IPCop quick one

[GreGorGy]

So, my client has an hunk-o-junk with IPCop 1.4 running on it. The RED PPPoE port goes to iBurst and works just fine. The GREEN port goes to their network and it is dead. So, I cannot HTTP login to the admin screen. Can I run admin from the prompt like in v2 (just type "setup") or is something else needed? How can I diagnose this green port (methinks the H/W is fscked)

 

[The_Unbeliever]

login as root

then run 'setup' from the command line

should work

If you suspect a borked network card, try replacing it with one of the same make and model.

 

[GreGorGy]

login as root

then run 'setup' from the command line

should work

If you suspect a borked network card, try replacing it with one of the same make and model.

Sweet - so it is the same is v2? It is the onboard card so replacing is a no-no. But, it has two onboard ports so I am hoping I can just flick to the other.

 

[GreGorGy]

OK, now the fun begins. Neither the onboard network nor the PCI card is responsive. I cannot log into the admin interface via web no matter which is RED and GREEN interface. I am starting to think this machine has seen better days. I made a USB v2 and it works on my test machine but not on this machine - sees the network ports, assigns them but fails to respond to any network activity.


Anyone know how I can export or backup that V1.4 setup without access to the web admin?

 

[The_Unbeliever]

OK, now the fun begins. Neither the onboard network nor the PCI card is responsive. I cannot log into the admin interface via web no matter which is RED and GREEN interface. I am starting to think this machine has seen better days. I made a USB v2 and it works on my test machine but not on this machine - sees the network ports, assigns them but fails to respond to any network activity.


Anyone know how I can export or backup that V1.4 setup without access to the web admin?

Mmmmm... not good news

Keep in mind I'm using Smoothwall.

Boot a live Linux CD (what else?)

You can try to copy /var/ipcop/*.* over to the new PC and see if the settings got transferred as well...

Keep in mind that any new mods/add-ons might need reinstalling.

 

[MickZA]

You do know that the ports differ between v2 & v1.4 ?

- the GUI uses 8443 instead of 445 (https - 81 for http).
- SSH uses 8022 instead of 222.

 

[GreGorGy]

Thanks Lib - I will try that.

Ja Mick - tried all the ports. Even did a port scan and the target IP does not respond to anything - not even ping, for that matter.

 

[MickZA]

You can check /var/log/dmesg for eth0 / 1 errors.

Otherwise /var/ipcop/ppp contains the profile(s) and ISP logon info(plain text), /var/ipcop/ethernet has the card info.

 

[GreGorGy]

Update: I moved the HD to another box, ran setup, reconfigured the ports and it is up and running. As I was about to check those log errors (thanks Mick) The clock turned 9 and I had to leave for the game. But at least she is up and running. I will probably have to replace the box in the long run.

 

[GreGorGy]

Ok, with this thing now working it has one part that is not: OpenVPN. Everything else is fine and in fact OpenVPN connects just fine. In the past, when the okes connected to VPN, they are able to open http://192.168.19.1/ for example. Now, they cannot. OVPN connects but no local browsing. Is there another setting I am missing?

Greg

 

[MickZA]

The old drive in a new box or a fresh v2.0 setup?

 

[GreGorGy]

The old drive in a new box or a fresh v2.0 setup?

Fresh 2 setup - old drive was attempted but it was IDE and new box is SATA. Things worked very iffy! So, currently a 2 in the new

 

[MickZA]

Yep it's changed. I'm guessing you'll need to create a rule for each road warrior in the Firewall section, I don't have a v2 live at the moment as I'm still testing but I'll be figuring it out on Sat afternoon when I can play with the network.

You'll find the v2 Admin Guide at http://www.ipcop.org/2.0.0/en/admin/html/firewall-fwrules.html but it's still a WIP and you need to play around to suss it out

 

[GreGorGy]

Damn thanks Mick

On v1, do I need to change anything? I mean, besides OpenVPN, what else do I need to configure so that an outsider connected in OpenVPN can see the local server at .19.1?

Greg

 

[MickZA]

On v1 with OpenVPN running on RED, if the connection is OPEN - nothing more,.

Running on BLUE you'll need to enable each warrior - FIREWALL>BLUE ACCESS.

 

[GreGorGy]

Ja - that's what I thought. OpenVPN connects and establishes itself as open but clients simply cannot see the rest of the network. Very strange indeed.

 

[MickZA]

After testing OpenVPN on IPCop v2.0 three points to note:

1) You can't import your v1.4 certificates if you want OpenVPN to work, it won't start (but if you're only using IPsec net to net you can get away with importing the contents of /var/ipcop/certs & /var/ipcop/ca - not recommended).

2) The TUN setting for OpenVPN has been moved to advanced server settings and is not enabled by default - you have to set it else the connection shows OPEN but you can't ping or see GREEN.

3) You have to create IPCop Access & Internal Traffic rules.

 

[GreGorGy]

Sweet - the only thing I had missing was (2) above. Working now. Thanks Mick