Windows CE 2.0 and OpenSSH
I’ve found a [good howto][sshwin20howto] on installing OpenSSH on Windows CE 2.0. The only problem with it, is that you require an ActiveSync partnership with the device in order to insert the nessesary registry keys. I’ve found a way to install OpenSSH *without* needing any ActiveSync partership. I did this on a HP 320LX H/PC (which runs WinCE 2.0 on SH3).
To do this, install [Registry Explorer][rexplrce11] on your device. If you don’t want to boot Windows (or can’t), you can use [this copy of the files][rexplrce11tbz2], which has the CAB files you’ll need to install it to your device. You can then [follow the HOWTO][sshwin20howto], then use Registry Explorer to add in the registry entries. Registry Explorer uses a GUI similar to the standard Win32 Registry Editor.
For convienience, I’ve created [a copy of my registry entries][unixreg], which you can import using the Registry Explorer software. Be aware that I store my UNIX root in `\Storage Card\unix`, due to limited internal memory. I’ve found that SSH will still try to store it’s `known_hosts` file in the `\unix` directory, so you’ll need to create that directory anyway (just leave it empty - don’t copy your UNIX root into it). The space used by the `known_hosts` file is minimal. My registry dump also uses the default username of “michael”, which you’ll need to change so it matches what you wrote in your `/etc/passwd` file.
One final thing is that ncurses apps (like irssi) seem to have some problems with the terminal type being set to ‘wince’. I’m presently working on getting a working terminfo file for Linux systems, so that they can properly handle OpenSSH on WinCE.
[sshwin20howto]: http://www.eskimo.com/%7Ewebguy/service/openssh.html [rexplrce11tbz2]: /static/wince/rexplrce-1.1.tar.bz2 [unixreg]: /static/wince/unix.reg [rexplrce11]: http://www.tucows.com/preview/32379
Bridged OpenVPN and DHCP
I’ve setup a VPN recently, and I created a large bridged VPN. I had a little problem though - the DHCP server from the remote network was leaking through to mine, causing all sorts of troubles, as my network devices were trying to use the remote router, which I had of course blocked VPN access to the Internet.
So, lets take a hypothetical network:
* eth0: Internet Connection (192.168.0.2) * eth1: LAN Connection * tap0: VPN Connection * br0: Bridge between eth1 and tap0 (10.0.1.1)
Now, your local DHCP server is saying the subnet is 10.0.0.0/8, and it gives out IPs in the range 10.0.1.100 - 10.0.1.200. The remote end (10.0.2.1) gives out 10.0.2.100 - 10.0.2.200, and sets the routing accordingly. I found running the DHCP server on the bridge was a problem, particulary with the ISC DHCP server, as it uses raw sockets, thus making it quite hard to try and firewall out. The solution?
Set an IP for eth1 locally (and remotely), that is in the range, say 10.254.1.254, with the netmask 255.255.255.252. Bind your DHCP server (in /etc/default/dhcp3-server) to eth1. Then restart the DHCP servers, and voila. The DHCP servers only give out addresses locally. To your clients it will appear that 10.254.1.254 is giving out IP addresses.