Archive for the ‘Network’ Category

Newer Entries »

PPTP VPN Gateway with Debian

Monday, December 18th, 2006

PPTP VPN gateway can avoid various constraints : single connection, delay for switching VPN between two hosts, etc.

Here is an easy solution :

– Install Debian with ppp and pptp-linux packages
RTFM and create /etc/ppp/options.pptp file :

lock noauth nobsdcomp nodeflate

And /etc/ppp/peers/my-tunnel file :

pty "pptp SERVER-IP --nolaunchpppd"
name LOGIN
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam my-tunnel

where LOGIN is your PPTP login.

Put Microsoft CHAP parameters in /etc/ppp/chap-secrets file :

LOGIN PPTP PASSWORD *

where PASSWORD is your PPTP password.

Then, PPTP connection is ready.
Add it in interfaces file :

auto mobile
iface mobile inet ppp
provider my-tunnel
up sleep 10 && route add -net 192.168.x.0/24 dev ppp0
up route add -net 192.168.y.0/24 dev ppp0
up /etc/init.d/firewall start

In this example, 192.168.x.0/24 and 192.168.y.0/24 are in VPN network.

And /etc/init.d/firewall file is easy IPTables script :

#!/bin/sh

# just route it !
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/tcp_ecn
iptables -t nat -D POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# MTU in tunnel (only for Windows machines... strange)
iptables -D FORWARD -p tcp  --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -p tcp  --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu
(update : I use now "--set-mss 294" option after some problems with "--clamp-mss-to-pmtu")
iptables -L --line-numbers
iptables -L -t nat --line-numbers

Then, to enable or disable your PPTP VPN Gateway :

# ifup mobile
# ifdown mobile

Posted in Debian, English, Network | 1 Comment »

TCP window scaling in kernel 2.6.17

Monday, July 17th, 2006

I had a strange problem: TCP freeze after HTTP GET with particular web sites (but no problem for HTTP HEAD for example) when I use machines with 2.6.17 Linux (Debian) kernel. I find why. Use of TCP window scaling changes in 2.6.17 and some broken routers don’t like this. Here is interesting discussion about use of TCP window scaling.

For my problem, fast (and bad) work around is:

echo 0 > /proc/sys/net/ipv4/tcp_default_win_scale

or even:

echo 0 > /proc/sys/net/ipv4/tcp_window_scaling

Posted in Debian, English, Network | Comments Off on TCP window scaling in kernel 2.6.17

Realtek network cards with VIA chipset !

Saturday, March 18th, 2006

At work, we have cheap network cards for tests.
From the last command, cards are announced to be classic Realtek RTL8139D chip.

Strange realtek card

But when I put in Linux 2.(4|6) systems, I discover curious lspci message :

Ethernet controller: VIA Technologies, Inc. VT6105 [Rhine-III] (rev 86)
Subsystem: VIA Technologies, Inc.: Unknown device 0105

And with pci-id 1106:3106 (rev 86), I found on PCI IDs database the reference :

3106  VT6105 [Rhine-III]
1186 1403  DFE-530TX rev C

On Linux, this chipset seems to be a VIA Rhine chipset and it works fine with via-rhine Linux driver. On Windows XP, card is recognized as Realtek card and works with Realtek driver. On OpenBSD, card works with vr driver…

MAC address confirms me that is Realtek card : http://www.coffer.com/mac_find/?string=00%3AE0%3A4C
Then I have VIA chipsets marked as Realtek Chipsets !
Perhaps a factory error…

Posted in English, Hardware, Network | 1 Comment »

Présentation sur IPv6 au PLUG

Monday, November 28th, 2005

Suite à une présentation succinte sur IPv6 au cours de la réunion du PLUG de novembre 2005, voici les slides que j’ai utilisé :

Slides PLUG IPv6 – 984 Ko (format PDF)

Posted in french, Network | 3 Comments »

Newer Entries »