By Strog
Work is providing a Sonicwall VPN/Firewall/WAP device for remote access. This complicates my network setup but I like a good challenge. I already have 4 subnets, IPSEC & OpenVPN VPNs and a wireless connection. This will add another IPSEC connection, firewall with NAT, wireless and a couple more subnets.
I plugged it into the DMZ switch first thing since that is a restrictive subnet as far as firewall rules are concerned. I wanted to disable NAT right away but I don’t see any good way to do this with this firmware (or the latest after I loaded it). I did find the NAT one-to-one options and assigned a couple ranges to the wired and wireless ranges respectively. It won’t allow wireless to LAN unless you are encypted so I enabled WPA and setup the Powerbook to connect. I plugged the Dell laptop into one of the LAN ports to test the wired side of this setup. I still have the VPN client on the Powerbook to connect directly so I logged into the main VPN concentrator with that and used the Dell to connect to the local. I had a functional tunnel in less than 5 minutes.
It looks like the detect dead tunnel option is kicking in faster than the heartbeats to keep the tunnel active. That basically means the tunnel isn’t staying up unless I keep traffic running across it. I have to initiate it from the client (home) side so that means I can’t get back to home from work unless I tweak this setting. I wrote a little ping script running in screen on the Dell to test and it seems to keep the tunnel up fine. This 802.11g connection isn’t really doing much better on throughput than my old setup which was just a 802.11b PCMCIA card in a PCI slot running on a system cobbled together out of spare parts. Guess I’ll have to look into this some more.
I also need to put another NIC (or two while I’m at it) into the firewall and move this to its own DMZ so I can lock the firewall rules down with more control. An upside of not running the wireless over OpenVPN is that I don’t have to push the default gateway. That makes external access a lot easier to manage since it reduces the bandwidth going through the home connection.
By Strog
I installed OpenVPN on the firewall/WAP to replace WEP permanently. It’s pushing the subnet and remote gateway as default. This is working great on wireless but the same setup works on the external interface too and I’m not so sure that I want to push the default gateway when I’m logged in from work/out/etc. That can be a lot of data to push to home and then out. This needs some tweaking. I’m using Tunnelblick front end on the Powerbook and it’s working nicely.
The client/server setup only uses tun devices which works great for *nix but Windows only has tap drivers available. I could setup another instance of OpenVPN to create a point to point connection for Windows but I think I’ll just enable an authpf profile for this. I don’t have a laptop running Windows so this isn’t really a big issue right now. The Powerbook has an install of Win2k on it that I use once in a while but it routes through OS X and the old Dell laptop runs FreeBSD, OpenBSD, and Linux. The other option is Windows is wired instead of wireless.
By Strog
I’ve been meaning to install some sort weblog on the front page so I could update it easier in hopes that I’d put up some fresh content. This process started quite a while ago with Blosxom and it was enough to get me heading in the right direction. The begining of the current layout was part of a blosxom theme but heavily modified. I liked the idea of the posts being in text files and they get posted in order by timestamp. I tinkered with php and some text files but realized that it was going to be more of a pain to go this route. Since we installed PostgreSQL on the webserver, I needing to find a weblog that supported it as an option. I had been leaning toward WordPress but it needs MySQL. I looked at Personal Weblog but there’s some issues with my setup.
I found Serendipity and it had a little more on the page than I wanted on the default install. A quick look in the admin page and I turned off practically everything except the posts themselves. This is very flexible and as lean as I want. I think this is going to work out nicely.
By Strog
MySQL on OpenBSD/Sparc64 seems to be somewhat flaky and apparently has been that way for a while now. Kernel_Killer was fighting with it and phpBB on the webserver. I suggested that we look at PostgreSQL instead. I hadn’t decided on which weblog I was going to put up yet and phpBB supports either DB.
We installed PostgreSQL and the php extension to support it and then went on Thanksgiving break. I got back to setting up the DB server on Saturday after coming back from the inlaws. The more I dug through the docs, the more I liked what I saw. I haven’t spent much time with database servers but this makes me want to learn more. The website is up with PostgreSQL on it and things are coming together.
