…about Linux, electronics, digital photography, whatever…
Icône RSS Icône Accueil

  • Configuration ADSL pour Free sur Cisco 1841

    Posté le 4th décembre 2009 leucos Pas de commentaires

    (an english translation for this article is here)

    Les clients de Free sont généralement contents… jusqu’a ce qu’ils aient besoin de support. C’est un problème avec tous les providers, mais chez Free en général, c’est gratiné.

    Quand vous vous abonez chez Free, vous recevez une belle Freebox : un equipement faisant office de modem DSL, routeur, de FXS pour brancher le téléphone et parfois plus si vous avez la chance d’avoir la TV et d’autres services.services.

    Mais quand vous ne voulez pas utiliser la FreeBox, ou qu’elle est morte, il y a des moyens alternatifs pour se connecter. Le plus simple c’est de trouver un modem DSL (un speedtouch par exemple), et d’utiliser un routeur pouvant faire du PPPoE (un Linksys WRT54GL + firmware tomato par exemple).

    Vous pouvez aussi faire du PPPoA si vous avez un routeur avec une interface ATM. La configuration ci dessous peut être utilisée sur un routeur Cisco 1841 avec une carte ATM pour se connceter chez Free. La conf est facilement adaptable à d’autre modèles, le changements se limitant souvent aux noms d’interfaces.

    Vous pouvez debugguer la connexion en tapant :

    debug ppp neg
    debug ppp auth

    Bonne chance.

    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname c1841-pppoa
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 0 CHANGE_YOUR_ENABLE_PASSWORD
    !
    no aaa new-model
    !
    resource policy
    !
    memory-size iomem 5
    mmi polling-interval 60
    !
    no mmi auto-configure
    no mmi pvc
    mmi snmp-timeout 180
    ip subnet-zero
    ip cef
    !
    !
    no ip dhcp use vrf connected
    !
    ! Global pool for the LAN clients
    ip dhcp pool CLIENTS
    import all
    network 192.168.0.0 255.255.255.0
    default-router 192.168.0.254
    dns-server 192.168.0.254
    !
    ! Static assignements for specific clients
    ip dhcp pool pc1
    import all
    host 192.168.0.2 255.255.255.0
    client-identifier 0013.8dd7.2ada
    !
    ip dhcp pool pc2
    import all
    host 192.168.0.3 255.255.255.0
    client-identifier 0018.f327.3137
    !
    ip domain name whatever.it.is
    !
    ! Use ssh
    ! You need to issue
    ! crypto key generate rsa
    ! first
    ip ssh time-out 60
    ip ssh authentication-retries 2
    !
    ! Lets define some user
    username _CHANGE_USERNAME password à CHANGE_USERPASSWORD
    !
    !
    !
    interface Null0
    no ip unreachables
    !
    ! This is LAN side
    interface FastEthernet0/0
    description LAN connection
    ip address 192.168.0.254 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    duplex auto
    speed auto
    no cdp enable
    !
    interface FastEthernet0/1
    no ip address
    speed auto
    !
    ! This is the ATM interface
    ! We\'re doing PPPoA
    interface ATM0/0/0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    pvc 8/35
    ubr 160
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface BRI0/1/0
    no ip address
    shutdown
    !
    ! Dialer interface for PPP negotiation
    interface Dialer0
    ip address negotiated
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname 04XXXXXXXX@freeadsl
    ppp chap password 0 CHANGE_TO_YOUR_CHAP_PASS
    !
    ppp pap sent-username 04XXXXXXXX@freeadsl password 0 CHANGE_TO_YOUR_CHAP_PASS
    ! Required to get DNS servers
    ppp ipcp dns request
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    ! Required to act as a DNS server for the LAN clients
    ip dns server
    !
    ! Oh please no !
    no ip http server
    no ip http secure-server
    !
    ! Do some NAT for LAN clients
    ip nat inside source list 10 interface Dialer0 overload
    access-list 10 permit 192.168.0.0 0.0.0.255
    !
    control-plane
    !
    line con 0
    stopbits 1
    line aux 0
    line vty 0 4
    password 0 CHANGE_TO_SOME_PASS
    login local
    ! We just want ssh, not telnet
    transport input ssh
    !
    end
    network , , , ,

  • Cisco 1841 ADSL configuration for Free telecom

    Posté le 17th mai 2009 leucos Pas de commentaires

    (a french translation for this article is here)

    http://leucos.lstilde.org/wp/2009/05/cisco-1841-ads…r-free-telecom/

    People connected via Free, a french internet provider are usually happy customers… until they need to get support. Well, this is a problem with most of providers out there.

    When you subscribe to Free, they send you a Freebox : a combo containing a DSL modem, a router, an FXS to hook your telephone, and sometimes more if you’re lucky enough to have TV and other services.

    But when you don’t want to use this box, or when it’s dead, you can use alternate ways to get connected. The easiest one if to get a DSL modem (a speedtouch for instance), and use a PPPoE capable routeur (like a Linksys WRT54GL + tomato firmware).

    You can also do PPPoA if you have a router with an ATM interface. The configuration included below can be used on a Cisco 1841 routeur with ATM card to connect to Free. It probably can be adapted to other models  very easily by changing only interface names.

    You can debug what happens by issuing :

    debug ppp neg
    debug ppp auth

    Good luck.

    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname c1841-pppoa
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 0 CHANGE_YOUR_ENABLE_PASSWORD
    !
    no aaa new-model
    !
    resource policy
    !
    memory-size iomem 5
    mmi polling-interval 60
    !
    no mmi auto-configure
    no mmi pvc
    mmi snmp-timeout 180
    ip subnet-zero
    ip cef
    !
    !
    no ip dhcp use vrf connected
    !
    ! Global pool for the LAN clients
    ip dhcp pool CLIENTS
    import all
    network 192.168.0.0 255.255.255.0
    default-router 192.168.0.254
    dns-server 192.168.0.254
    !
    ! Static assignements for specific clients
    ip dhcp pool pc1
    import all
    host 192.168.0.2 255.255.255.0
    client-identifier 0013.8dd7.2ada
    !
    ip dhcp pool pc2
    import all
    host 192.168.0.3 255.255.255.0
    client-identifier 0018.f327.3137
    !
    ip domain name whatever.it.is
    !
    ! Use ssh
    ! You need to issue
    ! crypto key generate rsa
    ! first
    ip ssh time-out 60
    ip ssh authentication-retries 2
    !
    ! Lets define some user
    username _CHANGE_USERNAME password à CHANGE_USERPASSWORD
    !
    !
    !
    interface Null0
    no ip unreachables
    !
    ! This is LAN side
    interface FastEthernet0/0
    description LAN connection
    ip address 192.168.0.254 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    duplex auto
    speed auto
    no cdp enable
    !
    interface FastEthernet0/1
    no ip address
    speed auto
    !
    ! This is the ATM interface
    ! We\'re doing PPPoA
    interface ATM0/0/0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    pvc 8/35
    ubr 160
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface BRI0/1/0
    no ip address
    shutdown
    !
    ! Dialer interface for PPP negotiation
    interface Dialer0
    ip address negotiated
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname 04XXXXXXXX@freeadsl
    ppp chap password 0 CHANGE_TO_YOUR_CHAP_PASS
    !
    ppp pap sent-username 04XXXXXXXX@freeadsl password 0 CHANGE_TO_YOUR_CHAP_PASS
    ! Required to get DNS servers
    ppp ipcp dns request
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    ! Required to act as a DNS server for the LAN clients
    ip dns server
    !
    ! Oh please no !
    no ip http server
    no ip http secure-server
    !
    ! Do some NAT for LAN clients
    ip nat inside source list 10 interface Dialer0 overload
    access-list 10 permit 192.168.0.0 0.0.0.255
    !
    control-plane
    !
    line con 0
    stopbits 1
    line aux 0
    line vty 0 4
    password 0 CHANGE_TO_SOME_PASS
    login local
    ! We just want ssh, not telnet
    transport input ssh
    !
    end
    network , , ,

  • Fixing ‘IPSEC(initialize_sas): Invalid Proxy IDs’ with dynamic VPNs

    Posté le 9th décembre 2008 leucos Pas de commentaires

    Dynamic VPNs is a Cisco feature that makes a central router accept VPN establishment without specifying a peer or an ACL for the SA.

    The configuration is very simple (even simpler than normal, statically specified tunnels) so when the tunnel doesn’t come up, it is quite frustrating.

    And when you get ‘IPSEC(initialize_sas): Invalid Proxy IDs’, meaning SA ACL doesn’t match on both sides, you start to pull your hairs out : how can’t they match when they are not needer on the headend side ??

    Well, it seems that the headend is checking the remote SA specification (Proxy ID) anyway, and bails out from isakmp when things go wrong.

    Consider this log, saw on a router sitting at 172.22.1.130/27 with

     debug crypto ipsec

    and

    debug crypto isakmp
    *Mar  1 00:45:39.227: ISAKMP: set new node 909606036 to QM_IDLE
    *Mar  1 00:45:39.227: ISAKMP:(0:1:SW:1): processing HASH payload. message ID = 909606036
    *Mar  1 00:45:39.227: ISAKMP:(0:1:SW:1): processing SA payload. message ID = 909606036
    *Mar  1 00:45:39.231: ISAKMP:(0:1:SW:1):Checking IPSec proposal 1
    *Mar  1 00:45:39.231: ISAKMP: transform 1, ESP_3DES
    *Mar  1 00:45:39.231: ISAKMP:   attributes in transform:
    *Mar  1 00:45:39.231: ISAKMP:      encaps is 1 (Tunnel)
    *Mar  1 00:45:39.231: ISAKMP:      SA life type in seconds
    *Mar  1 00:45:39.231: ISAKMP:      SA life duration (basic) of 3600
    *Mar  1 00:45:39.231: ISAKMP:      SA life type in kilobytes
    *Mar  1 00:45:39.231: ISAKMP:      SA life duration (VPI) of  0x0 0x46 0x50 0x0
    *Mar  1 00:45:39.231: ISAKMP:      authenticator is HMAC-SHA
    *Mar  1 00:45:39.231: ISAKMP:(0:1:SW:1):atts are acceptable.
    *Mar  1 00:45:39.231: IPSEC(validate_proposal_request): proposal part #1,
    (key eng. msg.) INBOUND local= 172.22.1.130, remote= 172.22.80.129,
    local_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
    remote_proxy= 172.22.80.128/255.255.255.193/0/0 (type=4),
    protocol= ESP, transform= esp-3des esp-sha-hmac  (Tunnel),
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2
    *Mar  1 00:45:39.231: IPSEC(initialize_sas): invalid proxy IDs
    *Mar  1 00:45:39.231: ISAKMP:(0:1:SW:1): IPSec policy invalidated proposal
    *Mar  1 00:45:39.231: ISAKMP:(0:1:SW:1): phase 2 SA policy not acceptable! (local 172.22.1.130 remote 172.22.80.129)

    See it ?

    remote_proxy= 172.22.80.128/255.255.255.193/0/0 (type=4),

    the subnet mask 255.255.255.193 comes from a wrong ACL specification :

    permit ip 172.22.80.128 0.0.0.62 192.168.1.0 0.0.0.255

    instead of

    permit ip 172.22.80.128 0.0.0.63 192.168.1.0 0.0.0.255

    So 255.255.255.193 last byte yields a discontinuous mask (11000001) which is not so commonly used :)
    That’s why the tunnel is not coming up, and how you lost the last hour.

    network , , , , ,

  • Cisco serial cable pinout

    Posté le 27th septembre 2008 leucos 1 commentaire

    Here is the pinout for the standard Cisco serial console cable (DB9 – RJ45) like this one.

    Note that DCD(1) and RI(9) are not wired.

    This cable is quite handy when doing µcontroller stuff. Just put a RJ45 socket on your PCB our get a breakout board from Sparkfun and you can plug and unplug at will and securely.

    DB 9 Serial pin Color RJ 45
    8 CTS Black 1
    6 DSR Brown 2
    2 RX Red 3
    5 GND Orange 4
    5 GND Yellow 5
    3 TX Green 6
    4 DTR Blue 7
    7 CTS Grey 8
    electronics , , ,

Twitter: b9m

Propulsé par WordPress
Design de My Mobiles