Best posts made by Romo

Before the update, we ran Furmark for 30 minutes to stress test the gpu and try to trigger the error but the gpu ran perfectly without a single error.

Trying to setup an L2TP VPN on a EdgeRouter Lite v 1.10.6. been following this guide https://help.ubnt.com/hc/en-us/articles/204950294-EdgeMAX-servidor-L2TP. For extra information, the same router has also an IPsec site to site VPN working properly.

I have even rebuilt the config a couple of times but still nothing.

sudo swanctl --log  

Is not showing anything at all.

The only thing I get is this:

sudo tcpdump -npi eth0 port 500 or port 4500 or port 1701

20:34:08.407450 IP XXX.XXX.XXX.31.500 > XXX.XXX.XXX.33.500: isakmp: phase 1 I ident
20:34:11.407450 IP XXX.XXX.XXX.31.500 > XXX.XXX.XXX.33.500: isakmp: phase 1 I ident
20:34:14.407450 IP XXX.XXX.XXX.31.500 > XXX.XXX.XXX.33.500: isakmp: phase 1 I ident
20:34:17.407450 IP XXX.XXX.XXX.31.500 > XXX.XXX.XXX.33.500: isakmp: phase 1 I ident

That is all I get on the server side and the client throws an error. I have tried connecting from an iPhone as well as different Windows 10 machines.

Statistics for the firewall rules which show 0 packets

rule  packets     bytes       action  description
----  -------     -----       ------  -----------
10    5373        747906      ACCEPT  Allow established/related
20    215         14863       DROP    Drop invalid state
23    <disabled>  <disabled>  ACCEPT  Allow iCMP
24    0           0           ACCEPT  Allow IKE for VPN
25    0           0           ACCEPT  Allow L2TP for VPN
26    0           0           ACCEPT  Allow ESP for VPN
27    0           0           ACCEPT  Allow NAT-T for VPN
10000 44          1584        DROP    DEFAULT ACTION

Any other thing I can do to troubleshoot this?

This is the full vpn config if it helps:

ipsec {
     auto-firewall-nat-exclude enable
     esp-group FOO0 {
         compression disable
         lifetime 3600
         mode tunnel
         pfs enable
         proposal 1 {
             encryption aes256
             hash sha1
         }
     }
     ike-group FOO0 {
         ikev2-reauth no
         key-exchange ikev1
         lifetime 28800
         proposal 1 {
             dh-group 14
             encryption aes256
             hash sha1
         }
     }
     nat-traversal enable
     site-to-site {
         peer XXX.XXX.XXX.84 {
             authentication {
                 mode pre-shared-secret
                 pre-shared-secret  %SECRET%
             }
             connection-type initiate
             description "REMOTE"
             ike-group FOO0
             ikev2-reauth inherit
             local-address XXX.XXX.XXX.33
             tunnel 1 {
                 allow-nat-networks disable
                 allow-public-networks disable
                 esp-group FOO0
                 local {
                     prefix 192.168.5.0/24
                 }
                 remote {
                     prefix 192.168.6.0/24
                 }
             }
             tunnel 2 {
                 allow-nat-networks disable
                 allow-public-networks disable
                 esp-group FOO0
                 local {
                     prefix 192.168.4.0/24
                 }
                 remote {
                     prefix 192.168.6.0/24
                 }
             }
         }
     }
 }
 l2tp {
     remote-access {
         authentication {
             local-users {
                 username romo {
                     password TestPass#2018
                 }
             }
             mode local
         }
         client-ip-pool {
             start 192.168.4.10
             stop 192.168.4.30
         }
         dns-servers {
             server-1 192.168.5.3
         }
         idle 1800
         ipsec-settings {
             authentication {
                 mode pre-shared-secret
                 pre-shared-secret ANOTHER-SECRET-4
             }
             ike-lifetime 3600
             lifetime 3600
         }
         mtu 1400
         outside-address XXX.XXX.XXX.33
     }
 }

@biggen Can you post your full smb.conf file

Users have been reporting that when trying to open up emails from public folders from Outlook Web, they keep getting the following error:

They can see the email subject but the contents of the emails is not available.

Any idea what could be causing this or if it is some sort of Office 365 error.

Just got the reply from an Level 2 Escalation Engineer:

This is an known issue with office 365. Our escalation team is working on this issue.
As of now we don’t have any ETA when the issue will resolved.
Once we receive any update from the escalation team I will let you know the same.

So same thing, they are still working on the issue.

A couple of questions for people more experienced on the subject, this will be to deploy standard Windows 10 Pro images without using MDT.

• What would you consider to be best practices when using WDS to deploy standard Images?

• Pros and cons between pre-staging machines vs not doing so?

• When is it a good idea to setup a multicast ip scope?

Any other knowledge or experiences you wish to contribute, would be appreciated .

@IRJ Try this:

qemu-img.exe convert source.qcow2 -O vpc -o subformat=fixed dest.vhd

Great Job @EddieJennings !!, Really liked the flow and tempo of the video

Had a working remote access vpn setup on an edge router lite, but this weekend we changed our main ISP from Comcast to ATT. The only change made to the working config was the outside-address setting which now points to the new ATT ip everything else is exactly the same.

Today users where reporting that the VPN was really slow, windows shares wouldn't open for them and web browsing was also not working. When I remoted into one of the machines, it was indeed barely working when connected to the vpn, the remote session was having lots of trouble being open.

I set up the vpn on a test vm and starting pinging the file share:

Ping

Ping statistics for 10.10.10.1:
    Packets: Sent = 195, Received = 109, Lost = 86 (44% loss),
Approximate round trip times in milli-seconds:
    Minimum = 87ms, Maximum = 238ms, Average = 103ms

Tracert

Tracing route to 10.10.10.1
over a maximum of 30 hops:

  1     *       98 ms   102 ms  10.255.255.0
  2    96 ms     *        *     10.10.10.1
  3    93 ms    96 ms     *     10.10.10.1
  4     *        *      106 ms  10.10.10.1

Any idea what could be causing this issue? Also seems strange the tracert reaches the server 3 times for some reason.

Could this be the provider? this only started after the change to ATT, with comcast everything was working properly.

They would be expecting a POST request with the login details in the message body.

There really shouldn't be a way to login to those sites via a GET request, login parameters in the URL is not good really.

So we have been experiencing a lot of Chrome freeze ups on an Windows 2016 RDS server and don't seem to figure out what is the cause of this. The freezes stop for a while after a server reboot, but after around week they start happening for the users again.

Along with chrome freezing up, the explorer.exe process also freezes from time to time also causing the need to restart the process in order for the users to keep working for a while.

Chrome has been reinstalled as well.

Any idea on this sort of issue?

So this started happening on monday, after having the phone working previously without issues no network changes made on the users lan according to them.

The usual registration process should look like this:

1. Phone sends REGISTER without Authorization header or with a stale one.
2. PBX sends 401 Unauthorized with a nonce.
3. Phone sends REGISTER with an Authorization header containing a hash calculated with above nonce.
4. PBX sends 200 OK.

Yet I am only seeing:

The responses from the phone seem to be normal except one thing:

CSeq: 1 REGISTER

The CSeq value on a working registration is incremental but on this extension every single response is marked as being #1.

Logs only show as the Challenge being sent but apparently no proper response received so the phone won't register.

[2019-09-11 10:31:10] SECURITY[7707] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="2019-09-11T10:31:10.066-0400",Severity="Informational",Service="PJSIP",EventVersion="1",AccountID="241",SessionID="[email protected]",LocalAddress="IPV4/UDP/XXX.XXX.XXX.123/5060",RemoteAddress="IPV4/UDP/XXX.XXX.XXX.241/5060",Challenge=""

Phone is currently on firmware- Yealink SIP-T42S 66.83.0.30 updated yesterday without luck on fixing the issue.

Any further ideas on how to troubleshoot this? @scottalanmiller @JaredBusch

We have a client that owns a HP LaserJet Pro MFP M428fdn, even though driver settings are set to not do double sided printing it still keeps trying to do so. Duplex setting in the printers control panel has duplex disabled by default as well not sure why this is happening.

Has anyone experienced something like this and know wtf could be happening with this printer?

We have a client with an Edge Router Lite FW version 2.0.8 which is having issues with the L2TP VPN. Clients can properly connect to the VPN and get an IP but after the first few seconds of being connected access to the file servers start getting timeouts, web browsing basically either doesn't work or slows so much it's really not usable. A router reboot fixes whatever is causing the issue for some days, but I would really like to figure out how to resolve this without doing a reboot.

I have restarted the vpn services but that doesn't seem to fix the issue.

I can't seem to find anything outside of the ordinary in the logs that would help. Only thing weird is this when the vpn is having the issues ksoftirqd/0 and 1 start using most of the CPU:

Any ideas?
@scottalanmiller

You can also check http://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2UserGuide-0.2.6.pdf page 30, It explains what is required to use nginx as a reverse proxy.

Skyetell sends an 11 digit number so basically your number with a 1 added by default unless you change it to send only 10 digits your inbound route is missing a one.

14029733266

I am on Kubuntu 20.04, hadn't use plasma in a loooong time and I am really liking it currently.

EDIT:
Adding the Auto Image Url entry to the model.cfg file actually made the autoprovisioning able to be able to download the new firmware and install it directly from the server without any other intervention.
F0V0X5U00000.cfg contents for the test.

<<VOIP CONFIG FILE>>Version:2.0000000000

<AUTOUPDATE CONFIG MODULE>
Auto Image Url     :https://URL/x5u-6906-P0.18.23.21-2.2.10-3421T2020-09-27-16.44.21.z


<<END OF FILE>>

END EDIT

In order to get the phone to see there is a new firmware in the server for autoprovisioning, a specific txt file must be added as this is the file where the phone gets the actual firmware details. In this case the x5u was looking for a file named fanvil_x5u_hwv1_0.txt.

Syntax for the file should be the following:

Version=2.2.10 #Firmware version you are making available
Firmware=x5u-6906-P0.18.23.21-2.2.10-3421T2020-09-27-16.44.21.z #Path to the firmware file
BuildTime=2020.09.27 16:44 # Just got this from within the firmware file name
Info=TXT

Once the phones reads this txt file, it is able to see the new firmware upgrade.

Upgrade pop up is shown in the phone screen (if popups are enabled which is the default) or it can be triggered from the admin web gui by clicking the Upgrade button.

I am not liking that I can't seem to actually trigger the upgrade without user intervention/web gui access. There is an enable autoupgrade option with an update interval but in the initial tests it just shows the upgrade option but doesn't auto-upgrade actually.

So having an issue with only one Office365 account having extreme Outlook on the Web slowness when loading emails. Sometimes clicking an email works as usual, but other times its can take more than a couple of minutes to load. Account has been tested on different computers and different locations according to the user and she reports the same issue. She has tested other outlook accounts in the machines and they are working without trouble.

I am trying to get remote access to her and check for myself, as I have only seen short clips of the time it takes to load an email. Account is using 16% of her 99GB box so the amount of emails shouldn't be the issue.

Anybody experienced something similar?

You can also check out Photoprism, haven't actually used it but seems interesting.

Community Version docs - https://docs.photoprism.org/
Github repo - https://github.com/photoprism/photoprism/