Thursday 27 August 2015

TINC the forgotten VPN

Okay,  tinc vpn is NOT the easiest to setup VPN... but it is perhaps the simplest and easiest when it gets to meshing up the network... pun intended ;) BUT lacking in decent examples and documentation

Quick list of things to remember with tinc and it's installation gotchas (from a non-pfSense perspective, ie. on your Linux server ;)

  1. You NEED to have the "Subnet=" entry for ALL the IPs and networks that needs to get to this_host, in this_host's <tinc_vpn_name>/hosts/<this_host> file.
  2. Be aware of the 10.0.0.0/8 examples in the "tinc-up" scripts.
    • Personally I prefer to have a subnet-up to: "ip route add $SUBNET dev $INTERFACE metric $WEIGHT"
    • The idea is to have those vpn IPs and networks getting routed to the correct <tinc_vpn_name>'s $INTERFACE
  3. You DO need a host file describing a node, on the node(s) that will accept connections from that node, else the ConnectTo node won't have a public-key to authenticate your private key.
    1. In addition you also need the ConnectTo node's host file with public key on this conect from node.
    • This IS different from example OpenVPN, as OpenVPN depends on the certificate being signed by a CA and the server not caring about the client's keys, other than the client's certificate needs to be signed by the CA. Okay, there is a few other certs and keys, but the gist are the CA needs to be trusted and less files the server needs to operate
    • This is the nature of mesh networks and nodes without CAs involved ;)
  4. the simplest tinc module that thus far works is the script + .playbook in the gist of fclairamb. However, there are a few "bugs" like the rm host/* -Rf that needs to swap around, the apt-get needs to change to "apt:" lines, the fetch needs to be "dest=hosts/ simple=yes" and my preference of the tinc-up/sudbnet-up/subnet-down as mentioned previous point above.
Otherwise, tinc WORKS ;)

Friday 26 September 2014

I had a lot of these errors in my Solaris 11.2 x86 HP Microserver:

messages:Sep 26 18:51:56 BlackSun ntpd[783]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
messages:Sep 26 18:58:50 BlackSun ntpd[783]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
messages:Sep 26 19:05:16 BlackSun ntpd[783]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
messages:Sep 26 19:12:51 BlackSun ntpd[783]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
messages:Sep 26 19:37:15 BlackSun ntpd[25363]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
messages:Sep 26 19:39:39 BlackSun ntpd[25363]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM
messages:Sep 26 19:40:33 BlackSun ntpd[25363]: [ID 702911 daemon.notice] frequency error -512 PPM exceeds tolerance 500 PPM


What I've tried is to add this to /etc/system

set hires_tick = 1

But that didn't fixed it either.

Then I've disabled C1E & PowerNow in the BIOS settings

Hope it helps

Solaris 11 SATA reset



cfgadm -x sata_port_activate sata0/1

cfgadm -c configure sata0/1

fmadm repaired "zfs://pool=c158021804b59dfb/vdev=34042a60a5857bd6/pool_name=BlackZFS/vdev_name=id1,sd@SATA_____ST2000DL003-9VT1____________5YD1ZPED/a"

Friday 9 May 2008

My Mac

Okay, this is close to the best thing since.... well ja.. computers???

Installed and "used" at present:

Adium
Skype
Firefox (Will be doing Camino soon)