Best posts made by dafyre

As promised... I still think it's corny, but oh well, I had fun, ha ha!

'twas the night before Christmas and all through the house
the AC was running 'cause we live in the South.

The stockings were hung by the windows with care.
Hope Santa don't find them, they need some fresh air.

The children were plastered with sweat to their beds
While visions of cold lakes danced in their heads.

And Mama in her bikini and I in my speedo
We settled out brains while watching Jay Leno.

When out in the kitchen there arose such a clatter.
I sprang from the bed to see what was the matter.

Away to the fridge I flew like a flash.
Tore open the freezer and saw more ice crash.

The moon on the deck all covered with straw.
I saw three deer and heard a crow's caw.

When what to my wondering eyes should appear
A gigantic sleigh pulled by 4 John Deere.

With a heavy old driver a thunder and crack.
I smacked my forehead, I knew it was Jack.

Louder and Louder his tractors they came
He cursed and he shouted and hollered the same.

"Aww come on you pieces of trash. Go! I'm fixen
to tear you a new one and take you to Dixon!"

To the top of the dell to the top of the hill!
Roll away, roll away, watch out for Jill!"

As dry clay before the wind blows,
I saw them take flight, to where God only knows.

So past the tree tops and hillside they flew,
There went the sleigh and even Jack too.

And then in a moment I heard a loud jingle.
On top of my house stood old Kris Kringle.

Down the chimney he flew with a crash,
He covered the room and kitchen with ash.

A bundle of what-nots and things on his back.
He opened his sack, even that was black.

His bald head did shine and sparkle by light.
His face was all red from the suntan he had.
He laughed and laughed, I thought he was mad.

His mouth drew up to curl with a smile.
I wondered if he might stop and stay for a while

I offered him a smoke from grampa's old pipe.
The tobacco, it burned, but boy was it ripe.

He had a broad face and a fat big ol' belly.
It jiggled and wiggled like marmalade jelly.

I laughed when I saw him in spite of myself.

A shake of his nose and a jerk of his thumb
Told me I could go back to bed and play dumb.

He went straight to work with a clothes pin attached.
He filled the old stockings with all kinds of snacks.

He bowed ever so slightly and gave up a nod.
In a poof he vanished leaving only fresh sod.

I heard him shout out, "My God it is hot!"
Then he bellowed and cried:
"Merry Christmas All Y'all and to all a Good night!"

ZeroTier Site-To-Site Setup

ASSUMPTIONS:

• Site A is on 192.168.10.0/24
• Site B is on 192.168.122.0/24
• Site A's VM is 192.168.10.2 for the Local Network
• Site A's VM is 10.0.0.107 on the ZT Network
• Site B is 192.168.122.1 on the Local Network
• Site B is 10.0.0.129 on the ZT Network.

Step 1: Build a Private Network on https://my.zerotier.com

Step 2: Spin up a Linux VM at each site. Connect and authorize them to the ZT Network and note their IP address. For instance:

Some folks have reported SIGNIFICANT performance improvement when using 2 cores / 2 vcpus for the Linux VMs.

Step 2B. Enable IP_Forward:

Follow your distribution's instructions to enable ip_forward and make it a permanent change... On most distros, this should work:

sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

You can then sysctl -p /etc/sysctl.conf to reload the configuration or reboot.

sysctl net.ipv4.ip_forward should return

net.ipv4.ip_forward = 1

if everything is going to work correctly.

Step 3: From either of the Linux VMs, ensure that they can ping one another on the ZT Subnet.

Step 4: Set up the Routes inside on https://my.zerotier.com

*Once you set up the routes in ZeroTier Central, you do not have to manually add them to your Linux VMs.

Step 5: Set up the Site Routes at the Routers for Site A and Site B

SITE A Main Router:

You'll notice for the router at Site A that I am using the INTERNAL network address of my Linux VM.

SITE A Linux Router VM:

root@deb-ztrouter /root # ip route
default via 192.168.10.1 dev eth0 onlink
10.0.0.0/24 dev zt1  proto kernel  scope link  src 10.0.0.107
192.168.10.0/24 dev eth0 proto kernel  scope link  src 192.168.10.2
192.168.20.0/24 via 10.0.0.116 dev zt1
192.168.122.0/24 via 10.0.0.129 dev zt1

SITE B, KVM Server, no need for separate VM:

root@france:/root# ip route
default via <my public ip> dev eth0 onlink
10.0.0.0/24 dev zt1 scope link  #ZT Subnet
192.168.10.0/24 via 10.0.0.107 dev zt1 #SiteA, 10.0.0.107 is the ZT IP for the Linux VM at Site A
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1  #This server is Site B

**This was done on systems that do not have UFW or firewall-cmd enabled. You may have to set them up to allow traffic between your sites.

Okay... I think that's it. Mine is working.

If you have any questions or comments, ask away!

https://media.giphy.com/media/3o6Ztb7XLKUxB7b2SI/giphy.gif

Samsung phones on their way back to the factory.

I was actually paying a little attention. I got the Dev 3 plan that's listed as $140 on the Web Site. I paid through Paypal and was only charged $70.

So it's all good. 8-)

Somewhere in another thread, somebody asked for a song about Mangolassi... So here it is. To the Tune of Beverly Hillbillies...

Now this is the story about N-T-G.
They made a forum; called it Mangolassi.
Then one day @scottalanmiller was looking for some food
@Minion-Queen showed up with a bubbling crude.
Mangos, that is.  Fruit drink, with alcohol.

Then @art_of_shred took a drink and said "Wheeeeeeee"
then they found him in the neighbor's tree.
Pecans or cherry?  I really can't see.
Then @scottalanmiller  said save some for me.

@bnrstnr said in What Are You Doing Right Now:

The VP of our company had his email hacked over the weekend. 4000+ spam emails sent from his account and a return email for each one stating that Microsoft couldn't deliver because it was flagged as spam.

I don't even know where to start with this because I know he kept plain text passwords in emails to himself. It's looking like they just hacked it to spam people, but who really knows? It appears that they had access for about a week and launched the spamming Saturday morning.

He had over 13,000 things in his deleted folder, too... I'm thinking he was using that as an archive.

He needs to wear this shirt for two weeks:

@Minion-Queen said in MangoCon 2017:

@Tracy_Burton said in MangoCon 2017:

@Minion-Queen
Sorry...When I see something posted, I assume its not still in progress.

As you should @scottalanmiller is the issue here

Pro Tip: If you want to keep a secret, don't tell @scottalanmiller .

@wirestyle22 said in Handling Downvotes:

@scottalanmiller said in Handling Downvotes:

@dbeato said in Handling Downvotes:

Imaging this on SW lol

I'm imagining a big ball of flames crashing from the sky in NJ.

Take the wheel jesus

I recently discovered a VPN-like service called ZeroTier (http://www.zerotier.com) that works similar to Hamachi or maybe Pertino (never used Pertino though!). Basically, it builds out a network within the internet... Each client would get an IP address in the IP space you specify (Private IPs, a la 192.168 or 172.16, et al). And each device in that network will be able to communicate with other devices that are connected and authorized.

The Technical FAQ on their site (https://www.zerotier.com/tech_faq.shtml) does a better job of explaining the way the nodes communicate than I can off the top of my head. The way the connection setups and everything works kinda reminds me of a P2P type application.

If you create an account on their web site and use their Controllers, the setup is quick and easy; their system provides networks that are free for up to 10 devices. You can also pay them a monthly fee of $4 per month per Network of more than 10 devices. There are currently clients for Windows (7 and up, including Server Editions), Mac, and Linux. It should also work on BSD based OSes as well, but you will have to compile it yourself. An Android version is in the works, but I am not sure about iDevices.

The software itself is open source, and you can build your own controller and create networks as large or small as you want. However, they do not offer a GUI by which to do this yet for self-hosted controllers, so you are left using the REST API for configuring the networks.

As an example, my current network runs on a hosted Linux VM as the controller, and it has my laptop, my office machine, and two other VMs connected to it. Each machine has an IP address of 192.168.y.z/24 The underlying OS sees those as actual network interfaces... IE: on my linux controller, it is listed as ztX, and in Windows, it shows up as another ethernet devie in Network & Sharing Center; I don't have a Mac to test on at the moment. You can also specify which subnet you want to use for your ZT Network, as long as it is not a publicly routable network, you should be fine.

They do have a gateway capability built in, but I have not tested it yet. It appears that you can have one of your client VMs provide access to the subnet behind it (equivalent of site to site VPN).

You can configure a network to be public or private. With the public, as the name suggests, no authorization is required and anybody that joins up will be granted an IP address. In a private network, each device that joins has to be manually authorized before it is issued an IP address on the network.

Using my own controller at the moment, things seem rather snappy. I get an average 45 - 50 ms ping time between one node and another. (I get a similar ping time using the public IP addresses between the two networks). I Copied a 2 megabyte file from SystemA to SystemB in ~3 seconds (would have been faster...but Windows...).

I did have to write my own PHP scripts for creating networks, deleting neteworks and authorizing devices (Not sure how to handle JSON in BASH / Shell scripting).

So far, it looks to be a secure VPN package with some nice level of controls. They are laying the groundwork for allowing rules (ACLs, if you will) so you can specify which devices can communicate to where, and in a true security first setup, unless you have a specific accept (allow) rule, the traffic is dropped.

The following screenshot is the admin dashboard on their site. Everything should be self explantory, but if you don't know what a setting is for ,the help menu along the right hand side provides a good enough bit of information to help.

Edit: Posted the dashboard screenshot, and fixed a few typos.

Update 8/31/2015 I got the Bridging feature that will let a ZeroTier Client become a bridge for the network that it sits in front of working. This effectively provides site-to-site or client-to-site VPN funcitonality. This feature has to be enabled for the devices using the server-side CLI if you are using your own controller.

IE: My home Network has a ZeroTier IP of 192.168.251.250, and my internal IP addresses are 192.168.10.1-254... So on my client, I add a route to 192.168.10.0/24 via my client's ZeroTier IP address... On my Linksys at home, I add a route for 192.168.251.0 via 192.168.10.10 (the LAN IP address of the ZeroTier client inside of my home network).

Hi all! I'm Brant Wells from Georgia way down south. I am currently working as an IT Minion for a college.

So... I figured out how to get ZeroTier working as an Ethernet bridge thanks to some help from @adam-ierymenko and the initial guide that another user posted at :
https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux

I did this using Ubuntu 15.10.

Install Ubuntu however you wish. I'd recommend at least 1gb of RAM and 16GB of hard drive space (My current install has 1gb of ram and 32gb of hard drive space).

You only need one interface actually connected to the physical network for both Management and the bridged traffic.

After you have created your VM, before powering it on, you should take care that your Hypervisor will allow Mac Spoofing.
In VMware, this is called Forged Transmits, and is done at a vSwitch level from what I understand. ( A little info is located here: https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.networking.doc%2FGUID-74E2059A-CC5E-4B06-81B5-3881C80E46CE.html)

In Hyper-V this is fixed on a per VM basis using the following powershell commands all typed on one line. Just replace MYVMNAME and MY_HYPERV_SWITCH with the values that are used from your own setup.

get-vmnetworkadapter -VMName MYVMNAME|where {$_.SwitchName -eq "MY_HYPERV_SWITCH"}|
set-vmnetworkadapter -MacAddressSpoofing on

In VMware
While Ubuntu is installing, create an account or log in to https://my.zerotier.com and create your network (or use your existing one). Things you need to make sure of:

1. Your ZeroTier IP range is set to be part of your Network Subnet. IE: If your subnet is 192.168.10.0/23, you should make sure that ZeroTier is configured to be in the same range... For instance, my home network is configured as 192.168.10.0/23. ZeroTier is configured:

Note: The IP Autoassign settings are outside of the DHCP Scope of my DHCP server. IE: My DHCP server at home is set to hand out IPs between 192.168.10.100 and 192.168.10.150. Note here my Autoassign settings are 192.168.11.100 to 192.168.11.200.

Note 2: This would theoretically work, even if you are on a /24 network, as long as the ZT autoassign settings are outside the scope of your LAN's DHCP server. I have not tested this.

2. The device that you want to be designated as the bridge is marked as both Allowed AND bridge in the ZT interface...
   

After you have installed Ubuntu, execute the following commands, which updates the package list, and ensures that the bridge-utils are installed. It also downloads and installs the ZeroTier binaries. Check the website: https://www.zerotier.com/product-one.shtml for the latest version.

All commands should be executed as root

apt-get update
apt-get install bridge-utils

wget https://download.zerotier.com/dist/zerotier-one_1.1.4_amd64.deb

dpkg -i zerotier-one_1.1.4_amd64.deb

After ZeroTier is installed, you need to start it:

service zerotier-one start

Then you need to get the Client ID for making sure you select the right one as the bridge.

zerotier-cli info

It will output something similar to :

200 info ee88c712ab ONLINE 1.1.4

The third item is your client's ID.

Next up, you will need to join the client to your ZeroTier network via:

zerotier-cli join your_network_id

You should see the Network ID in the top left corner of your screen after you click on your Network on the ZT Web Portal.

If you read through the guide at the site I posted above, he shows a network configuration guide using /etc/interfaces, which is the proper way to set it up. I went about it a different way by using a script that starts when the VM is rebooted, and waits for 30 seconds to ensure network connectivity...

Place the script in /usr/local/bin
Adjust the BRIDGE_IP and GATEWAY_IP, and SLEEP_TIMER to the correct values.
The script removes ALL IP addresses and routes related to eth0, br0, and zt0, and then sets them according to the parameters you set up.

#!/bin/bash
LAN_INT="eth0" #Internal LAN Interface
BR_INT="br0"  #Bridge Interface
ZT_INT="zt0" #ZeroTier Interface

BRIDGE_IP="192.168.10.100/23"
GATEWAY_IP="192.168.10.1"

SLEEP_TIMER="30s"
RUN_TIME=`date`
#Delay Timer to give the system a chance to finish booting
sleep $SLEEP_TIMER

echo $RUN_TIME > /var/log/bridge.log

#Disable Interfaces, Remove IP addresses
echo "Disabling Interface" >> /var/log/bridge.log
/sbin/ifconfig $LAN_INT down >> /var/log/bridge.log
/sbin/ifconfig $ZT_INT down >> /var/log/bridge.log
/sbin/ip addr flush dev $LAN_INT >> /var/log/bridge.log
/sbin/ip addr flush dev $ZT_INT >> /var/log/bridge.log

echo "Setting up Bridging..." >> /var/log/bridge.log

/sbin/brctl addbr $BR_INT >> /var/log/bridge.log
/sbin/brctl addif $BR_INT $ZT_INT $LAN_INT >> /var/log/bridge.log

/sbin/ifconfig $LAN_INT promisc up >> /var/log/bridge.log
/sbin/ifconfig $ZT_INT promisc up >> /var/log/bridge.log
/sbin/ifconfig $BR_INT up >> /var/log/bridge.log

/sbin/ip addr add $BRIDGE_IP dev br0 >> /var/log/bridge.log
/sbin/route add default gateway $GATEWAY_IP
echo "Finished!" >> /var/log/bridge.log

I have the script configured to run at reboot via crontab -e

# m h  dom mon dow   command
@reboot sh /usr/local/bin/bridge-start

A few quick ping tests should reveal that your bridge can communicate on your LAN, as well as your ZT Network.

From your ZT Network, ping towards a LAN IP address, and everything should work.

It should be noted that if you are actually changing an existing ZeroTier network to make this work, all of the linux clients need to be stopped, and then started. Not restarted (the IP address doesn't change if you do service zerotier-one restart). Windows systems can restart the ZeroTier service from the services.msc file.

If you have any issues or find any typos or recommend a better format, feel free to leave a comment below!

Man, what a week!

So I got my implant turned on on Tuesday... Then Spent Wed - Friday morning at a conference. Let me just say: I can hear! \o/

Everything is amplified over what I used to hear by like 1000. I can now hear people calling my name when they are behind me. I can take more part in discussions on stuff, and I can simply function better without having someone at my side all the time.

What is really cool is the fact that I can hear music and pick out the instruments again (so far, it was just a rock band, but I could hear the bass guitar and the electric guitar... Always been able to hear the drums)... It has been a super exciting week for me to get this thing figured out... I just got shoved into the deep end of the pool, lol.

Will take me a while to get caught up on all the posts I missed this week.

@fuznutz04 said in KVM on Fedora 26 Server edition:

Oh yeah, that is super annoying. Anytime i want to do anything, I am prompted for a password about 8 times.

You can set up key based authentication and that problem goes away...

ssh-copy-id user@kvmserver

will stop it from asking for your password every time. You just have to put your user into the livbirt group on the KVM server.

My April Fool's Joke for tomorrow...

Apparently, Microsoft has released an HTML5 web client for RDS

https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin

Most notable requirements are that the RDS Systems (Gateway, Broker and Remote Desktop / RemoteApp servers need to be running Server 2016. The Clients can be 2007 SP1/Server 2008 R2 and up.)

TL;DR: Turn a Linux device into a wireless router the easy way: https://github.com/oblique/create_ap

Ran into some cash flow issues at home this month and I don't have a shiney new UAP yet... My backup router has also bombed out. I had an old netbook siting around doing nothing that I just installed ElementaryOS (Ubuntu based) on... so I checked a quick couple of ways to turn a linux device into a wireless router.

hostapd fit the bill quite nicely. I tried configuring it by hand, but wasn't able to get it to cooperate with me. I did a few more googles and found:

https://github.com/oblique/create_ap

This sets up everything for you, assuming you have a wireless card that supports being an AP. To find out, you can....

iw list

and in the resulting output, you should see something similar to...

 Available Antennas: TX 0x1 RX 0x1
        Configured Antennas: TX 0x1 RX 0x1
        Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN

The key here is the AP line. If you see that, you should be in good shape.

The Github link (https://github.com/oblique/create_ap) has some good examples if you just need it as a one off.

If you want to make a more permanent set up, edit /etc/create_ap.conf and check the Github link for the systemd commands.

This sure helped me out, and I hope it helps somebody else out too.

Edit: I should mention that I have a Pihole handling my DNS and DHCP. If you need those services you can install dnsmasq.

Edit 2: I happened to notice after a more thorough review of my home network this morning that it does configure dnsmasq for DNS & DHCP on its own.

@scottalanmiller said in Random Thread - Anything Goes:

Seems to me there's a potential for a larger savings than $600 in that picture.

@quixoticgerber said in What Are You Doing Right Now:

@jaredbusch I do believe we're splitting hairs now, so forgive me for my "inadequate" terminology use. I will proceed to COPY my files to my USB sticks so as not to lose them when I basically annihilate my computer.

Don't feel bad... @JaredBusch only acts like a big grump when he cares.

@jt1001001 said in What Are You Doing Right Now:

I HATE them in the morning
and in the afternoon
I HATE them in the evening...

Do you hate them in a house?

Do you hate them with a mouse?

Don't you hate them in the rain?

I can't stand printers, oh, what a pain!