tag:blogger.com,1999:blog-8046033590069832892024-02-20T09:35:02.846-08:00My tipsheviskohttp://www.blogger.com/profile/09366910267956762823noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-804603359006983289.post-57959037701913188852015-08-27T18:52:00.001-07:002015-08-27T18:52:27.143-07:00TINC the forgotten VPNOkay, <a href="http://www.tinc-vpn.org/" target="_blank">tinc vpn</a> is NOT the easiest to setup VPN... but it is perhaps the simplest and easiest when it gets to meshing up the network... pun intended ;) BUT lacking in decent examples and documentation<br />
<br />
Quick list of things to remember with tinc and it's installation gotchas (from a non-pfSense perspective, ie. on your Linux server ;)<br />
<br />
<ol>
<li>You <b>NEED</b> to have the "Subnet=" entry for <b>ALL</b> the IPs and networks that needs to get to this_host, in this_host's <span style="font-family: "Courier New",Courier,monospace;"><tinc_vpn_name>/hosts/<this_host> </span>file.</li>
<li>Be aware of the 10.0.0.0/8 examples in the "tinc-up" scripts.</li>
<ul>
<li>Personally I prefer to have a subnet-up to: "<span style="font-family: "Courier New",Courier,monospace;">ip route add $SUBNET dev $INTERFACE metric $WEIGHT</span>"</li>
<li>The idea is to have those vpn IPs and networks getting routed to the correct <tinc_vpn_name>'s <span style="font-family: "Courier New",Courier,monospace;">$INTERFACE</span></li>
</ul>
<li>You DO need a host file describing a node, on the node(s) that will accept connections from that node, else the ConnectTo node won't have a public-key to authenticate your private key.</li>
<ol>
<li>In addition you also need the ConnectTo node's host file with public key on this conect from node. </li>
</ol>
<ul>
<li>This <b>IS</b> different from example OpenVPN, as OpenVPN depends on the certificate being signed by a CA and the server not caring about the client's keys, other than the client's certificate needs to be signed by the CA. Okay, there is a few other certs and keys, but the gist are the CA needs to be trusted and less files the server needs to operate</li>
<li>This is the nature of mesh networks and nodes without CAs involved ;)</li>
</ul>
<li>the simplest tinc module that thus far works is the script + .playbook in the gist of <a href="https://gist.github.com/fclairamb/5340949" target="_blank">fclairamb</a>. However, there are a few "bugs" like the rm host/* -Rf that needs to swap around, the apt-get needs to change to "apt:" lines, the fetch needs to be "dest=hosts/ simple=yes" and my preference of the tinc-up/sudbnet-up/subnet-down as mentioned previous point above.</li>
</ol>
Otherwise, tinc WORKS ;) heviskohttp://www.blogger.com/profile/09366910267956762823noreply@blogger.com0tag:blogger.com,1999:blog-804603359006983289.post-57541005466974048142014-09-26T12:37:00.000-07:002014-09-26T13:00:28.131-07:00I had a lot of these errors in my Solaris 11.2 x86 HP Microserver:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">messages:Sep 26 18:51:56 BlackSun ntpd[783]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM<br />messages:Sep 26 18:58:50 BlackSun ntpd[783]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM<br />messages:Sep 26 19:05:16 BlackSun ntpd[783]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM<br />messages:Sep 26 19:12:51 BlackSun ntpd[783]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM<br />messages:Sep 26 19:37:15 BlackSun ntpd[25363]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM<br />messages:Sep 26 19:39:39 BlackSun ntpd[25363]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM<br />messages:Sep 26 19:40:33 BlackSun ntpd[25363]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM</span><br />
<br />
What I've tried is to add this to /etc/system<br />
<br />
<span style="font-family: "Courier New", Courier, monospace;">set hires_tick = 1</span><br />
<br />
But that didn't fixed it either.<br />
<br />
Then I've disabled C1E & PowerNow in the BIOS settings<br />
<br />
<span style="font-family: inherit;">Hope it helps </span>heviskohttp://www.blogger.com/profile/09366910267956762823noreply@blogger.com0tag:blogger.com,1999:blog-804603359006983289.post-26501543683692873212014-09-26T12:33:00.003-07:002014-09-26T12:33:35.608-07:00Solaris 11 SATA reset<br /><br />cfgadm -x sata_port_activate sata0/1<br /><br />cfgadm -c configure sata0/1<br /><br />fmadm repaired "zfs://pool=c158021804b59dfb/vdev=34042a60a5857bd6/pool_name=BlackZFS/vdev_name=id1,sd@SATA_____ST2000DL003-9VT1____________5YD1ZPED/a"heviskohttp://www.blogger.com/profile/09366910267956762823noreply@blogger.com0tag:blogger.com,1999:blog-804603359006983289.post-27716538913920271892008-05-09T05:44:00.000-07:002008-05-09T05:48:35.880-07:00My MacOkay, this is close to the best thing since.... well ja.. computers???<br /><br />Installed and "used" at present:<br /><br /> Adium<br />Skype<br />Firefox (Will be doing Camino soon)heviskohttp://www.blogger.com/profile/09366910267956762823noreply@blogger.com0