Advogato blog for walpuski

5 Jul 2003

Sat, 5 Jul 2003 14:20:30 GMT

Dan Melomedman encouraged me to publish my patch for PHP with fnord and diet libc. I've also put the source code of a HTTP authentication module for fnord and a «small» (read: no features, just loading modules with or without options, nothing more, nothing less) insmod for Linux 2.5.x on the web.

P.S.: My patch for isakmpd on Linux 2.5.x was mentioned in a article by Ralf Spenneberg about IPsec in Linux 2.5.x. in the Linux-Magazin. There might also be a chapter about using isakmpd on Linux 2.5.x in Ralfs new book «VPN mit Linux».

19 May 2003

Mon, 19 May 2003 16:41:50 GMT

Last night Hakan Olsson commited a slightly modified version of my patch for isakmpd on Linux 2.5 to CVS. You might be interested in this small howto about building isakmpd for Linux 2.5.

17 Jan 2003

Fri, 17 Jan 2003 22:45:39 GMT

This week I've installed a recent development kernel, which has a nice IPsec implementation (much better than FreeS/WAN). At the moment you have to use KAME's IKE daemon racoon for automagical keying. A PFKEYv2 interface to xfrm has been developed especially therefore. The native user interface to xfrm via NETLINK has some bugs (fix) . Today I've done a port of isakmpd to Linux 2.5.Some testing has already been done (5 hours stress test with very much rekeying), but I think it could use some more (hint!).

9 Jan 2003

Thu, 9 Jan 2003 13:03:57 GMT

My code to enable SET/ACK IKE Mode Config (see below) has been commited to CVS.

30 Dec 2002

Mon, 30 Dec 2002 18:58:31 GMT

Long time ago I wrote some code to support SET/ACK IKE Mode Config for isakmpd when acting as responder, i.e. VPN-gateway et.al., which has not been completly functional, because of some strange side-effect in isakmpd. Today due to "inspiration" by Clemens Draschl and Ralf Hornik I've tested the code with a recent CVS version of isakmpd and it worked! Get the patch!

13 Nov 2002

Wed, 13 Nov 2002 21:32:20 GMT

Someone eagerly demanded a version of ldapclient with LDAP Search Filter support. So others also might be interested in this patch. After applying it you can do such nifty things as the following (or even more complicated stuff):

thomas@tyr:~/src/tinyldap$ ./ldapclient 130.157.5.18 \
> 'o=Sonoma State University, C=US' \
> '(&(cn=S*t*e*)(description=*Professor*)(!(description=*History*)))' \
> cn mail description
requesting mail
requesting description
[..]

11 Nov 2002

Mon, 11 Nov 2002 15:42:17 GMT

About a month ago I finished writing my "Seminarfacharbeit" about "Sicherere latenzarme Kommunikationswege mit IPsec" (Get it!).

Also sometime ago Fefe accepted my scan_ldapsearchfilterstring for tinyldap. It parses LDAP Search Filters. I guess there will be a more versatile ldapclient in tinyldap really soon. This will nearly eliminate the need for OpenLDAP's ldapsearch ;-).

11 Aug 2002

Sun, 11 Aug 2002 14:51:17 GMT

This week my CRL support for isakmpd has made it into OpenBSD's CVS :-). It makes the use of isakmpd in very large VPN scenarios more feasible.

At the moment I'm also thinking about writing a small HTTP proxy, which allows proxy-chaining and external filters. Squid is too heavyweight for my purpose.