03
Apr

IP configuration on OpenBSD with online.net (aka Dedibox)
Posté par Remi Philippe @ 16:36

Dedicated servers providers like Online.net are now proposing to address Virtual Machines by using static mac, but the configuration is not 100% “clean” on quite a few OS (see my upcoming post on how it works).

Hopefully, it’s pretty straightforward on OpenBSD, let’s assume $if is the interface connected to the Public Network , 88.190.xxx.xxx is the IP address (also called FailOver IP) given by your provider and 88.190.17.1 is the gateway.

When installing OpenBSD you can configure the IP of the device as a /32 without any problems, but when it comes to configuring the gateway it won’t work. Why? Because OpenBSD is (rightly) expecting to have the gateway on the same subnet so we have to work our way around that.

In the installation process, after configuring the network you have an option to make extra configs at the shell prompt, that’s our way out!
First of all configure the IP address of the interface:

ifconfig em0 inet 88.190.xxx.xxx netmask 255.255.255.255

If you try to ping the gateway it will fail as it’s not on the same subnet, so we need to tell OpenBSD how to reach this IP, to do this we’ll configure OpenBSD so that it will ARP for that IP on it’s external interface:

route add -inet 88.190.17.1/32 -link -iface $if

Lets try to ping the gateway …

# ping 88.190.17.1                                                      
PING 88.190.17.1 (88.190.17.1): 56 data bytes
64 bytes from 88.190.17.1: icmp_seq=0 ttl=255 time=0.551 ms
64 bytes from 88.190.17.1: icmp_seq=1 ttl=255 time=0.418 ms
64 bytes from 88.190.17.1: icmp_seq=2 ttl=255 time=0.463 ms
64 bytes from 88.190.17.1: icmp_seq=3 ttl=255 time=0.483 ms
--- 88.190.17.1 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.418/0.478/0.551/0.054 ms

… and it works!

We just need to setup the gateway and finish our setup.

Now we want to make sure the interface starts at boot time, to do this we’re just going to create the file /etc/hostname.$if with the following content:

inet 88.190.xxx.xxx 255.255.255.255
!route add -inet 88.190.17.1/32 -link -iface $if

and populate the file /etc/mygate with the IP of the gateway

88.190.17.1

Here we are, OpenBSD is running in the virtual world but connected to the real world!

16
Jan

Asterisk sRTP with 1.8
Posté par Remi Philippe @ 13:18

In a previous article I explained how to configure Asterisk with sRTP, but using a development version at the time. Since Asterisk 1.8 there is a native support for sRTP, so no need to have some development version.

Moving from development to 1.8 a few things changed in the configuration (not much), here is a quick update

Step 1: Pre-Requisites

On the sRTP side we still need the libraries (which can be found here) otherwise you will see …

checking for mandatory modules:  CRYPTO MYSQLCLIENT SRTP OPENSSL... fail

configure: ***
configure: *** The SRTP installation appears to be missing or broken.
configure: *** Either correct the installation, or run configure
configure: *** including --without-srtp.

Refer to the sRTP on Asterisk article for how to set this up.

If you plan to include MySQL support on debian, don’t forget to install the libmysqlclient-dev

toera-g-sip1:/sw/src/asterisk-1.8.1.1# apt-get install libmysqlclient15-dev
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  libmysqlclient15-dev
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.

Step 2: Configuring the binaries

First of all lets configure the binaries, here is the command I used

toera-g-sip1:/sw/src/asterisk-1.8.1.1# ./configure --prefix=/sw/asterisk-1.8.1.1 --with-crypto --with-ssl --with-mysqlclient --with-srtp

The options are self explanatory, –with-crypto, –with-ssl are for the TLS part, –with-srtp for the … sRTP part and finally –with mysqlclient is for the MySQL support (not required by sRTP or TLS, but used for CDR).

Once this is done, run make menuconfig to enable the TLS and sRTP modules (see the original article for details on that).

Step 3: Configuration part

Here are some changes, first the option in the sip.conf file is not anymore

srtpcapable=yes

but

encryption=yes

Second the dial plan part in the extensions.conf file is not

exten => 9999,1,Set(_SIP_SRTP_SDES=optional)

but

exten => 9999,1,Set(_SIP_SRTP_SDES=1)
exten => 9999,2,Set(_SIPSRTP=1)
exten => 9999,3,Set(_SIPSRTP_CRYPTO=enable)

And basically that’s the only changes there are compared to the development version. As usual you can check if it’s working through a sip set debug on :

<--- SIP read from TLS:85.xxx.xxx.xxx:55660 --->
INVITE sip:01xxxxxxxx@sip.remiphilippe.fr;transport=tls SIP/2.0
Via: SIP/2.0/TLS 192.168.0.17:46679;branch=z9hG4bK-d8754z-a51806220748b135-1---d8754z-;rport
Max-Forwards: 70
Contact: <sip:100@85.xxx.xxx.xxx:55660;transport=TLS>
To: "01xxxxxxxx"<sip:01xxxxxxxx@sip.remiphilippe.fr>
From: "Remi"<sip:100@sip.remiphilippe.fr>;tag=bd9bb73d
Call-ID: ZTE0ZTdiODBhYTA0MDQ2ZjYwNDZlMTAyYTM0Y2ViZmQ.
CSeq: 1 INVITE
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
Content-Type: application/sdp
Supported: replaces
User-Agent: Bria 3 release 3.1 stamp 58312
Content-Length: 593

v=0
o=- 1295179812598219 1 IN IP4 192.168.0.17
s=Counterpath Bria 3.1
c=IN IP4 192.168.0.17
t=0 0
a=ice-ufrag:4de55c
a=ice-pwd:d96683ec023786e73ca78e87d0383765
m=audio 53080 RTP/SAVP 9 0 8 18 101
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=yes
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:2aHmG4LMIzu51D93lMPZpr5HCPuSgsmDpgM4siEz
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:2aHmG4LMIzu51D93lMPZpr5HCPuSgsmDpgM4siEz
a=sendrecv
a=candidate:1 1 UDP 659136 192.168.0.17 53080 typ host
a=candidate:1 2 UDP 659134 192.168.0.17 53081 typ host
<------------->

Here we are!

19
Jul

CCIE Service Provider – Done!
Posté par Remi Philippe @ 12:57

At last on my third try I passed the CCIE Service Provider! It really feels like a relief :)

Here is a brief history of my journey to the CCIE SP…

read more…

27
Jun

Have you ever seen a webdesigner at work?
Posté par Remi Philippe @ 9:16

I needed a shot to play around with PhotoShop, Caroline was working next to me so she became the subject :)

The idea was to edit the photo in order to have everything in black and white except Caroline and the computer screen.

Doesn’t look bad, though it’s a pity the bottle of water was in front on the screen…

26
Jun

Has Twitter started advertising?
Posté par Remi Philippe @ 11:35

So far I had never seen an advert on Twitter but today when I logged in to get the latest news look at what I saw

Yep, promoted! And promoted by Disney – Pixar
There is a help link next to the promoted button, it seems they have introduced this on the 16th of June

Update: June 16, 2010
Q. What are “Promoted Trends”?
A. Promoted Trends are a new advertising concept we began testing this week; they are an extension of our Promoted Tweets platform. With Promoted Trends, users will see time-, context- and event-sensitive trends promoted by our advertising partners. These Promoted Trends initially appear at the bottom of the Trending Topics list on Twitter and are clearly marked “Promoted.” As conversations about the topic increase, Promoted Trends may move up the list.

Source: Twitter Support

Can’t wait to see if that’s going to take off!

« Older Entries

Fáilte

photo Remi Philippe

The blog of a geek interested in photography and aiming for a top MBA. The idea of this blog is to share a few things: my certification related work, photography, information on the service providers infrastructures, my thoughts on business and finally my preparation for an MBA. I hope you'll find this interesting and feel free to drop me a line for any comments.

About me ...

It's somewhere here ...

... or in the cloud

Follow the white rabbit

Computer Blogs - Blog Catalog Blog Directory

Socialize

View Rémi Philippe's profile on LinkedIn

Google+