Some PXE clients send extraneous garbage characters in TFTP requests for files, e.g. “RRQ from … filename pxelinux.biny#012;o#036”instead of just “pxelinux.bin”. This is logged in the syslog. To work around this we can use a feature of tftp-hpa to remap file names, based on a rewrite regex: /etc/default/tftp-hpa: TFTP_OPTIONS=”–secure –verbose -v -m /etc/tftpd.map” /etc/tftpd.map: r … Continue reading Remapping file names with TFTP-HPA for buggy PXE clients
Configure DHCP ServerConfiguration below is for isc-dhcp-server on Linux: # For hardware LAN Boot ROMs:option tftp-server-address 192.168.1.200;filename “pxelinux.0”;# For HyperV Guests:# option 60 = client identifieroption dhcp-client-identifier “PXEClient”;# option 66 = TFTP server nameoption tftp-server-name “192.168.1.200”;# option 67 = Bootfile nameoption bootfile-name “pxelinux.0”; 2. Configure TFTP ServerOn Linux, tftp-hpa is recommended, with a directory structure … Continue reading PXE Booting Guide
Mikrotik RouterOS based routers can be used as VPN endpoints to provide remote support for Alcatel-Lucent PABX’s. This includes the virtual device images (Cloud Hosted Router), so a dedicated virtual machine can be implemented to provide the VPN responder. At the time of writing this post, Mikrotik does not support EAP on the responding end, … Continue reading OXO Connect with Mikrotik RouterOS
Strongswan is a IPsec provider for Linux. It can be used to provide a responder endpoint for connection to phone systems using OXO Connect. Below are the key settings that have been tested to work with a OXO Connect PSK-PSK profile, using Debian Linux: /etc/ipsec.conf: conn ike2psk-clientA auto=add keyexchange=ikev2 ike=aes256-sha2_256-modp2048! # modify to match esp=aes256-sha2_256-modp2048! … Continue reading OXO Connect to Linux with Strongswan
Apache Guacamole is a HTML5 web application that allows remote access to servers through a browser. It has components to serve SSH or VNC through a web page, useable as an SSL VPN. The version (0.9.9) packaged with Debian Buster (and hence Raspbian for a Raspberry Pi 4) is years old and incomplete, making installation … Continue reading Guacamole on Debian Buster
To enable Geo-IP Blocking on Debian 9 Stretch, assuming you already have a running Apache web server: apt install libmaxminddb0 libmaxminddb-dev apt install apache2-dev Download and extract the latest MaxMind Apache mod version from: https://github.com/maxmind/mod_maxminddb/releases Follow the instructions to configure and install from the source code Download and install the GeoIP Update program to automate … Continue reading Configure Geo-blocking with Apache on Debian
The steps below show how to configure OpenVPN connections to a MikroTik router. Note that at the time of writing MikroTik’s RouterOS only supports TCP connections to OpenVPN, not UDP. Before proceeding, a Certificate Authority should be available to manage certificates – see our previous post for using the MikroTik for this. Configure the IP … Continue reading OpenVPN on MikroTik Router
Certificates on Mikrotik’s RouterOS can be managed through the web interface or the Winbox software. Below are basic guidelines for configuring a CA to get you started. Configure the CA Firstly, create a certificate to be used for the CA (Certificate Authority) signing, then self sign it: System -> Certificates -> Add New -> Name … Continue reading Managing Certificates on Mikrotik Router with Winbox
On Draytek 2700G ADSL router to add a DNS suffix to the DHCP server use the following command in a telnet session to the router: >sys domainname mydomain.local You can also define a hostname for the router, e.g.: >sys name gw.mydomain.local The changes save automatically.
push “dhcp-option DNS 192.168.1.10″push “dhcp-option WINS 192.168.1.10″push “dhcp-option DOMAIN mydomain.local” In pfSense these options should be set on the OpenVPN “server” settings; they do not need to be in the client’s config file.