niels / Hardware / #voip

Unlocking Pilmo Voicefinder

A while ago I posted a small HOWTO on how to use Pilmo and the Pilmo Voicefinder with Asterisk. In response to that I got some requests on how to unlock the Voicefinder. Although there is no need to unlock it when using my instructions, here’s how:

Download an original Addpac firmware from http://www.addpac.com/addpac_eng/customer.html

Just type AP200 in the download box and you’ll get a list of available firmwares.

  • Connect the voicefinder using a DTE serial cable.
  • When the system boots press Ctrl-C and Ctrl-X alternately until you see BOOT_login:
  • Login as guest using password guest.
  • Set a new password for the root user using the password command: password newpw newpw
  • Do a show interfaces.
  • Configure your PC to be in the same IP range (or reconfigure the voicefinder IP).
  • FTP to the voicefinder IP address and upload the downloaded firmware. (Login using root and the newly set password.)
  • When the upload is complete the Voicefinder will report the version of the firmware you uploaded an start writing it to flash.
  • Once writing and verifying is completed type reboot.

The voicefinder will reboot using the newly uploaded original firmware. It will ask your DHCP server for an IP address. Go there with your favorite web browser and behold.. a full Addpac webinterface 🙂

niels / Software /

Personal Livestream

Two weeks ago XS4ALL introduced ‘Personal Livestream‘, allowing their customers to share their own audio/video stream with an unlimited number of viewers within XS4ALL and a handful on the rest of the Internet. Sounds good?

Unfortunatly their website tells you the service will only work with Windows as the service requires Windows Media Encoder. Sound bad!

Fortunatly it’s easy to prove them wrong using vlc:

vlc input_stream --sout '#transcode{vcodec=DIV3,vb=256,scale=1,acodec=mp3,ab=32,channels=2}:std{access=mmsh,mux=asfh,url=:7007}'

Replace input_stream with your favorite audio/video files or devices, register your stream with XS4ALL and enjoy!

niels / Software / #voip

Pilmo and Asterisk

The last few years I’ve been using Pilmo as my voip provider and am quite pleased with it. The good thing about them is that they supply me with a regular Dutch phone number including a normal area code and not some weird number in one of the dedicated voip number ranges. The bad thing about them is that prices at other providers have been dropping and they are slow to follow.

What I wanted was to keep Pilmo for my incoming calls and use other providers for my outgoing calls. Unfortunately the ATA they supply is more or less locked. I decided to install Asterisk and tweak its config to proxy between their ATA and the Pilmo servers. I can now receive calls on my Pilmo phone number and call everyone I know, even abroad, for free using an IAX channel to voipbuster.com.

I posted my config to: voip-info.org

niels / Blog / #vpn

Super Freeswan and Windows XP

Wanted to throw out WPA for several reasons, I switched to IPSEC for my wireless network which includes a Windows XP machine…
This is just a quick reference for myself so I don’t have to figure it out all over again when I add a Windows machine to the network.

On the Freeswan box

  • Edit openssl config to increase number of bits and expiry time.
  • Use CA.sh to create a root certificate. (by default in ./demoCA)
  • Lower expiry time back down a bit in openssl config.
  • Create a new client (and also one for the server) certificate: CA.sh -newreq (use a pass phrase)
  • Sign this certificate: CA.sh -sign
  • Rename newcert.pem to something client specific (clientcert.pem in this example). (You might also want to keep newreq.pem..)
  • Create a PKCS12 file for Windows: openssl pkcs12 -export -in clientcert.pem -inkey newreq.pem -certfile demoCA/cacert.pem -out client.p12
  • Extract the subject, you’ll need it for ipsec.conf: openssl x509 -in clientcert.pem -inform pem -noout -subject

Put stuff in ipsec.conf:

config setup
    interfaces="ipsec0=eth1″
    klipsdebug=none
    plutodebug=control
    plutoload=%search
    plutostart=%search
    uniqueids=yes

conn %default
    keylife=70m
    keyingtries=3
    disablearrivalcheck=no
    authby=rsasig
    ike=aes-md5,aes-sha,3des-md5,3des-sha
    esp=aes128-md5,aes128-sha1,3des-md5,3des-sha1
    dpddelay=120
    dpdtimeout=370
    dpdaction=clear
    compress=yes
    leftrsasigkey=%cert
    rightrsasigkey=%cert

conn client
    right=192.168.1.12
    rightid="C=NL, ST=NH, L=PURMEREND, O=NiElS, OU=CLIENT, CN=Niels Peen, E=ni
    [email protected]”
    rightca="/C=NL/ST=NH/L=PURMEREND/O=NiElS/CN=Niels Peen/[email protected]”
    left=192.168.1.9
    leftsubnet=0.0.0.0/0
    leftcert=/etc/ipsec.d/certs/servercert.pem
    leftca=%same
    pfs=yes

You will notice that in the subject emailAddress has been replace with E.

On the Windows box

  • (Win)SCP the P12 file to the Windows machine.
  • Start “MMC”
  • You begin with an empty console. Now add some plugins: (names may vary as I translate them from the Dutch Windows version)
  • Certificates -> Computer Account -> Local machine
  • Certificates -> User Account
  • IP Security Monitor
  • IP Policy Management -> This Computer

You now have a useful MMC profile. Save it.

  • Go to Certificates (Local machine), right click -> All tasks -> Import
  • Now import the P12 file, it will ask you for the password. Turn on the exportable option and set the archive to “automatic”. Your certificate should now be imported.
  • Now we’ll create a security policy.
  • Give it a name, like “ipsec all traffic”.
  • Disable the default rule and the the properties dialog pop-up.

We now have a rules Window.

  • Disable the Wizard.

We’ll be adding two rules. One for client to server and one for server to client.
I’ll describe one procedure. The differences are only the Source an Destination address and the Tunnel endpoint. This will make sense once you run into them 🙂

  • Add a rule. (assuming client to server).
  • In filter tab, add a filter.
  • Disable wizard.
  • Name it “client to server”.
  • Hit “add”.
  • Set Source to “My address”, set Destination to “Any address” and disable mirroring.
  • In the description type “client to server”, and close the filter properties dialog and the rule properties dialog. Select the just made filter.
  • Go to filter action tab. Disable Wizard and hit “Add”. We only do this one once, you can use it in both the “client to server” and the “server to client” rules.
  • Select “Negotiate” and hit Add.
  • Select “Custom” and configure it for SHA1, 3DES. Turn off AH. Turn on the session key settings. Defaults are fine. Close dialogs until we’re back in filter properties. Turn off non-secure traffic and enable PFS.
  • In the general tab, name this “ipsec crypto”. Close dialog.
  • Back in the filter action tab select the just made “ipsec crypto”.
  • Go to verification methods. Add one using our imported certificate. Remove kerberos.
  • Set type of connection to “All”.
  • Set tunnel endpoint to the servers address.

Now do the same for a server to client rule.
Back in first dialog, go to the common tab and enable PFS using the Advanced button.

Back in MMC enable the ipsec all traffic policy. Encryption should now take place!

niels / Blog /

Resume

Link to outdated resume has been removed.

Since I had to dig up my resume anyway, I’ve put it [online].

niels / Blog / #email

E-mail replies

Outdated links to lists removed.

Not getting reply to your email? Make sure to check my [blacklist] and [ignorelist].

niels / Hardware / #acer,#laptop

Acer Travelmate 634LC

For those of you buying an Acer Travelmate 634LC I’ve put online some info on having it run Debian GNU Linux. Not as fast as my Medion laptop but it’s more power efficient and has a bigger screen (15.1" 1400×1050).

##Quickspecs

  • Mobile Pentium IV 1.8GHz
  • ALI Chipset
  • 15.1" TFT
  • 32MB videocard with TV-Out
  • 512MB DDR RAM
  • 30GB HDD
  • DVD/CDRW
  • 3 hour battery
  • 56K modem
  • 10/100Mbit Ethernet
  • Firewire
  • SmartCard
  • CardBus/PCMCIA
  • Acer port replicator
  • Infared

The longer specs, and how to get stuff working (Using Debian GNU/Linux and Kernel 2.4.19):

Audio:
The normal kernel driver complains about interrupts. The ALSA driver however works great. Load snd-ali5451, snd-mixer-oss, snd-pcm-oss.

Modem:
Haven’t tried the modem yet, but it’s supposed to be a Lucent Winmodem if you want to try.

Network:
Works great with the standard 8139too driver in de 2.4.19 kernel.

Firewire:
Use the OHCI kernel driver and it seems to work. I have no actual firewire equipment to test it though.

USB: (v1.1)
Also use OHCI driver to get this running. Works fine.

IDE Controller:
Use the ALI15xx IDE driver. Works ok. Needed hdparm to turn on 32-bit mode; DMA mode is on by default. I run:

hdparm -c 1 -u 1 /dev/hda

on boot.

PCMCIA/CardBus/SmartCard:
The CardBus/PCMCIA part works fine with the standard CardBus driver. The laptop also has a smartcard reader. O2 Micro however stopped their Linux support for the smartcard reader. Make sure to send them a friendly email to complain about that. They did supply me with (useless to me) binary drivers for RedHat 6.2. (Read this.)

Video:
I downloaded the AGP and XFree driver from the nVidia site. They work great, including OpenGL and TV-Out. Keep in mind that the nVidia X driver is called ‘nvidia’ and not ‘nv’ like the original X driver. 1400×1050 sure is a lot more useful than 1024×768 🙂

IRDA:
Worked using the SIR drivers (loading irtty, ircomm-tty and ircomm). Could not get the ALI FIR driver to work.

ACPI:
The ACPI in kernel 2.4.19 has problems shutting the machine down. I used a patch for 2.4.19 from http://sourceforge.net/projects/acpi. (Make sure to reconfigure the kernel.)

APM:
Suppose it could work. I prefer using ACPI.

Touchpad:
I used the synaptics driver from mobilix.org. Works great.

DVD/CDRW:
IDE DVD-player and CD (Re)Writer. Configure kernel for SCSI emulation to use the writing features. Also put append="hdc=ide-scsi" in your lilo.conf.

Some output for those interested:

00:00.0 Host bridge: Acer Laboratories Inc. [ALi] M1671 Northbridge
[Aladdin-P4] (rev 02)
00:01.0 PCI bridge: Acer Laboratories Inc. [ALi] PCI to AGP Controller
00:06.0 Multimedia audio controller: Acer Laboratories Inc. [ALi] M5451 PCI
AC-Link Controller Audio Device (rev 02)
00:07.0 ISA bridge: Acer Laboratories Inc. [ALi] M1533 PCI to ISA Bridge
[Aladdin IV]
00:08.0 Modem: Acer Laboratories Inc. [ALi] M5457 AC-Link Modem Interface
Controller
00:0a.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C
(rev 10)
00:0b.0 FireWire (IEEE 1394): VIA Technologies, Inc. IEEE 1394 Host
Controller (rev 46)
00:0f.0 USB Controller: Acer Laboratories Inc. [ALi] USB 1.1 Controller (rev
03)
00:10.0 IDE interface: Acer Laboratories Inc. [ALi] M5229 IDE (rev c4)
00:11.0 Bridge: Acer Laboratories Inc. [ALi] M7101 PMU
00:13.0 CardBus bridge: O2 Micro, Inc. OZ6933 Cardbus Controller (rev 02)
00:13.1 CardBus bridge: O2 Micro, Inc. OZ6933 Cardbus Controller (rev 02)
00:14.0 USB Controller: Acer Laboratories Inc. [ALi] USB 1.1 Controller (rev
03)
01:00.0 VGA compatible controller: nVidia Corporation NV11 [GeForce2 Go]
(rev b2)
niels / Blog /

Guestbook

Outdated links to guestbook removed.

The almost antique [Guestbook Service] has been
slightly updated and moved to the [BroZus] server.

niels / Blog / #email,#gnupg

GnuPG key

I recently created a new Public GnuPG key.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenKeyServer v1.2
Comment: Extracted from http://www.keyserver.net

mQGiBD2/K9ERBADj/QIuSod0L0jEbyzYitC56Sx5zb4Z5/nTRmyhz3gWm4xfiVFz
3Yi9swBOcR3EAL8vNU/CD2DwuNt+rF66CYOBQ3Pt/yCEo4RnResMngzQ2HvZGZty
lXD4+v8q37Zb+bUG8/njQXS9jYhMSYMOdeQU0Q71ByD6YVywWCtO3lARtwCgxYim
O2Mdq2D8FYVOlkegaWQgbmMD+wa6Yydqpj2mR1bFa20qqMjP1B4VKnH95lCqEv9X
dv/AtryO/oRbL3JTpDwQHHbnFUN70g50xOE9FJQAg7TZduqIrS5Qf3z3CEgHWSXs
l+BLC7AFA6ORF+0pZVKPkhcKoo9NDUpgP+3uizJ/oLI8AzYzKaLBgc4/piBnAc0v
pjxcBACLI8o8K3jx4Rzj1DZwHo/N7FWeyGm/55C77mZzNZndaoGaqrNzmkpOXKS5
E34ZUwAAJKlNHybNGGv9G7cSxUE9gSlQ4wKg+1EpeVxr7u+FNg+lQsLas7BN2KWx
ieiDDAJLGW+uCkAE+nH0DZx79m17PhFy/+AXYu79kloq9rcEx7QbTmllbHMgUGVl
biA8bmllbHNAcGVlbi5uZXQ+iF8EExECAB8FAj2/K9IFCQHhM4AECwcDAgMVAgMD
FgIBAh4BAheAAAoJEA63+QrUmG/Vk08An0HAeRdrNw6yTCjcGYymMpT2UmNNAJ9S
BHqP7Zco9akEtLaPP53V/B9/7ohMBBMRAgAMBQI96x8XBYMBtUA6AAoJECYELLsT
O2Jk+Z8An12GqVlo3EGIVKLOMFb4AZ/ioSsAAJwIE6BRc0afXBLdRljFktBDPkxM
8bkCDQQ9vyviEAgAswlqUtT03H5q29F/vusDPJ6YvrlDlcSCBAxoP9iup9tz3ZNr
Dhspr3fDtbxsV4RVC+xhNPBvMWgNkvuRxz8VZ24hqJ0EncCVXEEuONI2GMu2V8/i
9LrMBMdOmZrt5rXpLiky57tQv3PPH3GlX8h6+OBBzZwXwH7mgeKklMtxNPm+LtOY
L9au8SsbUmF4swrg6KRZd2TBckSICBe4rxZlTsQRycVQwx6Keu40NB2FR1zcVyLL
CH0ZkOQXLKVopPJ3xAci35IcZA0bsD+ivfb8ecNY25SuzNh9zlz8XP7HNv7Cj1lb
Zt6MocDNQQU0h1a94SzqUdjyTkxwKbcbgWgZmwADBQf+OjXLT0kpVNvZ8fLXAI1z
Jzmqfmp4hxMaLNd9m+Cdoj83TvFE1xnSLdfDSz/J3pZNujWCol2+wadgrXC22Q0E
Cq1VyeiwsucdlxOePO/rGDYLrQBJ+kD/sQljiObnwi7dbfOaIRkKahriSurG2KtD
/bO/zo0Xpd9Q4bBTP0et+blDuVw9+IvyuoVs+kc0Qwuh5OK3eFrDyejLbN0JsGqM
9kEd5YKo1E4OZ3W7EObrZKRwZJ7i3jFzTSlyVwWpvElykseonALoWkODbISEloaY
WadvMH9BJlYP+4eETb36ONbiSQqiV/Wx4+LHmAOdfP7ZE6u0RvyQh4dBpRBbRrEG
iohMBBgRAgAMBQI9vyviBQkB4TOAAAoJEA63+QrUmG/VEAYAmgNeS6Z22cXSJmNL
nGBskSkBvZIXAKCJGSpQrEF+J0YovrrLuWQ8Wkenvw==
=X3HU
-----END PGP PUBLIC KEY BLOCK-----