Some PXE clients send extraneous garbage characters in TFTP requests for files, e.g. “RRQ from … filename pxelinux.biny#012;o#036”instead of just “pxelinux.bin”. This is logged in the syslog. To work around this we can use a feature of tftp-hpa to remap file names, based on a rewrite regex: /etc/default/tftp-hpa: TFTP_OPTIONS=”–secure –verbose -v -m /etc/tftpd.map” /etc/tftpd.map: r … Continue reading Remapping file names with TFTP-HPA for buggy PXE clients
Category Archives: Networking
PXE Booting Guide
Configure DHCP ServerConfiguration below is for isc-dhcp-server on Linux: # For hardware LAN Boot ROMs:option tftp-server-address 192.168.1.200;filename “pxelinux.0”;# For HyperV Guests:# option 60 = client identifieroption dhcp-client-identifier “PXEClient”;# option 66 = TFTP server nameoption tftp-server-name “192.168.1.200”;# option 67 = Bootfile nameoption bootfile-name “pxelinux.0”; 2. Configure TFTP ServerOn Linux, tftp-hpa is recommended, with a directory structure … Continue reading PXE Booting Guide
OXO Connect with Mikrotik RouterOS
Mikrotik RouterOS based routers can be used as VPN endpoints to provide remote support for Alcatel-Lucent PABX’s. This includes the virtual device images (Cloud Hosted Router), so a dedicated virtual machine can be implemented to provide the VPN responder. At the time of writing this post, Mikrotik does not support EAP on the responding end, … Continue reading OXO Connect with Mikrotik RouterOS
OXO Connect to Linux with Strongswan
Strongswan is a IPsec provider for Linux. It can be used to provide a responder endpoint for connection to phone systems using OXO Connect. Below are the key settings that have been tested to work with a OXO Connect PSK-PSK profile, using Debian Linux: /etc/ipsec.conf: conn ike2psk-clientA auto=add keyexchange=ikev2 ike=aes256-sha2_256-modp2048! # modify to match esp=aes256-sha2_256-modp2048! … Continue reading OXO Connect to Linux with Strongswan
Guacamole on Debian Buster
Apache Guacamole is a HTML5 web application that allows remote access to servers through a browser. It has components to serve SSH or VNC through a web page, useable as an SSL VPN. The version (0.9.9) packaged with Debian Buster (and hence Raspbian for a Raspberry Pi 4) is years old and incomplete, making installation … Continue reading Guacamole on Debian Buster
Configure Geo-blocking with Apache on Debian
To enable Geo-IP Blocking on Debian 9 Stretch, assuming you already have a running Apache web server: apt install libmaxminddb0 libmaxminddb-dev apt install apache2-dev Download and extract the latest MaxMind Apache mod version from: https://github.com/maxmind/mod_maxminddb/releases Follow the instructions to configure and install from the source code Download and install the GeoIP Update program to automate … Continue reading Configure Geo-blocking with Apache on Debian
OpenVPN on MikroTik Router
The steps below show how to configure OpenVPN connections to a MikroTik router. Note that at the time of writing MikroTik’s RouterOS only supports TCP connections to OpenVPN, not UDP. Before proceeding, a Certificate Authority should be available to manage certificates – see our previous post for using the MikroTik for this. Configure the IP … Continue reading OpenVPN on MikroTik Router
Managing Certificates on Mikrotik Router with Winbox
Certificates on Mikrotik’s RouterOS can be managed through the web interface or the Winbox software. Below are basic guidelines for configuring a CA to get you started. Configure the CA Firstly, create a certificate to be used for the CA (Certificate Authority) signing, then self sign it: System -> Certificates -> Add New -> Name … Continue reading Managing Certificates on Mikrotik Router with Winbox
Draytek 2700G DNS suffix
On Draytek 2700G ADSL router to add a DNS suffix to the DHCP server use the following command in a telnet session to the router: >sys domainname mydomain.local You can also define a hostname for the router, e.g.: >sys name gw.mydomain.local The changes save automatically.
Valid push dhcp-options for OpenVPN
push “dhcp-option DNS 192.168.1.10″push “dhcp-option WINS 192.168.1.10″push “dhcp-option DOMAIN mydomain.local” In pfSense these options should be set on the OpenVPN “server” settings; they do not need to be in the client’s config file.