Getting Linux talking to a Nortel VPN

Nov 22, 2007 / 0 comments

At work we're currently in a managed office, which means we don't control the network in any way. As a result we're all individually VPNing back to the lab network in the US. Not a great situation, but it does the job while we work out what's happening with our own building and a local lab.

The HQ end is running on a Nortel Contivity. This causes a bit of a problem; I need a working VPN setup in order to work, but the Nortel stuff is non standard. How to get it going under Linux so I can switch from XP to Debian?

I found 3 options, in order of preference:

vpnc

There's a Nortel branch of vpnc, though it's from an old release (0.3.2). There are some reports of it working ok, and quite a few of problems. vpnc gains points for being entirely Free software. http://ubuntuforums.org/showthread.php?t=441042 has some further details.

Novell VPN client

Novell have a hacked up version of ipsec-tools that adds http://forge.novell.com/modules/xfmod/project/?turnpike, a framework for different types of IKE. They have a novell-nortelplugins package that has a binary plugin supposedly supporting Nortel VPN access. Not quite as nice as vpnc, but it's still userland and does use the kernel's IPSEC stack.

Apani Nortel client

Apani do a commerical Nortel VPN client for Linux, as well as Windows CE/MacOS and Solaris. It's not that up to date (supports up to kernel 2.6.18, though there are patches that get it working on 2.6.22) and involves a binary blob kernel driver, but they do claim to offer support for it and it's where Nortel will point you for single client licenses.

I have, of course, ended up with the (paid for) Apani client. I tried vpnc and the Novell client but couldn't get any degree of success from them. VPN remote ends don't really provide a lot of feedback (which is understandable - it hardly wants to tell me if I'm failing on a username, password, or something entirely different) and I don't have any access to the Contivity device to read its logs. I think the main issue is that my connection has no IPSEC group id or password, and both vpnc and the Novell stuff ask for that. The Apani client is happy with just my username and password, which I think is used for some corruption of xauth.

At some point I'll try fighting vpnc again, but for the moment I have my VPN connection working under Debian and thus I'm back to Debian at work. As an added bonus the reaction of my coworkers has been good - instead of "Why would you want to?" I've had comments like "I wish I'd installed Linux when I started." and "Actually, I might do that myself after Christmas."

What to do if your TomTom loses its memory

Nov 6, 2007 / 0 comments

If you should discover, while sitting in a airport departure lounge, that your TomTom has lost its SD card, don't despair. Provided you have a spare SD card (I stole the one from my camera) and have the laptop you've used TomTom Home with to hand, all might not be lost. I was able to do something along the lines of:

cd /media/disk
cabextract ~noodles/TomTom/HOME/Downloads/navcore_7.131.8483.one.cab
mkdir "US - Western Region"
cd US\ -\ Western\ Region/
cabextract ~noodles/TomTom/HOME/Downloads/US_-_Western_Region.cab 
cd
umount /media/disk

which got me up and running again. Of course it doesn't have the UK maps that came with the device, but as I was on my way to the US that's not so important (and Katherine has found the SD card anyway, so I can just replace it when I return). I was quite pleased with myself. And then I ended up with a rental car that had GPS of its own anyway...

(Oh, yes, I'm in Fremont, CA, flying back on the morning of Saturday 18th November. I am currently jetlagged and trying hard not to go to bed. If you are in the area, know me and would like to meet up for food/beer/whatever feel free to drop me an email.)

Moving on

Oct 2, 2007 / 0 comments

On Wednesday 17th October the majority of my belongings will leave Norwich, to arrive in Castlerock at some point the next week (exact day to be confirmed). I will then start work for 3par as a software developer in Belfast on Monday 29th. It's been 6 years since we moved to Norwich and I'll be sad to leave it, and all the friends I've made here, behind. I'd have stayed a bit longer but 3par were keen for me to get started. I imagine I'll be in the Fat Cat on Saturday 13th if people are around. And I expect visited in NI once we get settled in!

Electricity prepay meters and graphing

Sep 21, 2007 / 0 comments

The new house has a prepay electricity meter. My initial reaction was that I'd have to get NIE to come out and replace it with a normal meter, as I have a perception that card meters are awkward and expensive. However some investigation revealed that a keypad meter gets the same 2.5% discount that paying quarterly by direct debit does. The only way to get a larger discount (4%) is to pay a fixed amount monthly by DD.

That would still leave the annoyance of having to remember to top up, but it can be done over the phone with an automated system (you get a 20 digit number to key into the meter) and won't turn off supply overnight or at weekends apparently. Plus, and this is the real reason I'm giving it a while before switching away, it has a nice little satellite keypad/LCD unit. Connected to the main meter unit via a 4 core low voltage style cable. Bets on those being power, ground, rx and tx? You can query the meter on various things, some of which are crying out to be hooked up to a Munin plugin.

The meter is made by PRI (now Secure and seems to be a Liberty 1E. They have a vague page about comms, but little useful information about how to do anything or if the end user can buy anything suitable. I'll drop them an email, but it might just be a case of trying to reverse engineer the keypad protocol so I can talk it. The processor in the satellite is just a Mitsubishi M38223M which has some serial pins, so hopefully it'll be RS232 at TTL levels and something fairly basic over that.

However, before I go about doing this, has anyone else any experience of these meters and care to share details?

Crazy Domino's pricing

Sep 16, 2007 / 0 comments

Brett, JD and I went to Domino's this evening for pizza. The Domino's in Norwich does any large pizza for £9 if you collect, but the Brighton one doesn't seem to have this. In fact, if you order online and get delivery you can get a 20% discount. Which means it's cheaper to sit at home and be lazy that it is to turn up and collect on the way home from the pub. Er, what?

subscribe via RSS