plugout.net

[fvdw]

I compiled iptables with some trial and error, however the kernel needs to be recompiled if we want to make use of it. Some basic modules are present in the kernel but not all that are required to be able to use iptables. If I fire it up it mentions it is missing kernel modules. So please find out if it is really needed. of course upgrading the kernel is also possible

[matigev]

Any news on this?
I tried setting up using the provided pptpd but i cant get it to work.
I dont have any experience with VPN and linux so I might be missing the point

[fvdw]

as long as we don't adapt the kernel it will not work, no time yet found to work on this further

[firwareslut]

Yeah I had play with it today but I think the kernel module for PPP is required. The server runs and the port is open but I cannot make a successful connection. Would be awesome to login to the NAS with VPN and run miniDLNA.

I don't think iptables needs to be installed but you have to create /etc/sysctl.conf and put "net.ipv4.ip_forward = 1"

[fvdw]

the kernel module for PPP is required

which module is that, which parameter in the kernel config ?
Indeed it seems it is not set

Code: Select all

# CAIF transport drivers
#
# CONFIG_FDDI is not set
# CONFIG_HIPPI is not set
# CONFIG_PPP is not set
# CONFIG_SLIP is not set
# CONFIG_NET_FC is not set


I think it is also good to enable IPtables at same tiem when doing a recompile
Think as you said earlier we will need it to be able to forward (filter) VPN packet
The fact that some of these option were not set in the kernel are the problem I guess

Code: Select all

CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_NETFILTER_ADVANCED=y

#
# Core Netfilter Configuration
#
# CONFIG_NETFILTER_NETLINK_QUEUE is not set
# CONFIG_NETFILTER_NETLINK_LOG is not set
# CONFIG_NF_CONNTRACK is not set
# CONFIG_NETFILTER_XTABLES is not set
# CONFIG_IP_VS is not set

#
# IP: Netfilter Configuration
#
# CONFIG_NF_DEFRAG_IPV4 is not set
# CONFIG_IP_NF_QUEUE is not set
# CONFIG_IP_NF_IPTABLES is not set
# CONFIG_IP_NF_ARPTABLES is not set


this link gives also some information on kernel setup. http://www.linuxtopia.org/Linux_Firewal ... /x651.html
Its easy to change these settings and recompile a kernel, it is on the to do list but a kernel compile is always risky and when the kernel doesn't load I need to take out my HDD to restore a working one. I don't like that and this is one of the reason why its not on the top of my list.
If there are volunteers to try a not tested kernel let me know.

[firwareslut]

I don't mind testing the kernel if it is easy to restore with my ubuntu installation. I have an HD cradle so it's easy to remove and mount the drive with little hassle.

[fvdw]

ok I will try to compile one and sent it to you for testing

this are the modified settings I will use

Code: Select all

# CAIF transport drivers
#
# CONFIG_FDDI is not set
# CONFIG_HIPPI is not set
CONFIG_PPP=y
# CONFIG_PPP_MULTILINK is not set
CONFIG_PPP_FILTER=y
CONFIG_PPP_ASYNC=y
# CONFIG_PPP_SYNC_TTY is not set
CONFIG_PPP_DEFLATE=y
# CONFIG_PPP_BSDCOMP is not set
CONFIG_PPP_MPPE=y
CONFIG_PPPOE=y
# CONFIG_SLIP is not set


CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_NETFILTER_ADVANCED=y

#
# Core Netfilter Configuration
#
# CONFIG_NETFILTER_NETLINK_QUEUE is not set
# CONFIG_NETFILTER_NETLINK_LOG is not set
CONFIG_NF_CONNTRACK=y
# CONFIG_NF_CONNTRACK_MARK is not set
# CONFIG_NF_CONNTRACK_EVENTS is not set
# CONFIG_NF_CONNTRACK_TIMESTAMP is not set
# CONFIG_NF_CT_PROTO_DCCP is not set
# CONFIG_NF_CT_PROTO_SCTP is not set
# CONFIG_NF_CT_PROTO_UDPLITE is not set
# CONFIG_NF_CONNTRACK_AMANDA is not set
CONFIG_NF_CONNTRACK_FTP=y
# CONFIG_NF_CONNTRACK_H323 is not set
# CONFIG_NF_CONNTRACK_IRC is not set
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
# CONFIG_NF_CONNTRACK_SNMP is not set
# CONFIG_NF_CONNTRACK_PPTP is not set
# CONFIG_NF_CONNTRACK_SANE is not set
# CONFIG_NF_CONNTRACK_SIP is not set
# CONFIG_NF_CONNTRACK_TFTP is not set
# CONFIG_NF_CT_NETLINK is not set
CONFIG_NETFILTER_XTABLES=y


# CONFIG_IP_VS is not set

#
# IP: Netfilter Configuration
#
CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
# CONFIG_IP_NF_MATCH_AH is not set
# CONFIG_IP_NF_MATCH_ECN is not set
# CONFIG_IP_NF_MATCH_TTL is not set
CONFIG_IP_NF_FILTER=y
# CONFIG_IP_NF_TARGET_REJECT is not set
CONFIG_IP_NF_TARGET_LOG=y
# CONFIG_IP_NF_TARGET_ULOG is not set
CONFIG_NF_NAT=y
CONFIG_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_NF_NAT_FTP=y
# CONFIG_NF_NAT_IRC is not set
# CONFIG_NF_NAT_TFTP is not set
# CONFIG_NF_NAT_AMANDA is not set
# CONFIG_NF_NAT_PPTP is not set
# CONFIG_NF_NAT_H323 is not set
# CONFIG_NF_NAT_SIP is not set
# CONFIG_IP_NF_MANGLE is not set
# CONFIG_IP_NF_RAW is not set
# CONFIG_IP_NF_ARPTABLES is not set

#
# IPv6: Netfilter Configuration
#
CONFIG_NF_DEFRAG_IPV6=y
CONFIG_NF_CONNTRACK_IPV6=y
# CONFIG_IP6_NF_QUEUE is not set
CONFIG_IP6_NF_IPTABLES=y
# CONFIG_IP6_NF_MATCH_AH is not set
# CONFIG_IP6_NF_MATCH_EUI64 is not set
# CONFIG_IP6_NF_MATCH_FRAG is not set
# CONFIG_IP6_NF_MATCH_OPTS is not set
# CONFIG_IP6_NF_MATCH_HL is not set
# CONFIG_IP6_NF_MATCH_IPV6HEADER is not set
# CONFIG_IP6_NF_MATCH_MH is not set
# CONFIG_IP6_NF_MATCH_RT is not set
CONFIG_IP6_NF_TARGET_LOG=y
CONFIG_IP6_NF_FILTER=y
# CONFIG_IP6_NF_TARGET_REJECT is not set
# CONFIG_IP6_NF_MANGLE is not set
# CONFIG_IP6_NF_RAW is not set
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set

[fvdw]

@firwareslut

a PM with a trial kernel has been sent, check your inbox. I prefer not to distribute this kernel before we finished testing it.

[firwareslut]

I will give it a go when I get home from work tonight. Looking forward to it :D

[firwareslut]

Ok I transferred the new kernel over to SDA6 and rebooted and the server started without any issues.

I ran the /usr/sbin/pptpd and the server is listening on the correct port but I still cannot connect. I am having a hard time troubleshooting because I can't seem to find any log files.

I tested this tutorial on my Ubuntu installation

http://www.ewdisonthen.com/how-to-setup ... -07577.php

And followed the all the steps except for setting iptables. The VPN connected first time from my phone so there must still be a problem with the actual server on the NAS.

I suspect the authentication of the "chap-secrets" file is probably failing.