Thursday, March 5, 2015

Afrihost L2TP Static IP on Cisco Series ADSL or VDSL Routers

How to get your L2TP static IP working for Afrihost ADSL/VDSL Connections  (this works the same as Internet Solutions, they just dont have a shared key for the setup).

First, make sure you have signed up for a static IP with Afrihost - its R50 extra on a business DSL account per month. Once thats done, here is the setup for your Cisco Router (I've done this exact config on both an 877 and a 1921 ISR, so its pretty universal).

The difference with my setup and other online guides, is that mine does proper NAT over both DSL and L2TP, and keeps working if the tunnel is destroyed, meaning you still at least get working internet in case of a failure.

I'll explain each section as necessary:

Enable CEF, L2TP tunnels won't initiate without this on some models

ip cef

Enable L2TP Congestion control, Afrihost has a thing about too many retransmits on the control channel and drops the tunnel frequently without this.

l2tp congestion-control

Define the L2TP class for shared key authentication, this is just for tunnel control channel:

l2tp-class AFRIHOST-PASS
 hidden
 authentication
 password h3lp

Define the actual psuedowire class and encapsulation techniques, and apply the password class and define the outgoing device (in this case, Dialer1 which is the DSL Connection).

pseudowire-class AFRIHOST-STATIC
 encapsulation l2tpv2
 protocol l2tpv2 AFRIHOST-PASS
 ip local interface Dialer1

This is important, defining the pvc circuit details for the ATM0 (raw ADSL) link.

interface ATM0
 no ip address
 ip nat outside
 ip virtual-reassembly
 no atm ilmi-keepalive
 pvc 8/35 
  pppoe-client dial-pool-number 1

Define the standard ADSL/VDSL authentication process for the Dialer1 device.

interface Dialer1
 description AFRIHOST-ADSL
 ip address negotiated
 no ip proxy-arp
 ip mtu 1492    <-- This is important to prevent packet fragmention
 ip nat outside
 ip virtual-reassembly max-reassemblies 256
 encapsulation ppp
 ip tcp adjust-mss 1412
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname USERNAME@afrihost.co.za
 ppp chap password PASSWORD
 ppp pap sent-username USERNAME@afrihost.co.za password PASSWORD
 ppp ipcp dns request

Now, we define the actual L2TP tunnel and virtual device for the router, 196.30.121.50 is the endpoint for the Afrihost L2TP Server.

interface Virtual-PPP1
 description Afrihost-Static-IP
 bandwidth 100000
 ip address negotiated
 ip mtu 1460    <-- This is important to prevent packet fragmention
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 ppp pap sent-username USERNAME@afrihost.co.za password 0 PASSWORD
 pseudowire 196.30.121.50 1 pw-class AFRIHOST-STATIC

Now we define routes, make sure the L2TP server always goes out over Dialer1 with the highest priority. We also add 2 routes, with Virtual-PPP1 preferential, but if it goes down for any reason, we have a fallback in Dialer2.

ip route 0.0.0.0 0.0.0.0 Virtual-PPP1 5
ip route 0.0.0.0 0.0.0.0 Dialer1 10
ip route 196.30.121.50 255.255.255.255 Dialer1

We define 2 x local access lists (you'll see why down the page).

access-list 1 permit 10.0.0.0 0.0.15.255
access-list 2 permit 10.0.0.0 0.0.15.255

Now, we create route maps for each interface for NAT to work - simply defining the device overloads will only allow ONE to work:

route-map WAN1-NAT permit 1
 match ip address 1
 match interface Virtual-PPP1 Dialer1

route-map WAN2-NAT permit 1
 match ip address 2
 match interface Dialer1 Virtual-PPP1

Then we create the NAT overloads for NAT to work for both outgoing interfaces, this way NAT works for both normal DSL and when the L2TP Tunnel is active.

ip nat inside source route-map WAN1-NAT interface Virtual-PPP1 overload
ip nat inside source route-map WAN2-NAT interface Dialer1 overload

Once thats all done, the tunnel should come up, and you should see it in your sh ip:

attree-cisco-dsl#sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
ATM0                       unassigned      YES NVRAM  up                    up    
Dialer1                    105.237.x.x       YES IPCP   up                    up    
FastEthernet0              unassigned      YES unset  up                    up    
FastEthernet1              unassigned      YES unset  up                    down  
FastEthernet2              unassigned      YES unset  up                    down  
FastEthernet3              unassigned      YES unset  up                    down  
NVI0                               10.0.0.253      YES unset  up                    up    
Virtual-Access1            unassigned      YES unset  up                    up    
Virtual-PPP1               105.208.x.x     YES IPCP   up                    up    
Vlan1                            10.0.0.253      YES NVRAM  up                    up  

There you have it. For Internet Solutions setups, just dont define a control channel password:

l2tp-class AFRIHOST-PASS
 no password

Hope this helps everyone.

Friday, January 18, 2013

Resolving Raspberry Pi USB power problems

With only 120mW per USB port, the Raspberry Pi is woefully inadequate for most USB items, and almost inpossible to use with an unpowered Hub.

I traced the incoming +5v from the mini-usb power plug and found that the outside of the polyfuses for power are directly connected, making it pretty easy to solder some extra wiring to power the ports:


Was able to run a 4 port unpowered hub (off a 1500mW Power input) with the following:


  • 200mW USB 802.11n Wi-Fi Dongle
  • Linksys Class1 bluetooth adapter
  • Neotel Zyxel 3G/HSPA USB adapter
  • USB 100Mbps RJ45 Network Adapter
as well as a USB keyboard.

No problems whatsoever and unplugging/replugging devices off the hub as well as the keyboard did not force the unit to reset.

I also added a nifty Heatsink to the CPU/Ram BGA with some sticky thermal tape - made 1Ghz on the CPU finally possible and stable.


Thursday, November 15, 2012

Latest Hacks...

Cell-C should really secure thier networks better:




Not even a THANK YOU for letting them know !

Monday, January 23, 2012

FreeNAS 8.0 online disk expansion/replacement

I recently upgraded my NAS to larger disks (I run FreeNAS - www.freenas.org - the BEST NAS software out there).

Here is how to do the expansion:

1. shutdown freenas, replace 1 x 2TB Drive with a 2.5TB Drive, start up box.
2. Go to WebUI/Storage/Volumes/View All Volumes/View Disks.

The missing 2TB drive is marked "unknown", click on the "Replace" button and choose the available 2.5TB.

The missing disk will still be shown, but with a wierd numeric name like 3232423454552234 - choose "remove" or "delete" on this defunct drive.

Doing all this through the GUI is better, since the correct Swap space is created before anything else and keeps it neat and tidy.

3. Allow the disk to resilver, you can check progress with "zpool status TANKNAME" through ssh. (The WebUI Zpool status just shows everything as "HEALTHY" but don't trust that!)

[root@freenas] ~# zpool status RAID5Z
pool: RAID5Z
state: ONLINE
scrub: resilver in progress for 0h10m, 2.93% done, 8h40m to go
config:

NAME STATE READ WRITE CKSUM
RAID5Z ONLINE 0 0 0
raidz1 ONLINE 0 0 0
ada0p2 ONLINE 0 0 0
ada1p2 ONLINE 0 0 0
ada2p2 ONLINE 0 0 0
ada3p2 ONLINE 0 0 0
ada4p2 ONLINE 0 0 0 5.9G resilvered

errors: No known data errors

4. Once the disk is completed resilvering, powerdown and go back to (1.) and do the next disk.

For 5 disks took me a few days, since I was resilvering about 1TB of data per drive. Once the last disk is resilvered, just reboot and the extra space will be available:

before:

[root@freenas] ~# df -h
RAID5Z 7.1T 3.8T 3.3T 54% /mnt/RAID5Z

after:

[root@freenas] ~# df -h
RAID5Z 8.9T 3.8T 5.1T 43% /mnt/RAID5Z

During this entire process of resilvering disks, I was still able to watch 1080p movies, download stuff with sabnzbd/sickbeard/couchpotato and generally work as if nothing was going on. The ability to upgrade the disks without downtime is the reason I wanted FreeNAS in the first place.

Friday, February 18, 2011

[OPINION] Piracy and Gaming

Bob Dylan sang that "The times they are a-changin" and never has it been truer. With rampant copyright infringements, downloaders getting sued, pirates being made to walk the plank it's really time for a paradigm shift in the methodology of gaming and game delivery.

Although we see the expansion of subscription-based online gaming, which has been around since the early nineties, there still exists a massive subculture of game copying/downloading in which gaming studio's feel they're getting the blunt end of the stick....up the ass.....in the dark.

Now to My opinion on the matter, and you need to look at the piracy of games to understand more. Lets take Call of Duty: Black Ops as an example, one of the highest grossing games of all time BUT also one of the most pirated games of all time as well. The crux of the matter is that no matter what, the pirates only really ever get to play the single-player portion of the game, since the amazing online play requires the use of a CD-Key. Now to appease pirates, consumers and Game studio's alike, why not just make the single-player portion of games free ? I mean, who really wants to spend $60 on an awesome game just for 6-8 hours of single-player gameplay ? You eliminate the illegality and criminality associated with pirating games, since there really is'nt much reason to pirate a game you get for free anyway. What about 2 versions of the game, One fully featured versions with an "Online Play" CD-Key, and one without that costs 25% of the Multi-Player version (to cover distribution and manufacturing costs) with No CD-Key.

Pirates wont really know what to do, since getting a quality single-player game for $15 in a pretty box with everything is going to be pretty damn attractive. And since you're making the single-player online version of the game free, who cares if said Pirate lets his friend copy the Single player game and make your company look good ?

Times change, so should your distribution model, marketing strategy and ultimately your mindset. Going after Pirates will do nothing more than piss them off more, make them attack your product more and create an upswell amongst fence-sitters on the subject. Change the model of Games: Single-Player Free; Multi-Player Pay.

Why not charge $1.99 a month for the privilege of Multiplayer madness instead of your $60 once off ? Keep your online interesting with DLC and customisability. Think outside the current 1980's mindset that if you copy my game, you go to jail.

SINGLE-PLAYER FREE, MULTI-PLAYER PAY

Thursday, September 9, 2010

Increasing battery life on the Blackberry 9700

I've been using my Blackberry 9700 for about 10 months now and am loving the phone - but a lot of collegues are complaining about battery drain in 16 hours, and general poor battery performance. As with any smartphone, the choice of features dictates power consumption, and here I've given a short breakdown of what to change/disable:

3G Mode - With most BIS implementations, you're only getting data at a maximum of 300kbps for UNCACHED local data, nowhere close to 3G speeds currently available, rather throttle back to EDGE (238kbps) and save on the transciever wasting power jumping between 3G and 2G mode (Manage Connections/Mobile Network Options/Network Mode=2G). Granted there will be a speed difference, but if you're using the Blackberry primarily for mail and not as a web browser, you should not notice any difference.

Bluetooth - If you're not going to pair with a headpiece or a carkit on a daily basis, rather just turn this off - even without pairing the battery use from constant device polling reduces efficiency (Manage Connections/Tick "Bluetooth" Off)

Wifi - Another bugbear - WiFi is great for high speed downloads but inside the office, unless you're using a dock to re-charge its not really worth it. Also even if you are not signed into a WLAN, the Wifi transceiver is also still searching for SSID's periodically, using valuable power. (Manage Connections/Tick "Wifi" Off)

GPS - Unless you're using the GPS daily - switch it off, even location based assistance will constantly be in data contact with Cell towers, using battery indescriminately (Options/Avanced Options/GPS/GPS Services "Location Off"; Location Data "Disabled"; Location Aiding "Disabled")

Standby - Switch the phone into standby with the little "Lock" button at the top left of the phone, this will shut off the screen after a few seconds and idle quite nicely. BIS E-mails will still be delivered and the phone will still ring when a call comes in. A simpler way is to use the leather wallet that came with the phone - there is a small magnet in the bottom that signals the phone to go into this mode, and disables standby when its removed from that pouch.

With all these options enabled and a good 10-20 calls per day, the minimum my battery lasts before the phone dies is 6 days - I've had up to 10 days with reduced call volume. This set of disablements does not affect me at all, and the increased battery life is worth having them off.

Friday, September 3, 2010

XBMC Remote Control: Part Deux - The Conclusion

After publishing my previous experience with XBMC, LIRC and the Iguanaworks IR adapter - I felt that after a bit of long term use the solution was a bit lacking for me. I still had to point the Control at the Tv/PC and holding a key to browse through a large list of movies had shuddering.


I did some more research on the matter, and settled on moving to bluetooth for directionless remote control ability. I had a belkin USB bluetooth adapter lying around, and I purchases a PS3 BD Remote Control unit for R400 from a local supplier.





There have been a few forum posts and articles about this for Ubuntu, but since I'm using Fedora Core 12 64-bit, I thought I'd share my experience:


bluetoothd (The Bluetooth Daemon) is installed by default. to provide a layer access between HCI devices and the kernel, you need to install a package called Bluez. Bluez does not natively support the PS3 remote implementation, so we will need to patch the bluez source with a diff from Kitlaan. To keep package management correct, I install the requisite version of bluez from yum, then compile the same version from source with the diff applied.

First to get the packages - Fedora 12 only has Bluez up to 4.58, and we want 4.64 - I just created a custom repo that pointed to the Fedora 13 repo (/etc/yum.repos.d/f13.repo) - file contents are:

[f13]
name=Fedora $releasever - $basearch
failovermethod=priority
baseurl=http://ftp.sun.ac.za/ftp/pub/mirrors/fedora/updates/13/$basearch/
enabled=1
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

Then execute the yum install of Bluez 4.64:
yum install bluez bluez-libs bluez-libs-devel

Then download the bluez 4.64 source and unzip it
cd ~; wget http://www.kernel.org/pub/linux/bluetooth/bluez-4.64.tar.gz; tar zxvf bluez-4.64.tar.gz

And download the Kitlaan PS3 bluez patch:

cd ~; wget http://kitlaan.twinaxis.com/projects/bluez-ps3remote/bluez_ps3remote_4.64.diff

Patch the source:
cd ~\bluez-4.64; patch -p1 < ../bluez_ps3remote_4.64.diff 

Then configure, make and install the modified bluez:
cd ~\bluez-4.64; ./configure; make && make install 

Next step is to setup the bluetooth remote as an input device on bluetooth, for this you need "Blueman" management tools, so install them: yum install blueman Now login as root, start X and open "blueman-applet" - clieck on "Search" and then press and hold the playstation remotes Enter and Start Buttons together (this puts the remote in discovery mode) - the device will now pop up in the menu of selectable bluetooth devices. click on setup device, and choost NOT to pair, and choose the input service for the device. Once that is done, trust the device and you are done.

Since I auto-login with the "xbmc" user and auto-run XBMC, blueman-applet tries to run in the background as user "xbmc", but with the reduced privileges it usally crashes out with messages in /var/log/messages like:

Aug 31 15:51:19 localhost python: abrt: detected unhandled Python exception in /usr/bin/blueman-applet 

The simplest solution is just to set sticky bit on blueman-applet so it will hold its original owner permissions after executing:

chown 7755 /usr/bin/blueman-applet 

This got rid of the error messages for me, and it starts up 100% in Gnome. Now that your device is setup with bluetooth, we need to find its Mac address and create a custom mapped input.conf for bluetooth to map the buttons. To find the paired device Mac address (Also check that its connected in /proc):

[root@xbmc ~]# hcitool con 
Connections: > ACL 00:23:06:E7:16:F9 handle 1 state 1 lm MASTER

[root@xbmc ~]# cat /proc/bus/input/devices
I: Bus=0005 Vendor=054c Product=0306 Version=0000
N: Name="PS3 Remote Controller"
P: Phys=
S: Sysfs=/devices/virtual/input/input6
U: Uniq=
H: Handlers=kbd event6
B: EV=3
B: KEY=8000000000000000 30000000000000 0 2100000000000000 0 0 bfc00080001c f01c0000d29a1ffe

Copy that ACL Mac address, you'll need to for /etc/bluetooth/input.conf (Listed is my custom configuration, which works for me, but you can change as required):

[General]
# Set idle timeout (in seconds) before the connection will
# be disconnect (defaults to 0 for no timeout)
IdleTimeout=60
#
# This section contains options that are specific to a device
# change this MAC address to that of your paired device
# use "hcitool con" to list active bluetooth connections
[00:23:06:E7:16:F9] <-- Replace this with YOUR Mac Address
# This section is the PS3 Remote keymap. It is loaded when bluez starts.
# Use 'uinput.h' from bluez sources or '/usr/include/linux/input.h' for
# a list of possible KEY_* values.
#
[PS3 Remote Map]
# When the 'OverlayBuiltin' option is TRUE (the default), the keymap uses
# the built-in keymap as a starting point. When FALSE, an empty keymap is
# the starting point.
#OverlayBuiltin = TRUE
#buttoncode = keypress # Button label = action with default key mappings
0x16 = KEY_EJECTCD        # EJECT = Eject CD/DVD Drive
0x64 = KEY_Y              # AUDIO = Mute Audio 
0x65 = KEY_Z              # ANGLE = cycle aspect ratio
0x63 = KEY_T              # SUBTITLE = toggle subtitles
0x0f = KEY_TAB            # CLEAR = Clear menu items on screen
0x28 = KEY_B              # TIMER = toggle through sleep
0x00 = KEY_1              # NUM-1
0x01 = KEY_2              # NUM-2
0x02 = KEY_3              # NUM-3
0x03 = KEY_4              # NUM-4
0x04 = KEY_5              # NUM-5
0x05 = KEY_6              # NUM-6
0x06 = KEY_7              # NUM-7
0x07 = KEY_8              # NUM-8
0x08 = KEY_9              # NUM-9
0x09 = KEY_0              # NUM-0
0x81 = KEY_F2             # RED = red
0x82 = KEY_F3             # GREEN = green
0x80 = KEY_F4             # BLUE = blue
0x83 = KEY_F5             # YELLOW = yellow
0x70 = KEY_I              # DISPLAY = show information
0x1a = KEY_S              # TOP MENU = show guide
0x40 = KEY_M              # POP UP/MENU = menu
0x0e = KEY_ESC            # RETURN = back/escape/cancel
0x5c = KEY_END            # TRIANGLE/OPTIONS = cycle through recording options
0x5d = KEY_BACKSPACE      # CIRCLE/BACK = back/escape/cancel
0x5f = KEY_MUTE           # SQUARE/VIEW = Adjust Playback timestretch
0x5e = KEY_O              # CROSS = select
0x54 = KEY_UP             # UP = Up/Skip forward 10 minutes
0x56 = KEY_DOWN           # DOWN = Down/Skip back 10 minutes
0x57 = KEY_LEFT           # LEFT = Left/Skip back 5 seconds
0x55 = KEY_RIGHT          # RIGHT = Right/Skip forward 30 seconds
0x0b = KEY_ENTER          # ENTER = select
0x5a = KEY_MINUS          # L1 = volume down
0x58 = KEY_Q              # L2 = Queue Media
0x51 = KEY_W              # L3 = Mark as Watched
0x5b = KEY_EQUAL            # R1 = volume up
0x59 = KEY_PAGEUP         # R2 = move up one page in watch recordings/EPG
0x52 = KEY_PAGEDOWN       # R3 = move down one page in watch recordings/EPG
0x43 = KEY_F9             # PS button = mute
0x50 = KEY_M              # SELECT = menu (as per PS convention)
0x53 = KEY_ENTER          # START = select / Enter (matches terminology in mythwelcome)
0x33 = KEY_R              # SCAN BACK =  decrease scan forward speed / play backwards; playback speed; 3x, 5, 10, 20, 30, 60, 120, 180
0x32 = KEY_P              # PLAY = play/pause
0x34 = KEY_F              # SCAN FORWARD = decrease scan backard speed / increase playback speed; 3x, 5, 10, 20, 30, 60, 120, 180
0x30 = KEY_DOWN           # PREVIOUS = skip back 10 mins
0x38 = KEY_X              # STOP = back/escape/cancel
0x31 = KEY_UP             # NEXT = skip forward 10 mins
# 0x60 = KEY_COMMA          # SLOW/STEP BACK = jump back (default 10 minutes)
0x39 = KEY_SPACE          # PAUSE = play/pause
# 0x61 = KEY_DOT            # SLOW/STEP FORWARD = jump forward (default 10 minutes)
0xff = KEY_MAX


I added the following keys to /usr/local/share/xbmc/system/keymaps/keyboard.xml for the two extra buttons I mapped above (B and Y):

  <FullscreenVideo>
    <keyboard>
      <y>AudioNextLanguage</y>
      <b>ShowTime</b>

And thats it, you dont need LIRC or any special key mapping XML's for XBMC, the remote is now just a keyboard, with its buttons mapped to specific keyboard keys. This works extremely well, as holding a button will repeat it, allowing you to run through long lists of movies, etc.. The remote also does not need to be pointed at the TV or PC to work, will work up to about 10 metres (33 feet) away and behind at least one wall. Compared to the Infra-Red setup I did with the Xbox360 remote, this is MUCH better and works 100% without any intervention. Battery life is good, I've been going about 4 weeks without changing batteries so far, with no signs of degraded signal.

Here is the PS3 remote layout on my system:

Monday, August 23, 2010

Source based policy routing on Centos (or any 2.6.x kernel Linux)

I've upgraded our BSD based firewall to Centos 5.4 and some newer hardware and as such migrated my skills also from IPFW to IPTABLES. This short tutorial shows what to do when you have shared resources (such as a mail server) and want to implement proper source based policy routing, without having to rely on having ONE gateway on your server.

Some Legends:

1.1.1.1 - Local LAN on firewall eth0
2.2.2.2 - ISP1 on firewall eth2
3.3.3.3 - ISP2 on firewall eth1
4.4.4.4 - source host



Okay, so the standard routing on the firewall pushes all traffic destined for 4.4.4.4 over eth1, with a gateway address of 3.3.3.3. Our end-result here is to get 4.4.4.4 to connect to SMTP running on 2.2.2.2 (eth2) on the firewall. Normal routing will not work, packets will be recieved at eth2, but sent out over eth1 with a complete packet mixup.

We are going to implement a policy that will say:

If I get SMTP Traffic on 2.2.2.2, then make sure response traffic goes out over eth2 no matter what.

Easy:

First, you have to make sure that iproute2 is installed:
 
    yum install kernel-devel
    wget http://devresources.linux-foundation.org/dev/iproute2/download/iproute2-2.6.26.tar.bz2
    tar xjf iproute2-2.6.26.tar.bz2
    cd iproute2-2.6.26 
    make 
    cp ip/ip /sbin

Check that IP is able to run:

  [root@firewall ~]# ip
   Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
        ip [ -force ] [-batch filename
        where  OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable |
                   tunnel | maddr | mroute | monitor | xfrm }
       OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
                    -f[amily] { inet | inet6 | ipx | dnet | link } |
                    -o[neline] | -t[imestamp] }


and now we can begin:

First, mark the traffic you need dealt with in IPTABLES under the mangle table:

          -A FORWARD -t mangle -i eth2 -p tcp --dport 25 -j MARK --set-mark 0

meaning: Any incoming traffic on eth2, TCP based with a destination port of 25, mark it with 0 (which means 1 in non-computer binary)

         service iptables restart

to allow it to make the change.

Then, create a NEW routing table for this while exercise:

      echo 1 SMTP >> /etc/iproute2/rt_tables

now, create a new default route for our SMTP routing table:

      ip route add default via 2.2.2.2 dev eth2 table SMTP

check that its enabled correctly:

     [root@firewall ~]# ip route show table SMTP
     default via 2.2.2.2 dev eth2


Great, looking good so far, now we add the ip rule to process marked traffic with a new gateway:

     ip rule add fwmark 1 table SMTP

Remember its marked 0 in IPTABLES, but called 1 outside of it, 1 in IPTABLES then becomes 2, and so forth. These changes are not persistent, so ADD THEM TO /etc/rc.local

First a test without policy based routing from our server 4.4.4.4 (I just disabled the IPTABLES line):

     support@4.4.4.4 - ~>telnet 2.2.2.2 25
     Trying 2.2.2.2...
     telnet: Unable to connect to remote host: Connection timed out



And then a test with policy based routing enabled - working 100%


     support@4.4.4.4 - ~>telnet 2.2.2.2 25
     Trying 2.2.2.2...
     Connected to 2.2.2.2.
     Escape character is '^]'.
     220          

     **********************************************************************
     quit
     221 2.0.0 firewall.local.host closing connection
     Connection to 2.2.2.2 closed by foreign host.

Monday, July 12, 2010

XBMC with lircd, iguanaworks receiver and XBOX 360 remote

Using the keyboard and XBMC can be a bit irritating, especially for my wife, who has been made bedridden for 6 weeks due to a hip replacement. I decided to finally get remote control working for XBMC instead of relying on keyboard extensions/radio keyboard/IR keyboards.

I looked for THE most lircd compatible IR Receiver and settled on an Iguanaworks item (http://iguanaworks.net/) which is actually an IR Transceiver meaning I can do more with the little device in future. I had a spare XBOX 360 DVD Remote lying around and these have become my tools of choice.

Iguanaworks have an RPM installer on thier website but make sure to install the libusb libraries first (this is for 64-bit fedora).

yum install libusb-devel.x86_64 libusb.x86_64

You can also install with yum - create a file /etc/yum.repos.d/iguanair.repo with the following inside:

[iguanair]
name=IguanaIR
baseurl=http://iguanaworks.net/downloads/$basearch
enabled=0
gpgcheck=0


Then install iguanaIR through yum:

yum install iguanaIR --enablerepo=iguanair

and finally install lirc, which should now include the iguanaIR module in its options:

yum erase lirc-libs-0.8.6-7.fc12.x86_64 lirc-remotes-0.8.6-7.fc12.x86_64 lirc-0.8.6-7.fc12.x86_64 lirc-devel-0.8.6-7.fc12.x86_64

Test that IguanaIR works (It wont first time, you need to issue a device-id):

igdaemon -nvvv --driver-dir=/usr/lib64/iguanaIR

Assign a device-id:

igclient --setid fred

and then startup your daemon:

/etc/init.d/iguanaIR start

Edit the /etc/sysconfig/lirc file and modify the line LIRC_DRIVER to say:

LIRC_DRIVER="iguanaIR"

Then create or overwrite /etc/lirc/lircd.conf with the following:


    begin remote

      name  Microsoft_Xbox360
      bits           13
      flags RC6|CONST_LENGTH
      eps            30
      aeps          100

      header       2682   906
      one           438   451
      zero          438   451
      pre_data_bits   24
      pre_data       0x1BFF80
      gap          107066
      toggle_bit_mask 0x8000
      rc6_mask    0x100000000


          begin codes
              OpenClose                0x0BD7
              XboxFancyButton          0x0B9B
              OnOff                    0x0BF3
              Stop                     0x0BE6
              Pause                    0x0BE7
              Rewind                   0x0BEA
              FastForward              0x0BEB
              Prev                     0x0BE4
              Next                     0x0BE5
              Play                     0x0BE9
              Display                  0x0BB0
              Title                    0x0BAE
              DVD_Menu                 0x0BDB
              Back                     0x0BDC
              Info                     0x0BF0
              UpArrow                  0x0BE1
              LeftArrow                0x0BDF
              RightArrow               0x0BDE
              DownArrow                0x0BE0
              OK                       0x0BDD
              Y                        0x0BD9
              X                        0x0B97
              A                        0x0B99
              B                        0x0BDA
              PgDown                   0x0B92
              PgUp                     0x0B93

              VolDown                  0x0bee
              VolUp                    0x0bef
              Mute                     0x0bf1
              TV                       0x0bb9

              Start                    0x0BF2
              Play                     0x0BE9
              Enter                    0x0BF4
              Record                   0x0BE8
              Clear                    0x0BF5
              1                        0x0BFE
              2                        0x0BFD
              3                        0x0BFC
              4                        0x0BFB
              5                        0x0BFA
              6                        0x0BF9
              7                        0x0BF8
              8                        0x0BF7
              9                        0x0BF6
              100                      0x0BE2
              0                        0x0BFF
              Reload                   0x0BE3
          end codes

    end remote


Then whichever user is your XBMC user, create or overwrite the ~/.xbmc/userdata/Lircmap.xml file with:

                    <lircmap>
                            <remote device="Microsoft_Xbox360">
                                    <left>LeftArrow</left>
                                    <right>RightArrow</right>
                                    <up>UpArrow</up>
                                    <down>DownArrow</down>
                                    <select>OK</select>
                                    <back>Back</back>
                                    <forward>FastForward</forward>
                                    <reverse>Rewind</reverse>
                                    <play>Play</play>
                                    <pause>Pause</pause>
                                    <stop>Stop</stop>
                                    <volumeplus>VolUp</volumeplus>
                                    <volumeminus>VolDown</volumeminus>
                                    <mute>Mute</mute>
                                    <pageminus>PgDown</pageminus>
                                    <pageplus>PgUp</pageplus>
                                    <zero>0</zero>
                                    <one>1</one>
                                    <two>2</two>
                                    <three>3</three>
                                    <four>4</four>
                                    <five>5</five>
                                    <six>6</six>
                                    <seven>7</seven>
                                    <eight>8</eight>
                                    <nine>9</nine>
                                    <power>OnOff</power>
                                    <skipplus>Next</skipplus>
                                    <skipminus>Prev</skipminus>
                                    <display>Display</display>
                                    <record>Record</record>
                                    <start>Start</start>
                                    <info>Info</info>
                                    <menu>DVD_Menu</menu>
                                    <myvideo>Y</myvideo>
                                    <mymusic>X</mymusic>
                                    <mypictures>A</mypictures>
                                    <hash>B</hash>
                                    <clear>Clear</clear>
                                    <myTV>Enter</myTV>
                            </remote>
    </lircmap>


Start LIRC and see if everything is okay:

/etc/init.d/lirc start

and test that your remote is picked up and sending codes to the system by using "irw":

[root@xbmc ~]# irw
000000037ff00bde 00 RightArrow Microsoft_Xbox360
000000037ff00bde 01 RightArrow Microsoft_Xbox360
000000037ff00bde 00 RightArrow Microsoft_Xbox360
000000037ff00bde 01 RightArrow Microsoft_Xbox360
000000037ff00be1 00 UpArrow Microsoft_Xbox360
000000037ff00be0 00 DownArrow Microsoft_Xbox360
000000037ff00be0 01 DownArrow Microsoft_Xbox360
000000037ff00bdf 00 LeftArrow Microsoft_Xbox360
000000037ff00bdf 01 LeftArrow Microsoft_Xbox360
000000037ff00bdf 00 LeftArrow Microsoft_Xbox360
000000037ff00bdf 01 LeftArrow Microsoft_Xbox360
000000037ff00bdd 00 OK Microsoft_Xbox360

Lirc has changed the way it creates its socket file, meaning that xbmc is going to be looking for /dev/lircd, but in actual fact now resides in /var/run/lirc/lircd. An easy fix for this is to just create a symbolic link:

ln -s /var/run/lirc/lircd /dev/lircd

I prefer doing things properly and recompiling xbmc from your SVN repo. You just need to add the following line when you ./configure:

--with-lirc-device=/var/run/lirc/lircd
Then just restart your system, and enjoy a working remote in XBMC !

Tuesday, May 18, 2010

Build your own Media Center: Installing XBMC on Fedora Core 12 (FC12)

First, make sure you have a user "xbmc" installed - we'll run everything as a protected user.

I would login from a laptop or another PC with an ssh windows client, such as putty ssh (Putty Download) to do the installation, just in case you mess up something. To upload files use a windows sftp package like Bitvise Tunnelier (Tunnelier Download).

Install the latest NVIDIA Linux Driver - I wont document ATI Cards, since we're gunning for VDPAU processing offload to the graphics card to keep our media centre running at optimal performance. You SHOULD update your kernel at the same time:

yum install kernel.x86_64 kernel-devel.x86_64

Reboot, and install the latest NVIDIA Kernel modules (which will install dependent Xorg modules/libraries).

yum install kmod-nvidia-2.6.32.11-99.fc12.x86_64.x86_64 (make sure to match kernel number to running kernel)

You might need to adjust your grub settings if you get errors when loading nvidia.ko kernel module like:

May 18 14:12:03 localhost kernel: NVRM: No NVIDIA graphics adapter probed!
May 18 14:12:36 localhost kernel: NVRM: The NVIDIA probe routine was not called for 1 device(s).
May 18 14:12:36 localhost kernel: NVRM: This can occur when a driver such as rivafb, nvidiafb or
May 18 14:12:36 localhost kernel: NVRM: rivatv was loaded and obtained ownership of the NVIDIA
May 18 14:12:36 localhost kernel: NVRM: device(s).
May 18 14:12:36 localhost kernel: NVRM: Try unloading the rivafb, nvidiafb or rivatv kernel module
May 18 14:12:36 localhost kernel: NVRM: (and/or reconfigure your kernel without rivafb/nvidiafb
May 18 14:12:36 localhost kernel: NVRM: support), then try loading the NVIDIA kernel module again.

To remedy, add "nomodeset" to the /etc/grub.conf line for your kernel:

kernel /vmlinuz-2.6.32.11-99.fc12.x86_64 ro root=/dev/mapper/vg_xbmc-lv_root LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us rhgb quiet nomodeset

Then, install subversion and checkout the latest XBMC out of the repository:

yum install subversion.x86_64

cd /home/xbmc

svn checkout http://xbmc.svn.sourceforge.net/svnroot/xbmc/trunk xbmc

Add the RPMFusion repository (This will make things easier I promise, half of required packages do not exist on the standard FC Repos):

rpm -Uvh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm

Then install the following XBMC Dependencies:

yum install quilt.x86_64 cmake.x86_64 autoconf.noarch automake.noarch unzip.x86_64 boost.x86_64 boost-devel.x86_64 mesa-libOSMesa.x86_64 mesa-libGL-devel.x86_64 mesa-libGLU-devel.x86_64 libjpeg-devel.x86_64 glew-devel.x86_64 libsamplerate-devel.x86_64 libogg-devel.x86_64 libvorbis-devel.x86_64 freetype-devel.x86_64 fontconfig-devel.x86_64 zfstream.x86_64 fribidi-devel.x86_64 libsqlite3x-devel.x86_64 mysql-libs.x86_64 alsa-lib-devel.x86_64 libpng-devel.x86_64 pcre-devel.x86_64 lzo-devel.x86_64 libcdio-devel.x86_64 SDL_image-devel.x86_64 SDL_mixer-devel.x86_64 enca-devel.x86_64 jasper-devel.x86_64 libXt-devel.x86_64 libXmu-devel.x86_64 libXinerama-devel.x86_64 libcurl-devel.x86_64 dbus-devel.x86_64 hal-devel.x86_64 avahi-devel.x86_64 libXrandr-devel.x86_64 libavc1394-devel.x86_64 libmp4v2.x86_64 libmp4v2-devel.x86_64 libass-devel.x86_64 flac-devel.x86_64 wavpack-devel.x86_64 python-devel.x86_64 gawk.x86_64 gperf.x86_64 nasm.x86_64 cwiid-devel.x86_64 zlib-devel.x86_64 libsmbclient-devel.x86_64 libtiff-devel.x86_64 libisofs-devel.x86_64 openssl-devel.x86_64 libmicrohttpd-devel.x86_64 libmodplug-devel.x86_64 libssh-devel.x86_64 libssh2-devel.x86_64 gettext.x86_64 cvs.x86_64 libtool.x86_64 gcc-c++.x86_64 libmad-devel.x86_64 bzip2-devel.x86_64 libmpeg2-devel.x86_64 libmpeg3-devel.x86_64 libmms-devel.x86_64 mysql-devel.x86_64 faad2-devel.x86_64 libXtst-devel.x86_64 ccache.x86_64 expat-devel.x86_64 libvdpau-devel.x86_64

Start the XBMC Installation:

./bootstrap

./configure --disable-pulse --enable-vdpau --enable-ccache (We'll use direct ALSA Drivers for Multiplexing and enable VDPAU for offloading)

make -j2 (dual core) or -j4 (quad core)

Takes about 35 minutes to compile on a 2.4Ghz Core2Duo with 2GB RAM

make install

To autologin as the xbmc user, edit the /etc/gdm/custom.conf file and add the following section:

[daemon]
TimedLoginEnable=true
AutomaticLoginEnable=true
AutomaticLogin=xbmc
TimedLogin=xbmc
TimedLoginDelay=0

Then reboot your machine, go to System --> Preferences --> Startup Applications and then uncheck everything except for:

"Volume Control"
"Network Manager"

Then click on Add to create an XBMC startup item, and fill in the following:

Name: xbmc
Command: /usr/local/bin/xbmc

Click on Save, and then hit CTRL-ALT-Backspace to restart GDE, which should now automatically login and start XBMC with sound. All very nice and pretty !!!

Monday, May 10, 2010

Injecting VNC Server into a remote Windows Server

I had a strange issue today, a Windows 2008 server, with broken RDP , no way for me to get to a desktop screen of it to fix. Here is a quick little solution to inject a VNC Server into the machine to allow you to get some access.

You WILL need at the very least:

IP Address
Username with admin rights
Password

So undertake the following:

1. Download and install a full install of UltraVNC (do not startup and services) - UltraVNC Download

2. Download a package called "Fastpush" to C:\fastpush - Fastpush 8a Download

3. Edit the c:\fastpush\fp8a.cmd file and change the following line to point to the correct path:

set fplocation=C:\fastpush

4. run c:\fastpush\utils\vncenc.exe to create a password:

C:\fastpush\utils>vncenc.exe password
Password = REG_BINARY 0x00000008 0xfd3cd8db 0x58147a72

5. Copy the whole output line and paste into both c:\fastpush\common\machine.ini and c:\fastpush\common\vnc4.ini

6. Run the fastpush injection/installation:

fp8a.cmd 10.0.1.2 /vnc /user DOMAIN\administrator password /log /noshortcut /firewall /noview

Where:

/vnc = install VNC server
/user = username/password
/log = log results to c:\fastpush\results.txt
/noshortcut = dont create shortcuts for the VNC server installation on target machine
/firewall = install a firewall exception for the VNC Server on target machine
/noview = do not install VNC viewing tools on target machine

Thats it, use the UltraVNC viewer to now login to your server !

Sunday, May 9, 2010

Resume support for SSH/SCP downloads in *nix

I've had problems with broken downloads on a Solaris 10 system, and after some digging I found that rsync has a native "partial completion" component built in that keeps partially downloaded files and then continues where you left off on restarting the download (rsync man page). The Machine you are downloading FROM needs to have rsyncd enabled though.

First create an alias to simplify things:

alias scpr='rsync -avzh --progress --partial --stats --itemize-changes -e ssh '

Then start your download:

scpr user@host:/dir/file .

If the download breaks, just re-run the command and it will continue from where it left off.

Wednesday, May 5, 2010

Downloading Sun Patch Clusters without SunSolve

Try this:

Solaris 10 x86 - http://mirror.cogentco.com/pub/misc/10_x86_Recommended.zip

Solaris 10 SPARC - http://mirror.cogentco.com/pub/misc/10_Recommended.zip

Solaris 9 - http://mirror.cogentco.com/pub/misc/9_Recommended.zip

Solaris 8 - http://mirror.cogentco.com/pub/misc/8_Recommended.zip

Letting Tomcat handle SSL requests

Most people use the apache2/modJK approach to do SSL offload/redirection to Tomcat contexts, but Tomcat has matured and the benefits of not using modJK and a possibly memory hungry apache is appealing.

This is to show how to use an EXISTING ssl key and how to import it into tomcat.

Create a tomcat keyring first in /opt/csw/tomcat5/ssl (you'll need to mkdir ssl)

keytool -genkey -alias tomcat -keyalg RSA

use the password "changeit" this is the default tomcat one.

Put in any Information, this would only be used in the case of issuing a CSR request.

I'm using a Godaddy.com CA, but substitute whichever CA you have:

Download Godaddy CA Cert for Signing from https://certs.godaddy.com/anonymous/repository.seam;jsessionid=A3D2CC1A02748C7AD01654BD5ED6D777.web002?streamfilename=gd-class2-root.crt&actionMethod=anonymous%2Frepository.xhtml%3Arepository.streamFile%28%27%27%29&cid=212695 and save it as godaddy.crt

Get the original .crt .csr .key from the Apache2/modJK installation.

Then

Cat these files together in THIS order:

cat godaddy.crt www.website.com.key www.website.com.crt > ssl.pem

Then create a PKS12 key in the tomcat keyring

openssl pkcs12 -export -in ssl.pem -out ssl.p12 -name tomcat

Cert is now valid and signed correctly.

In Tomcat, change the SSL section in /opt/csw/tomcat5/conf/server.xml running on 8443 to this:

keystoreFile="/opt/csw/tomcat5/ssl/ssl.p12" keystorePass="changeit" keystoreType="PKCS12"
SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />

Restart Tomcat and test with https://server/manager/html

To stop Tomcat serving requests on https://server (which is a security risk in itself) delete the tomcat5/webapps/ROOT directory and all should be okay.

Remember to choose a complex password for the "manager" role in tomcat.

Tuesday, May 4, 2010

Problem: no SSH into a default VMware ESX 3.5 Installation

ESXi 3.5 does ship with the ability to run SSH, but this is disabled by default (and is not supported).


At the console of the ESXi host, press ALT-F1 to access the console window.

Enter unsupported in the console and then press Enter. You will not see the text ou type in.

If you typed in unsupported correctly, you will see the Tech Support Mode warning and a password prompt. Enter the password for the root login.

You should then see the prompt of ~ #. Edit the file inetd.conf (enter the command vi /etc/inetd.conf).

Find the line that begins with #ssh and remove the #. Then save the file. If you’re new to using vi, then move the cursor down to #ssh line and then press the Insert key. Move the cursor over one space and then hit backspace to delete the #. Then press ESC and type in :wq to save the file and exit vi. If you make a mistake, you can press the ESC key and then type it :q! to quit vi without saving the file.

Once you’ve closed the vi editor, run the command /sbin/services.sh restart to restart the management services. You’ll now be able to connect to the ESXi host with a SSH client.