Saturday, April 27, 2019

pmwiki and lighttpd

Just my config, nothing more!
$HTTP["host"] == "wiki.MYDOMAIN.TLD" {
 $HTTP["remoteip"] !~ "^2001:START-OF-MY-IPV6-ADDR" {                                                        
  url.access-deny = ( "" )                                                                      
 }

 $HTTP["remoteip"] =~ "^2001:START-OF-MY-IPV6-ADDR" {
  url.rewrite-once = (
  "^/wiki/?([^?]*)$" => "/pmwiki.php?n=$1",
  "^/wiki/?([^?]*)[?](.*)$" => "/pmwiki.php?n=$1&$2"
 }

 url.rewrite = (                                                                                
  "^/scripts/" => "404.html",                                                                   
  "^/wiki\.d/" => "404.html",                                                                   
  "^/local/" => "404.html",                                                                     
  "^/cookcook/" => "404.html"                                                                   
 )
 fastcgi.server = ( ".php" =>                                                                   
                  ( "php-tcp3" =>                                                               
                     (                                                                          
                       "host" => "127.0.0.1",                                                   
                       "port" => 9003,                                                          
# Do not check file exists on server side                                                       
                       "check-local" => "disable",                                              
# Some php stuff                                                                                
                       "broken-scriptfilename" => "enable",                                     
# Docroot comes from sql in my case "docroot" => "/var/www"                 
                        ,"fix-root-scriptname" => "enable"                                      
                     )                                                                          
                   ),                                                                           
 ) 

}

Tuesday, January 22, 2019

ZyWALL, D-Link DFL-860, NAT-T: tricks and throughput

I have Dlink DFL-860 running as IPSEC server. I've tried to connect to it with Zywall W30 and Zywall 2 behind of NAT, calling DFL.
That's possible. The trick is to set "My Address" of ZyWalls to WAN address - which they get from the DHCP behind the Nat (and not the real IP).
So the right way is to configure WAN port statically or bind WAN interface to fixed IP via dhcpd.
And next, some throughput table with my settings (somehow same for all the tested devices):
Device IPSEC/IKE1 throughput, as wget shows,kilo/megaBYTEs
D-Link HV808 540 KB/s (0.5 megabits/sec)
ZyWALL 30W 1.28 MB/s
ZyWALL 2 2.15 MB/s
D-Link DFL-860E 6.36 MB/s (note: the wire itself if 70Mbs)
pppd over ssh, without hardware router (one side - banana PI, other is i7?)
IPv4 1,05MB/s
IPv6 962KB/s
Direct wget over IPv4, for line testing 9,64MB/s (but ISP says I have 70Mbs) Direct wget over IPv4 via DI-808HV, Wan is DHCP ~5.4MB/s
Those devices are really antique (except DFL-860), but that's what I have to share.
I was not able to test D-Link DFL-100 and ASUS SL1000 because they are unable to do XAuth as client.