OpenBSD on the Powerbook

30, Dec, 2005

I was looking at the OpenBSD changes since 3.8 was released and I noticed they added a new driver for the touchpads in the new Powerbooks/iBooks. I had 3.8 on here but the external mouse and lack of multiple consoles made me try ubuntu on the Powerbook. Ubuntu was ok but there were several patches and every patch seemed to break something else. I had it working pretty good except the cpu was still running at full speed on battery. I wanted BSD on here so the fight was over. I immediatedly grabbed the latest snapshot and blew away the ubuntu install on here.

A quick netinstall and it’s time to find out if my touchpad works on here. I login, fire up X and the touchpad works great. I started building ports and it was smooth and working well during that. I took the laptop home after work. I started it up again and it was erratic and I had to plug in an external mouse. I tried it again later and it works fine again. Guess I’ll need to play with it some more. I’m just happy it’s making progress.

Project Evil and WPA

14, Dec, 2005

We had a bunch of Belkin wireless bridges leftover when we had a dept moving around and finally got into their own building. I found out that they had a mini-PCI card in them that could be removed and put into a laptop. I saw that it was a Broadcom chipset (Windows drivers only) until I had a couple Windows laptops at work that we wanted to add wireless to. I had a extra one sitting on my desk so I decided to put it in the Dell laptop and see how far I could go with FreeBSD 6.0.
Installation was easy enough since it had two antenna connectors on the card and the laptop and the slot is right behind a panel on the bottom of the laptop. I knew the drivers were hard to find until I found out the Dell 1300 wireless cards had the same chipset. We used those drivers on the Windows laptops and they worked great so I decided that’s what I’ll be using for this too.

Ndisgen makes building a kernel module pretty easy. You need the inf and sys drivers files from Windows and your kernel sources. It built the kernel module and then copied it to /boot/kernel with the other kernel modules. I loaded up the module by hand to make sure it would load fine and then added it and ndis to my loader.conf. A quick reboot to test it all and I see it in my dmesg when it only showed an unidentified PCI network device before. Ifconfig shows ndis0 in my interface list and it appears to be ready to be configured.

I read the man page and found a couple good examples for wpa_supplicant. This seems to be fairly straight forward so I loaded the kernel module, created a config file and fired it up. Everything seemed to work so I ran a dhclient on ndis0 and it immediately picks up an address. I was a bit suprised that it went so smoothly but it’s been working great for the last couple days. One of the limitations to using NDIS wrappers is that you can’t use monitor mode with the cards so wireless sniffing is out. I have an Atheros and a Orinoco card that I can use for that and besides, the Powerbook and KisMac do a better job at that anyway.

Another network change already

9, Dec, 2005

Work is providing a Sonicwall VPN/Firewall/WAP device for remote access. This complicates my network setup but I like a good challenge. I already have 4 subnets, IPSEC & OpenVPN VPNs and a wireless connection. This will add another IPSEC connection, firewall with NAT, wireless and a couple more subnets.

I plugged it into the DMZ switch first thing since that is a restrictive subnet as far as firewall rules are concerned. I wanted to disable NAT right away but I don’t see any good way to do this with this firmware (or the latest after I loaded it). I did find the NAT one-to-one options and assigned a couple ranges to the wired and wireless ranges respectively. It won’t allow wireless to LAN unless you are encypted so I enabled WPA and setup the Powerbook to connect. I plugged the Dell laptop into one of the LAN ports to test the wired side of this setup. I still have the VPN client on the Powerbook to connect directly so I logged into the main VPN concentrator with that and used the Dell to connect to the local. I had a functional tunnel in less than 5 minutes.

It looks like the detect dead tunnel option is kicking in faster than the heartbeats to keep the tunnel active. That basically means the tunnel isn’t staying up unless I keep traffic running across it. I have to initiate it from the client (home) side so that means I can’t get back to home from work unless I tweak this setting. I wrote a little ping script running in screen on the Dell to test and it seems to keep the tunnel up fine. This 802.11g connection isn’t really doing much better on throughput than my old setup which was just a 802.11b PCMCIA card in a PCI slot running on a system cobbled together out of spare parts. Guess I’ll have to look into this some more.

I also need to put another NIC (or two while I’m at it) into the firewall and move this to its own DMZ so I can lock the firewall rules down with more control. An upside of not running the wireless over OpenVPN is that I don’t have to push the default gateway. That makes external access a lot easier to manage since it reduces the bandwidth going through the home connection.

OpenVPN on the wireless and external

4, Dec, 2005

I installed OpenVPN on the firewall/WAP to replace WEP permanently. It’s pushing the subnet and remote gateway as default. This is working great on wireless but the same setup works on the external interface too and I’m not so sure that I want to push the default gateway when I’m logged in from work/out/etc. That can be a lot of data to push to home and then out. This needs some tweaking. I’m using Tunnelblick front end on the Powerbook and it’s working nicely.

The client/server setup only uses tun devices which works great for *nix but Windows only has tap drivers available. I could setup another instance of OpenVPN to create a point to point connection for Windows but I think I’ll just enable an authpf profile for this. I don’t have a laptop running Windows so this isn’t really a big issue right now. The Powerbook has an install of Win2k on it that I use once in a while but it routes through OS X and the old Dell laptop runs FreeBSD, OpenBSD, and Linux. The other option is Windows is wired instead of wireless.