Occassionally your NBN Internet connection may have an outage or go down for extended maintenance. In this case it is possible to use an Android or iPhone smart phone to provide Internet access to your office network, via a Windows computer. Notes & limitations:
Category Archives: Networking
Wireless Networking General Information
Tips Band Steering – access point waits 15secs before responding on 2.4GHz to give more time for client to connect to 5GHz instead. 802.11 Wi-Fi Standards: Typical RSSI (Received Signal Strength Indicator) values: (*Technically vendors choose their own RSSI scale, reporting some value between 0 – 255.) Typical Link Speeds:(Window PC, Intel AX201 adapter) Group … Continue reading Wireless Networking General Information
IPsec on Debian Bookworm with Swanctl
Strongswan-swanctl introduces the new configuration format for IPsec on Debian Bookworm. Unfortunately the configuration is more convoluted. Start by installing charon-systemd, which will bring in the required packages: sudo apt install charon-systemd Key component packages: Example road-warrior config shown below, using IKEv2 with a certificate to authenticate the server and a user ID and password … Continue reading IPsec on Debian Bookworm with Swanctl
Draytek IPsec VPN errors
The following errors occur on a Draytek IPsec if the VPN name has been modified: ISAKMP Identification Payload has an unknown value … … ISAKMP payload must be zero … … smalformed payload: probable authentication (preshared secret) failure … Matching General Setup key for dynamic ip client … To fix the problem it is necessary … Continue reading Draytek IPsec VPN errors
Practical IPsec VPN Information
IPsec (common for IKEv1 and IKEv2): IKEv1: AH vs ESP: Perfect Forward Security (PFS): Dead-Peer Detection (DPD): Aggressive vs. Main: IKEv2 enhancements: Xauth: L2TP/IPsec:
L2TP/IPsec VPN with PSK on Windows 10 connecting to RRAS
When trying to connect a Windows 10 client to Server 2019 Routing and Remote Access L2TP/IPsec tunnel two important settings are required on the client that aren’t commonly documented:
Remapping file names with TFTP-HPA for buggy PXE clients
Some PXE clients send extraneous garbage characters in TFTP requests for files, e.g. “RRQ from … filename pxelinux.biny#012;o#036”instead of just “pxelinux.bin”. This is logged in the syslog. To work around this we can use a feature of tftp-hpa to remap file names, based on a rewrite regex: /etc/default/tftp-hpa: TFTP_OPTIONS=”–secure –verbose -v -m /etc/tftpd.map” /etc/tftpd.map: r … Continue reading Remapping file names with TFTP-HPA for buggy PXE clients
PXE Booting Guide
Configure DHCP ServerConfiguration below is for isc-dhcp-server on Linux: # For hardware LAN Boot ROMs:option tftp-server-address 192.168.1.200;filename “pxelinux.0”;# For HyperV Guests:# option 60 = client identifieroption dhcp-client-identifier “PXEClient”;# option 66 = TFTP server nameoption tftp-server-name “192.168.1.200”;# option 67 = Bootfile nameoption bootfile-name “pxelinux.0”; 2. Configure TFTP ServerOn Linux, tftp-hpa is recommended, with a directory structure … Continue reading PXE Booting Guide
OXO Connect with Mikrotik RouterOS
Mikrotik RouterOS based routers can be used as VPN endpoints to provide remote support for Alcatel-Lucent PABX’s. This includes the virtual device images (Cloud Hosted Router), so a dedicated virtual machine can be implemented to provide the VPN responder. At the time of writing this post, Mikrotik does not support EAP on the responding end, … Continue reading OXO Connect with Mikrotik RouterOS
OXO Connect to Linux with Strongswan
Strongswan is a IPsec provider for Linux. It can be used to provide a responder endpoint for connection to phone systems using OXO Connect. Below are the key settings that have been tested to work with a OXO Connect PSK-PSK profile, using Debian Linux: /etc/ipsec.conf: conn ike2psk-clientA auto=add keyexchange=ikev2 ike=aes256-sha2_256-modp2048! # modify to match esp=aes256-sha2_256-modp2048! … Continue reading OXO Connect to Linux with Strongswan