system toolbox » router

http://public.ok2life.com/welcome/index/72

http://www.dyndns.com/developers/specs/syntax.html

http://www.dyndns.com/developers/checkip.html

Find out my IP address

require 'resolv'

my_ip = Resolv.getaddress('mysite.dyndns.org') 

Check my WAN (Broadband) address

require 'net/https'
require 'uri'

external_ip=''
uri = URI.parse('http://checkip.dyndns.org/')
Net::HTTP.new(uri.host,uri.port).start { |http|
 http.request_get('/') { |resp|
   # The response looks like:
   #
   # Current IP Address: 81.155.100.200
   #
   external_ip = resp.read_body.gsub(/[^:]*: ([^<]*)<.*$/,"\\1")
   external_ip = external_ip.gsub(/\n/,'')
 }
} 

Update the IP address, but only if necessary

# do nothing if my IP address has not changed
exit 0 if my_ip == external_ip
# perform the update

# This header is required by dyndns.org
headers = {
 "User-Agent" => "My Server - #{__FILE__} - 1.0" 
}

uri = URI.parse('https://members.dyndns.org/')
http = Net::HTTP.new(uri.host, uri.port)
# switch on SSL
http.use_ssl = true if uri.scheme == "https" 
# suppress verification warning
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
req = Net::HTTP::Get.new('/nic/update?hostname=mysite.dyndns.org', headers)
# authentication details
req.basic_auth 'my_user_name','my_password'
resp = http.request(req)
# print out the response for the update
p resp.body 

http://cr.yp.to/djbdns/other.html

fritz!box vpn ?!¶

http://www.avm.de/de/Service/Service-Portale/VPN_en/VPN_Praxis_und_Tipps/box_zu_box.php?portal=VPNen

This example describes a classic LAN-LAN link between two FRITZ!Boxes. In this case one of the FRITZ!Boxes is logged on and accessible in the Internet under the DynDNS name "myside.dyndns.org"; the other FRITZ!Box under the DynDNS name "otherside.dyndns.org".

...

fritz!vpn¶

ovo je opet nekakva windows aplikacija: ništa od toga

http://www.avm.de/de/Service/Service-Portale/VPN_en/VPN_Praxis_und_Tipps/grundlegende_schritte.php?portal=VPNen

Basic Steps: VPN Connections with FRITZ!Box

• FRITZ!Box Fon WLAN 7170
• FRITZ!Box Fon WLAN 7270
• "FRITZ!VPN": The free VPN software client for the Microsoft operating systems Windows Vista (32-bit) and XP (32-bit). The "FRITZ!VPN" program is available in the "Current Downloads" section on this Service Portal.

The configuration is created using the "Configure FRITZ!Box VPN Connection" administration software. See the Step-by-Step Guides for more instructions. The following section presents the basic and preparatory steps.

VPN Connection between Two Networks

Two physically separate networks can be connected via two FRITZ!Boxes. The following steps are necessary:

1. Adapt the IP Networks

The two devices you would like to connect via VPN must use different IP networks.
Neither of the devices participating in the connection may use the network preconfigured upon delivery, with the IP address 192.168.178.0 and the subnet mask 255.255.255.0.
The preset values can be changed in the user interface as follows:
When "Expert Mode" is enabled, click the "IP Address" button under "Settings / Advanced Settings / System / Network Settings".

2. Create Dynamic DNS Accounts

Create an account with a Dynamic DNS provider for each side of the connection. Free Dynamic DNS accounts are available on such web pages as www.dyndns.org or www.selfhost.de.
Note: A Dynamic DNS account must be set up for every device that is to be accessible via a VPN connection. Skip this step if the device has a fixed IP address in the Internet.

3. Enter the Dynamic DNS Accounts

Enter the Dynamic DNS accounts in the devices. To do this in the user interface:
On the "Dynamic DNS" page under "Settings / Advanced Settings / Internet / Permit Access" or "Remote Access".

4. Configure the VPN Connection Using the "Configure FRITZ!Box VPN Connection" Program

In this program select "New" and follow the steps as directed by the Wizard. A "fritzbox_‹name of the FRITZ!Box›.cfg" file is created for each side of the connection.

5. Import the Configuration in the FRITZ!Box

Import the corresponding file to each of the devices. To do this in the user interface:
Under "Settings / Advanced Settings / Internet / Permit Access" or "Remote Access / VPN".
Once the configuration was imported in both sides of the connection, the connection is established automatically upon request.

For detailed instructions on steps 4 and 5, see the Step-by-Step Guide on this Service Portal.

VPN Connection for One User

A remote user (perhaps field staff or an employee working from home) can use the "FRITZ!VPN" software client to connect with a FRITZ!Box in order to access the network. The following steps are necessary:

1. Create a Dynamic DNS Account

Create an account with a Dynamic DNS provider for the FRITZ!Box. Free Dynamic DNS accounts are available on such web pages as www.dyndns.org or www.selfhost.de. Skip this step if the device has a fixed IP address in the Internet.
Note: The user or the computer from which the connection is to be established does not require a Dynamic DNS account.

2. Enter the Dynamic DNS Account

Enter the Dynamic DNS account in the device. To do this in the user interface:
On the "Dynamic DNS" page under "Settings / Advanced Settings / Internet / Permit Access" or "Remote Access".

3. Configure the VPN Connection Using the "Configure FRITZ!Box VPN Connection" Program

In this program select "New" and follow the steps as directed by the Wizard. A "fritzbox_‹name of the FRITZ!Box›.cfg" file will be created for the FRITZ!Box; for the user a "vpnuser_‹name of the user›.cfg" file.

4. Import the Configuration in FRITZ!Box

Import each of the "fritzbox_‹name of the FRITZ!Box›.cfg" file. To do this in the user interface:
Under "Settings / Advanced Settings / Internet / Permit Access" or "Remote Access / VPN".

5. Import the Configuration in FRITZ!VPN

Import the "vpnuser_‹name of the user›.cfg" file in the "FRITZ!VPN" program installed on the computer from which the VPN connection is to be accessed. Do this by going to the "File" menu and selecting the "Import..." command. Afterward the connection appears in the overview and can be established or cleared at any time.

fritz!box pseudo image ?!¶

ovo se već pominjalo ali ne kontam šta je to:

The best way to create a pseudo image of http://www.the-construct.com with openvpn and virtual-ip create. Dabei einfach irgendeine Key-Datei und eine server.ovpn angeben. It just any key-file and a server.ovpn specify.
Diese muss ausser im Falle eines Static-Keys sowieso per Hand nacheditiert werden. This must be, except in the case of static keys anyway nacheditiert by hand.
Es wird im folgenden auf eine Konfiguration mit pseudo-image eingegangen. It is in the following to a configuration with pseudo-image received. Aber im Prinzip sollte der Ansatz auch für jede andere Lösung gelten. But in principle, the approach should also apply to any other solution.

http://translate.googleusercontent.com/translate_c?hl=en&sl=de&tl=en&u=http://www.the-construct.com/&prev=hp&rurl=translate.google.com&usg=ALkJrhh8DLf-b6NYhUPYthBOuG_v42n97Q

evo na njemačkom integracija openvpn-a sa fritz!box-om http://www.ip-phone-forum.de/showthread.php?t=65863

tu se valjda pravi taj pseudo image

evo šta mi nudi ovaj fritz!box pseudo-image construct:

Eigenes Image erstellen

Bitte wählen Sie die Mods aus, die Sie auf Ihrer Fritz!Box einrichten wollen.

Folgende Mods sind für Ihre Version der Fritz!Box verfügbar:

Telnet aktivieren

Enum im Webinterface freischalten (ändert das Branding auf AVM)

Branding ändern

Port 1011 öffnen

SIP-Port ändern

Callmessage

WakeOnCall (benötigt Dropbear!)

Audiocodec-Reihenfolge ändern

OpenVPN

Dropbear (SSH-Server)

Virtuelle Netzwerkkarte einrichten

eigenen Code am Anfang der 'debug.cfg' einfügen

eigenen Code am Ende der 'debug.cfg' einfügen

Mods, die auf Ihrer Box noch nicht getestet wurden, sind mit * gekennzeichnet.

a google translate mi kaže

Create Your Own Image

Please choose the mods you on your Fritz! Want to set up box.

The following mods are for your version of the Fritz Box available:

Enable Telnet

Unlock Enum in the web interface (change the branding on AVM)

Change branding

Port 1011 open

SIP port change

Call Message

WakeOnCall (requires Dropbear!)

Audio Codec Order Change

OpenVPN

Dropbear (SSH server)

Virtual Network Setup

own code on top of the paste 'debug.cfg'

own code at the end of the insert 'debug.cfg'

Mods that have not been tested on your box, come with an asterisk.

aha to znači da možeš dignuti openvpn, ssh server, te možeš staviti pokretanje nekog proizvoljnog koda prilikom podizanja router-a (u tom debug.cfg-u)

http://www.slideshare.net/hungryblank/distributed-and-concurrent-programming-with-rabbitmq-and-eventmachine-rails-underground-2009

workflow¶

Komponente (application teers):

• obični dyndns klijent koji ne ide na dyndns nego na router-back server

• dobija request od router-a (dyndns protokol)
• stara se o tome da internet dns-ovi budu update-ovani
• "stara se" znači
  • kada napravi update provjerava je li ok
  • ako nije ponovo pokušava
  • nakon određenog broja pokušaja (ili vremena) prijavljuje sysadminu problem

3. internet dns server side

ako router-back dobije novi request, a stari nije završio, prekida stari request i obrađuje novi

kojim načinom refresh-ovati dns-ove ?

Stari način je bio ssh, ali to baš i nije dobra ideja.
Bolje je u lan-u, na router-back napraviti internet server koji će router-back server kontrolisati i koji će biti master server internet dns-ovima

znači dns serveri bi bili

dns master (on LAN, najbolje da bude zajedno sa router-back serverom) koji refreshira slave dns-ove

da li to znači da ovaj lokalni dns server mora biti internet vidljiv ?

ne znam kako fukcioniše dns master-slave protokol, ovo treba provjeriti

ako treba biti vidljiv onda to pada u vodu, jer slave dns-serveri ga neće vidjeti

openvpn na vpshosting:

http://forum.hostican.com/virtual-private-servers-VPS-f9/openvpn-on-linux-vps-hosting-t1936/

treba mi vpn - openvpn¶

Na #18559 sam pokrenuo da podesim za openhosting vpn server tako da mu mogu pristupiti iz office-sa

time bi se uspostavila veza preko koje bi se mogao ažurirati dns server sa route-back officesa LAN dns serverom koji je (master dns)

kako kontrolisati promjene router-back dns-a ?¶

koristiti chef ?

http://www.opscode.com/blog

ionako treba uvesti neki configuration tool. mislim da chef i jeste baš za te poslove

bjasko: hernad znaš li ti možda na ovom fritzu kako se podešava manuelno ns-ovi

- 09:48 -
hernad: hm
hernad: prvo jesi ti otvorio pristup njegovoj konzoli ?
hernad: da li to može po default-u biti ili se mora ono na telefonu enable-ovati kod svakog boot-a
hernad: ovo je generalno rješenje http://redmine.bring.out.ba/issues/18557#note-9
hernad: ali nažalost to nikad nisam istestirao
hernad: moj komentar 13: aha to znači da možeš dignuti openvpn, ssh server, te možeš staviti pokretanje nekog proizvoljnog koda prilikom podizanja router-a (u tom debug.cfg-u)
bjasko: ??? neznam ali nisam našao, pokušao sam na konzoli u hosts dodati ip bhingco.ba smtp-a ali ni to ne fercera a pitanje je dali bi preživilo restart i da radi ja bih zbog peripetija hylafax stavio

- 09:54 -
hernad: ima li /tmp/etc/resolv.conf ili nešto takvo
hernad: hm
hernad: odmah da ti kažem da je potrebna ova kontrola uređaja da se može određeni host usmjeriti na našu adresu
hernad: to će mi kod refresh_ip implementacije trebati
hernad: naime sad kad si podesio adsl
bjasko: hm neznam dali da diram resolv.conf da ne urokam internet pristup
bjasko: zato sam i pokušao sa hosts tu nema se šta zeznuti
hernad: echo "nameserver 192.168.45.250" > /etc/resolv.conf je rješenje
hernad: to je obični linux
hernad: jedino što on kod svakog refresh-a uzima
hernad: novi resolv
hernad: u pravu si da nama treba /etc/hosts 
hernad: tako da kod refresha nema promjena u dns resolviranju
hernad: da se vratim na refresh_ip
hernad: meni je potrebno da fritz
hernad: kad dođe do promjene ip adrese
hernad: uradi dyndns refresh
hernad: ali ne prema vanjskom dyndns serveru
hernad: nego prema željenom lan host-u
hernad: i za to mi treba da
hernad: members.dyndns.org ili kako već
bjasko: tobro to možemo po IP adresi staviti tu imamo kontrolu
hernad: bude lokalni IP

- 09:59 -
hernad: mislim da ne možeš to ovisi kako je kod fritza napravljen taj dyndns servis
hernad: de mi to postiraj ovdje na ovaj ticket

bjasko: hernad znaš li ti možda na ovom fritzu kako se podešava manuelno ns-ovi

- 09:48 -
hernad: hm
hernad: prvo jesi ti otvorio pristup njegovoj konzoli ?
hernad: da li to može po default-u biti ili se mora ono na telefonu enable-ovati kod svakog boot-a
hernad: ovo je generalno rješenje http://redmine.bring.out.ba/issues/18557#note-9
hernad: ali nažalost to nikad nisam istestirao
hernad: moj komentar 13: aha to znači da možeš dignuti openvpn, ssh server, te možeš staviti pokretanje nekog proizvoljnog koda prilikom podizanja router-a (u tom debug.cfg-u)
bjasko: ??? neznam ali nisam našao, pokušao sam na konzoli u hosts dodati ip bhingco.ba smtp-a ali ni to ne fercera a pitanje je dali bi preživilo restart i da radi ja bih zbog peripetija hylafax stavio

- 09:54 -
hernad: ima li /tmp/etc/resolv.conf ili nešto takvo
hernad: hm
hernad: odmah da ti kažem da je potrebna ova kontrola uređaja da se može određeni host usmjeriti na našu adresu
hernad: to će mi kod refresh_ip implementacije trebati
hernad: naime sad kad si podesio adsl
bjasko: hm neznam dali da diram resolv.conf da ne urokam internet pristup
bjasko: zato sam i pokušao sa hosts tu nema se šta zeznuti
hernad: echo "nameserver 192.168.45.250" > /etc/resolv.conf je rješenje
hernad: to je obični linux
hernad: jedino što on kod svakog refresh-a uzima
hernad: novi resolv
hernad: u pravu si da nama treba /etc/hosts 
hernad: tako da kod refresha nema promjena u dns resolviranju
hernad: da se vratim na refresh_ip
hernad: meni je potrebno da fritz
hernad: kad dođe do promjene ip adrese
hernad: uradi dyndns refresh
hernad: ali ne prema vanjskom dyndns serveru
hernad: nego prema željenom lan host-u
hernad: i za to mi treba da
hernad: members.dyndns.org ili kako već
bjasko: tobro to možemo po IP adresi staviti tu imamo kontrolu
hernad: bude lokalni IP

- 09:59 -
hernad: mislim da ne možeš to ovisi kako je kod fritza napravljen taj dyndns servis
hernad: de mi to postiraj ovdje na ovaj ticket

na #18645 testirano

1. cat /etc/hosts
   

   127.0.0.1 localhost
   192.168.58.2 mail.bhingco.ba
   

1. ping mail.bhingco.ba

PING mail.bhingco.ba (192.168.58.2): 56 data bytes
64 bytes from 192.168.58.2: seq=0 ttl=64 time=0.425 ms
64 bytes from 192.168.58.2: seq=1 ttl=64 time=0.917 ms

terba vidjeti dali restart preživi

Jasmin Beganović je napisao/la:

terba vidjeti dali restart preživi

mislim da ne preživi

zato su ljudi napravili onaj pseudo-image gdje se može dodati debug (što je ustvari startup skripta) skripta

a da li se može passwordless telnetom to uraditi

znači napraviti skriptu koja bi sa servera taj posao uradila po potrebi, telnet je character protokol sigurno je da može ... tako da ne diramo router

koji je router-ip ? je li telnet nakon restarta enable-ovan ?

Ernad Husremović je napisao/la:

a da li se može passwordless telnetom to uraditi

znači napraviti skriptu koja bi sa servera taj posao uradila po potrebi, telnet je character protokol sigurno je da može ... tako da ne diramo router

koji je router-ip ? je li telnet nakon restarta enable-ovan ?

telent je on pri startu, ip routera je 192.168.58.254

nadam se da se telnetu ne može prići sa wan-a. provjeri

znači napraviti skriptu koja bi sa servera taj posao uradila po potrebi, telnet je character protokol sigurno je da može ... tako da ne diramo router

pogledaj malo ima li takvih rješenja u bash-u ili python-u ili ruby-ju po internetu, al' nemoj gubiti bez potrebe vrijeme

pošto ovaj /etc/hosts fercera, de na ovom ticketu evidentiraj podešenje dyndns-servisa, interesuje me koje opcije fritz nudi

vezano za telnet pristup putem skripte:

Ne trebaš tražiti, ima to ruby u standardnom lib-u

http://www.ruby-doc.org/stdlib/libdoc/net/telnet/rdoc/index.html

Ernad Husremović je napisao/la:

nadam se da se telnetu ne može prići sa wan-a. provjeri

nemože

nemam trenutno vezu sa bhingco lan-om

izgleda dok je telnet aktivan web interfej neradi evo sad je proferceralo

Nsupdate

nsupdate is a computer network maintenance utility used by network administrators to request the name server of a DNS zone to update
its database. The name server might be local to a domain or, with appropriate authentication and permission provided by DNSSEC, an 
internet name server.

BIND 8 and later supports this feature.

nsupdate
> server ns.mydns.com
> update delete oldhost.example.com. A
> update add newhost.example.com. 86400 A 192.168.254.117
> send

i ovo je sastavni dio BIND-a

a najvjerovatnije da ovaj fritz to ima jer dyndns se vrti na bind-u

fritz pored poznatih servisa ima i dyndns i custom servis, ovo bi se moralo moći prilagoditi bind-u

evo dyndns podešenja

i custom raspoloživih podešenja

ovo nebi trebao biti problem istestirati

opet sam izgubio konekciju ???, nešto prekida

zvao seida, haman da je server ubloko, nerade uopšte servisi ???, uputio ga da resetuje server na dugme

izgleda da se server zgemba u momentu kada se resetuje fritz, da nije neka zvrčka sa fbrcapi da ne ubloka server kada je remote capi nedostupan ??

Jasmin Beganović je napisao/la:

izgleda da se server zgemba u momentu kada se resetuje fritz, da nije neka zvrčka sa fbrcapi da ne ubloka server kada je remote capi nedostupan ??

za ovo sam otvorio #18663 pa ćemo tu vidjeti šta se dešava

na ns lan bhingco.ba sa podigao apache i tu ću testirati custom dns

podešenja fritza

ali ga nevidim u /var/log/apache2/access.log na ns-u , mora de čeka promjenu IP

jasko je napisao

nsupdate

super si ovo našao

nsupdate¶

http://linux.yyz.us/nsupdate/

Introduced in BIND version 8 and refined in BIND version 9, the nsupdate utility provides the system administrator or casual user with a quick and painless method of updating a DNS zone, adding or deleting any type of DNS record the name server supports.

This article describes how to setup dynamic DNS, and provides some examples of use. For Fedora Core (and Red Hat) users, you will need to install both the bind (for dnssec-keygen) and bind-utils (for nsupdate) packages. If you plan to configure a DNS server, also read the companion article on configuring your server.

My home network is the same as millions of other Internet users: dynamic IP obtained from my ISP via DHCP. Wanting to make sure that I can connect to my home network remotely, even if the underlying dynamic IP changes, I looked around for a reliable (and hopefully free!) dynamic DNS service. I found dyndns.org, which I use today, and recently someone also pointed me to zoneedit.com.

Even though my DNS is automatically updated when it changes, via the highly versatile ddclient package, the traditional dynamic DNS update protocols (including dyndns.org's) are typically site-specific and non-standard. While googling around for a better solution, a friend on IRC pointing me to a utility that has been around since BIND 8: nsupdate.

nsupdate is a fantastic little utility that enable quick and secure DNS zone updates. Setup is quick and painless, and use is fairly intuitive for anyone remotely familiar with DNS, and skilled enough to admin their own Linux system.

...

1. ifconfig
   

   adsl      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
             UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:2000  Metric:1
             RX packets:119879 errors:0 dropped:0 overruns:0 frame:0
             TX packets:84983 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:32 
             RX bytes:133440821 (127.2 MiB)  TX bytes:19982972 (19.0 MiB)
   
   cpmac0    Link encap:Ethernet  HWaddr 00:1C:4A:13:99:10  
             UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
             RX packets:119140 errors:0 dropped:0 overruns:0 frame:0
             TX packets:158136 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:1000 
             RX bytes:23231422 (22.1 MiB)  TX bytes:147188326 (140.3 MiB)
   
   dsl       Link encap:Point-to-Point Protocol  
             inet addr:169.254.2.1  P-t-P:169.254.2.1  Mask:255.255.255.255
             UP POINTOPOINT RUNNING NOARP ALLMULTI MULTICAST  MTU:1500  Metric:1
             RX packets:25853 errors:0 dropped:0 overruns:0 frame:0
             TX packets:28931 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:100 
             RX bytes:4185352 (3.9 MiB)  TX bytes:13019370 (12.4 MiB)
   
   eth0      Link encap:Ethernet  HWaddr 00:1C:4A:13:99:10  
             UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
             RX packets:119140 errors:0 dropped:0 overruns:0 frame:0
             TX packets:69801 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:128 
             RX bytes:23231422 (22.1 MiB)  TX bytes:20412956 (19.4 MiB)
   
   lan       Link encap:Ethernet  HWaddr 00:1C:4A:13:99:10  
             inet addr:192.168.58.254  Bcast:192.168.58.255  Mask:255.255.255.0
             UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
             RX packets:119122 errors:0 dropped:0 overruns:0 frame:0
             TX packets:69803 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:0 
             RX bytes:21080159 (20.1 MiB)  TX bytes:20133880 (19.2 MiB)
   
   lan:0     Link encap:Ethernet  HWaddr 00:1C:4A:13:99:10  
             inet addr:169.254.1.1  Bcast:169.254.255.255  Mask:255.255.0.0
             UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
   
   lo        Link encap:Local Loopback  
             inet addr:127.0.0.1  Mask:255.0.0.0
             UP LOOPBACK RUNNING  MTU:16436  Metric:1
             RX packets:1646 errors:0 dropped:0 overruns:0 frame:0
             TX packets:1646 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:0 
             RX bytes:128316 (125.3 KiB)  TX bytes:128316 (125.3 KiB)
   
   

hah a gdje je ovdje public ip adresa ?!

1. traceroute www.google.ba
   

   traceroute: warning: www.google.ba has multiple addresses; using 74.125.39.103
   traceroute to www.l.google.com (74.125.39.103), 30 hops max, 38 byte packets
    1  c10k-sa.pppoe1.sa.bih.net.ba (92.36.128.1)  14.838 ms  12.611 ms  6.117 ms
    2  dlp-66.max2.sa-mlt.bih.net.ba (195.222.42.66)  11.934 ms  7.607 ms  7.896 ms
    3  195.29.249.45 (195.29.249.45)  20.858 ms  15.384 ms  15.170 ms
    4  194.25.209.85 (194.25.209.85)  37.979 ms  39.273 ms  37.360 ms
    5  m-ec1-i.M.DE.NET.DTAG.DE (217.5.66.42)  37.301 ms  38.541 ms  38.326 ms
    6  74.125.50.149 (74.125.50.149)  40.278 ms  40.180 ms 72.14.198.117 (72.14.198.117)  38.104 ms
    7  66.249.94.86 (66.249.94.86)  39.200 ms 66.249.94.88 (66.249.94.88)  39.481 ms 66.249.94.86 (66.249.94.86)  39.790 ms
   

openvn¶

odakle da iščupam adresu bhingco-a ?

iz openvpn-a !!! uopšte mi fritz ne treba

Oct 23 10:33:24 router-back ovpn-server[4180]: bhingco/92.36.194.116:60457 SENT CONTROL [bhingco]: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.191 10.8.0.1' (status=1)
Oct 23 11:07:07 router-back ovpn-server[4180]: bhingco/92.36.194.116:59627 SENT CONTROL [bhingco]: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.191 10.8.0.1' (status=1)
Oct 23 13:13:08 router-back ovpn-server[4180]: bhingco/92.36.206.254:57315 SENT CONTROL [bhingco]: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.191 10.8.0.1' (status=1)
Oct 23 14:24:18 router-back ovpn-server[4180]: bhingco/92.36.206.254:52622 SENT CONTROL [bhingco]: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.191 10.8.0.1' (status=1)
root@router-back:/etc/openvpn/clients# tail --lines=100000 /var/log/syslog  | grep "SENT CONTROL \[bhingco\]" 

root@router-back:/etc/openvpn/clients# ssh root@92.36.206.254

Linux bhingco-pedge-t100 2.6.24-24-openvz #1 SMP Wed Apr 15 17:40:08 UTC 2009 x86_64

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

"openvpn" refresh_ip workflow¶

1. router-back: monitorišem openvpn server kada se desi nova konekcija "SENT CONTROL \[bhingco]\"
2. router-back: uzimam ip adresu odatle ... bhingco/92.36.206.254 ...
3. router-back -> lan-dns: radim nsupdate servera
4. lan-dns => internet-dns-ovi: ovaj opet lančano update-uje naše internet DNS servere

u ovoj priči imamo rješenje za sve router-e na dunjaluku :)

ostaviću radi primjera ovo

root@router-back:/etc/openvpn/clients# cat bhingco

ifconfig-push 10.8.0.191 10.8.0.1 
iroute 192.168.58.0 255.255.255.0
ipchangecmd /usr/local/sbin/refresh_ip_bhingco

fake refresh_ip komandu za bhingco

root@router-back:/etc/openvpn/clients# cat /usr/local/sbin/refresh_ip_bhingco

#!/bin/bash

date > /tmp/bhingco_refreship

echo $1 >> /tmp/bhingco_refreship

pa ćemo vidjeti šta smo dobili kod sljedećeg refresh-a

hm nije se desio refresh, ali izgleda nije bilo ni promjena ip-a !?

i dalje ovo radi

bringout@desk-c2:~$ ssh root@92.36.206.254

jasko resetovao router ali je opet istu adresu dobio:

root@router-back:~/refresh_ip# tail /var/log/syslog --lines=1000 | grep bhingco

Oct 26 15:11:38 router-back ovpn-server[4180]: bhingco/92.36.206.254:42337 MULTI: Learn: 192.168.58.111 -> bhingco/92.36.206.254:42337
Oct 26 15:11:52 router-back ovpn-server[4180]: MULTI: Learn: 192.168.58.254 -> bhingco/92.36.206.254:42337