科技 – NyaMoe – いつ空

Provision a CAP-only SKU Aruba wireless AP to VC

I recently had a problem with my newly purchased Aruba AP-305 not being able to be added to the VC. The solution was discovered through research.

Firstly, use the following command to show the provisioning log:

show log provision

If you got something like “ADP info: CAP-only sku. Will set it as standalone mode“. This is due to the lack of CCODE (i.e. Country-Code) in this AP. The solution is also simple.

Connect the serial cable to the console port of Aruba AP
Reset the AP
Hit any key to break into apboot >
```
proginv system ccode CCODE-[CC]-[SHA1]
```
(replace [SHA1] with the SHA-1 hash of “[CC]-[SN]” ([CC] is your AP’s Restricted Regulatory Domain, like RW, US, JP and IL), and [SN] is the serial number)

US – Restricted Regulatory Domain – US
JP – Restricted Regulatory Domain – Japan
IL – Restricted Regulatory Domain – Israel
RW or UNRST – Rest of the World (Unrestricted)

For example CCODE-RW-de6fdb363ff04c13ee261ec04fbb01bdd482d1cd
```
invent -w
```
```
dhcp
```
```
setenv serverip [TFTP_Server_IP]
```
```
upgrade os 0 [ArubaInstant_Firmware]
```
```
upgrade os 1 [ArubaInstant_Firmware]
```
```
factory_reset
```
```
saveenv
```
```
reset
```

Now it’s done.

Solution for unable resolving an A record with an intranet address when using pfSense

If you are having trouble resolving a domain name with an A record as an intranet address when using pfSense, add the following field to the Custom options of your DNS Resolver settings.

server:
private-domain: "example.com"

继续阅读Solution for unable resolving an A record with an intranet address when using pfSense

Solution of ESXi cannot wget over HTTPS

esxcli network firewall set --enabled false


wget https://example.com/folder/file -P /vmfs/volumes/datastore/folder

esxcli network firewall set --enabled true

Routing local traffic to a remote outbound with pfSense Firewall and OpenVPN

The purpose of this article is to realize the local machine X can communicate over local router A running pfSense through the WAN gateway of the remote router B also with pfSense.

The lab environment

Local machine X: [IP_ADDR]=192.168.0.254 [Mask]=255.255.255.0 [GW]=192.168.0.1


Local router A:

[IP_ADDR]=192.168.0.1 [Mask]=255.255.255.0 [GW]=Router_A_WAN_ADDR
Remote router B:

[IP_ADDR]=192.168.11.1 [Mask]=255.255.255.0 [GW]=Router_B_WAN_ADDR
OpenVPN client on router A:

[Mode]=TUN [Interface]=OVPN_A  [IPv4 Tunnel Network]=192.168.30.49/30

OpenVPN server on router B: [Mode]=TUN [Interface]=OVPN_B [IPv4 Tunnel Network]=192.168.30.50/30

1. Establish an OpenVPN TUN tunnel between router A and B anyway. This is not the focus of this article.

2. Set a allow all rule for OVPN_B on router B

[Area]=OVPN_B
[Action]=Pass
[Interface]=OVPN_B
[Protocol]=Any
[Src]=any
[Dst]=any

3. Set an Outbound NAT on the firewall of router B

[Interface]=WAN
[Protocol]=Any
[Src]=192.168.0.0/24 (or any area you want)
[Dst]=any
[Translation addr]=Interface Address

4. Set a rule for routing traffic to OVPN_A on the LAN firewall table of router A

# Route all traffic of local machine X
[Area]=LAN
[Action]=Pass
[Interface]=LAN
[Protocol]=Any
[Src]=192.168.0.254
[Dst]=any
[Gateway]=OVPN_A

# Route specific destnation IP traffic
[Area]=LAN
[Action]=Pass
[Interface]=LAN
[Protocol]=Any
[Src]=any
[Dst]=192.168.11.1 (example)
[Gateway]=OVPN_A

Result: (Tested on local machine X)
> tracert 192.168.11.1


Tracing route to 192.168.11.1 over a maximum of 30 hops
1 20 ms 20 ms 20 ms 192.168.30.49

2 30 ms 30 ms 30 ms 192.168.11.1

Trace complete.

Use Doxygen to generate documents and diagrams or graphs for your source code

1. apt install required paackages

$ sudo apt update
$ sudo apt install doxygen dia graphviz

2. generate the Doxyfile

$ cd [SOME_PATH]
$ doxygen -g

3. edit the Doxyfile

OUTPUT_DIRECTORY = [YOUR_OUTPUT_DIRECTORY]
INPUT = [YOUR_SOURCE_CODE]
RECURSIVE = YES
EXTRACT_ALL = YES
EXTRACT_PRIVATE = YES
EXTRACT_STATIC = YES
CLASS_DIAGRAMS = YES
DIA_PATH = /usr/bin/dia
HAVE_DOT = YES
CLASS_GRAPH = YES
COLLABORATION_GRAPH = YES

4. run doxygen

$ doxygen [YOUR_Doxyfile]

5. result examlple

继续阅读Use Doxygen to generate documents and diagrams or graphs for your source code

Note: How to reverse proxy with socat

socat tcp-listen:[LISTENING PORT],fork,reuseaddr tcp-connect:[TARGET ADDRESS]:[TARGET PORT]

Note: Setup collectd and collectd-web on Ubuntu/Debian

# apt install collectd

# nano /etc/collectd/collectd.conf

# service collectd start

# apt-get install git
# apt-get install python
# apt-get install librrds-perl libjson-perl libhtml-parser-perl libcgi-session-perl

# cd ~
# git clone https://github.com/httpdss/collectd-web.git
# cd collectd-web
# chmod +x cgi-bin/graphdefs.cgi

# nano runserver.py

Change listen IP address to 0.0.0.0

# ./runserver.py &

# killall python

Note: Add swap file to ubuntu

Check swap file

# swapon -s

Create swap file

# dd if=/dev/zero of=/swap.img bs=1G count=8

Set swap file right

chmod 600 /swap.img

Check swap file right

# ll /swap.img

Format swap file

# mkswap /swap.img

Activate swap file

# swapon /swap.img

Deactivate swap file

# swapoff /swap.img

Check swap

# swapon -s
# free -h

Auto mount swap fs

# echo "/swap.img none swap sw 0 0" >> /etc/fstab

Note: How to reverse proxy a Minecraft server with Nginx

Check your kernel version >= 4.9

uname -a

Enable BBR

sysctl -w net.core.default_qdisc=fq
sysctl -w net.ipv4.tcp_congestion_control=bbr
sysctl -w net.ipv4.tcp_notsent_lowat=16384
sysctl -p

Add stream config to /etc/nginx/nginx.conf

stream {
include /etc/nginx/tcp.d/*.conf;
}

Create a new config for Minecraft server

upstream [YOUR_MINECRAFT_SERVER] {
server [YOUR_MINECRAFT_SERVER]:[PORT];
}
server {
listen [PORT];
proxy_pass [YOUR_MINECRAFT_SERVER];

}

Test Nginx config

nginx -t

Reload Nginx

nginx -s reload

Optional: Add DNS SRV record

Name     _minecraft._tcp.[YOUR_MINECRAFT_SERVER].tld
Priority [0-65535]
Weight   [0-65535]
Port     [PORT]
Value    [YOUR_MINECRAFT_SERVER]

Note: How to use rsync without SSH

Server config: /etc/rsyncd.conf

uid = www-data
gid = www-data
max connections = 4
use chroot = no
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
#hosts allow = 0.0.0.0
#hosts deny = 192.168.100.0/24

[rsync]
path = /var/www/html
comment = rsync
auth users = rsync
ignore errors
read only = yes
list = yes
auth users = rsync
secrets file = /etc/rsyncd.pwd

Secret: /etc/rsyncd.pwd

rsync:rsync

Server run:

$ rsync --daemon --config=/etc/rsyncd.conf

Client connect:

$ rsync --list-only -rsh=rsh --port=873 [email protected]_TARGET_ADDRESS::rsync