Thin-Pi

Posted on June 9th, 2013 by Luke Sheldrick.
Categories: IT / Tech.
Tags: , , , , , .

9 06 2013

Since moving last year, now I have a dedicated home office, I banned myself from having a PC in the bedroom, and try not to take a laptop in there either. Lots of devices these days want internet access (TV, AppleTV, BD Player..etc) so I have a small 8 port switch hidden in the book case, with a point to point wifi connection back to the office, this works rather well. I also have 6 airplay destinations in the apartment, so can stream music to every room, however annoyingly iPad/iPhones can only stream to one destination. I use Airfoil on either my Mac or MacBook, to usually stream spotify or the radio to multiple rooms.

However, as I don’t have a PC in the bedroom, I have to kick this off from the office. I’d recently been testing thin clients out, and have a spare monitor, so decided to set one up in the bedroom, so I can stream music, check train times…etc stuff I want to quickly check in the mornings, that kind of thing. I have no need for a full blown PC, nor do I want the noise/power in the bedroom. One of the most flexible ‘clients’ I’d tested was a Raspberry Pi. Whilst it is a ‘full PC’, it’s silent, very lower power use, and for things like RDP/SSH is perfect. Another thing, is it’s very cheap, even compared to actual thin clients. I have the streaming software, and a load of other day things running on a VM in the office, so RDPing back to this is a doddle.

I have it hidden away with the switch in the bedroom, and purposely put it somewhere I can’t sit and use it. I only want to be able to control bits in the apartment, and use it as a terminal.  I set it up, using raspbian, and a few scripts to make make opening up RDP sessions seamless. I have to say, I am very impressed with it. Although it’s quite a underpowered ‘PC’, for simple tasks such as this, I’m very very impressed. It’s also quite handy having a full linux environment, though compiling anything from source is a foolish decision.

Pi Cupboard Pi Thinclient

1 comment.

VMware VCD VPN + Fortigate

Posted on December 29th, 2012 by Luke Sheldrick.
Categories: IT / Tech.
Tags: , , , , , , , , , , , , , .

29 12 2012

I’ve been testing a new platform at the day job for the last couple of days, as a user. The main part of this, is I do all the tests as if I was the end user (i.e. our Customer). The platform is based on VMware’s Virtual Cloud Director 5.1. I’m working with our product team to get the platform ready to hand over to our customers, and filling in the missing gaps, when it comes to requirements, documentation and any support needs.

One thing I was playing with today, was the inbuilt VPN capabilities. The documentation from VMware here, if I am honest, is quite incomplete. Even as a seasoned VMware user, some elements, are confusing. So the documentation for this element, were, how do I put it… minimal (read: missing all the needed info). I assume it’s because they’re assuming that you’ll be connecting it to another vShield Edge device, so their defaults, would just work.

I was working with my physical test lab to simulate a customer’s existing hosted solution, i.e. a rack of equipment in their data centre. The firewall I was using was an old Fortigate 200A, however this is running the latest v4 FortiOS, so would be the same for any firewall from Fortinet (running V4, V3 would be very very similar, if you still have that out there).

So, let’s assume the following:

 vOrg Network: 192.168.15.0/24
 VShield Edge IP: 90.1.1.1.1
 All devices NATed behind the Edge device.
 Legacy Network: 10.30.3.0/24
 Fortigate IP: 80.1.1.1.1
 All devices NATed behind the Fortigate.

Login to the VCD Portal, and go to your vOrg network preferences, right click on the network you want to configure for VPN access.

Network

Go to the VPN tab, and If not already enabled, enable the VPN service. Then select new.

Network2

Change the “Establish VPN to” to External Network.

VCDVPN1

From the below, we’re going to fill out.

 Name: Your choice
 Description: Your choice
 Local Networks: LS-Network2 (matches the 192.168.15.0/24) Here I chose the network that matched my requirements. (Yours will differ, and you'll need to make the amendments throughout.)
 Peer Networks: 10.30.3.0/24
 VPN Endpoint: The vShield Edge device you're going to terminate the VPN on.
 Local ID: Your choice - just needs to match what you configure the firewall with.
 Peer ID: Your choice - just needs to match what you configure the firewall with.
 Peer IP: This is going to be your other firewall. So for me it was 80.1.1.1
 Encryption Protocol: again, your preference. AES256 is a sane default.
 Shared Key: Your choice - just needs to match what you configure the firewall with.
 The rest: I left as default.

Now this left me asking some questions, i.e. what were the other settings going to be, such as Authentication method, DH Group, PFS, Key lifetime..etc None of this is listed in the documentation/user guide.

Anyway, to continue, you need to add a firewall rule in, to allow communication between the two environments. Something like the below, but again, adapt to your requirements.

VCDFW

Moving on to the Fortigate. This took a while to work out, as basically, I had to configure the VPN, wait for the edge device to try and bring up the VPN to see what it was proposing, in order to then set the Fortigate to match these (read: a complete PITA). However now that’s been done, hopefully this will help someone.

Go to your VPN Settings, add a new Phase I


FNP1

So the settings here:

 Name: Your choice.
 Remote Gateway: Static IP.
 IP Address: Edge device IP. Mine 90.1.1.1
 Local Interface: Your internet facing interface.
 Mode: I chose Main, but this can be your preference.
 Pre-shared Key: What you made up in the earlier steps.
 Enable interface mode (makes life a lot easier for firewall rules.)
 IKE Version: 1
 Local IP: I chose main - your config may differ.
 Encryption: Whatever you chose earlier. AES256 for me.
 Authentication: SHA1 (This is one of the settings not documented anywhere)
 DH Group: 2 (This is one of the settings not documented anywhere)
 Keylife: 28800 (This is one of the settings not documented anywhere)
 DPD: Disabled - The edge device didn't seem to respond to these, so the Fortigate tore the tunnel down. (This is one of the settings not documented anywhere)

Phase II:

FNP2

 Name: Your choice.
 Phase I: Select the one you configured above.
 Encryption: AES256 (unless chosen different above)
 Authentication: SHA1 (This is one of the settings not documented anywhere)
 DH Group: 2 (This is one of the settings not documented anywhere)
 Keylife: 1800 (This is one of the settings not documented anywhere)
 Source Address: 10.30.3.0/24 (yours will need to changed to match your network)
 Destination Address: 192.168.15.0/24 (match your vOrg Network)
 The Rest: Default.

Next: create the firewall rules. Incoming and outgoing for the VPN interface. I wont go into details here, as if you’re reading this I expect you’ll know how to add a policy in.

Static Route. You’ll need to create a static route for the VPN, in order to route traffic down the interface. Interestingly, you didn’t need to do this on the Edge config.

Go to the Router > Static > Create new. Something like the below, amended to your network.

FNSR

Once this is done, the VPN should come up.

0 comments.

Serial Console & Android

Posted on December 9th, 2012 by Luke Sheldrick.
Categories: IT / Tech.
Tags: , , , , , , , , , , , .

9 12 2012

You’re in a datacenter, all you have with you is a bag of cables, a crash cart, and your mobile. A core switch has fallen over, and you need to quickly see what the console it outputting.

I was tinkering at home, where I was building a lab of some cisco and fortigate kit, and needed to quickly set a management IP. I had a rollover cable, and a usb to serial converter, and wondered if my Samsung Galaxy Note, and the ‘USB-to-go’ cable would allow me to connect to the serial port on the switches and firewalls. Using the inbuilt terminal didn’t work, and I couldn’t get minicom to play. However I did find an app in the Play Store, that had support for most of the usb converters.

A bit of fiddling, and bingo, it all worked.

Android Serial Console
I got this to work on my Galaxy Note, however this should work with anything that has USB Host Mode support. This would be really useful on a tablet.

The best bit here, is to do this, it’s really rather cheap. What I used:

USB-to-go connector – for converting the micro usb (Micro-B) to standard Female USB(Type A).
USB-to-Serial – cheap PL2303 based converter
Cisco Rollover cable – Every DC will have hundreds of these.

Slick USB 2 Serial Terminal – Android app that talks directly to the USB-to-Serial converter. (Ad supported or pay for version).

2 comments.

Mountain Lion – Notification Center Shortcut

Posted on July 27th, 2012 by Luke Sheldrick.
Categories: IT / Tech.
Tags: , , , , , , , .

27 07 2012

Just a quick one. Have been using Mountain Lion for just over a day, but noticed there wasn’t a quick way to see the notification center

Seems there is a shortcut available in the keyboard preferences, it’s just not set. So just assign your preferred shortcut, as below.

 

 

0 comments.

Mountain Lion

Posted on July 26th, 2012 by Luke Sheldrick.
Categories: IT / Tech.
Tags: , , , , , , , , , , .

26 07 2012

So, Mountain Lion came out yesterday. I bought Apple’s new Macbook Pro with Retina, so am entitled to a free upgrade.

Applied for the redemption code, had to give a load of info, like purchase date, serial number..etc (not quite sure why, surely Apple can check this against my AppleID). Anyhow, they send you out a password and a password protected PDF in separate mails. Received mine within the hour, go to use it, and it informs me the code has already been used. Took a look on twitter, and seems everyone was in the same boat. According to numerous reports, Apple Support are saying to wait 72 hours, when a new code will automatically be issued.

I’m sorry, but that just sucks. I buy their top of the range laptop (well as well as most other things), and now I have to wait for the new shiny! Boo. I have a MacMini I use in my home office, which I’ve read mixed reports if the upgrade code would work for, so decided to just pay for the upgrade, as I’ll probably have to anyway for the MacMini, and I can use that on multiple machines.

Upgrade was pretty painless, a few things are broken, whilst developers update their code (and more importantly, make it work within the App Sandbox). I was reading up on PowerNap, as this is one feature that I think is really cool. My MBP will update, backup..etc when in standby. The default is to have this disabled when on battery power – however I wanted to ensure that was the case. According to the Apple KB, it’s in Power settings, and then in the Battery tab. I don’t have that. OK, so I need a SMC update before I can enable PowerNap. Great – for their latest, flagship MacBook, it’s ‘coming soon’.

WHAT?

Noticed a few things are broken so far:
TruePreview – Stops mails being marked as read in Mail. Manual Fix Here.
GPGMail – PGP/GPG for Mail. Broken at current – devs say to follow their twitter.
Hal9000 Screensaver – As it says on the tin.

0 comments.

1 of 1712345...10...»»