great SIP Softphone for Linux and Windows

Thank goodness I can uninstall X-Lite! At sones we are using a SIP based telephony solution. And therefore some times a SIP softphone application is needed along with the obligatory hardware SIP telephones. Till today the only half-working software I knew for that task was X-Lite. But a colleague told me today that there is a better software which not even looks better but also works better than X-Lite.

It’s called “Ekiga” and it’s a GTK based open source application which can run on Windows and Linux. It looks clean and therefore nice and works great.

A special tip from me: Abort the Welcome Wizard because the only thing it does is registering you with ekigas’ own services.

Capture

Source: http://ekiga.org/

Mono 2.8 released!

Hurray! Finally the 2.8 version of Mono – the platform independent open source .NET framework is available as of today. I finally don’t have to recompile the trunk every now and then to get my bits running Smiley

The Major Highlights according to the release notes are:

  • C# 4.0
  • Defaults to the 4.0 profile.
  • New Garbage Collection engine
  • New Frameworks:
    • Parallel Framework
    • System.XAML
  • Threadpool exception behavior has changed to match .NET 2.0
    • potentially a breaking change for a lot of Mono-only software
    • See information below in the "Runtime" section.
  • New Microsoft open sourced frameworks bundled:
    • System.Dynamic
    • Managed Extensibility Framework
    • ASP.NET MVC 2
    • System.Data.Services.Client (OData client framework)
  • Performance
    • Large performance improvements
    • LLVM support has graduated to stable
      • Use mono-llvm command to run your server loads with the LLVM backend
  • Preview of the Generational Garbage Collector
  • Version 2.0 of the embedding API
  • WCF Routing
  • .NET 4.0’s CodeContracts
  • Removed the 1.1 profile and various deprecated libraries.
  • OpenBSD support integrated
  • ASP.NET 4.0
  • Mono no longer depends on GLIB

Oh – they even linked my benchmark article.

Source: http://www.mono-project.com/Release_Notes_Mono_2.8

How To strip those TFS Source Control references from Visual Studio Solutions

Every once in a while you download some code and fire up your Visual Studio and find out that this particular solution was once associated to a team foundation server you don’t know or have a login to. Like when you download source code from CodePlex and you get this “Please type in your username+password for this CodePlex Team Foundation Server”.

Or maybe you’re working on your companies team foundation server and you want to put some code out in the public. You surely want to get rid of these Team Foundation Server bindings.

There’s a fairly complicated way in Visual Studio to do this but since I was able to produce unforseen side effects I do not recommend it.

So what I did was looking into those files a Visual Studio Solution and Project consists of. And I found that there are really just a few files that hold those association information. As you can see in the picture below there are several files side by side to the .sln and .csproj files – like that .vssscc and .vspscc file. Even inside the .csproj and .sln file there are hints that lead to the team foundation server – so obviously besides removing some files a tool would have to edit some files to remove the tfs association.

strip-files

So I wrote such a tool and I am going release it’s source code just beneath this article. Have fun with it. It compiles with Visual Studio and even Mono Xbuild – actually I wrote it with Monodevelop on Linux ;) Multi-platform galore! Who would have thought of that in the founding days of the .NET platform?

Bildschirmfoto-StripTeamFoundationServerInformation - Main.cs - MonoDevelop

So this is easy – this small tool runs on command line and takes one parameter. This parameter is the path to a folder you want to traverse and remove all team foundation server associations in. So normally I take a check-out folder and run the tool on that folder and all its subfolders to remove all associations.

So if you want to have this cool tool you just have to click here: Sourcecode Download

Using Windows Deployment Services (WDS) to install Linux over Network (PXE)

Developing software is hard work – especially when you target several operating systems. One task that you have to perform quite often would be to deploy a new installation of an operating system as fast as possible on a test machine.

Doing this with Windows is easy – you can use the Windows Deployment Services to bootstrap Windows onto almost every machine which can boot over ethernet using PXE. Everything needed to make WDS work on a Windows Boot-Image is located on that image. Since it’s that easy I won’t dive into more detail here.

What I want to show in greater detail is how you can use WDS to deploy even Linux over your network.

Step 1: Get PXELINUX

What’s needed to boot Linux over a network is a dedicated PXE Boot Loader. This one is called PXELINUX and can be downloaded here.

“PXELINUX is a SYSLINUX derivative, for booting Linux off a network server, using a network ROM conforming to the Intel PXE (Pre-Execution Environment) specification.”

On the homepage of PXELINUX is also a short tutorial which files you need and where to copy them.

Step 2: Setup WDS with PXELINUX

I suppose you got your WDS Installation up and running and you are able to deploy Windows. If that’s the case you can go to your WDS Server Management Tool and right-click on the server name – in my case “fileserver.sones”. If you select “Properties” in the context menu you would see the properties windows like in the screenshot below:

wds_pxelinux

You have to change the Boot-Loader from the standard Windows BootMgr to the newly downloaded PXELINUX bootloader. Since this bootloader comes with it’s own set of config files you can edit this config file to allow booting into Windows.

Step 3: Edit PXELINUX configuration filewds-pxelinux-2 

The first entry I made into the boot menu of the PXELINUX boot loader is the “Install Windows…” entry. Since the first thing the users will see after booting is the PXELINUX loader menu they need to be able to continue to their Windows Installation. Since this Windows Installation cannot be handled by the PXELINUX loader you have to define a boot menu entry which looks a lot like this:

LABEL wds
MENU LABEL Install Windows…
KERNEL pxeboot.0

To add OpenSuSE to the menu you would add an entry looking like this:

LABEL opensuse
MENU LABEL Install OpenSuSE 11.x
kernel /Linux/opensuse/linux
append initrd=/Linux/opensuse/initrd splash=silent showopts

The paths given in the above entry should be altered according to the paths you’re using in your installation. I took the /Linux/opensuse/ files from the network install dvd images of OpenSuSE.

wds-pxelinux-3

That’s basically everything there is about the installation of Linux (Debian works accordingly) over PXE and WDS.

And finally this is what it should look like if everything worked great:

 

Source 1: http://en.wikipedia.org/wiki/Preboot_Execution_Environment
Source 2: http://syslinux.zytor.com/wiki/index.php/PXELINUX

Turning Linux ISO Images into bootable USB sticks

Today was Linux-Distribution-ISO-Install-Day. And it turned out that the only existing external DVD drive was fubar.

So what to do? We had a spare USB stick and it turns out that you can quite easily convert that USB stick into a bootable Linux-Distribution-Install-USB-Stick. Awesome!

Just download the tool called “UNetbootin”, start it and you can turn virtually any ISO Distribution Image into an USB Stick that boots and installs that ISO:

 screenshot

Source: http://unetbootin.sourceforge.net/

Welcome to the world of tomorrow!

So here we are on a new blog engine. It took me the better part of two days to do the Migration of 2,869 posts and 2,732 comments, a lot of pictures and movie files.

I will write an article on this but for now only two captures images from the migration:

php-xpath
yeah PHP rocks!

regex-magic 
had to do some regex action to do the url rewrites

sones portiert sein Speichersystem auf das Speichermedium der Zukunft!

Aufgrund neuester Entwicklungen im Speichermedien-Segment wird ab dem nächsten Release des sones Speichersystems auch das angesagteste Speichermedium der Stunde unterstützt: die Speichergurke.

Durch die sensationelle Speicherdichte und unerreichte Zuverlässigkeit ist die Speichergurke das perfekte Speichermedium für den Datenhunger von gestern, heute und morgen.

Source 1: http://www.sones.de
Source 2: http://www.speichergurke.de

Mono 2.0 released!!

“Mono 2.0 is a portable and open source implementation of the .NET framework for Unix, Windows, MacOS and other operating systems.”

  • Compiler
    • C# 3.0 compiler implementation, with full support for LINQ.
    • Visual Basic 8 compiler.
    • IL assembler and disassembler and the development toolchain required to create libraries and applications.
  • API
    • ADO.NET 2.0 API for accessing databases.
    • ASP.NET 2.0 API for developing Web-based applications.
    • Windows.Forms 2.0 API to create desktop applications.
    • System.XML 2.0: An API to manipulate XML documents.
    • System.Core: Provides support for the Language Integrated Query (LINQ).
    • System.Xml.Linq: Provides a LINQ provider for XML.
    • System.Drawing 2.0 API: A portable graphics rendering API.

mono2

Source: http://www.mono-project.com/Main_Page

HandBrake is now a full blown video converter…

Turns out that a new snapshot (unofficial) version of my favourite DVD to iPod Converter is available. With the new version came new features like the one that allows me now to convert almost anything to wonderful iPod compatible movie files.

handbrake093

“HandBrake is an open-source, GPL-licensed, multiplatform, multithreaded DVD to MPEG-4 converter, available for MacOS X, Linux and Windows.”

I tried anything in my library, including some matroska movie files. Just everything worked – amazing!

Source: http://handbrake.fr/?article=snapshot

“Unix is a user hostile operating system”

I found the almost complete “Computer Chronicles” recordings on archive.org – and boy this is fun!

I picked some episodes and found very interesting things – like this particular episode from 1985. It’s about Unix and obviously one of the presenters has his very own opinion about Unix.

Source: Computer Chronicles 1985 “Unix”

Widelands – an opensource Settlers II clone

Logo

Widelands-Screen

From the wiki about section:

“In Widelands, you are the regent of a small tribe. You start out with nothing but your headquarters, a kind of castle in which all your resources are stored. In the course of the game, you will build an ever growing settlement. Every member of your tribe will do his or her part to produce more resources – wood, food, iron, gold and more – to further this growth. But you are not alone in the world, and you will meet other tribes sooner or later. Some of them may be friendly and trade with you. However, if you want to rule the world, you will have to train soldiers and fight.

Widelands offers a unique style of play. For example, a system of roads plays the central role of your economy: all the goods that are harvested and processed by the tribe must be transported from one building to the next. This is done by carriers, and those carriers always walk along the roads. It is your job to lay out the roads as efficiently as possible.

Another refreshing aspect of the game is the way you command your tribe. There is no need to tell every single one of your subjects what to do – that would be impossible, because there can be thousands of them! Instead, all you’ve got to do is order them to build a building somewhere, and the builders will come. Similarly, whenever you want to attack an enemy, just place an order to attack one of their barracks, and your soldiers will march to fight. You’re really a ruler: You delegate in times of war and in times of peace!

Widelands offers single-player mode with different campaigns; the campaigns all tell storys of tribes or Empires and their struggle in the Widelands universe! However, settling really starts when you unite with friends over the Internet or LAN to build up new empires together – or to crush each other in the dusts of war. Widelands also offers an Artifical Intelligence to challenge you.

In the end, Widelands will be extensible, so that you can create your own type of tribe with their own sets of buildings. You can create new worlds to play in, and you could even create new types of worlds (who says you can’t build a settlement on the moon?). ”

Source: http://xoops.widelands.org/

Augmented Reality Project “Levelhead” – Sourcecode is available

I wrote about Levelhead and it’s stunning concept not long ago. Now you can play with it’s code and try it for youself:

floorplan_lg2

“First thing’s first, this is a developer release and needs to be compiled. It has many third-party dependencies from the renderer to the video capture context. As yet there is no lovely statically linked binary of levelHead or automagical build script for a folder of dependencies. Nonetheless, I’ve installed levelHead on many (Ubuntu) systems now and what’s listed below should work fine for you.
levelHead is known to build on Ubuntu 7.10/7.04 and Debian Etch systems against the following external dependencies. It’s adviseable you adhere to these versions if you want to avoid going spontaneously mad”

The site goes on:

Code and assets are provided under two differing licenses: the code is governed by the GPLv3 and the art is covered by the GPLv3 compatible CC-BY_SA 3.0. Make sure you understand what that implied before downloading this project. For the rationale as to why I chose this configuration, please read the comments in the top of the levelHead.cpp file itself. Both art and code are available in a subversion repository, aquired with the following command:

svn co http://www.inclusiva-net.es/svn/levelhead "

Since I will try it myself (installing Ubuntu now) – I will give a detailed tutorial about it in the future…at least I hope so.

Source: http://julianoliver.com/levelhead

get access to linux filesystems like ext3 and reiserfs by using FUSE on Windows

If you’re using Windows and if you want to access those filesystems that are used by Linux you can use FUSE on Windows now.

Filesystem in Userspace (FUSE) is a loadable kernel module for Unix-like computer operating systems, that allows non-privileged users to create their own file systems without editing the kernel code. This is achieved by running the file system code in user space, while the FUSE module only provides a “bridge” to the actual kernel interfaces. FUSE was officially merged into the mainstream Linux kernel tree in kernel version 2.6.14.

FUSE is particularly useful for writing virtual file systems. Unlike traditional filesystems, which essentially save data to and retrieve data from disk, virtual filesystems do not actually store data themselves. They act as a view or translation of an existing filesystem or storage device. In principle, any resource available to FUSE implementation can be exported as a file system. See Examples for some of the possible applications.” (Wikipedia)

There is a version of FUSE for Mac and of course for linux and now with coLinux there’s a chance to get the FUSE world onto the Windows machines.

For our task we will use coLinux. coLinux is a modified linux kernel that can be executed as an application or a service in the Windows environment. The web page of the project is http://www.colinux.org/.”

colinux01

You’ll find a very detailed how-to there.

Source 1: http://en.wikipedia.org/wiki/Filesystem_in_Userspace
Source 2: http://polishlinux.org/linux/ext3-reiserfs-xfs-in-windows-thanks-to-colinux/
Source 3: http://www.colinux.org/

So writing a filesystem in .NET isn’t a bad idea after all :-)

Ever since we started writing a complete and cutting edge filesystem in C# and only managed code we are confronted with questions like

“Why C#? Why .NET? Why not in a more low-level language? Why a filesystem after all?”

I don’t want to talk just yet about our reasons but we can’t be that wrong if even Microsoft Research is trying to get their .NET Operating System research project Singularity ready for customers:

“Midori is an offshoot of Microsoft Research’s Singularity operating system, the tools and libraries of which are completely managed code. Midori is designed to run directly on native hardware (x86, x64 and ARM), be hosted on the Windows Hyper-V hypervisor, or even be hosted by a Windows process.”

This would be an Operating System 100% in managed code – hey Microsoft – maybe you want to talk with us about our 100% managed code filesystem?! :-)

To prevent rumors: no – we are not working on anything Microsoft related, yet.

Source 1: Microsoft Research – Singularity
Source 2: Codename Midori

Anatomy of the Linux kernel

Another linux related IBM article:

“The Linux® kernel is the core of a large and complex operating system, and while it’s huge, it is well organized in terms of subsystems and layers. In this article, you explore the general structure of the Linux kernel and get to know its major subsystems and core interfaces. Where possible, you get links to other IBM articles to help you dig deeper.”

Source: http://www.ibm.com/developerworks/linux/library/l-linux-kernel/index.html?S_TACT=105AGX03&S_CMP=ART

Anatomy of the Linux file system

Since Filesystems are another technology we are currently working on I want to point everyone to an article by IBM:

“When it comes to file systems, Linux® is the Swiss Army knife of operating systems. Linux supports a large number of file systems, from journaling to clustering to cryptographic. Linux is a wonderful platform for using standard and more exotic file systems and also for developing file systems. This article explores the virtual file system (VFS)—sometimes called the virtual filesystem switch—in the Linux kernel and then reviews some of the major structures that tie file systems together.”

Source: http://www.ibm.com/developerworks/linux/library/l-linux-filesystem/index.html?S_TACT=105AGX03&S_CMP=ART

Augmented Reality Game soon available (full source!)

You may have heard about Levelhead – an augmented reality game made by Julian Oliver – if you did not hear about it? No problem:

Augmented reality (AR) is a field of computer research which deals with the combination of real-world and computer-generated data. At present, most AR research is concerned with the use of live video imagery which is digitally processed and “augmented” by the addition of computer-generated graphics. Advanced research includes the use of motion-tracking data, fiducial marker recognition using machine vision, and the construction of controlled environments containing any number of sensors and actuators.”

So – Augmented reality mixes the reality and the computer graphics and creates a new reality for you. That’s a lot of theoretical…so let’s talk about Levelhead:

It’s a game where you have to move plastic cubes with printed-on patterns in front of a camera – the computer now renders a new world inside of the plastic cubes – when you move the cube, the world inside the cube moves too… it looks like this:

lh_4_med

“levelHead uses a hand-held solid-plastic cube as its only interface. On-screen it appears each face of the cube contains a little room, each of which are logically connected by doors.
In one of these rooms is a character. By tilting the cube the player directs this character from room to room in an effort to find the exit.

Some doors lead nowhere and will send the character back to the room they started in, a trick designed to challenge the player’s spatial memory. Which doors belong to which rooms?

There are three cubes (levels) in total, each of which are connected by a single door. Players have the goal of moving the character from room to room, cube to cube in an attempt to find the final exit door of all three cubes. If this door is found the character will appear to leave the cube, walk across the table surface and vanish.. The game then begins again.
Someone once said levelHead may have something to do with a story from Borges.. For a description of the conceptual basis of this project, see below. “

If you are not amazed now? You should watch this:

The thing is – this cool game and technology will be available at the end of this month as full open-source. I suggest to check Julians site back at the end of the month at last.

Source 1: Augmented Reality @ Wikipedia
Source 2: Levelhead homepage

hurray, Mono fully supports C# 3.0

“I am pleased to announce that Mono C# compiler (gmcs) has now full C# 3.0 support. Most of the features has been available since Mono 1.2.6 release. However, with the upcoming Mono 2.0 release we will also support complex LINQ expressions and mainly expression trees which is fairly overlooked new feature with a lot of potential.”

Source: http://mareksafar.blogspot.com/2008/07/mono-c-compiler-gets-full-c-30-support.html

Xbox Media Center for OSX renames itself to PLEX

It’s not as many of those fance company-blogs like gizmodo have written: not the Xbox Media Center project (which makes XBMC for Windows, Linux, Xbox 1 and OSX) renamed itself – infact only the fork of OSXBMC renamed itself to PLEX.

“The one name that stuck was Plex. I like it because it evokes “cineplex” and the suffix means “comprising a number of parts” which the application certain does. In mathematics, you use the suffix to mean “ten to the power of the number” (e.g. oneplex = 10).

Because there are no four-letter domain names left (seriously, try to find one!) we decided to square the plex, so to speak. Think of either plex^2 or plex squared (the beta logo below tries to connote the word “plex” inside a square that might represent a TV screen). The domain names are plex2.com, plexsquared.com, and plexsquare.com for good measure. They are not active yet.

In the coming days, we’ll be working on the rebranding process, including the application packaging, logo, web domains, etc. In the longer term, we have some exciting things in the skin department as well. Stay tuned, and thanks for all your support; we really are lucky to have such an great community.”

Along with the new name comes a new logo:

plex2

Source: http://www.osxbmc.com/
Source 2: http://www.plex2.com

have serious fun with…free 2D physics sandbox tools

The standard nerd knows: physics is fun. Even better: When you play with gravity and friction and water an what-not in a sandbox. Now there are several tools available that allow you to do just that: Play with physics.

The first tool is called “phun” and is Windows and Linux only. It’s a small tool that allows you to draw circles, boxes, springs,… and when you finished: press the “play” button to start the simulation. You can interact all the time with the objects and the simulation by draging and manipulating everything.

phun 

There’s even a video available of phun in action:

It’s serious fun…that phun tool… yeah I had to write that, you know?!

The second tool I want to write about is called “Chipmunk” and is available for OS X only. To be fair: this is not a real drawing tool like phun – it’s more or less a game physics engine that cames with several samples in sourcecode that you can play with if you can… You need XCode and some Objective C knowledge.

tower

So now go and play!

Source 1: http://www.acc.umu.se/~emilk/index.html
Source 2: http://wiki.slembcke.net/main/published/Chipmunk

Olive is WCF for Mono.

Finally someone started to port the Windows Communication Foundation to Mono. That’s great news because the only thing that keeps some of my newest works from running under anything different Windows is the WCF.

monoolive

“Implementing peer-to-peer (P2P) communication was the main objective. WCF ships, by default, with predefined bits for making P2P connections in an easy way, being possible to build services which hosts a mesh of nodes (a node represents a potential client), taking care of everything related to registration of new nodes, message flow over the mesh, etc.”

You can get the plan as pdf here.

Source: Mono Olive

if I’ll ever need a multi-track audio tool again…

This post is more of a reminder for myself. ;-) I need to remember that obviously great multi-track audio application that just became available.

“Ardour is a digital audio workstation. You can use it to record, edit and mix multi-track audio. You can produce your own CDs, mix video soundtracks, or just experiment with new ideas about music and sound.

Ardour capabilities include: multichannel recording, non-destructive editing with unlimited undo/redo, full automation support, a powerful mixer, unlimited tracks/busses/plugins, timecode synchronization, and hardware control from surfaces like the Mackie Control Universal. If you’ve been looking for a tool similar to ProTools, Nuendo, Pyramix, or Sequoia, you might have found it.

Above all, Ardour strives to meet the needs of professional users. This means implementing all the “hard stuff” that other DAWs ( even some leading commercial apps ) handle incorrectly or not at all. Ardour has a completely flexible “anything to anywhere” routing system, and will allow as many physical I/O ports as your system allows. Ardour supports a wide range of audio-for-video features such as video-synced playback and pullup/pulldown sample rates. You will also find powerful features such as “persistent undo”, multi-language support, and destructive track punching modes that aren’t available on other platforms.”

Source: http://www.ardour.org/

Beyond the Red Line: Battlestar Galactica game

There’s a free fan made Battlestar Galactica game available…

“Beyond the Red Line is a stand-alone total conversion for the award-winning Freespace 2 released by Volition and Interplay for the PC. It is based on the popular new tv-show Battlestar Galactica. No, not the one from the 70s.”

It’s free and available for Windows, OS X and Linux.

Source: http://www.game-warden.com/bsg/

Open Transport Tycoon Deluxe

You are a fan of SIM* games? You want something light to take on your travels and play from time to time? I got good news for you: Open Transport Tycoon Deluxe is available in it’s final version 0.5.

It’s running on Windows, Linux and MacOS and you will need the original Transport Tycoon Deluxe files because OpenTTD just reuses the graphics of the old version.

But when you got all that you get a very very great game that doesn’t need much resources and is insane fun.

Source: http://www.openttd.org/index.php

USB experiment inferface board

Even I can now control the world outside my computer. With the USB interface board K8055 from Velleman, Belgium, you can access to the board via DLL. It´s easy to use i.g. in VisualBasic Express. (I did so last night – faszinating!) That reminds me on old Commodore Plus/4 times!




I tested it on a Windows XP system, but it also should work on Linux. Now let´s see, what cases I´m going to resolve. :-)


Manufacturer: http://www.vellemanusa.com/us/enu/product/view/?id=500349


medienfloh

pirates ho?

Who said that:

“Ahoy!

She’s good to go, hoist anchor! Here’s some real booty for all you land-lubbers.

There’s not too many changes, with t’bulk of the patch bein’ defconfig updates, but the shortlog at the aft of this here email describes the details if you care, you scurvy dogs.”

Yeah, you’re right… it’s teh linus…well… go here and take a look … it’s the guy in the middle..

Source: http://kerneltrap.org/node/7144

KDE on MacOS X

Well nice description what this could do:

“They may not work. They may not even install. They may make your monitor explode in a shower of glass. EVEN LCDs! They may make your children grow horns, and cause the people in your neighborhood to explode spontaneously while doing the Macarena. They will rip out your eyeballs, and eat your soul with a really dull spoon, laughing and cackling while forcing Cheerios up your nose. They will make your intestines explode in a rain of confetti, while evil clowns bite your feet.”

But what it really will do is slightly different:

Source: http://ranger.users.finkproject.org/kde/#about

Thinstuff releases RDP Server…for Linux’n’stuff

Thinstuff released it’s RDP Server version 1.0 recently. Some of the features:

  • RDP server for Linux
    • RLE compression
    • RDP protocol compression
    • Data encryption
    • Client selected resolutions and bits per pixel
    • Fullscreen mode
    • RDP Bitmap Cache
    • RDP Orders
    • Compatible Clients: RDP 5.0, 5.1, 5.2, Windows CE, rdesktop
  • Optimized for many kinds of X11 applications for optimal performance
  • Change resolution while clients are connected
  • Very low bandwidth consumption
  • Shadowing support to view a session multiple times
  • Terminal Server
    • Database or passwd/shadow user management
    • Passwd/shadow or PAM authentication
    • Management through Java Client
    • Authentication by specifying username and password in the RDP client or at a login window within the RDP session

Obviously the RDP server is a X Server on the linux side with a RDP interface to the rest of the world…very cool indeed. As soon as I have some time I’ll give it a try…

Source: http://www.thinstuff.com/company/news/

a ready to go VMware Image for MONO…

The Mono team (well, Novell) created a mono-development-environment-in-a-box as an VMware Image. You can grab it at the source.

“The image is a SUSE Linux Enterprise Desktop 10, and it includes the latest version of Mono, the development tools, documentation and samples for Windows.Forms and ASP.NET.

The MonoDevelop IDE is included in the image for developers, and Postgress and MySQL are installed to test your application with a database.”

I’ve made some screenshots:


explore the WinForms implementation of mono

Source: Mono VMware Image

browse the web with the iLiad

The iRex iLiad e-ink e-book reader is such a fantastic device, a friend of mine is willing to put the >600 euro down to get one. And if he reads this, he’ll be even more motivated to bite the bullet:



“From the factory, the Iliad only uses and maintains Internet connectivity for a very short time and for one specific purpose; to connect to the Rex site. Some enterprising device owners put a little hack together with a PDF file and some http for an address bar and they’re now surfing the web as long they like on the Iliad.”


Source: http://www.irextechnologies.com/products/iliad/specs

IIS6 and Apache syscall graph

SanaSecurity created these two graphics:



Apache syscall graph


IIS6 syscal graph

What’s this? You may ask…it’s an API dependency graph of the current Apache webserver and the current IIS webserver.

As some people try to interpret those graphics to the favor of their loved one. I cannot see anything discussable about these graphics, so I leave it to you to just enjoy them as they look quite nice :-)

Source: http://www.sanasecurity.com/

How to setup secure 802.1x WPA2 enterprise wireless lan on a linksys WRT54G / GS Revision 4

This article is in german, but I am going to make a translated english version available soon. Thanks to Volker -cosrahn- Henze for writing this great how-to.


Für Feedback und/oder Fragen bitte die Kommentarfunktion verwenden.





VORWORT


Dieses Howto ist ein bischen anders als andere. Es ist ein “Monolitisches” Howto. Wir haben sozusagen einen Snapshot des, bis dato, aktuellen OpenWRT auf unseren Server gezogen und werden damit das gesamte System aufbauen. Es wird keine Updates geben. Das ist natürlich nicht gut aber wir haben diesen Ansatz gewählt um ein Howto zu realisieren bei dem keine Fragen offen bleiben. Also wenn Du es GENAU so machst wie wir hier, solltest Du danach einen wunderschönen Linksys haben der dir einen sicheren und komfortablen Weg bietet dein WLAN vor Unbefugten zu schützen aber trotzdem schnell und einfach Freunden, Bekannten und Nachbarn den Zugriff zu gewähren oder wieder zu enziehen. Warum kein Customized-Image? Wir müssten es testen und dazu felht einfach die Zeit und die Hardware. Aber ich denke das wir demnächst evtl. solch ein Image bauen werden. Allerdings hat solch ein Howto auch den Vorteil das ihr wisst was in eurem Linksys steckt und nicht einfach sagt “Ich glaub der Klumpen da in der Ecke macht das…” Gut dann viel Spass!


VORRAUSSETZUNGEN




  • Linksys WRT54GS Revision 4

  • Ein Rechner mit telnet und SSH (SSH für Windowser gibt es hier)

  • Möglichkeiten Dateien per scp zu übertragen (mit scp, WinSCP usw.)

  • Grundkenntnisse mit dem Umgang mit Maus und Tastatur

HARDWARE


Linksys auspacken. Die Warnung “Zuerst CD laufen lassen, dann die Kabel anschließen.” kann man getrost überlesen. Und steckt nun das beiliegende Kabel an den Port 1 und an einen beliebigen Rechner. Nun bekommt man eine IP (192.168.1.100), die IP des Linksys ist die 192.168.1.1 also mit http://192.168.1.1 in deinem Browser kommst Du auf das Webinterface. Login: admin und Passwort: admin



Die Logindaten sollten auch auf der beiliegenden
Dokumentations-CD zu finden sein.



So sieht das Webfrontend von Linksys aus. Nach dem Flashen wir der Linksys kein
Webfrontend haben. Man kann allerdings eines Nachinstallieren.
Aber dies ist ein anderes Howto…


FIRMWARE UPDATE


Die entsprechende Firmware erhält man hier: openwrt-wrt54gs_v4-jffs2.zip (1,61 MB) – Dies ist ein Mirror des openwrt.org-Downloads.


!!!!!!!!!! ACHTUNG nun wirds heiß !!!!!!!!!!
Überprüfe unbedingt noch einmal ob nicht doch ein Stromausfall angekündigt wurde oder der Nachbar versucht mit dem Föhn baden zu gehen. Ein Stromausfall wäre fatal für den Linksys.



Klick auf Administration->Firmware Upgrade



Die Datei openwrt-wrt54gs_v4-jffs2.bin angeben



laufendes Update


DAS ERSTE LOGIN


Nun ist es soweit. Wenn alles geklappt hat kannst du dich per telnet einloggen.



Das erste Telnet


root@OpenWrt:~# telnet 192.168.1.1
Trying 192.168.1.1…
Connected to 192.168.1.1.
Escape character is ‘^]’.
=== IMPORTANT ============================
Use ‘passwd’ to set your login password
this will disable telnet and enable SSH
——————————————

BusyBox v1.00 (2006.03.27-00:00+0000) Built-in shell (ash)
Enter ‘help’ for a list of built-in commands.

_______ ________ __
| |.—–.—–.—–.| | | |.—-.| |_
| – || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
WHITE RUSSIAN (RC5) ——————————-
* 2 oz Vodka Mix the Vodka and Kahlua together
* 1 oz Kahlua over ice, then float the cream or
* 1/2oz cream milk on the top.
—————————————————
root@OpenWrt:/#


Nach dem einloggen erstmal ein Reset da die Dateisysteme noch read-only sind:

root@OpenWrt:~# reboot

Nach diesem Reboot kann man sich wieder einloggen. Als erstes muss ein neues Passwort gesetzt werden:

root@OpenWrt:~# telnet 192.168.1.1
root@OpenWrt:~# passwd
Changing password for root
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
Enter new password:
Re-enter new password:
Password changed.



Nun loggen wir uns wieder aus, da Telnet nicht besonders sicher ist
und jeder mitlesen könnte was wir eingeben.

root@OpenWrt:~# exit
volker@buran ~ $ ssh root@192.168.1.1
root@192.168.1.1’s password:

BusyBox v1.00 (2005.07.18-21:49+0000) Built-in shell (ash)
Enter ‘help’ for a list of built-in commands.

_______ ________ __
| |.—–.—–.—–.| | | |.—-.| |_
| – || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
WHITE RUSSIAN (RC2) ——————————-
* 2 oz Vodka Mix the Vodka and Kahlua together
* 1 oz Kahlua over ice, then float the cream or
* 1/2oz cream milk on the top.
—————————————————
root@OpenWrt:~#


INTERNET

Nun sollte man sich um Internet kümmern. Dies ist aber nicht Teil dieses How-To da es da einfach sehr viele Möglichkeiten gibt einen Linksys mit dem Internet zu verbinden. Deshalb die, meiner Meinung nach, zwei gängigsten hier und noch mehr Infos dazu gibt es hier.

FeM-Net oder andere größere LANs


Hier die Vorgehensweise wenn ihr das Gerät an einem größeren LAN wie dem FeM-Net betreiben wollt. Bitte achtet darauf das der Internet-Port(das ist der der ein Stückchen weiter weg ist on den anderen) des Linksys mit dem LAN verbunden ist. ACHTUNG wenn ihr einen anderen Port mit dem FeM-Net verbindet wird euer FeM-Net-Port deaktiviert.


Jetzt braucht ihr die MAC-Adresse des Linksys um ihn im FeM-Net freizuschalten. Das ist ganz einfach.

root@OpenWrt:~# ifconfig vlan1
vlan1 Link encap:Ethernet HWaddr 00:14:BF:CA:FE:01
inet6 addr: fe80::214:bfff:feca:fe01/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 MiB) TX bytes:0 (0.0 MiB)
root@OpenWrt:~#

Bei unserem Gerät wäre die MAC-Adresse “00:14:BF:CA:FE:01”.


DSL und ISP


Das ist leicht. Einfach ein paar NVRAM Variablen setzen und das DSL-Modem an den WAN-Port des Linksys stecken.


nvram set wan_ifname=ppp0
nvram set wan_proto=pppoe
nvram set ppp_idletime=10
nvram set ppp_mtu=1492
nvram set ppp_passwd=
nvram set ppp_redialperiod=15
nvram set ppp_username=
nvram set pppoe_ifname=vlan1
nvram commit

Wenn du fertig bist schalte das WAN-Interface ein mit:

ifup wan

SOFTWAREPAKETE NACHINSTALLIEREN

Jetzt machen wir erstmal ein Update der Softwarepakete. Wir stellen eine Packet-Sammlung bereit um sicherzustellen das alles genauso funktioniert wie wir es beschrieben haben. Das heißt aber nicht das diese Howto auch nicht mit späteren Versionen funktionieren wird.

root@OpenWrt:~# cp /etc/ipkg.conf /etc/ipkg.conf.old
root@OpenWrt:~# vi /etc/ipkg.conf
* Taste “i” drücken (Insert-Modus)
* nun die folgenden Einträge ändern
von
src whiterussian http://downloads.openwrt.org/whiterussian/packages
src non-free http://downloads.openwrt.org/whiterussian/packages/non-free
nach
src whiterussian http://www.technology-ninja.com/whiterussian/packages
src non-free http://www.technology-ninja.com/whiterussian/packages/non-free
den Rest lassen wir einfach so
* Taste “Esc” drücken (Kommando-Modus)
:wq
root@OpenWrt:~#

Jetzt kann man mit einem ipkg update die Paket-Informationen holen.



root@OpenWrt:~# ipkg update
Downloading
http://www.technology-ninja.com/whiterussian/packages/Packages …
Connecting to www.technology-ninja.com[141.24.190.9]:80
Packages 100% |******************************************|
121 KB 00:00 ETA
Done.
Updated list of available packages in /usr/lib/ipkg/lists/whiterussian
Downloading
http://www.technology-ninja.com/whiterussian/packages/non-free/Packages …
Connecting to www.technology-ninja.com[141.24.190.9]:80
Packages 100% |******************************************|
568 00:00 ETA
Done.
Updated list of available packages in /usr/lib/ipkg/lists/non-free

INSTALLIEREN DES NTP-CLIENT

Dieser Schritt ist wichtig da ihr mit diesem Tool den Linksys mit der Zeit im Internet syncronisieren müsst. Der Linksys besitzt keine Pufferbatterie und kann seine Zeit nicht zwischenspeichern. Die Zeit wird aber unbediengt gebraucht damit die PKI(das mit OpenSSL erstellte Zeug) funktioniert.

root@OpenWrt:~# ipkg install ntpclient

Downloading http://www.technology-ninja.com/whiterussian/packages/
ntpclient_2003_194-2_mipsel.ipk …
Connecting to www.technology-ninja.com[141.24.190.9]:80
ntpclient_2003_194-2 100% |*******************************************|
9555 00:00 ETA
Done.
Unpacking ntpclient…Done.
Configuring ntpclient…Done.
root@OpenWrt:~#


Nun schnell die Zeit syncen.

root@OpenWrt:~# ntpclient -h timesrv1.tu-ilmenau.de -s

Ggf. kann hier statt timesrv1.tu-ilmenau.de ein beliebig anderer Zeitserver verwendet werden.

Und ein Startscript welches beim einschalten des Linksys die aktuelle Zeit aus dem Internet holt.

root@OpenWrt:~# echo “#!/bin/ash” >/etc/init.d/S70ntp
root@OpenWrt:~# echo “ntpclient -h timesrv1.tu-ilmenau.de -s” >>/etc/init.d/S70ntp
root@OpenWrt:~# chmod a+x /etc/init.d/S70ntp

Geschaft, nun haben wir, so Gott will, immer die richtige Uhrzeit auf unserem Linksys.

DIE PROPRIETÄREN TOOLS


Installation der propritären Tools. Auch wenn es nicht schön ist, diesen Schritt kannst Du nicht überspringen. Der propritäre NAS und die WL-tools müssen nachinstalliert werden.


root@OpenWrt:~# ipkg install nas

Downloading http://www.technology-ninja.com/whiterussian/packages/non-free/
nas_3.90.37-16_mipsel.ipk …
Connecting to www.technology-ninja.com[141.24.190.9]:80
nas_3.90.37-16_mipse 100% |******************************************|
75771 00:00 ETA
Done.
Unpacking nas…Done.
Configuring nas…Done.
root@OpenWrt:~# ipkg install wl

Downloading http://www.technology-ninja.com/whiterussian/packages/non-free/
wl_3.90.37-1_mipsel.ipk …
Connecting to www.technology-ninja.com[141.24.190.9]:80
wl_3.90.37-1_mipsel. 100% |******************************************|
40906 00:00 ETA
Done.
Unpacking wl…Done.
Configuring wl…Done.
root@OpenWrt:~#


Der NAS wird benötigt um die Kommunikation zwischen WLAN-Device des Linksys und dem Radius-Server. Die WL-Tools werden benötigt um alle Funktionen des propritären WLAN-Treibers zu nutzen.

OPENSSL

Mit OpenSSL wird nun eine Root-CA erstellt. Dies bietet die Möglichkeit dynamisch Zertifikate an beliebige Personen zu verteilen ohne das ihr euch kompliziert Pre-Shared-Keys zuflüstern müsst. Außerdem kann man Zertifikate zurückziehen wenn man jemanden nicht mehr leiden kann. Das ist besonders in größeren Infrastrukturen sehr sinnvoll. Installiert euch openssl-utils auf eurem, mittlerweile liebgewonnen, Linksys. Im übrigen ist es ratsam die Root-CA auf einem anderen PC zu erstellen. Hier der Einfachheit-wegen direkt auf dem Linksys.


root@OpenWrt:~# ipkg install openssl-util

Legt euch ein Verzeichnis an in dem die Root-CA gespeichert wird.

root@OpenWrt:~# cd /usr/share/
root@OpenWrt:/usr/share/CA# mkdir CA
root@OpenWrt:/usr/share/CA# cd CA

OpenSSL brauch ein paar Verzeichnisse, in dem es seinen sinnlosen Mist ablegen kann.

root@OpenWrt:/usr/share/CA# mkdir certs crl newcerts private users

Erstelle die Seriennummer und die Indexdatei für die Root-CA.

root@OpenWrt:/usr/share/CA# echo “01” > serial
root@OpenWrt:/usr/share/CA# cp /dev/null index.txt
root@OpenWrt:/usr/share/CA# cp /etc/ssl/openssl.cnf .

Mach eine Kopie der Orginal OpenSSL-Konfig-Datei und ändere es wie Du es benötigst.

root@OpenWrt:/usr/share/CA# vi openssl.cnf
* Taste “i” drücken (Insert-Mode)
* mit den Pfeiltasten nach unten scrollen bis zum Feld [ CA_default ]
* den Parameter
dir = ./demoCA
* tauschen gegen
dir = ./
* Dann die beliebigen Anpassungen machen
* Taste “ESC” drücken (Kommando-Modus)
:wq
root@OpenWrt:/usr/share/CA#

Für die Client Zertifikate benötigt man spezielle Windows XP Extensions. Dazu legen wir eine neue Datei mit dem Namen xpextensions an.


root@OpenWrt:/usr/share/CA# vi xpextensions
* Taste “i” drücken (Insert-Mode)
Die Zeilen hinzufügen
[ xpclient_ext ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
[ xpserver_ext ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
* Taste “ESC” drücken (Kommando-Modus)
:wq
root@OpenWrt:/usr/share/CA#

GENERIEREN DES ROOT-CA-ZERTIFIKATS

Sie ist 1095 Tage gültig. Das kann natürlich nach belieben angepasst werden in dem man die Zahl nach der Option -days verändert.

root@OpenWrt:/usr/share/CA# openssl req -new -x509 \
-keyout private/cakey.pem -out cacert.pem -days 1095 -config openssl.cnf
Generating a 1024 bit RSA private key
………………………………………………..++++++
…………++++++
writing new private key to ‘private/cakey.pem’
Enter PEM pass phrase: “Das_Root-CA_Passwort”
Verifying – Enter PEM pass phrase: “Das_Root-CA_Passwort”
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Thueringen
Locality Name (eg, city) []:Ilmenau
Organization Name (eg, company) [Internet Widgits Pty Ltd]:FeM e.V.
Organizational Unit Name (eg, section) []:Technik
Common Name (eg, YOUR name) []:Cosrahn
Email Address []:somemailadress
root@OpenWrt:/usr/share/CA#

Tipp: Merkt euch das Passwort. Und dieses sollte niemals in falsche Hände geraten.


root@OpenWrt:/usr/share/CA# openssl pkcs12 -export -in cacert.pem -inkey private/cakey.pem \
-out caroot.p12 -cacerts -descert
Enter pass phrase for private/cakey.pem: “Das_Root-CA_Passwort”
Enter Export Password: “caroot_p12_Passwort” (kann auch leer sein)
Verifying – Enter Export Password: “caroot_p12_Passwort” (kann auch leer sein)
root@OpenWrt:/usr/share/CA# openssl pkcs12 -in caroot.p12 -out caroot.pem
Enter Import Password: “caroot_p12_Passwort”
MAC verified OK
Enter PEM pass phrase: “caroot_pem_Passwort”
Verifying – Enter PEM pass phrase: “caroot_pem_Passwort”
root@OpenWrt:/usr/share/CA#

Und für Windows.

root@OpenWrt:/usr/share/CA# openssl x509 -in cacert.pem \
-inform PEM -out cacert.der -outform DER

RADIUS SERVER ZERTIFIKAT REQUEST

root@OpenWrt:/usr/share/CA# openssl req -nodes -new -x509 -keyout radius-req.pem \
-out radius-req.pem -days 730 -config openssl.cnf
Generating a 1024 bit RSA private key
…++++++
…++++++
writing new private key to ‘radius-req.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Thueringen
Locality Name (eg, city) []:Ilmenau
Organization Name (eg, company) [Internet Widgits Pty Ltd]:FeM e.V.
Organizational Unit Name (eg, section) []:Technik
Common Name (eg, YOUR name) []:Cosrahn
Email Address []:somemailaddress
root@OpenWrt:/usr/share/CA# openssl x509 -x509toreq \
-in radius-req.pem -signkey radius-req.pem -out radius-tmp.pem
Getting request Private Key
Generating certificate request
root@OpenWrt:/usr/share/CA#

Zertifizieren des Request Bitte achte hier auf die Reihenfolge “-infiles radius-tmp.pem” ist die letzte Option in der Kommandozeile.

root@OpenWrt:/usr/share/CA# openssl ca -config openssl.cnf \
-policy policy_anything -out radius-cert.pem -extensions xpserver_ext \
-extfile xpextensions -infiles radius-tmp.pem
Using configuration from openssl.cnf
Enter pass phrase for /usr/share/CA/private/cakey.pem: “Das_Root-CA_Passwort”
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jan 1 05:15:35 2000 GMT
Not After : Dec 31 05:15:35 2000 GMT
Subject:
countryName = DE
stateOrProvinceName = Thueringen
localityName = Ilmenau
organizationName = FeM e.V.
organizationalUnitName = Technik
commonName = Cosrahn
emailAddress = somemailaddress
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
Certificate is to be certified until Dec 31 05:15:35 2000 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@OpenWrt:/usr/share/CA#


Konvertieren des Zertifikats in PKCS12-Datei damit es lesbar für Outlook; MSIE; Mozilla wird. (dieser Schritt ist nicht unbedingt nötig, da unser Radius kein PKCS12 benötigt).

openssl pkcs12 -export -in radius-cert.pem -out radius-cert.p12\-inkey radius-req.pem -descert

CLIENT ZERTIFIKAT REQUEST

Dieser Schritt muss für jeden Client wiederholt werden.

root@OpenWrt:/usr/share/CA# openssl req -nodes -new -x509\
-keyout client-req.pem -out client-req.pem -days 730 -config openssl.cnf
Generating a 1024 bit RSA private key
…….++++++
…………++++++
writing new private key to ‘client-req.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Thueringen
Locality Name (eg, city) []:Ilmenau
Organization Name (eg, company) [Internet Widgits Pty Ltd]:FeM e.V.
Organizational Unit Name (eg, section) []:Technik
Common Name (eg, YOUR name) []:Cosrahn
Email Address []:somemailAddress
root@OpenWrt:/usr/share/CA# openssl x509 -x509toreq -in client-req.pem \
-signkey client-req.pem -out client-tmp.pem
Getting request Private Key
Generating certificate request
root@OpenWrt:/usr/share/CA#

Zertifizieren der Request – Bitte achte auf die richtige Reihenfolge “-infiles client-tmp.pem” ist die letzte Option auf der Kommandozeile.

root@OpenWrt:/usr/share/CA# openssl ca -config openssl.cnf -policy policy_anything \
-out client-cert.pem -extensions xpclient_ext -extfile xpextensions \
-infiles client-tmp.pem
Using configuration from openssl.cnf
Enter pass phrase for /usr/share/CA/private/cakey.pem:
DEBUG[load_index]: unique_subject = “yes”
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 2 (0x2)
Validity
Not Before: Jan 1 05:37:37 2000 GMT
Not After : Dec 31 05:37:37 2000 GMT
Subject:
countryName = DE
stateOrProvinceName = Thueringen
localityName = Ilmenau
organizationName = FeM e.V.
organizationalUnitName = Technik
commonName = Cosrahn
emailAddress = somemailAddress
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Client Authentication
Certificate is to be certified until Dec 31 05:37:37 2000 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@OpenWrt:/usr/share/CA#


Konvertieren des Zertifikat in PKCS12-Datei (Outlook; MSIE; Mozilla).

openssl pkcs12 -export -in client-cert.pem -out client-cert.p12 \
-inkey client-req.pem -descert

Um grössere Sauerein zu vermeiden hab ich den obigen Teil zu einem kleinen Script zusammen gefasst. Dieses kleine Script hilft beim erstellen eines neuen Clients. Man findet die erstellten Zertifikate in /usr/share/CA/users/[clientname].

Hier das Skript: mkclient.sh.zip (,43 KB)


Man kann nun zB. einfach mit:


root@OpenWrt:/usr/share/CA# ./mkclient.sh Paul

ein Zertifikat für den User “Paul” erstellen.

SONSTIGE DATEIEN

Um den Verschlüsselungsspass komplett zu machen brauchen wir noch eine random-Datei und eine Diffi-Hellmann-Parameter Datei. Dazu gehen wir wie folgt vor.


root@OpenWrt:/usr/share/CA# openssl dhparam -out dh1024.pem 1024
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
…………………………………………..
…………..+……………………………..
+………………………………….+……..
……….+…………….+………………….
…………..+……………………………..
…………………………………………..
…………………………………………..
+….+………….+………………………++*
++*++*
root@OpenWrt:/usr/share/CA# dd if=/dev/urandom of=random bs=1k count=1

WAS HABEN WIR JETZT ALLES?


Wir haben jetzt viele Dateien generiert aber welche ist jetzt wozu da? Also werden wir das jetzt mal aufdröseln.


radius-req.pem – der Key
radius-cert.pem – das Zertifikat
cacert.pem und cacert.der – das CA-Zertifikat
dh1024.pem – das DH Parameter
random – beinhaltet einfach nur zufällige Daten


WELCHE DATEI GEHÖRT WOHIN?


Der Client:


Linux
/usr/share/CA/client-cert.pem
/usr/share/CA/client-req.pem
/usr/share/CA/cacert.pem
Windows
/usr/share/CA/client.p12
/usr/share/CA/cacert.der
diese Dateien müssen auf den Rechner der sich in das WLAN einloggen will.

Die Dateien für den Radius behandeln wir später.

RADIUS SERVER

Nach dem wir das geschaft haben, können wir mit dem Radius-Server weiter machen. Wenn Du schon einen funktionierenden Radius-Server in deinem Netz benutzt, kannst Du diesen Schritt überspringen. Um den FreeRadius-Server zu installieren geht man wie folgt vor:

root@OpenWrt:~# ipkg install freeradius

root@OpenWrt:~# ipkg install freeradius-utils

root@OpenWrt:~# ipkg install freeradius-mod-eap

root@OpenWrt:~# ipkg install freeradius-mod-eap-md5

root@OpenWrt:~# ipkg install freeradius-mod-eap-peap

root@OpenWrt:~# ipkg install freeradius-mod-eap-tls

root@OpenWrt:~# ipkg install freeradius-mod-eap-ttls

root@OpenWrt:~# ipkg install freeradius-mod-files

root@OpenWrt:~# ipkg install freeradius-mod-pap

root@OpenWrt:~#

Bitte achte darauf dass du kein Paket vergesst.


Damit der RADIUS auch nach einem reboot zur richtigen Zeit startet, muss das Startscript noch umbenannt werden.


mv /etc/init.d/radiusd /etc/init.d/S41radiusd

Dann die erstellten OpenSSL-Zertifikate kopieren.

mkdir /etc/freeradius/ca
cp /usr/share/CA/cacert.pem /etc/freeradius/ca
cp /usr/share/CA/radius-req.pem /etc/freeradius/ca
cp /usr/share/CA/radius-cert.pem /etc/freeradius/ca
cp /usr/share/CA/dh1024.pem /etc/freeradius/ca/
cp /usr/share/CA/random /etc/freeradius/ca/

Die wichtigen Dateien für die Radius Konfiguration sind



  • clients.conf
  • eap.conf
  • radiusd.conf
  • users

CLIENT.CONF


client 127.0.0.1 {
secret = Das_RADIUS_Passwort
shortname = localhost
nastype = other
}

EAP.CONF

Download

802.1x AKTIVIEREN

Nun wollen wir einfach mal unsere 802.1X Umgebung aktivieren.


root@OpenWrt:~# nvram set wl0_akm=wpa wpa2
root@OpenWrt:~# nvram set wl0_auth_mode=radius
root@OpenWrt:~# nvram set wl0_crypto=aes+tkip
root@OpenWrt:~# nvram set wl0_radius_ipaddr=127.0.0.1
root@OpenWrt:~# nvram set wl0_radius_key=Das_RADIUS_Passwort
root@OpenWrt:~# nvram set wl0_radius_port=1812
root@OpenWrt:~# nvram set wl0_ssid=My_8021X_Network
root@OpenWrt:~# nvram set wan_hostname=My_8021X_Gateway
root@OpenWrt:~# nvram set wl0_wep=aes+tkip
root@OpenWrt:~# nvram commit

Nun sollte nach einem Reboot der Zauber beginnen. Viel Spass!

MEHR SOFTWARE

ipkg install wireless-tools
ipkg install webif

LINKS

WPA2 Enterprise-Howto http://wiki.openwrt.org/OpenWrtDocs/Wpa2Enterprise
NAS-Howto http://wiki.openwrt.org/OpenWrtDocs/nas
OpenWRT Konfig Hilfen http://wiki.openwrt.org/OpenWrtDocs/Configuration
OpenSSL PKCS12 http://www.openssl.org/docs/apps/pkcs12.html
OpenSSL X509 http://www.openssl.org/docs/apps/x509.html
FeM-Wiki https://info.fem.tu-ilmenau.de/wiki/index.php/Sicheres_WLAN_mit_einem_Linksys