Recent blog entries for walpuski

5 Jul 2003 (updated 5 Jul 2003 at 14:29 UTC) »

Dan Melomedman encouraged me to publish my patch for PHP with fnord and diet libc. I've also put the source code of a HTTP authentication module for fnord and a «small» (read: no features, just loading modules with or without options, nothing more, nothing less) insmod for Linux 2.5.x on the web.

P.S.: My patch for isakmpd on Linux 2.5.x was mentioned in a article by Ralf Spenneberg about IPsec in Linux 2.5.x. in the Linux-Magazin. There might also be a chapter about using isakmpd on Linux 2.5.x in Ralfs new book «VPN mit Linux».

Last night Hakan Olsson commited a slightly modified version of my patch for isakmpd on Linux 2.5 to CVS. You might be interested in this small howto about building isakmpd for Linux 2.5.

17 Jan 2003 (updated 18 Jan 2003 at 21:11 UTC) »

This week I've installed a recent development kernel, which has a nice IPsec implementation (much better than FreeS/WAN). At the moment you have to use KAME's IKE daemon racoon for automagical keying. A PFKEYv2 interface to xfrm has been developed especially therefore. The native user interface to xfrm via NETLINK has some bugs (fix) . Today I've done a port of isakmpd to Linux 2.5.Some testing has already been done (5 hours stress test with very much rekeying), but I think it could use some more (hint!).

9 Jan 2003 (updated 9 Jan 2003 at 13:06 UTC) »

My code to enable SET/ACK IKE Mode Config (see below) has been commited to CVS.

Long time ago I wrote some code to support SET/ACK IKE Mode Config for isakmpd when acting as responder, i.e. VPN-gateway et.al., which has not been completly functional, because of some strange side-effect in isakmpd. Today due to "inspiration" by Clemens Draschl and Ralf Hornik I've tested the code with a recent CVS version of isakmpd and it worked! Get the patch!

13 Nov 2002 (updated 13 Nov 2002 at 21:43 UTC) »

Someone eagerly demanded a version of ldapclient with LDAP Search Filter support. So others also might be interested in this patch. After applying it you can do such nifty things as the following (or even more complicated stuff):

thomas@tyr:~/src/tinyldap$ ./ldapclient 130.157.5.18 \
> 'o=Sonoma State University, C=US' \
> '(&(cn=S*t*e*)(description=*Professor*)(!(description=*History*)))' \
> cn mail description
requesting mail
requesting description
[..]
11 Nov 2002 (updated 11 Nov 2002 at 15:45 UTC) »

About a month ago I finished writing my "Seminarfacharbeit" about "Sicherere latenzarme Kommunikationswege mit IPsec" (Get it!).

Also sometime ago Fefe accepted my scan_ldapsearchfilterstring for tinyldap. It parses LDAP Search Filters. I guess there will be a more versatile ldapclient in tinyldap really soon. This will nearly eliminate the need for OpenLDAP's ldapsearch ;-).

11 Aug 2002 (updated 11 Nov 2002 at 15:46 UTC) »

This week my CRL support for isakmpd has made it into OpenBSD's CVS :-). It makes the use of isakmpd in very large VPN scenarios more feasible.

At the moment I'm also thinking about writing a small HTTP proxy, which allows proxy-chaining and external filters. Squid is too heavyweight for my purpose.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!