Unflappings

Recently I came across the issue of having to pass PPTP traffic from an internally PAT’ed LAN to an external PPTP server. For the sake of not taking the time of drawing an entire diagram, here is the ASCII version:

[Internal LAN] –>(internal address) [Cisco IOS Router] (external address)—> [Internet] —> [PPTP Server]

Please note that even though PPTP VPNs have made many appearances to this site so far, by no means do I recommend using them for most systems. In fact, as I will explain, using them in conjunction with Cisco IOS gear can be especially frustrating if you have not been informed of several caveats.

With the configuration I was using, there was a standard access list on the external interface of the IOS router only allowing in things for regular IPsec VPN’s such as UDP port 500, and ISAKMP. I also made sure to include the #inspect pptp line in my default inspect list. If you are not aware of what the inspect lines do, please refer to this document which gives a general overview:
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_i2.html#wp1068224

The purpose for inspect lines is basically to “fix” the protocols passing through NAT devices to allow them to properly function behind IP translations. For example, an oddball (but favorite) protocol like FTP actually uses two channels, port 21 for the initial control connection, but then additionally the FTP server sends a request to the client from port 21. If normal ACL and NAT rules were applied, the traffic going through port 21 would be allowed through and back just fine, while port 20 would get completely blocked since it would be seen as a new incoming connection with no translation.

The “ip inspect” commands along with the ASA inspect or PIX fixup syntax tells the underlying processing system “hey, this is a weird protocol, help it out”. In the case of FTP this then opens up both port 21, and then allows an incoming flow on port 20 back in from the same source. Sort of a “it’s cool, I’m with him” approach.  Then FTP works as expected, configuration was a bit easier, and life goes on.

So back to our original topic, PPTP. This protocol also does some wonky stuff (but for better reasons than FTP). Read up on this in bored-to-tears depth here.  The boiled down version is that the connection initiates on TCP port 1723, a control channel if you will, and the PPTP server will respond back by opening up a GRE tunnel for data. Sound familiar? Control channel, data channel, much like FTP. So one would assume that the inspect commands for both of these protocols would work the same way. You’d be wrong, just as I was.

After having to TAC the case, and having the Cisco engineer struggle with things a little while, he eventually came to the conclusion that, yes the inspect command usually opens up that second line of communication for other protocols just fine, in the case of PPTP this is not the case, and by design apparently. The inspect pptp command lets the control channel work just fine…but it never allows the returning GRE tunnel. Fantastic.

So what does inspect pptp actually do? Well the same thing inspect tcp would do actually, only to a more limited scope. Instead of allowing stateful inspection of all TCP, you just allow for PPTP connections. However, in order to allow an actual tunnel to b established, Cisco recommends allowing all GRE from the needed hosts on the outside access list inbound. How elegant.

Long story short, inspect pptp is a useless command in any situation I’ve seen, and having to open up full GRE allow rules is a bit of a hack. One more reason for PPTP VPN servers to go by the wayward side.

Introduction

Cisco ACS is the newest revision (as of 8/2010) of their RADIUS/TACACS+ authentication server, which allows you to centrally manage user access and all that good stuff. One big thing people may ask is why not just use Windows IAS or Network Access Policy role on the newer servers. The Windows solution makes a whole lot of sense for small to medium installs, or where the IT staff is not strictly defined as “server” and “network” guys.  In larger installations or where this is the case, a box removed from the Active Directory servers and able to be controlled by “network” staff can more effectively delegate management throughout the organization.  Now lets dive in to the installation procedures.

Note: Keep in mind this install needs 60GB of free disk space and 1GB of usable memory, otherwise installations will fail.

Continue Reading »

If you have recently followed the previous post dealing with setting up a pptp vpn connection on your droid for remote monitoring and file sharing, you have come to find out that when you are not connected to wifi or 3G your remote connection can at times be slow. When you are busy, on the go, but want to make sure you have your files downloaded when you get home, follow this quick start guide. This guide will allow you to remotely download, monitor, and maintain torrents from your home PC all from your Android device. I will be listing all the steps necessary to remotely monitor torrents from your Android Device. We are going to be covering uTorrent installation (although any torrent utility with a web management utility should work) , uTorrent Configuration, Networking setups, and finally Android Application configuration. It may sound like a lot, but don’t fear. Following this tutorial should only take a few minutes.

Continue Reading »

Photo from DroidNews

Sometimes when you find new apps on the market, or download them from your favorite source, your phone starts to act less then favorable. Sometimes this can be due to a faulty app, or an app that conflicts to another. It is easy when you install one app at a time, because you can simply remove the suspected app. When you install multiple apps, on multiple days, it is harder to pinpoint the certain app causing an issue.  At times, it would be better to do a clean install and force an update to refresh your phone to factory status. Follow the steps below if you would like to bypass your new phone installation and boot your Droid into “safemode” to see if that faulty app really is causing issues with your phone such as lag, unresponsiveness, or massive battery drain.

1. Power off your device
2. When powering on your device, hold the menu button on the physical keyboard (it looks like 4 horizontal lines) as well as the power button
3. Hold the menu button until you see the Droid “Eye”. This has been completed when you feel the phone vibrate
4. After the vibration, release the menu key and let the phone boot as normal. You will now see “safe mode” in the corner of your phone. If your phone acts normal now, it was due to a faulty app or widget that did not get along with your phone setup. If you phone is still acting up, it may be a hardware issue or it may be time to clear your settings and do a phone update.

Photo Courtesy of ZDnet

So you want the new 2.1 update for your Droid but you don’t want to wait for the Over the Air (OTA) update. Maybe you rooted your phone and you simply want to mess around with the files for development purposes. Well you can grab the download here and also get installation instructions below.

NOTE* this is for Droid phones which are not rooted and are running 2.0.1 ***CONFIRMED*** This works on Rooted and Unrooted Droids. Proceed at your own Caution while applying this update with a Rooted Droid. If you have applied any custom ROM’s you may run into problems. In addition it may be better to go back to stock before you proceed with this tutorial.

Continue Reading »

It is a hassle when you are messing with customizing your phone and you lose all your important data. Luckily, the good thing about the Android OS is the ability to upload all your data to the “cloud”. Unfortunately, this does not entail the backup of your system settings, text messages and phone logs.

Don’t fear, and don’t buy any expensive solutions that claim to be the one touch backup king. Not that the PPU solutions won’t work nicely, because they do. However, in times like these, its much better to go the free route.

To backup your Call Logs and restore them, follow the steps below:

1. Go to the Android market, and download “Call Logs Backup & Restore”
2. Install the Application
3. Open the application, and select “Backup Call Logs”
4. Wait patiently, at times this process can take a few moments

To backup your Call Logs backup to your local machine (The extra care procedure, not needed)

1. Plug your phone into a computer via a USB cable
2. Go to your notification bar, and select “USB Connected” and then select “Mount”
3. Navigate to your computer and open your Android SD card. This will show up as a Removable Device
4. Open the folder named CallLogBackupRestore and copy that file to a protected drive or simply that computer for future use

To restore your Call Logs simply open the Call Logs Backup & Restore application and select “Restore Call Logs” If your phone crashed or SD card malfunctioned, place your backed up file on your computer back into the CallLogBackupRestore Directory.

Also See: Backup Text Messages on Android

It is a hassle when you are messing with customizing your phone and you lose all your important data. Luckily, the good thing about the Android OS is the ability to automatically upload all your data (contacts etc.) to the “cloud”. Unfortunately, this does not entail the backup of your system settings, text messages and phone logs.

Don’t fear, and don’t buy any expensive solutions that claim to be the one touch backup king. Not that the PPU solutions won’t work nicely, because they do. However, in times like these, its much better to go the free route.

To backup your text messages and restore them, follow the steps below:

1. Go to the Android market, and download “SMS Backup & Restore”
2. Install the Application
3. Open the application, and select “Backup SMS Messages”
4. Wait patiently, at times this process can take a few moments

To backup your text message backup to your local machine (The extra care procedure, not needed)

1. Plug your phone into a computer via a USB cable
2. Go to your notification bar, and select “USB Connected” and then select “Mount”
3. Navigate to your computer and open your Android SD card. This will show up as a Removable Device
4. Open the folder named SMSBackupRestore and copy that file to a protected drive or simply that computer for future use

To restore your messages, simply open the SMS backup & restore application and select “Restore SMS Messages” If your phone crashed or SD card malfunctioned, place your backed up file on your computer back into the SMSBackupRestore Directory.

Also See Backup Phone Logs on Droid