niels / Hardware / #acer,#laptop

Acer Travelmate 634LC

For those of you buying an Acer Travelmate 634LC I’ve put online some info on having it run Debian GNU Linux. Not as fast as my Medion laptop but it’s more power efficient and has a bigger screen (15.1" 1400×1050).

##Quickspecs

  • Mobile Pentium IV 1.8GHz
  • ALI Chipset
  • 15.1" TFT
  • 32MB videocard with TV-Out
  • 512MB DDR RAM
  • 30GB HDD
  • DVD/CDRW
  • 3 hour battery
  • 56K modem
  • 10/100Mbit Ethernet
  • Firewire
  • SmartCard
  • CardBus/PCMCIA
  • Acer port replicator
  • Infared

The longer specs, and how to get stuff working (Using Debian GNU/Linux and Kernel 2.4.19):

Audio:
The normal kernel driver complains about interrupts. The ALSA driver however works great. Load snd-ali5451, snd-mixer-oss, snd-pcm-oss.

Modem:
Haven’t tried the modem yet, but it’s supposed to be a Lucent Winmodem if you want to try.

Network:
Works great with the standard 8139too driver in de 2.4.19 kernel.

Firewire:
Use the OHCI kernel driver and it seems to work. I have no actual firewire equipment to test it though.

USB: (v1.1)
Also use OHCI driver to get this running. Works fine.

IDE Controller:
Use the ALI15xx IDE driver. Works ok. Needed hdparm to turn on 32-bit mode; DMA mode is on by default. I run:

hdparm -c 1 -u 1 /dev/hda

on boot.

PCMCIA/CardBus/SmartCard:
The CardBus/PCMCIA part works fine with the standard CardBus driver. The laptop also has a smartcard reader. O2 Micro however stopped their Linux support for the smartcard reader. Make sure to send them a friendly email to complain about that. They did supply me with (useless to me) binary drivers for RedHat 6.2. (Read this.)

Video:
I downloaded the AGP and XFree driver from the nVidia site. They work great, including OpenGL and TV-Out. Keep in mind that the nVidia X driver is called ‘nvidia’ and not ‘nv’ like the original X driver. 1400×1050 sure is a lot more useful than 1024×768 🙂

IRDA:
Worked using the SIR drivers (loading irtty, ircomm-tty and ircomm). Could not get the ALI FIR driver to work.

ACPI:
The ACPI in kernel 2.4.19 has problems shutting the machine down. I used a patch for 2.4.19 from http://sourceforge.net/projects/acpi. (Make sure to reconfigure the kernel.)

APM:
Suppose it could work. I prefer using ACPI.

Touchpad:
I used the synaptics driver from mobilix.org. Works great.

DVD/CDRW:
IDE DVD-player and CD (Re)Writer. Configure kernel for SCSI emulation to use the writing features. Also put append="hdc=ide-scsi" in your lilo.conf.

Some output for those interested:

00:00.0 Host bridge: Acer Laboratories Inc. [ALi] M1671 Northbridge
[Aladdin-P4] (rev 02)
00:01.0 PCI bridge: Acer Laboratories Inc. [ALi] PCI to AGP Controller
00:06.0 Multimedia audio controller: Acer Laboratories Inc. [ALi] M5451 PCI
AC-Link Controller Audio Device (rev 02)
00:07.0 ISA bridge: Acer Laboratories Inc. [ALi] M1533 PCI to ISA Bridge
[Aladdin IV]
00:08.0 Modem: Acer Laboratories Inc. [ALi] M5457 AC-Link Modem Interface
Controller
00:0a.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C
(rev 10)
00:0b.0 FireWire (IEEE 1394): VIA Technologies, Inc. IEEE 1394 Host
Controller (rev 46)
00:0f.0 USB Controller: Acer Laboratories Inc. [ALi] USB 1.1 Controller (rev
03)
00:10.0 IDE interface: Acer Laboratories Inc. [ALi] M5229 IDE (rev c4)
00:11.0 Bridge: Acer Laboratories Inc. [ALi] M7101 PMU
00:13.0 CardBus bridge: O2 Micro, Inc. OZ6933 Cardbus Controller (rev 02)
00:13.1 CardBus bridge: O2 Micro, Inc. OZ6933 Cardbus Controller (rev 02)
00:14.0 USB Controller: Acer Laboratories Inc. [ALi] USB 1.1 Controller (rev
03)
01:00.0 VGA compatible controller: nVidia Corporation NV11 [GeForce2 Go]
(rev b2)
niels / Blog /

Guestbook

Outdated links to guestbook removed.

The almost antique [Guestbook Service] has been
slightly updated and moved to the [BroZus] server.

niels / Blog / #email,#gnupg

GnuPG key

I recently created a new Public GnuPG key.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenKeyServer v1.2
Comment: Extracted from http://www.keyserver.net

mQGiBD2/K9ERBADj/QIuSod0L0jEbyzYitC56Sx5zb4Z5/nTRmyhz3gWm4xfiVFz
3Yi9swBOcR3EAL8vNU/CD2DwuNt+rF66CYOBQ3Pt/yCEo4RnResMngzQ2HvZGZty
lXD4+v8q37Zb+bUG8/njQXS9jYhMSYMOdeQU0Q71ByD6YVywWCtO3lARtwCgxYim
O2Mdq2D8FYVOlkegaWQgbmMD+wa6Yydqpj2mR1bFa20qqMjP1B4VKnH95lCqEv9X
dv/AtryO/oRbL3JTpDwQHHbnFUN70g50xOE9FJQAg7TZduqIrS5Qf3z3CEgHWSXs
l+BLC7AFA6ORF+0pZVKPkhcKoo9NDUpgP+3uizJ/oLI8AzYzKaLBgc4/piBnAc0v
pjxcBACLI8o8K3jx4Rzj1DZwHo/N7FWeyGm/55C77mZzNZndaoGaqrNzmkpOXKS5
E34ZUwAAJKlNHybNGGv9G7cSxUE9gSlQ4wKg+1EpeVxr7u+FNg+lQsLas7BN2KWx
ieiDDAJLGW+uCkAE+nH0DZx79m17PhFy/+AXYu79kloq9rcEx7QbTmllbHMgUGVl
biA8bmllbHNAcGVlbi5uZXQ+iF8EExECAB8FAj2/K9IFCQHhM4AECwcDAgMVAgMD
FgIBAh4BAheAAAoJEA63+QrUmG/Vk08An0HAeRdrNw6yTCjcGYymMpT2UmNNAJ9S
BHqP7Zco9akEtLaPP53V/B9/7ohMBBMRAgAMBQI96x8XBYMBtUA6AAoJECYELLsT
O2Jk+Z8An12GqVlo3EGIVKLOMFb4AZ/ioSsAAJwIE6BRc0afXBLdRljFktBDPkxM
8bkCDQQ9vyviEAgAswlqUtT03H5q29F/vusDPJ6YvrlDlcSCBAxoP9iup9tz3ZNr
Dhspr3fDtbxsV4RVC+xhNPBvMWgNkvuRxz8VZ24hqJ0EncCVXEEuONI2GMu2V8/i
9LrMBMdOmZrt5rXpLiky57tQv3PPH3GlX8h6+OBBzZwXwH7mgeKklMtxNPm+LtOY
L9au8SsbUmF4swrg6KRZd2TBckSICBe4rxZlTsQRycVQwx6Keu40NB2FR1zcVyLL
CH0ZkOQXLKVopPJ3xAci35IcZA0bsD+ivfb8ecNY25SuzNh9zlz8XP7HNv7Cj1lb
Zt6MocDNQQU0h1a94SzqUdjyTkxwKbcbgWgZmwADBQf+OjXLT0kpVNvZ8fLXAI1z
Jzmqfmp4hxMaLNd9m+Cdoj83TvFE1xnSLdfDSz/J3pZNujWCol2+wadgrXC22Q0E
Cq1VyeiwsucdlxOePO/rGDYLrQBJ+kD/sQljiObnwi7dbfOaIRkKahriSurG2KtD
/bO/zo0Xpd9Q4bBTP0et+blDuVw9+IvyuoVs+kc0Qwuh5OK3eFrDyejLbN0JsGqM
9kEd5YKo1E4OZ3W7EObrZKRwZJ7i3jFzTSlyVwWpvElykseonALoWkODbISEloaY
WadvMH9BJlYP+4eETb36ONbiSQqiV/Wx4+LHmAOdfP7ZE6u0RvyQh4dBpRBbRrEG
iohMBBgRAgAMBQI9vyviBQkB4TOAAAoJEA63+QrUmG/VEAYAmgNeS6Z22cXSJmNL
nGBskSkBvZIXAKCJGSpQrEF+J0YovrrLuWQ8Wkenvw==
=X3HU
-----END PGP PUBLIC KEY BLOCK-----
niels / Hardware / #router,#vpn

Draytek Vigor2200 <-> FreeS/WAN HOWTO

  • v1.00 2002/01/24 – first
  • v1.01 2002/03/06 – latest firmware supports PFS and fixes accidental
  • v1.02 2002/08/16 – make sure to use the scheduler in lan-lan profile
    pass-through of IKE packets when DMZ is used

##Situation

  • We have a large network 10.2.0.0/16 with a FreeS/WAN Linux box on internal
    IP 10.2.0.1 and external (public internet) IP 123.123.123.123
  • We also have a small network 192.168.1.0/24 with a Vigor2200 on internal IP
    192.168.1.1 and external (public internet) IP 222.222.222.222
  • Our setup will automatically create a link between the two networks as
    soon as any machine on the smaller (connected to the vigor) network tries to
    access the larger (connected to the linux box) network.

Assumptions

  • You have succesfully installed FreeS/WAN (For installing FreeS/WAN see
    http://www.freeswan.org/)
  • Your Vigor2200 is up and running
  • vm will be the IPSec box
  • vigor will be the Vigor2200

Instructions

First, create a PSK (pre-shared key) using the ipsec ranbits command:

vm:~# ipsec ranbits --continuous 128 
0x6672dd8b3f15227556b606f9f624c3da
vm:~#

Access the Vigor2200 through it’s web interface. Go through the screens mentioned below and configure accordingly. You must of course replace the secret key with your own one created above.

This screen is pretty straight forward. We configure the pre-shared key and tell the Vigor to both authenticate and encrypt using 3DES.

Vigor IKE/IPSec Setup

Dial-in Set up
IKE Authentication method
Pre-Shared Key: 0x6672dd8b3f15227556b606f9f624c3da
Re-type Pre-Shared Key: 0x6672dd8b3f15227556b606f9f624c3da
IPSec Security Method
Select High(ESP) and 3DES

Dial-out
IKE Authentication method
Pre-Shared Key: 0x6672dd8b3f15227556b606f9f624c3da
Re-type Pre-Shared Key: 0x6672dd8b3f15227556b606f9f624c3da

This is a screen has a lot of things, but most things on the right (except for dial direction and idle-timeout) can be ignored because they apply only to ISDN usage.

LAN-to-LAN Dialer Profile Setup

Common Setup
Profile Name: ipsecvm
Select Enable this profile
Call Direction: select Both
Idle Timeout: 900

Dial-Out Settings
Username: leave empty, or leave ???
Password: leave empty
Server IP: 123.123.123.123
Type of Server I am Calling: select IPSec Tunnel
Select High(ESP) and 3DES with Authentication

Scheduler(1-15): 1 (or whatever number you give your schedule
profile)

Dial-In Settings
Username: leave empty, or leave ???
Password: leave empty
Select Enable CLID
Peer VPN Server IP: 123.123.123.123
Allowed Dial-In Type: Select IPSec Tunnel

TCP/IP Network Settings
My WAN IP: 0.0.0.0
Remote Gateway: 123.123.123.123
Remote Network: 10.2.0.0
Remote Netmask: 255.255.0.0

For NAT operation, treat remote sub-net as: Private IP

This screen enables the auto-dial function. It’s not necessary (you can start the connection on either side manually), but it is very convenient 😉

Call Schedule Setup

Select Enable Schedule Setup
Start Date: 2000-1-1
Start Time: 0:0
Duration: 23:59
Action: select enable dial-on-demand
Idle Timeout: 0
How Often: select weekdays and sun, mon, etc

FreeS/WAN

Now we go setup the FreeS/WAN config files.

leftnexthop is usually the default gateway on the linux box. rightnexthop is usually the default gateway for the vigor.

# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
 
config setup
        interfaces="ipsec0=eth0"
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        plutowait=no
        uniqueids=yes
 
conn %default
        keyingtries=3
        keylife=3600s
        ikelifetime=480m
        authby=secret
        auth=esp
        keyexchange=ike
        pfs=yes
 
conn peen
        esp=3des-md5-96
        left=123.123.123.123
        leftsubnet=10.2.0.0/16
        leftnexthop=123.123.123.1
        right=222.222.222.222
        rightsubnet=192.168.1.0/24
        rightnexthop=222.222.222.1
        auto=add

Below of course again replace the secret key with the one you generated earlier.

# /etc/ipsec.secrets

123.123.123.123 222.222.222.222 : PSK "0x6672dd8b3f15227556b606f9f624c3da"

Some additional hints:

  • The Vigor2200 supports IPSec only if the firmware is 2.00 of later.
  • The keylife and ikelifetime above match those of the Vigor. If you use different values, results are unpredictable.