I have an Intel 7260ac PCI card that never seem to go all that fast under Linux.
The NetworkManager widget said it was on channel 149 and doing about 130Mb but in Windows it gets 650 to 780 Mb in ac mode.
Turns out the NM widget was lying it was on 2.4 (so not channel 149) and was capped about 130Mb. I tried forcing it to 5GHz but it just roamed back to 2.4.
Hmm.. found a simple solution block the MAC on the 2.4GHz radio. Now it connects at the same speed as Windows on 5GHz. Simple really and not an issue if you have separate SSIDs.
Thursday, 17 April 2014
Saturday, 25 January 2014
30 second guide to setting up an interface mode VPN on Cisco IOS
This is like one of those recipe book type 1 page cheat sheets. This relies on you knowing IOS well enough to just need a jog.
So to set up an interface mode (Virtual tunnel interface in Cisco speak) vpn you need these commands:
crypto isakmp policy
crypto isakmp key
crypto ipsec transform set
crypto ipsec profile
policy-map maybe
class class-default
shape average 128000
int tun
ip address maybe or ip unnumbered vlan1 to tie to vlan1
tun source outsideIP
tun destin otherend
tunnel mode ipsec ipv4
tunnel protection ipsec profile
service-policy maybe?
ip route tun0 perm?
or use Ip and dynamic routing rip v2?
If you're switching from proxy style VPN then remove the crypto map unless you still have dynamic client vpns and remove the IPSec policy for the connection.
The tunnel ones are just so much nicer. No NAT hassles, easy policy QoS etc.
Also help diag commands:
sh crypto session detail
So to set up an interface mode (Virtual tunnel interface in Cisco speak) vpn you need these commands:
crypto isakmp policy
crypto isakmp key
crypto ipsec transform set
crypto ipsec profile
policy-map maybe
class class-default
shape average 128000
int tun
ip address maybe or ip unnumbered vlan1 to tie to vlan1
tun source outsideIP
tun destin otherend
tunnel mode ipsec ipv4
tunnel protection ipsec profile
service-policy maybe?
ip route tun0 perm?
or use Ip and dynamic routing rip v2?
If you're switching from proxy style VPN then remove the crypto map unless you still have dynamic client vpns and remove the IPSec policy for the connection.
The tunnel ones are just so much nicer. No NAT hassles, easy policy QoS etc.
Also help diag commands:
sh crypto session detail
Thursday, 16 January 2014
Certificates on Windows, AD CA etc
This relates mainly to older servers since CAs now require 2048 bit keys and I kept running into a default of 1024 I couldn't change.
This is ripped from another blog (thanks rrustean.blogspot.com)
snip
cretate a file called c:\cert.inf with the following content:
[NewRequest]
Subject = "CN=www.mydoain.net, O=MyCompany, OU=IT, L=London, S=SE1, C=GB"
KeyLength = 2048
Now run the following:
certreq -new cert.inf outfile.req
Now just cut and paste the contents of outfile.req into the geotrust QuickSSL Premium Enrollment page and away you go.
snip
But that only goes half way.
To complete things for me loading a certificate into IIS I had to change the cert.inf file..
[NewRequest]
Subject = "CN=www.mydoain.net, O=MyCompany, OU=IT, L=London, S=SE1, C=GB"
KeyLength = 2048
Exportable = TRUE
The certificate is created under the current user and you need to export it and import to the machine account to access it in IIS.
Import the cert from the provider into your current user. Now you should be able to export it with it's private key and import it into the local machine account where IIS etc can see it.
This is ripped from another blog (thanks rrustean.blogspot.com)
snip
cretate a file called c:\cert.inf with the following content:
[NewRequest]
Subject = "CN=www.mydoain.net, O=MyCompany, OU=IT, L=London, S=SE1, C=GB"
KeyLength = 2048
Now run the following:
certreq -new cert.inf outfile.req
Now just cut and paste the contents of outfile.req into the geotrust QuickSSL Premium Enrollment page and away you go.
snip
But that only goes half way.
To complete things for me loading a certificate into IIS I had to change the cert.inf file..
[NewRequest]
Subject = "CN=www.mydoain.net, O=MyCompany, OU=IT, L=London, S=SE1, C=GB"
KeyLength = 2048
Exportable = TRUE
The certificate is created under the current user and you need to export it and import to the machine account to access it in IIS.
Import the cert from the provider into your current user. Now you should be able to export it with it's private key and import it into the local machine account where IIS etc can see it.
Sunday, 17 November 2013
Windows 8.1 update notes
Just some notes from my experience of Windows 8.1 upgrade.
1. It's slow to install. Like I'm sure it took longer than the initial install of Windows 8!
2. Start button is a have. Just goes to Metro. It's Metro I'm not a fan of, which is odd given I spend most of my time in Gnome 3 and I use metro in the same way. Press windows key and start typing. Metro is just to busy.
3. App problems. I was going to say none but VMWare player had to be repaired as the networking bridging sopped worked. I showed the interface as down and the bridge interface list was empty. After being repaired it was fine..
1. It's slow to install. Like I'm sure it took longer than the initial install of Windows 8!
2. Start button is a have. Just goes to Metro. It's Metro I'm not a fan of, which is odd given I spend most of my time in Gnome 3 and I use metro in the same way. Press windows key and start typing. Metro is just to busy.
3. App problems. I was going to say none but VMWare player had to be repaired as the networking bridging sopped worked. I showed the interface as down and the bridge interface list was empty. After being repaired it was fine..
Tuesday, 10 September 2013
Cisco IOS certificate handling
This is primarily for sslvpn type stuff first off.
I use startssl.com for certs etc. They great, they're free for the common stuff and browsers recognise them. All in all they rock. Thanks startssl.com
Importing the cert so I can use it on the router. Seems simple but there are some gotchas.
StartSSL give you a private key..
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,32C45D65DFE1A50C983B5F75F341764D
yeahrightlikeimgoingtogiveyoumykey
-----END RSA PRIVATE KEY-----
and a public key
-----BEGIN CERTIFICATE-----
MIIGXjCCBUagAwIBAgIDC+X4MA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
...
bZB1pUEw1HLbbuN66szP7jyua2YWbKm+Q2kdi9lOGFado4n1ka3Evc7N6e9gvKrk
ADc=
-----END CERTIFICATE-----
First gotcha all they guides i've seen are old and say
crypto ca import
Most new IOS use instead
crypto pki
Second big gotcha is the IOS doesn't do AES. So see in the private key, 3rd line it has AES we need to convert that.
It's easy if you have a Mac or a Linux box. With windows you need to install openssl.
Save your private key on your Desktop as oldkey.pem, open the terminal and type
openssl rsa -in Desktop\oldkey.pem -out Desktop\newkey.pem -des3
Open the newkey.pem file and your public key and download the CA certificate for your provider. They'll have a link in FAQs etc.
Log into the router, enable etc and go to config t.
To be continued
I use startssl.com for certs etc. They great, they're free for the common stuff and browsers recognise them. All in all they rock. Thanks startssl.com
Importing the cert so I can use it on the router. Seems simple but there are some gotchas.
StartSSL give you a private key..
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,32C45D65DFE1A50C983B5F75F341764D
yeahrightlikeimgoingtogiveyoumykey
-----END RSA PRIVATE KEY-----
and a public key
-----BEGIN CERTIFICATE-----
MIIGXjCCBUagAwIBAgIDC+X4MA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
...
bZB1pUEw1HLbbuN66szP7jyua2YWbKm+Q2kdi9lOGFado4n1ka3Evc7N6e9gvKrk
ADc=
-----END CERTIFICATE-----
First gotcha all they guides i've seen are old and say
crypto ca import
Most new IOS use instead
crypto pki
Second big gotcha is the IOS doesn't do AES. So see in the private key, 3rd line it has AES we need to convert that.
It's easy if you have a Mac or a Linux box. With windows you need to install openssl.
Save your private key on your Desktop as oldkey.pem, open the terminal and type
openssl rsa -in Desktop\oldkey.pem -out Desktop\newkey.pem -des3
Open the newkey.pem file and your public key and download the CA certificate for your provider. They'll have a link in FAQs etc.
Log into the router, enable etc and go to config t.
To be continued
Friday, 21 June 2013
unix utils translation
I've been jumping back and forth between a few OSes lately and I keep typing the wrong thing at the prompts for day to day admin. So I'm putting it here so I don't forget :-)
This is the commands for general update current packages, install new packages etc type stuff
Gentoo Linux:
update: emerge --sync && emerge -DuN --keep-going world
install: emerge --sync && emerge packagename
search: emerge --sync && emerge -s name
or emerge --sync && emerge --searchdesc
FreeBSD (9.1 if it makes a difference)
packages (pre-compiled)
update: freebsd-update --
and for ports (from source)
update: portsnap fetch update && portupgrade -a
install: cd /usr/ports/catagory/package && make WITH_LDAP="YES" install clean
Centos 6.3
update: yum check-update && yum update
install: yum install packagename
search: yum search
More to come..
This is the commands for general update current packages, install new packages etc type stuff
Gentoo Linux:
update: emerge --sync && emerge -DuN --keep-going world
install: emerge --sync && emerge packagename
search: emerge --sync && emerge -s name
or emerge --sync && emerge --searchdesc
FreeBSD (9.1 if it makes a difference)
packages (pre-compiled)
update: freebsd-update --
and for ports (from source)
update: portsnap fetch update && portupgrade -a
install: cd /usr/ports/catagory/package && make WITH_LDAP="YES" install clean
Centos 6.3
update: yum check-update && yum update
install: yum install packagename
search: yum search
More to come..
Control break on an RDP session from a Mac keyboard
Found this by accident. I was trying to do a control break to show ping statistics.
If you do control F13 F14 quickly it does a control break. Control F13 by self didn't but if you keep control down and do F14 as well it shows me the ping stats and carries on as you'd expect. I did get it to work once with just a few control F13s but couldn't confirm that one.
Hope that save some time for someone..
If you do control F13 F14 quickly it does a control break. Control F13 by self didn't but if you keep control down and do F14 as well it shows me the ping stats and carries on as you'd expect. I did get it to work once with just a few control F13s but couldn't confirm that one.
Hope that save some time for someone..
Subscribe to:
Posts (Atom)