Setting up a UMTS connection using a KPN mobile connect card

Preparing

First you will need to see which serial port is used by your UMTS card.
So plugin your KPN Mobile connect card and start up the PCMCIA service.

# /etc/init.d/pcmcia start

Then you will see something like this in your dmesg output:

ttyS1 at I/O 0x2f8 (irq = 19) is a 16550A

So ttyS1 is our serial port.

Config files

Make sure to change the ttyS# in the config files.
vi /usr/bin/umtsinit

#!/bin/sh
DEFAULTPIN="0000";
TTYDEV="/dev/ttyS1";
if [ $1 ] ; then
PIN=$1;
else
PIN=$DEFAULTPIN;
fi
echo "at" > $TTYDEV;
sleep 1;
echo "at+cpin=\"$PIN\"" > $TTYDEV;
echo "PIN send to $TTYDEV";

vi /etc/ppp/peers/umts

/dev/ttyS1 460800
connect '/usr/sbin/chat -v -f /etc/ppp/chat-umts'
novj
crtscts
noauth
defaultroute
debug
nodeflate
noccp
noipdefault
noaccomp
usepeerdns

vi /etc/ppp/chat-umts

TIMEOUT 5
ECHO ON
ABORT 'nBUSYr'
ABORT 'nERRORr'
ABORT 'nNO ANSWERr'
ABORT 'nNO CARRIERr'
ABORT 'nNO DIALTONEr'
ABORT 'nRINGINGrnrnRINGINGr'
'' rAT
TIMEOUT 12
OK ATZ
OK 'AT+cgdcont=1,"IP","internet",,0,0'
OK ATD*99***1#

Start/Stop Script

vi /etc/init.d/umts

#!/bin/sh

case "$1" in
  start)
        echo "Starting up UMTS"
        echo "Checking for files"
        if [ -f /etc/ppp/chat-umts ] ; then
          echo "/etc/ppp/chat-umts                      [OK]"
         else
          echo "ERROR: The file /etc/ppp/chat-umts does not exist."
        fi

        if [ -f /etc/ppp/peers/umts ] ; then
          echo "/etc/ppp/peers/umts                     [OK]"
         else
          echo "ERROR: The file /etc/ppp/chat-umts does not exist."
        fi

        if [ -f /usr/bin/umtsinit ] ; then
          echo "/usr/bin/umtsinit                       [OK]"
         else
          echo "ERROR: The file /etc/ppp/chat-umts does not exist."
        fi
        echo "Shuting down network interfaces"
        ifdown eth0
        ifdown eth1

        /usr/bin/umtsinit
        sleep 10
        /usr/sbin/pppd call umts
        ;;
  stop)
        /usr/bin/poff
        ;;
  *)
        N=/etc/init.d/umts
        echo "Usage: $N start/stop" >&2
        exit 1
        ;;
esac

exit 0

Related Sites

http://www.xs4all.nl/helpdesk/mobielinternet/umts/linux/

Category: linux | LEAVE A COMMENT

Howto setup a proftpd daemon using ssl encryption

FTPS or SFTP

People intend to mix FTPS and SFTP together, but both are actually completely differend.

FTPS is a normal FTP server but using SSL encrytion.
SFTP is a ftp kind of session over SSH (so everything is encrypted just like in SSH).

The advantage of FTPS is that its easyer to setup with chrooted enviroments on a ‘standard’ linux box.
Most linux disto’s don’t have by default the option to setup a chrooted SSH session.

Install proftpd from source

First we are going to download the latest source code which is 1.2.10 at the time of writing.

# cd /usr/src
# wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.10.tar.gz
# tar -xvzf proftpd-1.2.10.tar.gz
# cd proftpd-1.2.10

Make sure you have a compiler installed and the openssl packages.
Todo this on a debian based os:

# apt-get install build-essential
# apt-get install libssl-dev

Then compile proftpd with tls support.

# ./configure --with-modules=mod_tls
# make
# make install

Now everything should be installed so its time to test if it works using plain ftp so startup the server using the default config file.

# proftpd -l
Compiled-in modules:
  mod_core.c
  mod_xfer.c
  mod_auth_unix.c
  mod_auth_file.c
  mod_auth.c
  mod_ls.c
  mod_log.c
  mod_site.c
  mod_tls.c
  mod_cap.c
# /usr/local/sbin/proftpd  -c /usr/local/etc/proftpd.conf

If everything is alright proftpd should be started and you should be able to login using any ftp client.

# ftp localhost
Connected to localhost.localdomain.
220 ProFTPD 1.2.10 Server (ProFTPD Default Installation) [127.0.0.1]
Name (localhost:troublenow): troublenow
331 Password required for troublenow.
Password:
230 User troublenow logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
226 Transfer complete.
ftp> quit
221 Goodbye.

Good everything seems to be working so kill the the daemon and lets move on to setup proftpd

# ps waux | grep -i proftpd
nobody   17505  0.0  0.3   3788  1900 ?        Ss   07:19   0:00 proftpd: (accepting connections)
# kill `ps waux | grep -i proftpd | awk {' print $2 '}`
# ps waux | grep -i proftpd
#

Create SSL Keys

Now lets create a self signed certificate and put that in /usr/local/etc/ftpcert/.

# cd /usr/local/etc/
# mkdir ftpcert
# cd ftpcert/
# openssl genrsa 1024 > host.key
# chmod 400 host.key
# openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []: 
Email Address []:

Configure Proftpd

I will log everything in /var/log/ftpd so first we will need to create that directory:

# mkdir /var/log/ftpd

Now replace everything in the default /usr/local/etc/proftpd.conf to the new settings:

ServerName                      "test FTP server"
ServerType                      standalone
DefaultServer                   on

Port                            21

Umask                           022

AllowStoreRestart               on
AllowRetrieveRestart            on
AllowForeignAddress             on

LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"
LogFormat                       write   "%h %l %u %t \"%r\" %s %b"

DefaultTransferMode             binary
UseFtpUsers                     on

MaxInstances                    30

User                            nobody
Group                           nogroup

DefaultRoot                     ~

AllowOverwrite                  on


PassivePorts                    59000 59999
DefaultRoot                     ~
AllowOverwrite                  on

TransferLog                     /var/log/ftpd/xferlog
ExtendedLog                     /var/log/ftpd/access.log WRITE,READ write
ExtendedLog                     /var/log/ftpd/auth.log AUTH auth
ExtendedLog                     /var/log/ftpd/paranoid.log ALL default



TLSEngine on
TLSLog /var/log/ftpd/tls.log
TLSProtocol SSLv23
TLSRequired on
TLSVerifyClient off
TLSRSACertificateFile /usr/local/etc/ftpcert/host.cert
TLSRSACertificateKeyFile /usr/local/etc/ftpcert/host.key

Now startup proftpd and test the connection the the ftp server using tls (see clients for a supported client)
Clients

FlashFXP
FlashFXP one of the best windows ftp clients.
Related sites

http://www.castaglia.org/proftpd/modules/mod_tls.html
http://www.faqs.org/ftp/internet-drafts/draft-murray-auth-ftp-ssl-15.txt
http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html

Category: linux | 3 Comments on Howto setup a proftpd daemon using ssl encryption