Personal info for fab

Name: Fabrice Bellet
Member since: 2004-07-07 17:53:29
Last Login: 2008-07-03 08:26:51

Homepage: http://bellet.info

Recent blog entries for fab

2 Jul 2008 »

faster pop3 client ?

Retrieving a bunch of small emails with a POP3 or IMAP client over a slow network can really be a pain, especially when the latency is high. Why ? Because the IMAP and the POP3 protocol dialog is often serialized between the client and the server, and each processed message requires to send and to receive at least three messages : ask for the header, wait for the reply, ask the the body, wait for the reply, ask to update the seen and deleted flag on the server, and wait for the reply. If the body of the message is small, most of the time is spent waiting for the replies from the server, while the network pipe remains idle. Not really optimal.

Recently, I discovered retchmail, that provides a nice speedup in POP3 retrieval, compared to fetchmail, that I used before. This program uses the WvStreams library, it pipelines and parallelizes most of the protocol dialog. Several POP3 servers can be queried simultaneously, and several messages are retrieved in parallel, so the network is busy most of the time.

2 Jul 2008 »

NetworkManager, broadband network connection and VPN

The Huawei-E172 USB 3G+ key now works out-of-the box with NetworkManager as shipped with Fedora 9. All configuration stuff is handled by the edit connection menu, the PIN code is stored in the gnome keyring, and specific patch for the french SFR broadband network provider is no longer required.

bonus note:

This information is taken from the Vodafone Mobile Connect Card driver. You can change the preferred connection mode by sending those AT commands to the card :

'GPRSONLY' : 'AT^SYSCFG=13,1,3FFFFFFF,2,4'
'3GONLY'   : 'AT^SYSCFG=14,2,3FFFFFFF,2,4'
'GPRSPREF' : 'AT^SYSCFG=2,1,3FFFFFFF,2,4'
'3GPREF'   : 'AT^SYSCFG=2,2,3FFFFFFF,2,4'

17 Apr 2008 »

powertop in Rawhide

the Fedora 9 distribution to be released at the end of this month, already looks promising on how it will play nice with the power-saving levels of the CPU. Independantly on the amount of power consumption of each element that constitutes a laptop, the longer of processor can stay in a deep power-saving state, without being woke up by the OS, the less it will consume power, and the longer the battery will last.

The EeePC can reach the average of 5 wakeup per second, with gnome running, and everything idle on the machine, usb modules unloaded, and wifi driver unloaded too. So the processor can stay on average 200ms in its deeper power-saving state (C3 in this case), which is very good, see the screenshot here.

The linux kernel made huge progresses in this area, if we remember that not long ago, the fixed timer interrupt, generated between 100 and 1000 wakeups per second by itself, even when the CPU was idle.

14 Apr 2008 »

NetworkManager, broadband network connection and VPN

I described in a previous post how to use the NetworkManager in Fedora 8 to connect to a broadband network provider, with the Huawei-E172 USB 3G+ key. The next step is naturally to use this wireless link to setup a VPN connection over this unsecure network. The cherry on the cake will be the integration of this VPN client into the NetworkManager, with a single applet to manage all the magic.

An openvpn plugin is available for NetworkManager, so the client configuration is basically limited to just a few clicks in the GUI. The server config file looks like that (/etc/openvpn/server.conf) :

port 1194
dev tun

tls-server
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem

mode server
ifconfig 192.168.129.1 192.168.129.2
ifconfig-pool 192.168.129.4 192.168.129.255

push "route 192.168.129.1 255.255.255.255"
push "route 192.168.128.0 255.255.255.0"
push "dhcp-option DOMAIN example.com"
push "dhcp-option DNS 192.168.128.1"

keepalive 10 60
inactive 600
route 192.168.129.0 255.255.255.0
user openvpn
group openvpn
persist-tun
persist-key

verb 3

This configuration is basically the same than the roadwarrior-server.conf example provided in the documentation directory of the Fedora openvpn package. In this file, the openvpn server is configured for a tun-style tunnel (instead of an ethernet tunnel using ethernet bridging), it provides routes for the internal local network 192.168.128.0/24, it advertizes the local DNS. The clients are allocated in the subnet 192.168.129.0/24, where are also assigned the addresses of the virtual endpoints of the tunnel. The certificates are generated with the easy-rsa scripts, many details on certificates generation is available on the web.

Some iptables rules are needed (eth0 is the outgoing interface of the VPN server box) :

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -d 192.168.129.0/24 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport openvpn -j ACCEPT

If you use Fedora-8, and NetworkManager version 0.7.0-0.6.7.svn3370 from the updates-testing repository, this supplementary patch is also needed:

--- NetworkManager-0.7.0.orig/src/NetworkManagerSystem.c        2008-01-21 16:21:00.000000000 +0100 
+++ NetworkManager-0.7.0/src/NetworkManagerSystem.c     2008-04-13 23:18:03.000000000 +0200 
@@ -347,7 +347,7 @@ 
  
        /* Set up a route to the VPN gateway through the real network device */ 
        if (active_device && (ad_config = nm_device_get_ip4_config (active_device))) { 
-               nm_system_device_set_ip4_route (nm_device_get_iface (active_device), 
+               nm_system_device_set_ip4_route (nm_device_get_ip_iface (active_device), 
                                                                  ad_config, 
                                                                  nm_ip4_config_get_gateway (ad_config), 
                                                                  nm_ip4_config_get_gateway (config), 
--- NetworkManager-0.7.0.orig/src/nm-device.h   2008-01-09 19:10:15.000000000 +0100 
+++ NetworkManager-0.7.0/src/nm-device.h        2008-04-14 00:20:53.000000000 +0200 
@@ -122,6 +122,7 @@ 
  
 const char *   nm_device_get_udi               (NMDevice *dev); 
 const char *   nm_device_get_iface             (NMDevice *dev); 
+const char *   nm_device_get_ip_iface          (NMDevice *dev); 
 const char *   nm_device_get_driver    (NMDevice *dev); 
  
 NMDeviceType   nm_device_get_device_type       (NMDevice *dev); 
--- NetworkManager-0.7.0.orig/src/nm-device.c   2008-02-21 04:16:11.000000000 +0100 
+++ NetworkManager-0.7.0/src/nm-device.c        2008-04-13 23:22:25.000000000 +0200 
@@ -248,7 +248,7 @@ 
 } 
  
  
-static const char * 
+const char * 
 nm_device_get_ip_iface (NMDevice *self) 
 { 
        g_return_val_if_fail (self != NULL, NULL);

This patch appearead later in upstream, and is available in NetworkManager from rawhide, so you may prefer to rebuild this more recent version for Fedora-8 instead.

The configuration of the VPN, with the GUI is very simple. Be sure to upload the client certificate, the client key, and the ca certificate from the server easy-rsa directory on the client. Enter these file paths in the nm-applet openvpn configuration, define the IP address of your openvpn server, and that's all. Advanced settings should be left to their default values. The openvpn client behaviour, as driven by NetworkManager, is to add a direct route to the openvpn gateway, via the existing network connection, and to add a default route for all other traffic through the tunnel of the VPN. So all the traffic will be crypted, except the traffic directed to the openvpn server itself.

12 Apr 2008 (updated 23 Apr 2008 at 12:16 UTC) »

Update on Huawei-E172 card and NetworkManager

Minor changes are required in NetworkManager on Fedora-8 to make it work fine with the Huawei-E172 card and the french mobile broadband network provider SFR.

• install the latest version of hal-info from updates-testing repository.

• if you don't want the usb storage stuff of the card to show up each time you plug it in, add an entry in hal, named /usr/share/hal/fdi/preprobe/20thirdparty/20-huawei.fdi and containing :

  <?xml version="1.0" encoding="UTF-8"?> 
   
  <deviceinfo version="0.2"> 
    <device> 
      <match key="storage.bus" string="usb"> 
       <match key="@storage.originating_device:usb.vendor_id" int="0x12d1"> 
         <match key="@storage.originating_device:usb.product_id" int="0x1003"> 
           <merge key="info.ignore" type="bool">true</merge> 
         </match> 
       </match> 
     </match> 
    </device> 
  </deviceinfo>
  

• add an udev rule, that will send the PIN code the the card control device upon card insertion, in a file named /etc/udev/rules.d/99-huawei.rules

  ACTION=="add", KERNEL=="ttyUSB1", ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="1003", RUN+="/usr/local/bin/huawei-e172-send-pin $env{DEVNAME}"
  

• create the script file that will send the PIN code to the card, /usr/local/bin/huawei-e172-send-pin

  #!/bin/bash
  if [ -n "$1" -a -c "$1" -a -w "$1" ]; then
    echo 'at+cpin="1234"' >gt; "$1"
  fi
  exit 0
  

• the two previous steps can be replaced by creating a gconf key containing the pin value, system/networking/connections/*/gsm/pin, of type String. But this won't work on the first connection, because NM currently doesn't wait after setting the pin and before the card becomes available for dialing.

• apply this patch to NetworkManager 0.7 from the updates-testing repo, and rebuild the package:

  --- NetworkManager-0.7.0/src/nm-gsm-device.c.orig       2008-01-09 19:10:50.000000000 +0100 
  +++ NetworkManager-0.7.0/src/nm-gsm-device.c    2008-04-11 15:02:32.000000000 +0200 
  @@ -169,7 +169,7 @@ 
    
          setting = NM_SETTING_GSM (gsm_device_get_setting (NM_GSM_DEVICE (device), NM_TYPE_SETTING_GSM)); 
    
  -       command = g_strdup_printf ("AT+COPS=1,2,\"%s\"", setting->network_id); 
  +       command = g_strdup ("AT+CGDCONT=1,\"IP\",\"slsfr\""); 
          nm_serial_device_send_command_string (device, command); 
          g_free (command); 
    
  @@ -268,10 +268,7 @@ 
    
          setting = NM_SETTING_GSM (gsm_device_get_setting (NM_GSM_DEVICE (device), NM_TYPE_SETTING_GSM)); 
    
  -       if (setting->network_id) 
  -               manual_registration (device); 
  -       else 
  -               automatic_registration (device); 
  +       manual_registration (device); 
   } 
    
   static void 
  @@ -440,7 +437,7 @@ 
          guint id; 
          char *responses[] = { "OK", "ERR", NULL }; 
    
  -       nm_serial_device_send_command_string (device, "ATZ E0"); 
  +       nm_serial_device_send_command_string (device, "ATZ Q0V1E0S0=0&C1&D2"); 
          id = nm_serial_device_wait_for_reply (device, 10, responses, init_done, NULL); 
    
          if (id)
  

• with gconf-editor, go to the system/networking/connections/*/ppp entries related to your gsm connection, and toggle the noauth key to true.

• restart haldaemon, NetworkManager and the nm-applet, and you should be able to connect to your broadband provider, using NetworkManager.

Update:

It appears that the patch to nm-gsm-device.c above, that modifies the ATZ init string and fixes the SFR APN with AT+CGDCONT is not needed. Defaults values should work just fine.

40 older entries...

[ Certification disabled because you're not logged in. ]