Unflappings

For anyone who is trying to access file shares inside local VM’s running windows Vista or Windows 7, the following article does a great job explaining what needs to be done in order to change the “Location” of the VMware NICs. Apparently by default Windows cannot figure out what or where they are, so it shoves them off in the Public location and disables most of their abilities. I tried the registry key fix and it worked flawlessly (albeit after a reboot).

This issue also arises if your virtual environment has a different domain than your physical host workstation, which was the case for me. This will prompt you to authenticate, but no matter what credentials you enter, the share login will be unsuccessful. Anyway, give this a shot.

http://aspoc.net/archives/2008/10/30/unidentified-network-issue-with-vmwares-virtual-nics-in-vista/

Bold indicates a button clicked or key pressed.
“quotes” indicates a value which has been entered.

Grey block quote is a command typed directly into the console.

If you happen to come across the following error:

Joined ‘LOCALHOST’ to realm ‘test.lcl’
[2010/03/04 14:39:39,     0] utils/net_ads.c:1080(net_update_dns_internal)   net_update_dns_internal: Failed to connect to our DC!
DNS update failed!

This simply means that your FQDN entry for the Linux system you are trying to join is incorrect as far as AD is concerned. In this case the box LOCALHOST.LOCAL.LCL was trying to join the domain TEST.LCL and there was an obvious mismatch. However not quite as obvious of an error message. Update this information in your /etc/hosts file and you should be set!

Bold indicates a button clicked or key pressed.
“quotes” indicates a value which has been entered.

Grey block quote is a command typed directly into the console.

Purpose

The following steps allow you to convert a PFX certificate file in Windows Server to a PEM file. This is important since most Linux/Unix systems prefer a PEM format for certificate use, especially something like an Apache web server.

1. Download and install the Win32 OpenSSL (v0.9.8i) package from http://www.slproweb.com/products/Win32OpenSSL.html
2. Create the folder C:\certs and copy your exported PFX certificate file inot the C:\certs folder. The name yourcert.pfx is used in this example.
3. Go to Start, then click Run and type in “cmd” and press enter. This should bring up a command prompt which you can use to change into the OpenSSL bin directory.

cd %homedrive%\OpenSSL\bin

openssl pkcs12 -in C:\certs\yourcert.pfx -out c:\certs\newcertname.pem -nodes

4. This should convert the file from a PFX format to a PEM format, feel free to substitute your own name instead of “newcertname.pem”. Also be sure this command is entered as one line, regardless of how it appears on this site. When prompted, enter the password you used when exporting the PFX file from the Windows certificate store. You should then receive the message “MAC verified OK”.
5. Open “newcertname.pem” in notepad, and cut out the private key into C:\OpenSSL\bin\private\privatekey.pem (or another path and name as you see fit).
6. Also cut out the CA Certificate into C:\OpenSSL\bin\cacert.pem
7. Modify c:\OpenSSL\bin\openssl.cfg configuration file and change the [alt_names] to whichever alternative names you wish.
8. Create a new request, by typing the following commands.

openssl req -new -nodes -keyout privatekey.pem -out cert-request.pem

openssl ca -out issued-cert -in cert-request.pem

9. This should have created a new request and signed it with the CA’s private key. Keep in mind the path to these certificate files are not included here so make sure you are in the proper directory (i.e. the same directory) for those files.
10. If you get errors during this procedure, clear the index.txt and serial files within the OpenSSL directory to be sure it is working with a fresh batch. Below is the configuration file for OpenSSL and is to be used as reference. Not all of the configuration is the same, so be sure to double check names of certificates and paths.

Continue Reading »

Purpose

With any firewall and gateway, the issue of a single point of failure is always present. In order to mitigate this Common Address Redundancy Protocol was invented for the BSD world. For those of you coming from a Cisco or other network gear manufacturer, this functions at a high level the same as VRRP or HSRP. The main difference seen with pfSense is the ability to sync configurations using pfsync. This tutorial should provide an overview of configuring this setup within pfSense and showing effects of downtime on the system.

First of all we have the general layout of this sample setup.

Continue Reading »

Recently pfSense 2.0 was released into beta stages, and as an avid 1.2.x line user, I was eager to check it out. I did still want the ability to rollback to a previous version if things were too unstable, so I configured dual booting the stable 1.2.x line with the experimental 2.0 build. Note this should also work for any other versions in the future, but these two are just used as an example.

• Back up current configuration of stable system. Make sure you have the config.xml file handy to upload since you will actually need to re-install the system if you do not already have correctly sized slices.
• Boot stable pfSense media. It actually does not matter which is used, but for the sake of example stable comes first.
• Select to (i) install to the local hard disk.
• Select < Custom Install > as shown below after configuring keyboard and display.

• Next select the hard disk you would like to use to install the system. You may install over several drives if you wish using the same general idea, the only difference is where you place partitions. I am using a single drive setup here for simplicity and commonality.

Continue Reading »

If you are using pfSense (and possibly FreeBSD for that matter) you may have run into the problem of VLAN interfaces not responding after a reboot or interface creation. This leads to serious problems when this is your main router platform, as independent network segments are unable to communication.

Symptoms of this include:

• Systems can ARP the MAC address of the network card, but are unable to ping it.
• pfSense with Realtek RTL8110SC NIC responds to DHCP or any other layer 2 system but does not respond on layer 3.
• Realtek RTL8110SC instability issues and inconsistent VLAN state.

The fix  for this is much less than ideal, but it works in a pinch and in most situations where absolute performance is not the key, but rather making things stable till another workaround (or suggested hardware replacement) comes up.

#ifconfig rex promisc

Where “reX” is reO, re1, etc… or whatever the name of your parent interface. Doing this on a per-vlan level will not help. Please be aware there are performance hits to this tactic, as each packet seen on the interface will be passed to the CPU, not just the ones destined for it.  It may be quick and dirty, but it works. If anyone has an alternate suggestion on why this happens, please chime in.

This tutorial will show you how to manage your computers remotely while on the go with your Droid. This is helpful especially while on the go. You can now monitor your active torrents or grab an important file your forgot to sync while on the move and while at the office. Speaking of monitoring torrents from your device, a new lightweight option is to use this guide of monitoring and downloading torrents directly on the go. If you need help setting up a VPN on your home network, stay tuned to this site as a follow up article will be written soon.

On you Motorola Droid (Android 2.0 and 2.1)
1. Navigate to the menu and click “Settings”
2. Click “Wireless and Networks”
3. Click “VPN Settings” and click “Add VPN”
4. For this example we will be using a PPTP vpn. If you have another type of VPN set up at school, work or home, the directions will differ slightly.
5. After clicking “PPTP VPN”, give the VPN a name, this can be anything
6. In the box that says “set VPN server”, this is where you are going to inset a dns name or an ip. If you are unsure what the name is, contact your work or school to see if their is some kind of document. If this is a home VPN, you can get a DNS name through dynamic DNS.

http://www.dyndns.com/

7. For this example, I will use “MytestVPNname.selfip.com”
8. If encryption is enabled on the VPN, be sure to check the next box
9. Make sure you have cell service (3G not required but recomended) and click connect. The droid should bring up a notification stating that you are successfully connected.

So now that you are connected to the VPN, you can access any computer remotely on that network in which you have credentials for. The best way to do this is to head to the marketplace on your Droid and download the free version of Remote Desktop. This will allow you to RDC into any machine on the VPN network as stated before, allowing you to monitor your torrents, stream music, or grab an important file from work while on the go. The RDC program I have been using is “Remote RDP Demo”.