Daily IT Help – Page 29 – My daily IT journal

IPsec between Strongswan on AWS and Cisco IOS behind a NAT

On: October 29, 2018

My Strongswan : Local IP: 172.30.0.37 Elastic IP: 19.215.188.2 OS: Ubuntu My WAN: – Customer grade broadband Internet – Public IP:28.77.250.17 – connect to my fiber optics – Local gateway IP: 192.168.1.100 – we need to setup porftforwarding : UDP port 4500,500, to our router interface 192.16.1.108 My Cisco: – Cisco 1841 – fa0/1 : 192.168.1.108 – connect to My WAN router local interface – fa0/0: 172.16.8.254 – connect to my local switch / pc My Strongswan config: /etc/ipsec.conf config setup # strictcrlpolicy=yes # uniqueids = no conn %default ikelifetime=1440m keylife=60m rekeymargin=3m keyingtries=1 keyexchange=ikev1 authby=secret conn myremoteoffice left=172.30.0.37 #strongswan outside address leftsubnet=172.30.0.0/24,0.0.0.0/0 #network behind strongswanRead More →

Strongswan: allow client to access internet

By: itdoctor

On: October 26, 2018

In: Linux, Networking

2 sites vpn works well, they can see each other. but i want to send all internet from my remote sites to my strongswan including the internet. This need to get done on strongswan side: 10.0.3.0/24 is the remote subnet iptables -t nat -A POSTROUTING -s 10.0.3.0/24 -o eth0 -j MASQUERADERead More →

Strongswan: IPsec VPN – https error

By: itdoctor

On: October 26, 2018

In: General, Networking

i have 2 sites vpn between Strongswan and Cisco 1841 , the vpn works well , but there is a problem , some of ssl website could not open , after some research it turned out that’s the mtu issue. this is how i fix: conf t int fa0/1 ip mtu 1500 int fa0/0 ip mtu 1500 In case of yahoo, i need to update this on strongswan server: $ iptables -t mangle -A FORWARD -o eth0 \ -p tcp -m tcp –tcp-flags SYN,RST SYN \ -m tcpmss –mss 1361:1536 \ -j TCPMSS –set-mss 1360 $ echo 1 >/proc/sys/net/ipv4/ip_no_pmtu_disc For your reference: MTU woes inRead More →

How to use and exit minicom ?

By: itdoctor

On: October 24, 2018

In: General, Linux

minicom -s (this is to configure the terminal) to exit minicom Press Ctrl – A , select Z , select XRead More →

Cisco networking : access-list and access-class

By: itdoctor

On: October 23, 2018

In: Networking

When we apply an access-list to our router/switch, take this note: To apply an access list to a virtual terminal interface we must use the “access-class” command. This is used when we want to limit the access to our management interface. To apply an access list to a physical interface, we must use the “access-group” command.Read More →

Cisco Router: block ping from internet

By: itdoctor

On: October 23, 2018

In: Networking

Let say we have a router , it’s connected to internet via interface Fa0/1. For security reason, we don’t want internet use to ping our router. We need to disable icmp , this could be done through access list. Router#conf t Router(config)#ip access-list extended acl-internet-in Router(config)#deny icmp any any echo Router(config)#permit ip any any Router(config)#end Then we need to apply this access list to our internet interface : Fa/01 Router#conf t Router(config)#int fa0/1 Router(config)#ip access-list acl-internet-in in Router(config)#end Read More →

ntc – tempalates :cisco_ios_show_mac-address-table.template

By: itdoctor

On: October 10, 2018

In: General, Programming

#add this line in Type 3 – ^${VLAN}\s+${DESTINATION_ADDRESS}\s+${TYPE}\s+\S+\s+${DESTINATION_PORT} -> Record Value DESTINATION_ADDRESS (\w+.\w+.\w+) Value TYPE (\w+) Value VLAN (\w+) Value DESTINATION_PORT (\S+) Start ^Destination\s+Address\s+Address\s+Type\s+VLAN\s+Destination\s+Port -> TYPE1 ^\s+vlan\s+mac address\s+type\s+learn\s+age\s+ports -> TYPE2 ^\s+vlan\s+mac address\s+type\s+protocols\s+port -> TYPE3 ^Vlan\s+Mac Address\s+Type\s+Ports -> TYPE4 TYPE1 ^${DESTINATION_ADDRESS}\s+${TYPE}\s+${VLAN}\s+${DESTINATION_PORT} -> Record TYPE2 ^[\*|\s]\s+${VLAN}\s+${DESTINATION_ADDRESS}\s+${TYPE}\s+\S+\s+\S+\s+${DESTINATION_PORT} -> Record TYPE3 ^\s+${VLAN}\s+${DESTINATION_ADDRESS}\s+${TYPE}\s+\S+\s+${DESTINATION_PORT} -> Record ^${VLAN}\s+${DESTINATION_ADDRESS}\s+${TYPE}\s+\S+\s+${DESTINATION_PORT} -> Record TYPE4 ^\s+${VLAN}\s+${DESTINATION_ADDRESS}\s+${TYPE}\s+${DESTINATION_PORT} -> Record Read More →

Nagios: Sorry, but Nagios is currently not checking for external commands, so your command will not be committed!

By: itdoctor

On: September 27, 2018

In: General, Linux

When you tried to stop Nagios to monitor some services from web interfaces – you see the message below: Sorry, but Nagios is currently not checking for external commands, so your command will not be committed! This is because we haven’t enable this feature in our configuration, it’s easy to fix. Open your nagios config file , /etc/nagios3/nagios.cfg Look for this line: check_external_commands=0 change it to check_external_commands=1 and reload nagios /etc/init.d/nagios3 restart You might receive this error: Error: Could not stat() command file ‘/var/lib/nagios3/rw/nagios.cmd’!. The fix is # /etc/init.d/nagios3 stop Stopping nagios3 monitoring daemon: nagios3Waiting for nagios3 daemon to die… . # dpkg-statoverride –updateRead More →

Mysql to Postgres – column header in query – it’s all in lower case

By: itdoctor

On: September 19, 2018

In: General

By default when we run an query in postgres sql (psql) , all the table header is in lowercase , this is different with mysql. To keep the header as you want you have to put the column name in ” for example: select firstname as “FirstName” , LastName as “LastName” from users Read More →

/usr/bin/python^M: bad interpreter: No such file or directory

By: itdoctor

On: September 19, 2018

In: General, Linux

it’s because the new line difference between Unix and windows , the easiest fix it run this command dos2unix filename Read More →