Provision a CAP-only SKU Aruba wireless AP to VC

I recently had a problem with my newly purchased Aruba AP-305 not being able to be added to the VC. The solution was discovered through research.

Firstly, use the following command to show the provisioning log:

show log provision

If you got something like “ADP info: CAP-only sku. Will set it as standalone mode“. This is due to the lack of CCODE (i.e. Country-Code)  in this AP. The solution is also simple.

  1. Connect the serial cable to the console port of Aruba AP
  2. Reset the AP
  3. Hit any key to break into apboot >
  4. proginv system ccode CCODE-[CC]-[SHA1]

    (replace [SHA1] with the SHA-1 hash of “[CC]-[SN]” ([CC] is your AP’s Restricted Regulatory Domain, like RW, US, JP and IL), and [SN] is the serial number)

    US – Restricted Regulatory Domain – US
    JP – Restricted Regulatory Domain – Japan
    IL – Restricted Regulatory Domain – Israel
    RW or UNRST – Rest of the World (Unrestricted)

    For example CCODE-RW-de6fdb363ff04c13ee261ec04fbb01bdd482d1cd

  5. invent -w
  6. dhcp
  7. setenv serverip [TFTP_Server_IP]
  8. upgrade os 0 [ArubaInstant_Firmware]
  9. upgrade os 1 [ArubaInstant_Firmware]
  10. factory_reset
  11. saveenv
  12. reset

Now it’s done.

Solution for unable resolving an A record with an intranet address when using pfSense

If you are having trouble resolving a domain name with an A record as an intranet address when using pfSense, add the following field to the Custom options of your DNS Resolver settings.

server:
private-domain: "example.com"

继续阅读Solution for unable resolving an A record with an intranet address when using pfSense

Routing local traffic to a remote outbound with pfSense Firewall and OpenVPN

The purpose of this article is to realize the local machine X can communicate over local router A running pfSense through the WAN gateway of the remote router B also with pfSense.


The lab environment

Local machine X:
[IP_ADDR]=192.168.0.254 [Mask]=255.255.255.0 [GW]=192.168.0.1

Local router A:
[IP_ADDR]=192.168.0.1 [Mask]=255.255.255.0 [GW]=Router_A_WAN_ADDR

Remote router B:
[IP_ADDR]=192.168.11.1 [Mask]=255.255.255.0 [GW]=Router_B_WAN_ADDR

OpenVPN client on router A:
[Mode]=TUN [Interface]=OVPN_A  [IPv4 Tunnel Network]=192.168.30.49/30

OpenVPN server on router B:
[Mode]=TUN [Interface]=OVPN_B [IPv4 Tunnel Network]=192.168.30.50/30


1. Establish an OpenVPN TUN tunnel between router A and B anyway. This is not the focus of this article.

2. Set a allow all rule for OVPN_B on router B

[Area]=OVPN_B
[Action]=Pass
[Interface]=OVPN_B
[Protocol]=Any
[Src]=any
[Dst]=any

3. Set an Outbound NAT on the firewall of router B

[Interface]=WAN
[Protocol]=Any
[Src]=192.168.0.0/24 (or any area you want)
[Dst]=any
[Translation addr]=Interface Address

4. Set a rule for routing traffic to OVPN_A on the LAN firewall table of router A

# Route all traffic of local machine X
[Area]=LAN
[Action]=Pass
[Interface]=LAN
[Protocol]=Any
[Src]=192.168.0.254
[Dst]=any
[Gateway]=OVPN_A

# Route specific destnation IP traffic
[Area]=LAN
[Action]=Pass
[Interface]=LAN
[Protocol]=Any
[Src]=any
[Dst]=192.168.11.1 (example)
[Gateway]=OVPN_A


Result: (Tested on local machine X)
> tracert 192.168.11.1

Tracing route to 192.168.11.1 over a maximum of 30 hops

1 20 ms 20 ms 20 ms 192.168.30.49
2 30 ms 30 ms 30 ms 192.168.11.1

Trace complete.

Use Doxygen to generate documents and diagrams or graphs for your source code

1. apt install required paackages

$ sudo apt update
$ sudo apt install doxygen dia graphviz

2. generate the Doxyfile

$ cd [SOME_PATH]
$ doxygen -g

3. edit the Doxyfile

OUTPUT_DIRECTORY = [YOUR_OUTPUT_DIRECTORY]
INPUT = [YOUR_SOURCE_CODE]
RECURSIVE = YES
EXTRACT_ALL = YES
EXTRACT_PRIVATE = YES
EXTRACT_STATIC = YES
CLASS_DIAGRAMS = YES
DIA_PATH = /usr/bin/dia
HAVE_DOT = YES
CLASS_GRAPH = YES
COLLABORATION_GRAPH = YES

4. run doxygen

$ doxygen [YOUR_Doxyfile]

5. result examlple

继续阅读Use Doxygen to generate documents and diagrams or graphs for your source code

Note: Setup collectd and collectd-web on Ubuntu/Debian

# apt install collectd

# nano /etc/collectd/collectd.conf

# service collectd start

# apt-get install git
# apt-get install python
# apt-get install librrds-perl libjson-perl libhtml-parser-perl libcgi-session-perl

# cd ~
# git clone https://github.com/httpdss/collectd-web.git
# cd collectd-web
# chmod +x cgi-bin/graphdefs.cgi

# nano runserver.py

Change listen IP address to 0.0.0.0

# ./runserver.py &

# killall python

Note: Add swap file to ubuntu

Check swap file

# swapon -s

Create swap file

# dd if=/dev/zero of=/swap.img bs=1G count=8

Set swap file right

chmod 600 /swap.img

Check swap file right

# ll /swap.img

Format swap file

# mkswap /swap.img

Activate swap file

# swapon /swap.img

Deactivate swap file

# swapoff /swap.img

Check swap

# swapon -s
# free -h

Auto mount swap fs

# echo "/swap.img none swap sw 0 0" >> /etc/fstab

Note: How to reverse proxy a Minecraft server with Nginx

Check your kernel version >= 4.9

uname -a

Enable BBR

sysctl -w net.core.default_qdisc=fq
sysctl -w net.ipv4.tcp_congestion_control=bbr
sysctl -w net.ipv4.tcp_notsent_lowat=16384
sysctl -p

Add stream config to /etc/nginx/nginx.conf

stream {
include /etc/nginx/tcp.d/*.conf;
}

Create a new config for Minecraft server

upstream [YOUR_MINECRAFT_SERVER] {
server [YOUR_MINECRAFT_SERVER]:[PORT];
}
server {
listen [PORT];
proxy_pass [YOUR_MINECRAFT_SERVER];

}

Test Nginx config

nginx -t

Reload Nginx

nginx -s reload

Optional: Add DNS SRV record

Name     _minecraft._tcp.[YOUR_MINECRAFT_SERVER].tld
Priority [0-65535]
Weight   [0-65535]
Port     [PORT]
Value    [YOUR_MINECRAFT_SERVER]

Note: How to use rsync without SSH

Server config: /etc/rsyncd.conf

uid = www-data
gid = www-data
max connections = 4
use chroot = no
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
#hosts allow = 0.0.0.0
#hosts deny = 192.168.100.0/24

[rsync]
path = /var/www/html
comment = rsync
auth users = rsync
ignore errors
read only = yes
list = yes
auth users = rsync
secrets file = /etc/rsyncd.pwd

 

Secret: /etc/rsyncd.pwd

rsync:rsync

 

Server run:

$ rsync --daemon --config=/etc/rsyncd.conf

 

Client connect:

$ rsync --list-only -rsh=rsh --port=873 [email protected]_TARGET_ADDRESS::rsync