Backtrack:  
 
showing posts tagged with 'network'
by lunarg on April 4th 2013, at 16:15
The Cisco VPN client v5.0 does not work out-of-the-box on Windows 7 and 8. Starting the VPN will result in an error:

Error
Reason 442: Failed to enable Virtual Adapter

This is because of a malfunctioning installer, creating an invalid connection to the Cisco VPN Adapter. To resolve, follow the steps below.

Open regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVirtA.

Look for the DisplayName value and change it to remove all leading characters up to and including %;:For x86, the value change from something like @oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter to Cisco Systems VPN Adapter

For x64, the value would change from something like @oem8.inf,%CVirtA_D  ...
by lunarg on March 29th 2013, at 12:08
By default, Azure blocks all access to your SQL Azure database, unless you specifically add firewall rules for your IP. In some cases you may need access from any IP in the world (e.g. when you want to use Remote Desktop Manager through Azure and require access from any IP). In this case, you have to adjust the firewall so access from all IP's are allowed. Here's how.

Warning
Allowing public access to your SQL database effectively opens up access from anywhere, increasing the risk of unauthorized access. Do not use this with in a production environment, or with sensitive data. Change the login and password to your database to something very complex.
In case of Remote Desktop Manager, enable  ...
by lunarg on March 27th 2013, at 16:31
Occassionally, Windows 7 has a tendency to automatically create an excessive amount of various tunnel adapters, ranging from isatap, 6to4 and Teredo. The result is a slowdown during startup because of all the interfaces, and ifconfig's output gets cluttered.

You can manually remove the interfaces through Device Manager. Start it up (run devmgmt.msc), then turn on hidden devices:



Under Network adapters, you'll find the whole list of adapters, starting with Microsoft 6to4 Adapter or Microsoft ISATAP Adapter, followed by a number. You can manually delete ("uninstall") all but the unnumbered adapters.

There are also ways to automatically uninstall these adapters, which is recommen  ...
by lunarg on February 28th 2013, at 14:38

Add this line to the server config:

push "redirect-gateway def1"
by lunarg on February 23rd 2013, at 11:02

It's possible for Synology devices running DSM 3 or higher to enable support for NTFS ACL's. This allows Windows-users to set up Security through Windows Explorer itself. Most of the ACL types are supported.

NTFS ACL's have to be enabled for a share through the web-interface:

by lunarg on February 8th 2013, at 14:03

Restarting OpenVPN on the CLI of a pfSense can be done using the following command:

echo "<?php include('openvpn.inc'); openvpn_resync_all();?>" | php -q

This issues a restart command as if you would via the web-interface.

by lunarg on January 18th 2013, at 13:10

OpenVPN is finally available on Apple iOS!

This means you will now be able to connect through OpenVPN via your iPhone and iPad devices. It is available through the AppStore:

https://itunes.apple.com/us/app/openvpn-connect/id590379981

More info about OpenVPN on pfSense: http://blog.pfsense.org/?p=684

by lunarg on January 8th 2013, at 12:07

I found NcFTP to be a useful toolkit for use in scripting. Aside of a linux version, it also has precompiled binaries for Mac and Windows.

The toolkit contains different programs which are very useful for use in various scripting (such as automatic file upload/download, and more). Both regular FTP and SFTP are supported.

by lunarg on November 6th 2012, at 17:22
When your DC replication has halted, check whether there's an entry in the event log: NTFRS event id 13568 (JRNL_WRAP_ERROR).

This error occurs when the DC on which this event id is generated has been powered off unexpectedly, or when the system volume was full. The error signifies that the database journal (used during replication) has been cut off, resulting in the replication being halted, which is by design.

To resolve, you can tell NtFRS to automatically repair the problem and continue with the replication by changing the value of a certain registry parameter. The parameter can be found at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at   ...
by lunarg on September 24th 2012, at 12:24
When running dnsmasq inside a VPS on an OpenVZ server, you may get an error while trying to start up dnsmasq (this is in particular the case for Debian):Starting DNS forwarder and DHCP server: dnsmasqdnsmasq: setting capabilities failed: Operation not permitted

This is because dnsmasq does not run as root (which is a good thing). What happens is that dnsmasq gets started as root, then attempts to set privileged functions to the dnsmasq user before changing user from root to that user. When setting these capabilities fails, you get the above error.

The reason for failing is usually because either the kernel is missing the required features, or, in case of OpenVZ, the permissions are not pas  ...
by lunarg on June 20th 2012, at 15:30

The Ringmaster software downloaded from Juniper Networks doesn't come with the help files included. They are available as a separate download and need to be integrated after installation. Unfortunately, it's not really clear where to put them.

Downloading the help files provides you with a html.zip file, containing a html folder with a bunch of html files in it. This folder has to be placed inside the help/ subfolder of where you've installed the Ringmaster software. The default path in linux is: /opt/ringmaster/help/ . When done correctly, you will be able to access the help files via the URL http://ip-of-your-server/html/ or by pressing F1 in the Ringmaster client.

by lunarg on September 28th 2011, at 10:56
IP autoconfiguration (also known as APIPA) configures a network interface with an IP address if no fixed IP has been specified, and there's no DHCP server on the network. In this case, an automatic IP will be assigned out of a private range (usually 169.254.x.x). APIPA exists on all Windows version (safe Windows NT).

In case you wish to disable APIPA on a certain interface, you can use the Windows registry to do this. By default, APIPA is enabled on all interfaces, unless it is explicitly disabled.

Fire up regedit. Navigate to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Tcpip\Parameters\Interfaces\adapter clsid, where adapter clsid is the ID of your adapter. If you only h  ...
by lunarg on September 9th 2011, at 14:22

When running a Synology, take care when you require (or don't want) public (a.k.a. guest) access to shares.

To allow access, first check whether the guest account is not disabled. I found out it was disabled after joining the device in a Windows domain. Disabling the account is a good way to effectively cut off all public access.

If you require guest access on some shares but not on all, be sure to set the ACL for Guest in Privileges Setup to No Access for shares that have to be locked down. Not explicitly setting this will allow public access on that share.

by lunarg on June 23rd 2011, at 17:37
Since version 2.0, OpenVPN has the ability to use PKCS12-files as TLS/SSL keys for accessing an OpenVPN server. The advantage of this is that you only have one key file containing the private and public key of the client and the CA certificate.

Creating such a certificate storage file can be done very easily when you already have the individual files, using OpenSSL.

openssl pkcs12 -export -in my-vpn.crt -inkey my-vpn.key -certfile my-ca.crt -out my-vpn.p12

Run the command above, matching the file names to the ones you have. Optionally, you can type in a password to secure the PKCS12 file.

Next, adjust your OpenVPN config: remove all the lines to your certificate and key files and add a s  ...
by lunarg on April 19th 2011, at 15:40
By default (and if turned on in Finder), Mac OS X only shows network shares on the desktop when they are connected. If you want to have a link to the share, even when it's not connected, you can create an alias to that share to have it always shown on the desktop. This way, you will always have it available, and moreover, double-clicking the alias will automatically connect the share, and, if required, prompt for a password.

To quickly create a share, connect it like you normally would. While staying in the root of that share, drag its icon in the title bar of the Finder window to your desktop while holding the Option (alt) and Command keys. This will create a permanent alias on your   ...
by lunarg on August 24th 2010, at 16:31

This package provides files to enable syntax highlighting in nano when editing shorewall configuration files, making it easier to maintain these kinds of files.

by lunarg on August 19th 2010, at 16:19

If for some reason you lost your SSH server keys, sshd will fail to start with error:

Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key

You can recreate your host keys with these commands:

ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

After recreating the keys, you will probably have to let your clients know as with the change of keys, they'll probably get warnings about it (Linux SSH will not even connect until you kick out the old keys).

by lunarg on June 23rd 2010, at 17:14
Working on implementing Multi-WAN at our office (more about that later), in which we use a rather special routing setup, we got this error message on our IPSEC tunnels:

Quote
ipsec_setup: Starting Openswan IPsec U2.4.12/K2.6.26-2-amd64...
ipsec_setup: no default route, %defaultroute cannot cope!!!

While the reason was obvious to me (there's indeed no default route in the main routing table, this is by design), fixing the problem was not.
I tried adding options like leftnexthop=ip-address but it did not really matter; the error persisted.

After searching around Google, I came across a post with a similar error, along with an unusual solution: adding the following line solve  ...
by lunarg on June 3rd 2010, at 20:03
Linux has always been a great player in internetworking, thanks to a very advanced networking stack. In addition, the filtering capabilities provided by Netfilter are only surpassed by a very select group of devices. It doesn't come as a surprise there are a lot of firewalls and internet gateways out there that are running this powerful combo.
Detailing the features of linux as a firewall/internet gateway would take up an entire article so I'm not going to elaborate on it. It suffices to say that whatever you can think up of setting up, the linux + netfilter combo can probably do it. Worst case, there are other third party applications (Squid as a web proxy and content filter, for instance)   ...
by lunarg on April 14th 2010, at 20:16
With firmware 6.00 in a Netscreen SSG5, I encountered an odd bug where available sockets for the management web interface run out, because they're not being freed properly.
Rather than rebooting the thing every once in a while, there's a way to free used sockets through the console.

Your best bet is to attach a serial cable to a server or something and use HyperTerminal (or another terminal application) to access the console of the Netscreen.

Once logged in, use the following to get a list of sockets in use:

get socket

This shows a list of in-use sockets, along with their ID. Sockets with the IP address of the Netscreen on port 80 will be the ones you want to clean up, along with their I  ...
showing posts tagged with 'network'