready to go this end, let me know when your back and I'll open the door.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 34 posts ]  Go to page 1, 2, 3  Next

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group