Month: January 2018

Over the last few weeks I’ve grown increasingly tired of Fedora. Sorry. Just too much breaking, too much instability. I miss Linux Mint. I fired up Linux Mint 18.3 KDE edition and did a clean install. To my dismay, I discovered that setting up a ‘Cisco Anyconnect Compatible VPN (openconnect)’ still doesn’t work. I had noticed this in the previous release of Mint. Ok, the usual googling around for 10 – 15 minutes didn’t yield much. There’s an Archlinux Forum post, a few Ubuntu forum discussions and not much in the way of success. Then I remembered that I had saved a text file in my Documents folder to note how I had fixed it the last time. Two packages that had to be installed:

sudo apt-get install network-manager-openvpn-gnome network-manager-openconnect

This fixed the problem. I can now connect to my office’s Cisco Anyconnect VPN service. I should note, and one thing I actually liked about Fedora, is that this worked out of the box. Why isn’t Mint packaging this by default? I also recently tried Manjaro-KDE and was pleasantly surprised that this just worked on that distro as well. I actually found lots I liked on Manjaro, except for the strange fact that I couldn’t get multiple monitors working. After much playing with xrandr and breaking xorg.conf, I still couldn’t get it. But that will be another post.

They say if you don’t own your data in 3 different places you don’t own it.
With my organization, we maintain a 6.5 TB filesystem on an IBM Storwize v3700, and the storage is hosted via fibre-channel
and a Windows Server 2012 R2 (that doubles as a domain-controller) -now- we want all of this (well not all, just important stuff) duplicated at an AWS S3 bucket.
At first I established a connection to the S3 bucket from another Windows box (EC2 instance) at AWS. Using the VPN tunnel we have to our HQ, I mapped a share from there to HQ that was linked to the S3 bucket using (TNTDrive??) and then from the HQ fileserver I tried stuff with robocopy, and then “Deltacopy”…
Enough nonsense.
I realized the way to go to get data from our local filesystem to S3 was via the AWS CLI. Furthermore, the AWS CLI installed on a linux utility server with access to the filesystem by way of CIFS, NOT from the Windows fileserver itself.
So, the utility server is set up with python-pip, and thusly with awscli with which I can do things like

aws s3 sync /media/'cifs-mountpoint' s3://bucket/Path

This can then be put into a crontab entry, along with any number of additional folder synchronizations.
And there you go, your sort of rsync over awscli. I’m also looking into rclone, which may simplify things even further, we’ll see.

I was just starting to settle in and get comfortable with the configuration of my shiny brand-new pfsense home firewall/gateway. In no time I had had enough of the ssl warning for the login page. I had already installed the acme package to facilitate getting Letsencrypt certs as needed.
At first I ran into trouble trying to get a cert for the login page. It kept failing. Webroot local folder wasn’t working for me so then I tried standalone HTTP server. Here, I felt I was on the right track but something was still off. Then it struck me. I had NAT rules enabled for my webserver that were messing with it since port 80 and port 443 are natted to those ports on the lan webserver, NOT the WAN interface! Disabled the NAT rules and tried it again and VOILA! One valid Letsencrypt cert for the pfSense webgui login-page!

pfSense What can I say? So much more to learn.
Up until now I had been using ClearOS as my home gateway/firewall solution. In contrast to pfSense, it now seems very…amateur-hour.
There seems to be so much to explore; it’s loaded with so many features it makes your head spin. Very impressive for an open-source, non-commercial firewall. I love the fact that it’s built on FreeBSD. I can SSH to it and do stuff with it there at that level, such as run tcpdump on the outside interface if I want. Or the inside interface. I can install packages. I did a

sudo pkg install htop

and it installed htop! I didn’t even know they had htop for BSD. Again, impressive. When I tried the same thing on OPNsense it didn’t work. Not that I’m suggesting that OPNsense is a lesser product – I’m sure there’s a valid reason installing htop on it that way didn’t work. I may give that pfSense spinoff another run at some point.

Here is the pfSense Dashboard

Sure the OPNsense webgui is a bit prettier. I may give it another go at some point. Playing with firewalls. What else should I be doing with my free time?

à bientôt

J