i'm stuck and i need any help that can point me into right direction ( thank in advance for any provided help ). i want to create a wifi access point through rassberry pi 3b+ and external wifi dungle everything is setup and working great except that nodogsplash can't detect wifi interface so here my configuration so you can check if there's any error in my configuration.
here is /etc/config/wireless content :
config wifi-device 'wl0'
option type 'broadcom'
option disabled '0'
option channel 'auto'
config wifi-device 'wlan0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'platform/soc/3f980000.usb/usb1/1-1/1-1.1/1-1.1.2/1-1.1.2:1.0'
option htmode 'HT20'
option legacy_rates '1'
option country 'TN'
config wifi-iface
option device 'wlan0'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
option network 'lan'
the content of /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fda6:1455:0cd8::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option proto 'dhcp'
config 'interface' 'wifi'
option 'ifname' 'wlan0'
option 'proto' 'dhcp'
config 'interface' 'wifi_2'
option 'ifname' 'wl0'
option 'proto' 'dhcp'
and last the configuration of nodogsplash under /etc/config/nodogsplash
option enabled 1
option fwhook_enabled '1'
option gatewayinterface 'wifi'
option externalinterface 'br-lan'
option gatewayname 'OpenWrt Nodogsplash'
option maxclients '250'
option preauthidletimeout '30'
option authidletimeout '120'
option sessiontimeout '1200'
option checkinterval '600'
#TEST
option fasremoteip https://www.google.net/
option fas_secure_enabled '0'
#End TEST
list authenticated_users 'allow all'
list users_to_router 'allow tcp port 22'
list users_to_router 'allow tcp port 23'
list users_to_router 'allow tcp port 53'
list users_to_router 'allow udp port 53'
list users_to_router 'allow udp port 67'
list users_to_router 'allow tcp port 80'
list users_to_router 'allow tcp port 443'
so if i try this command service nodogsplash reload i get this error:
Interface wifi not detected.
Can not generate uci config. Will not start instance cfg015847.
thanks again for any help
hey guys thanks for the views, i found out that nodogsplash cannot detect interface if it doesn't have an ip on his own so as a dhcp client it will not detect the wifi interface.
Related
I am running a local Mosquitto (MQTT) Broker that connects to a remote Mosquitto Broker using the build in MQTT Bridge functionality of Mosquitto. My mosquitto.conf looks like this:
# =================================================================
# Listeners
# =================================================================
listener 1883
# =================================================================
# Security
# =================================================================
allow_anonymous true
# =================================================================
# Bridges
# =================================================================
connection myConnectionName
address <<Remote Broker IP>>:1883
remote_username <<Remote Broker Username>>
remote_password <<Remote Broker Password>>
topic mytopic/# out 1 "" B2/
bridge_protocol_version mqttv50
cleansession false
bridge_attempt_unsubscribe true
upgrade_outgoing_qos true
max_queued_messages 5000
For testing I run a MqttPublisher using a C# console application which uses the MQTTnet library (version 3) and a MqttSubsbriber (also C# console application with MqttNet).
Now I want the Publisher to publish MQTT messages with User Properties (introduced by MQTT 5).
I build the message like this:
using MQTTnet;
using MQTTnet.Client;
using MQTTnet.Client.Options;
class Program
{
static void Main()
{
// Create a new MQTT client instance
var factory = new MqttFactory();
var mqttClient = factory.CreateMqttClient();
// Setup the options for the MQTT client
var options = new MqttClientOptionsBuilder()
.WithClientId("MqttPublisher")
.WithTcpServer("localhost", 1883)
.WithProtocolVersion(MQTTnet.Formatter.MqttProtocolVersion.V500)
.WithCleanSession()
.Build();
mqttClient.ConnectAsync(options).Wait();
var i = 0;
while (true)
{
Console.WriteLine("Client connected: " + mqttClient.IsConnected);
var message = new MqttApplicationMessageBuilder()
.WithTopic("mytopic/test")
.WithUserProperty("UPTest","Hi UP")
.WithPayload("Hello World: " + i)
.Build();
mqttClient.PublishAsync(message).Wait();
Console.WriteLine("Published message with payload: " + System.Text.Encoding.UTF8.GetString(message.Payload));
i++;
System.Threading.Thread.Sleep(1000);
}
mqttClient.DisconnectAsync().Wait();
}
}
With the subscriber (also with WithProtocolVersion(MQTTnet.Formatter.MqttProtocolVersion.V500) if I subscribe to the topic I get all the messages and I can read the MQTTnet.MqttApplicationMessage like shown in the following screenshot:
The messages are also published to the remote MQTT Broker due to the MQTT Bride configured. However, if I subscribe to the remote Broker with my MqttSubscriber, I am not getting the User Properties anymore:
Is there any way to configure the Mosquitto Bridge that also the user properties are send? I cant find a way and any help and comments are appreciated.
Thanks
Joshua
Using mosqutto 2.0.15 I have verified that MQTTv5 message properties are passed over the bridge.
Broker one.conf
listener 1883
allow_anonymous true
Broker two.conf
listener 1884
allow_anonymous true
connection one
address 127.0.0.1:1883
topic foo/# both 0
bridge_protocol_version mqttv50
Subscriber connected to Broker two
$ mosquitto_sub -t 'foo/#' -V mqttv5 -p 1884 -F "%t %P %p"
foo/bar foo:bar ben
Publisher connected to Broker one
$ mosquitto_pub -D PUBLISH user-property foo bar -t 'foo/bar' -m ben -p 1883
As you can see the the %P in the output format for the subscriber is outputting the user property foo with a value of bar when subscribed over the bridge.
I'm a novice setting up a server for the first time to implement WebRTC
Linux is using Centos7 and has set up KMS and Coturn.
However, there is one problem.
The client and server are not connected on the screen, so I checked the logs of kms
docker logs --follow kms
0:00:01.206579656 1 0x56191aac5010 INFO KurentoServerMethods ServerMethods.cpp:90:ServerMethods: Using above 80% of system limits will throw NOT_ENOUGH_RESOURCES exception
0:00:01.206607827 1 0x56191aac5010 INFO KurentoServerMethods ServerMethods.cpp:109:ServerMethods: System limits: unlimited threads, 32768 files
0:00:01.206902099 1 0x56191aac5010 INFO KurentoWorkerPool WorkerPool.cpp:67:WorkerPool: Worker thread pool size: 2
0:00:01.207158442 1 0x56191aac5010 INFO KurentoServerMethods ServerMethods.cpp:144:ServerMethods: RPC Request Cache is ENABLED
0:00:01.207351433 1 0x56191aac5010 INFO KurentoWebSocketTransport WebSocketTransport.cpp:187:initWebSocket: WebSocket server (ws://) listening on address '::', port 8888
0:00:01.207411744 1 0x56191aac5010 INFO KurentoWebSocketTransport WebSocketTransport.cpp:88:WebSocketTransport: Secure WebSocket server (wss://) not enabled
0:00:01.208078290 1 0x56191aac5010 INFO KurentoMediaServer main.cpp:259:main: Kurento Media Server started
0:02:29.095818552 1 0x7f5070017630 INFO KurentoWebRtcEndpointImpl WebRtcEndpointImpl.cpp:164:generateDefaultCertificates: Unable to load the RSA certificate from file. Using the default certificate.
0:02:29.284074137 1 0x7f5070017630 INFO KurentoWebRtcEndpointImpl WebRtcEndpointImpl.cpp:174:generateDefaultCertificates: Unable to load the ECDSA certificate from file. Using the default certificate.
0:02:29.290405426 1 0x7f5070017630 INFO KurentoWebRtcEndpointImpl WebRtcEndpointImpl.cpp:110:remove_not_supported_codecs_from_array:<kmswebrtcendpoint0> Removing not supported codec 'AMR/8000'
0:02:29.515589312 1 0x7f5064039e00 INFO basertpendpoint kmsbasertpendpoint.c:1132:kms_base_rtp_endpoint_start_transport_send:<kmswebrtcendpoint0> Media 'video' has REMB
0:02:29.515721223 1 0x7f5064039e00 INFO basertpendpoint kmsbasertpendpoint.c:1078:kms_base_rtp_endpoint_create_remb_manager:<kmswebrtcendpoint0> Creating REMB for session ID 0 (kmswebrtcendpoint0-sess0) and remote video SSRC 3653849939
0:02:29.515746113 1 0x7f5064039e00 INFO basertpendpoint kmsbasertpendpoint.c:1089:kms_base_rtp_endpoint_create_remb_manager:<kmswebrtcendpoint0> REMB: Set RTCP min interval to 500 ms
0:02:29.519063004 1 0x7f5064007580 WARN kmswebrtcsession kmswebrtcsession.c:823:kms_webrtc_session_set_stun_server_info:<kmswebrtcsession0> STUN server not configured! NAT traversal requires STUN or TURN
0:02:29.519107324 1 0x7f5064007580 WARN kmswebrtcsession kmswebrtcsession.c:843:kms_webrtc_session_set_relay_info:<kmswebrtcsession0> TURN relay server not configured! NAT traversal requires STUN or TURN
0:02:29.522346434 1 0x7f50700054f0 INFO KurentoWorkerPool WorkerPool.cpp:67:WorkerPool: Worker thread pool size: 2
0:02:40.930306053 1 0x7f5050001630 INFO KurentoWebRtcEndpointImpl WebRtcEndpointImpl.cpp:110:remove_not_supported_codecs_from_array:<kmswebrtcendpoint1> Removing not supported codec 'AMR/8000'
0:02:40.951376487 1 0x7f5064018b30 INFO basertpendpoint kmsbasertpendpoint.c:1132:kms_base_rtp_endpoint_start_transport_send:<kmswebrtcendpoint1> Media 'video' has REMB
0:02:40.951898082 1 0x7f5064018b30 INFO basertpendpoint kmsbasertpendpoint.c:1078:kms_base_rtp_endpoint_create_remb_manager:<kmswebrtcendpoint1> Creating REMB for session ID 0 (kmswebrtcendpoint1-sess0) and remote video SSRC 3442416509
"NAT traversal requires STUN or TURN."
I don't know how to solve this part.
This is because the STUN server results from Trickle ICE were also successful.
If you know what I need to do, I'd appreciate it if you could tell me all the actions.
And please let me know if there is anything else I need to fill out!
STUN and TURN
You dont have to have coturn if you are doing local testing. The warning is saying if you want to go outside of your network (out of your router and to the web) you will need a STUN or TURN server.
Docker
Docker doesn't open the port 8888 by itself. You may need to open that port manually. To do this, add this -p 8888:8888 when creating your container.
Or if you are using the Desktop version you can enter it into Host port under the Optional settings when you first run it.
I am trying to configure DHCP Server on a Cisco 2960-x Switch to achieve port-based address allocation. I would like the ip address assigned to any device connected to that port to be the same every time.
I have used the following guide to achieve this:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swdhcp82.html#wp1320905
The commands used are explained in detail here:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book.pdf
I have also tried various iterations of the following command to find something that works:
address ip-address client-id string [ascii]
What I am not sure about is the string after Client ID. Does it have to match your interface name? If not how does the DHCP server know which interface to relate the assigned IP address.
Here's my running-config:
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname otg
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$43Kk$SyzqQc5biarBjD2TD9Hw0/
enable password otgswitch
!
no aaa new-model
clock timezone UTC -5 0
clock summer-time UTC recurring
switch 1 provision ws-c2960x-24ts-l
no ip dhcp use vrf connected
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
!
ip dhcp pool mypool
network 192.168.200.0 255.255.255.0
reserved-only
address 192.168.200.20 client-id "GigabitEthernet1/0/2" ascii
address 192.168.200.25 client-id "GigaEth1/0/1" ascii
address 192.168.200.30 client-id "GE1/0/4" ascii
address 192.168.200.35 client-id 188b.4528.d482
address 192.168.200.45 client-id "188b.4528.d482" ascii
!
I then enables DHCP debug messages and here is what I receive:
Jan 4 02:55:49.112: DHCPD: Reload workspace interface Vlan1 tableid 0.
Jan 4 02:55:49.112: DHCPD: tableid for 192.168.200.245 on Vlan1 is 0
Jan 4 02:55:49.112: DHCPD: client's VPN is .
Jan 4 02:55:49.112: DHCPD: using subscriber-id as client-id
Jan 4 02:55:49.112: DHCPD: using received relay info.
Jan 4 02:55:49.112: DHCPD: DHCPDISCOVER received from client 0047.6931.2f30.2f on interface Vlan1.
Jan 4 02:55:49.112: DHCPD: using received relay info.
Please advise on what I might be doing wrong. Would appreciate your help.
I was facing problem due to loss of information in the dhcp binding table. In short the subscriber id automatically generated would not match my reservations. Here are some examples:
port# interface received SID(hex) expected SID(hex)
2 Gi1/0/2 0047-6931-2f30-2f 0047-6931-2f30-2f32
13 Gi1/0/13 0047-6931-2f30-2f31 0047-6931-2f30-2f31-33
24 Gi1/0/24 0047-6931-2f30-2f32 0047-6931-2f30-2f32-34
I was hitting IOS bug present in some 15.0 releases. I updated my ios to 15.2 and problem solved!
I have been trying to figure out what is wrong with my Jenkins ZMQ-event-publisher configuration for more than 23 hours and have given up. Hopefully, you may have an idea what I am doing wrong.
I've installed Jenkins with ZMQ-event-publisher plugin and under Manage Jenkins->Configure System checked Enable on all Jobs (Note TCP port to publish on is set to 8888).
Created a new job, checked Check if ZMQ events should be published for this project and clicked on Save.
I have written a Python script using pyZMQ
#!/usr/bin/env python
import zmq
port = "8888"
context = zmq.Context()
socket = context.socket(zmq.SUB)
socket.connect("tcp://localhost:%s" % port)
socket.setsockopt(zmq.SUBSCRIBE, '')
print "Jenkins... waiting..."
string = socket.recv()
print "recv =>", string
Executing the above script on the Jenkins machine + running the Jenkins job.
Unfortunately, the script doesn't receive any ZMQ message from Jenkins.
Trying to capture the ZMQ message using either tcpdump -i eth0 'port 8888' or tcpdump -i lo 'port 8888' didn't help too.
In addition to that, looking at the /var/log/jenkins/jenkins.log, I get:
Sep 25, 2014 8:54:47 PM org.jenkinsci.plugins.ZMQEventPublisher.ZMQRunnable bindSocket
INFO: Binding ZMQ PUB to port 8888
Sep 25, 2014 8:54:48 PM hudson.model.Run execute
INFO: MyJob #18 main build action completed: SUCCESS
Moreover, netstat -ntlp verifies that
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::8888 :::* LISTEN 31/java
tcp 0 0 :::57467 :::* LISTEN 31/java
tcp 0 0 :::8009 :::* LISTEN 31/java
tcp 0 0 :::59373 :::* LISTEN 31/java
tcp 0 0 :::8080 :::* LISTEN 31/java
So, what am I doing wrong?
There is no good explanation on how to configure correctly the Jenkins ZMQ plugin and looking at the plugin code doesn't reveal much.
Your help will be more than appreciated.
Thanks.
EDIT : Dave's suggestion was great, but it hasn't fixed the problem, yet.
EDIT 2: It looks like it fails because Jenkins has been running from a Docker container and I've forgotten to expose all its ports. Nevertheless, It looks like Dave's suggestions does fix the problem. Yay!!!
From the ZMQ Guide:
Note that when you use a SUB socket you must set a subscription using zmq_setsockopt() and SUBSCRIBE
I suspect that your subscriber script is not seeing events because you need to set the subscribe filter. As described on the zmq_setsockopt page, setting the filter to the empty string subscribes to all messages.
Try adding:
socket.setsockopt(zmq.SUBSCRIBE, '')
A customer of ours has a Cisco 1841 router that is connected to another network via a IPSec VPN tunnel. Everything is working good, but occasionally the VPN tunnel will drop and come back up at a later time (sometimes in a few minutes or a few hours).
I have a feeling that the router is configured to drop the tunnel if there's not any network traffic across it after so many minutes, and then re-establishing the tunnel when traffic needs to go out across it.
What I'd like to do is have the router configured so that the tunnel stays up all the time. Documentation that I've seen makes mention of modifying group policies, but the router isn't configured for that, and I'd like to stay away from doing that if all possible.
A scrubbed copy of their router configuration is below. Any help would be appreciated.
--
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CustomerName
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$gaBA$wXYb7px.gAAFR05JJ10510
!
no aaa new-model
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip dhcp relay information option vpn
ip dhcp relay information option
ip dhcp relay information trust-all
!
!
ip domain name CustomerName.us
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
!
!
crypto pki trustpoint TP-self-signed-475674154
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-475674154
revocation-check none
rsakeypair TP-self-signed-475674154
!
!
crypto pki certificate chain TP-self-signed-475674154
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34373536 37343135 34301E17 0D313330 38303132 30303834
385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3437 35363734
31353430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A971CD18 93797FFA EB6BE936 2F3E66C4 8E295883 6C674012 A880FA08 FAE3490A
B362AB65 670E881C D2250574 720A6641 2A072F83 7A456DBC 0EDBBF4D FA675717
E45AABF5 3B94F956 8D7D0EDE 57E4048B 0D616B9A 96E2F6A0 5AADC8FB 803A991C
E0DA0B0B 7644D132 336C3DB3 7FD12D97 E9EF15EF AAC6CF12 4504AC41 C6D4BA1B
02030100 01A37430 72300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
11041830 16821441 6C6C7368 6F72652E 616C6C73 686F7265 2E757330 1F060355
1D230418 30168014 08293177 593054F5 0592E062 1CE0BB17 E3E71990 301D0603
551D0E04 16041408 29317759 3054F505 92E0621C E0BB17E3 E7199030 0D06092A
864886F7 0D010104 05000381 81008017 F56757B1 2D716F08 6748811E 2D86D83B
92288F4B 215BADE9 78BEB571 4E2B5673 15B3DF04 DEE340F5 380B0CA1 E4BEB665
FE80D4B2 27F302F9 CB7DEB45 5A3B5959 D46127A9 68783C20 B066BEEE 18705DCF
D26068C7 1F5EA80C 2644ECE2 FB1894EF 6F13CA87 4CD13494 9ADE31AF 5B752C11
375DEA79 14A3EBE0 F04FBD7E 96B1
quit
username CustomerName privilege 15 secret 5 $1$FpRX$rOCJ52eTZllenQD5sSUvT1
!
!
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
lifetime 28800
crypto isakmp key fM579D2i92r3j9tydsanFntyeakB6KWvJDoR7n79yxsWXe8p5o3hhh5N23vkt
v4 address xxx.xxx.xxx.xxx
!
!
crypto ipsec transform-set red esp-aes 256 esp-sha-hmac
!
crypto map OUTSIDE_MAP 10 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set red
set pfs group1
match address crypto10
!
!
!
!
interface FastEthernet0/0
description Connected to Cable Modem
ip address xxx.xxx.xxx.xxx 255.255.255.224
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map OUTSIDE_MAP
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1/0
switchport access vlan 2
!
interface FastEthernet0/1/1
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface Vlan1
no ip address
!
interface Vlan2
description CustomerName LAN
ip address 10.10.20.1 255.255.255.0
ip helper-address 172.16.3.100
ip nat inside
ip virtual-reassembly
!
router rip
version 2
network 10.0.0.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 184.178.184.1
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 101 interface FastEthernet0/0 overload
ip nat inside source static tcp 10.10.20.2 5060 184.178.184.16 5060 extendable
ip nat inside source static udp 10.10.20.2 5060 184.178.184.16 5060 extendable
ip nat inside source static tcp 10.10.20.2 5090 184.178.184.16 5090 extendable
ip nat inside source static udp 10.10.20.2 9000 184.178.184.16 9000 extendable
ip nat inside source static udp 10.10.20.2 9001 184.178.184.16 9001 extendable
ip nat inside source static udp 10.10.20.2 9002 184.178.184.16 9002 extendable
ip nat inside source static udp 10.10.20.2 9003 184.178.184.16 9003 extendable
ip nat inside source static udp 10.10.20.2 9004 184.178.184.16 9004 extendable
ip nat inside source static udp 10.10.20.2 9005 184.178.184.16 9005 extendable
!
ip access-list extended crypto10
permit ip 10.10.20.0 0.0.0.255 172.16.3.0 0.0.0.255
!
access-list 101 deny ip 10.10.20.0 0.0.0.255 172.16.3.0 0.0.0.255
access-list 101 permit ip 10.10.20.0 0.0.0.255 any
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login local
transport input telnet ssh
transport output all
line vty 5 15
privilege level 15
login local
transport input all
transport output all
!
scheduler allocate 20000 1000
end
--
I think here you can find answer for your question.
http://www.cisco.com/en/US/products/hw/routers/ps368/module_installation_and_configuration_guides_chapter09186a00806c1d08.html#wp2551278
IPSec SA Idle Timer Global Configuration Example
The following example globally configures the IPSec SA idle timer to
drop SAs for inactive peers after 600 seconds:
Router(config)# crypto ipsec security-association idle-time 600 IPSec
SA Idle Timer per Crypto Map Configuration Example
The following example configures the IPSec SA idle timer for the
crypto map named "test" to drop SAs for inactive peers after 600
seconds:
Router(config) # crypto map test 1 ipsec-isakmp
Router(config-crypto-map)# set security-association idle-time 600