Ondrej Žilinec – IT Blog

When you need to connect two sites with same IP subnet, you need to create Site to Site VPN on Layer 2. It means you need to create non-routing VPN between sites. Let’s assume we have following setup:

We need to make sure, that computer 10.30.31.10 can access computer 10.30.31.20 and vice-versa.

We need to install two linux servers. I love Debian distribution. So I have installled two Debian servers on both sites. Both servers have two interfaces:

ens192 – first interface which is used to connect for SSH. It has IP address and it working interface

ens224 – second interface which is in LAN we want to connect. It acts as TAP interface – like cable put into LAN without IP settings. This interface is only up.

You will make SSH connection from one site to another – it means one server has to be accessible from other site. I published TPC/22 (SSH) port from SITE B on Internet. So I could connect from Debian server from SITE A to SSH on Debian server in SITE B. You need to install following packages on Debian:

uml-utilities
bridge-utils
net-tools

Run following commands on both linux servers:

echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp
echo 1 > /proc/sys/net/ipv4/ip_forward

and make those settings pernament running command:

sysctl -p

On server which will do SSH server you need to change in SSH config file /etc/ssh/sshd_config following settings:

PermitRootLogin yes
PermitTunnel yes

Now are are ready to make SSH connection between linux servers. You have to run following command on “ssh client” server to make connection on “ssh server” server:

ssh -f -o Tunnel=ethernet -o TunnelDevice=0:0 -w 0:0 root@IP_SSH_SERVER true

This command makes SSH connection between linux servers and it creates special interfaces on both linux servers. These interfaces are called tap0. Now we need to bridge interfaces to make VPN work. We have to run following commands on BOTH servers:

Create bridge interface:

brctl addbr br0

Add “cable” interface ens224 and VPN TAP interface into bridge:

brctl addif br0 tap0
brctl addif br0 ens224

And now put all those interfaces up:

ifconfig ens224 up
ifconfig tap0 up
ifconfig br0 up

Now all connection is set and Site to site VPN works as sharm. I never thought it was that easy to create such a connection.

If you have VMWare, settings needed:

If you have Hyper-V, settings needed:

Enjoy.

Thank all folks,

It is very nice to have Linux environment on Windows computer. It is very easy to install it. Follow these steps:

• Run cmd.exe
• Run wsl –install
• List of available Linux distributions wsl -l -o
• Install your favorite Linux distro wsl –install -d NameofLinuxDistro
• Reboot machine
• Then you can find your favorite Distro:

Enjoy,

This is just a quickie. When you want to reset Splunk Index into default empty state, you can run following commands:

root@splunk01:/opt/splunk/bin# ./splunk stop

root@splunk01:/opt/splunk/bin# ./splunk clean eventdata

root@splunk01:/opt/splunk/bin# ./splunk start

Enjoy,

Once a while web-based update for firmware on IBM FlashSystem doesn’t work. Or it takes long time to finish. Then there is a time to make update manually by following steps:

• Download firmware update packages you would like to apply
• Log to FlashSystem using SSH and run command to clean failed or old files:

cleardumps -prefix /home/admin/upgrade

• Go back to your computer and upload downloaded firmware payload files into FlashSystem using following commands:

pscp.exe [FILE_TO_UPLOAD] superuser@[IP_FLASHSYSTEM]:/home/admin/upgrade

• When you upload required files (firmware image and upgradetest utility), you can select those files from web update system menu:

• Now you can proceed update as normal.

This bug with problem to upload huge files into FlashSystems are since 8.6.x.x of firmware.

Enjoy,

This is very fast quickie. When you want to find which directories take most of the data on Linux use following command:

 du -h -x -d 2 / | grep G

You can change “/” to corresponding directory you are interested in.

Have a nice day,

I was honored to be VMWare vExpert also this year 🙂

(http://blogs.vmware.com/vmtn/2016/02/vexpert-2016-award-announcement.html)

 

Couple days ago I had following problem. I wanted to install the newest firmwares on Lenovo (IBM) x3650 M5 server. I used Bootable Media Creator to create CD with latest firmwares for this machine. Problem came when I looked into firmwares BOMC wanted to upgrade:

Problem was that I wanted to upgrade firmware for SAS card ServeRAID N2225 which was installed in this server. This card is also supported and there was also new firmware downloaded into BOMC directory:

It looked like BOMC didn’t detect card in server and therefore it didn’t put it into the list of firmwares which should be upgraded. I tried other server which was in same configuration and it was same result. Then I tried to press ALT+F1 combination in BOMC. New bash shell came on screen. I tried list directory “ls -al” and I was there are all the files with firmwares. So I have tried to run binary with mentioned firmware:

Tadaaaaa….firmware upgraded. It looks like Lenovo has some bugs in its tool BOMC. I hope Lenovo support will get at least close to IBM support.

Have a nice day,

 

Yesterday I was trying to download HP Service Pack for ProLiant (SPP) from HP.COM website. It didn’t work at all – still some HTTP errors. Finally I found out that HP moved all its stuff to new domain hpe.com (HP Enterprise). That’s fine, but they forgot to rewrite all urls on websites to new hpe.com. 🙂 Finally I tried couple google hacks and I found HP FTP server where I could browse and find what I was looking for ftp://ftp.hp.com/pub/softlib2/software1/cd-generic/p67859018/.

Maybe this help someone faster than looking on slow HP’s websites.

 

I built RDS farm (Windows 2008 R2) at one of our customer. Customer has his own website where he has links to Excel files on some share. When some user tries to open file from this website he gets following question:

This is normal behaviour. So let’s press Open and we get following error (The file you are downloading cannot be opened by the default program. It is either corrupted or it has an incorrect file type…):

This says that default program is corrupted or it has incorrect file type. Huh? Excel is working fine and also it’s opening files 🙂 So you can Save file and then open it. Then it works fine.

So I started to google and I found one Microsoft KB article, where problem is described. There is also hotfix to download, but there is no hotfix for Windows Server 2008 R2. 🙂 Luckily there is also workaround specified. You can either save file first and then open (which is what we don’t want) or you can tweak registry keys as described in article:

When I implemented this registry tweaks everything works like it should. I’m happy they also posted Workaround and not just Hotfixes.

Have a nice day,

Trvalo mi nejaky ten cas kym som pochopil (vsimol si v zatvorke), ze “Nastroj na pripravu systemu” je po nasom SysPrep 🙂

Naco to prekladaju? Len s tym matu nepriatela. 🙂