Forum Replies Created
May 8, 2014 at 8:33 am in reply to: Boot using serial one zeroshell 3.0.0 on a soekris 6501 #53232
I tried ctrl^P and set conMute=Enabled. boot 81 (from USB) and then word GRUB appears, but then nothing moves.
I’m using ZeroShell-3.0.0-Disk-2GB.img.gz which I unpacked and copied the img with dd for windows to a usb stick.
I’m using baud 19200 speed.
Any ideas why this doesn’t work in my setup?
In my case I changed both ConMute and ConSpeed
It’s very importat that you disable the hardware flow control in your minicom/serial connection.March 25, 2014 at 3:26 pm in reply to: Boot using serial one zeroshell 3.0.0 on a soekris 6501 #53230
I had to change de values of conMute so it could boot as expected.
http://wiki.soekris.info/What_do_all_those_BIOS_settings_do%3FFebruary 12, 2014 at 11:29 am in reply to: Vulnerability and compromised profiles (Zeroshell<3.0.0) #53149
We observed that there is a hidden process (only shows upw when doing top) that’s called .DB.001
This process is launched by the Database-Cron (Startup Cron -> Cron Database)
You can see if you are affected by doing:
cat ./DB/_DB.001/var/register/system/startup/scripts/Database-Cron/FileJanuary 29, 2014 at 11:37 am in reply to: Vulnerability and compromised profiles (Zeroshell<3.0.0) #53147
I can confirm that the details outline in th video on youtube allows full access to the zeroshell, the only protection for this attacks other than updating is closing the web access except for your whitelisted ips.
Other than that, could someone explain how to identify the traces of the exploits intalled?
Answering to myself, racoon isn’t needed anymore in my environment because now client vpn can be established in major systems (including android and apple ios).
So I am updating this guide for the current rc3 and switching into compiling rsync.
We are suffering exactly the same issue, and so far we haven’t found a solution for this too.
Just updated the script and patches for the current failoverd (zs RC2), enjoy 🙂
I’d recomnend to give openvpn a try now that it can be installed in any ios device (iphone/ipad). https://www.zeroshell.org/forum/viewtopic.php?p=11587November 29, 2012 at 3:16 pm in reply to: Hyper-V VM rebuild of Renato’s 3.2.9 ZeroShell to VHD #52300
hello, insanityinside, I’ve been trying myself to compile some stuff for zeroshell without much success, I documented the steps I folowed here, but still couldn’t get it totally to work.
The thread is here https://www.zeroshell.org/forum/viewtopic.php?t=3783
Have you somewhere the instrucctions you followed to get zeroshell to compile the kernel and others?
I’ve just updated the instructions to compile for the current RC2. Still the issues with the configure are there.
Does anyone have an idea to fix these messages I got when compiling racoon?
checking netinet6/ipsec.h usability... no
checking netinet6/ipsec.h presence... no
checking for netinet6/ipsec.h... no
checking netipsec/ipsec.h usability... no
checking netipsec/ipsec.h presence... no
checking for netipsec/ipsec.h... no
checking /lib/modules/3.4.19-ZS/build/include/linux/pfkeyv2.h usability... no
checking /lib/modules/3.4.19-ZS/build/include/linux/pfkeyv2.h presence... yes
configure: WARNING: /lib/modules/3.4.19-ZS/build/include/linux/pfkeyv2.h: present but cannot be compiled
configure: WARNING: /lib/modules/3.4.19-ZS/build/include/linux/pfkeyv2.h: check for missing prerequisite headers?
configure: WARNING: /lib/modules/3.4.19-ZS/build/include/linux/pfkeyv2.h: see the Autoconf documentation
configure: WARNING: /lib/modules/3.4.19-ZS/build/include/linux/pfkeyv2.h: section "Present But Cannot Be Compiled"
configure: WARNING: /lib/modules/3.4.19-ZS/build/include/linux/pfkeyv2.h: proceeding with the compiler's result
checking for /lib/modules/3.4.19-ZS/build/include/linux/pfkeyv2.h... no
checking /usr/src/linux/include/linux/pfkeyv2.h usability... no
checking /usr/src/linux/include/linux/pfkeyv2.h presence... yes
configure: WARNING: /usr/src/linux/include/linux/pfkeyv2.h: present but cannot be compiled
configure: WARNING: /usr/src/linux/include/linux/pfkeyv2.h: check for missing prerequisite headers?
configure: WARNING: /usr/src/linux/include/linux/pfkeyv2.h: see the Autoconf documentation
configure: WARNING: /usr/src/linux/include/linux/pfkeyv2.h: section "Present But Cannot Be Compiled"
configure: WARNING: /usr/src/linux/include/linux/pfkeyv2.h: proceeding with the compiler's result
checking for /usr/src/linux/include/linux/pfkeyv2.h... no
configure: error: Unable to find linux-2.6 kernel headers. Aborting.
So far I am stuck with this, it seems to me (still have to investigate a bit more) that racoon needs to be compiled enabling the hybrid mode (mixed authentication with x509 and certificates).
I will post whatever I can get.
I have been looking into this manual, even though the instructions are very good, they don’t seem to be updated for the current zeroshell version.
I collected all the information I could found, and wrote a simple guide that is public via bitbucket, at this url
https://bitbucket.org/aseques/zeroshell-documentation see the file COMPILE.
It’s a public repository, so feel free to clone/modify, etc..
It seems that there’s a way to load the certificats into iphone, I am yet to explore this setup, but it looks good, it’s a non intrusive configuration that would’nt need further changes to zeroshell.
PPTP will work, but it’s totally flawed, to the point that even microsoft recommends not to use it.
Other than that you can only use l2tp, but at version 2.0.1 the configuration of the server is not usable on an iphone.
The problem is that you have to jailbreak your iphone to use openvpn natively, most of the time that’s a Non-option in a enterprise environment.
Another solution would be to add the pieces to zeroshell l2tp connections so it could accept connections from ios (the missing piece is psk support in zeroshell)