Monday, February 7 2005, 22:12
bad timing and SIP frustration
By fake - Permalink
i wondered why openvpn on the soekris router kept telling me that the server certificate is 'not yet valid' - i thought the meaning was something like 'the certificate looks invalid now, but i haven't checked everything yet' (like the ssh -v authentication fall-through messages). eek. there was no 'date' utility on the box, but as the dsl link went down once again, i wanted to know when the cron-job would kick in, so i copied it over - it was the 3rd of January in 1980. Then it occured to me that openssl verify may be very aware of the fact that back then only very few certificates were valid ;) and of course the ca certificate was created somewhen in 2004, so a quick date -s (and hwclock --systohw) brought me back into the vpn (a setup where 6 routers of friends are connected, mostly for SIP and easy access to one's own boxen when at a friend), and with my free traffic/month kindly upgraded to 300GB/month, i went on installing SER on the vpn knot instantly.
unfortunately, no other participant of the VPN was availible, so i asked on the rock linux channel (#rocklinux on freenode.net) wether someone had a sip ua running by chance. daja even compiled kphone to help me out, but the frustration was big. as nice as sip is when used in non-NAT-areas, as much it sucks as soon as NAT comes into play. Okay, i admit, there was a time when i considered it perfectly normal to install a sip proxy on your router or at least do some port forwading and do the 'accpeted media ports'-dance - but then there was skype... the evil, evil skype that 'just works, nat or not'. kinda changed my view on that...
beside that, today was more the relaxed kind of day, not to say boring... believe it or not, i'm going to watch another episode of 'gilmore girls' now ... o_O