web-archive-net.com » NET » M » MAJORNETWORK.NET

Total: 263

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • SoftEther – Majornetwork
    documentation in the site but somehow I felt the material was hard to absorb In this post I describe the reference implementation I managed to complete with SoftEther Read Post Search for Markku Leiniö Senior Network Architect Senior Technology Consultant and CCIE 26438 Routing Switching in Finland Majornetwork on Twitter Markku Leiniö on Google Your IPv4 IPv6 Status You are using IPv4 address 81 198 240 36 Recent Posts majornetwork net Is Now TLS Enabled IPsec VPN Tunnel between F5 BIG IP and Juniper SRX SoftEther VPN with a VPN Address Pool Juniper SRX IPsec LAN to LAN VPN Part 2 Juniper SRX IPsec LAN to LAN VPN Part 1 Tags 15 0SY 15 1SY ba bridge assurance cat6500 catalyst 6500 cisco cli cmp console cygwin dual homed esxi fabric extender fabricpath fast hello fex hypervisor ios ipsec ipv6 issu juniper junos lacp linux nexus 5000 nexus 5500 nexus 7000 nx os private vlan pvlan qsfp srx srx100 sup2t sup32 sup720 switch profile sxi sxj vmware vpc vpn vsphere Archives October 2015 July 2015 May 2015 February 2015 January 2015 December 2014 November 2014 August 2014 June 2014 May 2014 September 2013 August 2013 July 2013 June 2013 April 2013

    Original URL path: https://majornetwork.net/tag/softether/ (2016-04-25)
    Open archived version from archive


  • SoftEther VPN with a VPN Address Pool – Majornetwork
    Edit the static routing table to push button is 10 1 0 0 255 255 0 0 10 1 32 1 Again this is the route that will be pushed to the VPN users computers so that the correct traffic can be tunneled to VPN The VPN hub is not locally bridged to any of the NICs That s why I have the dotted line in the diagram above The bridging is not needed because the incoming users will be mapped to the VPN hub in the L2TP configuration The Virtual Layer 3 Switch Ok now we have the two Virtual Hubs but we need to get them talking to each other somehow So there comes the Virtual Layer 3 Switch I create one with name Router and then I create two Virtual Interfaces for it Virtual Hub VPN IP address 10 1 32 1 Subnet Mask 255 255 255 0 Virtual Hub LAN IP address 10 1 1 5 Subnet Mask 255 255 255 240 The VPN hub interface 10 1 32 1 will be the gateway address for the VPN users tunneled routes It was used as the gateway for the pushed route in the SecureNAT configuration above The LAN hub interface IP address 10 1 1 5 is not the IP address of the Debian server This is the address where the VPN pool 10 1 32 0 24 will be routed in the firewall Additionally I configure the default route in Router pointing to the inside network Network Address 0 0 0 0 Subnet Mask 0 0 0 0 Gateway Address 10 1 1 1 Metric Value 1 This route is only used for the traffic that comes from the VPN users to the VPN server It is also possible to just add the 10 1 0 0 16 route instead of the default route if you don t plan allowing tunneled Internet access for the VPN users Just add all the inside routes instead of the default route Note that the Debian server s default route still points to the public Internet RADIUS Configurations In the VPN hub you can configure RADIUS authentication against your RADIUS server with these configurations Create a user with User Name of just the star it is a wildcard meaning all users Set the Auth Type in the user properties to RADIUS Authentication Then go to Authentication Server Settings and input your RADIUS server information IP address port shared secret I m not going through here how to configure the RADIUS server side see your appropriate documentation or contact the admin But there is a catch in order to reach the RADIUS server you need to have appropriate inside routing in the VPN server OS Provided that the RADIUS server is reachable via the inside NIC of the server you need to have a static route pointing to the inside In Debian I set the route commands in etc network interfaces the inside NIC iface eth1 inet static address 10

    Original URL path: https://majornetwork.net/2015/05/softether-vpn-with-a-vpn-address-pool/?replytocom=2989 (2016-04-25)
    Open archived version from archive

  • SoftEther VPN with a VPN Address Pool – Majornetwork
    the static routing table to push button is 10 1 0 0 255 255 0 0 10 1 32 1 Again this is the route that will be pushed to the VPN users computers so that the correct traffic can be tunneled to VPN The VPN hub is not locally bridged to any of the NICs That s why I have the dotted line in the diagram above The bridging is not needed because the incoming users will be mapped to the VPN hub in the L2TP configuration The Virtual Layer 3 Switch Ok now we have the two Virtual Hubs but we need to get them talking to each other somehow So there comes the Virtual Layer 3 Switch I create one with name Router and then I create two Virtual Interfaces for it Virtual Hub VPN IP address 10 1 32 1 Subnet Mask 255 255 255 0 Virtual Hub LAN IP address 10 1 1 5 Subnet Mask 255 255 255 240 The VPN hub interface 10 1 32 1 will be the gateway address for the VPN users tunneled routes It was used as the gateway for the pushed route in the SecureNAT configuration above The LAN hub interface IP address 10 1 1 5 is not the IP address of the Debian server This is the address where the VPN pool 10 1 32 0 24 will be routed in the firewall Additionally I configure the default route in Router pointing to the inside network Network Address 0 0 0 0 Subnet Mask 0 0 0 0 Gateway Address 10 1 1 1 Metric Value 1 This route is only used for the traffic that comes from the VPN users to the VPN server It is also possible to just add the 10 1 0 0 16 route instead of the default route if you don t plan allowing tunneled Internet access for the VPN users Just add all the inside routes instead of the default route Note that the Debian server s default route still points to the public Internet RADIUS Configurations In the VPN hub you can configure RADIUS authentication against your RADIUS server with these configurations Create a user with User Name of just the star it is a wildcard meaning all users Set the Auth Type in the user properties to RADIUS Authentication Then go to Authentication Server Settings and input your RADIUS server information IP address port shared secret I m not going through here how to configure the RADIUS server side see your appropriate documentation or contact the admin But there is a catch in order to reach the RADIUS server you need to have appropriate inside routing in the VPN server OS Provided that the RADIUS server is reachable via the inside NIC of the server you need to have a static route pointing to the inside In Debian I set the route commands in etc network interfaces the inside NIC iface eth1 inet static address 10 1

    Original URL path: https://majornetwork.net/2015/05/softether-vpn-with-a-vpn-address-pool/?replytocom=2992 (2016-04-25)
    Open archived version from archive

  • SoftEther VPN with a VPN Address Pool – Majornetwork
    Edit the static routing table to push button is 10 1 0 0 255 255 0 0 10 1 32 1 Again this is the route that will be pushed to the VPN users computers so that the correct traffic can be tunneled to VPN The VPN hub is not locally bridged to any of the NICs That s why I have the dotted line in the diagram above The bridging is not needed because the incoming users will be mapped to the VPN hub in the L2TP configuration The Virtual Layer 3 Switch Ok now we have the two Virtual Hubs but we need to get them talking to each other somehow So there comes the Virtual Layer 3 Switch I create one with name Router and then I create two Virtual Interfaces for it Virtual Hub VPN IP address 10 1 32 1 Subnet Mask 255 255 255 0 Virtual Hub LAN IP address 10 1 1 5 Subnet Mask 255 255 255 240 The VPN hub interface 10 1 32 1 will be the gateway address for the VPN users tunneled routes It was used as the gateway for the pushed route in the SecureNAT configuration above The LAN hub interface IP address 10 1 1 5 is not the IP address of the Debian server This is the address where the VPN pool 10 1 32 0 24 will be routed in the firewall Additionally I configure the default route in Router pointing to the inside network Network Address 0 0 0 0 Subnet Mask 0 0 0 0 Gateway Address 10 1 1 1 Metric Value 1 This route is only used for the traffic that comes from the VPN users to the VPN server It is also possible to just add the 10 1 0 0 16 route instead of the default route if you don t plan allowing tunneled Internet access for the VPN users Just add all the inside routes instead of the default route Note that the Debian server s default route still points to the public Internet RADIUS Configurations In the VPN hub you can configure RADIUS authentication against your RADIUS server with these configurations Create a user with User Name of just the star it is a wildcard meaning all users Set the Auth Type in the user properties to RADIUS Authentication Then go to Authentication Server Settings and input your RADIUS server information IP address port shared secret I m not going through here how to configure the RADIUS server side see your appropriate documentation or contact the admin But there is a catch in order to reach the RADIUS server you need to have appropriate inside routing in the VPN server OS Provided that the RADIUS server is reachable via the inside NIC of the server you need to have a static route pointing to the inside In Debian I set the route commands in etc network interfaces the inside NIC iface eth1 inet static address 10

    Original URL path: https://majornetwork.net/2015/05/softether-vpn-with-a-vpn-address-pool/?replytocom=2993 (2016-04-25)
    Open archived version from archive

  • Installing VMware Tools on Debian Linux – Majornetwork
    the install directory if wanted otherwise pretty much proceed with Enter for each step cd rm rf vmware tools distrib shutdown r now Bonus memo 1 Some of the VMware Tools packages can be downloaded in http packages vmware com tools Bonus memo 2 The ISO image for VMware Tools Linux install is found on the ESXi host in usr lib vmware isoimages Updated December 4 2014 14 16 Tags debian linux vmtools vmware vmware tools vsphere Previous Post Next Post 5 Comments Add a Comment Rob Tappan July 23 2014 at 18 15 Thanks this was very helpful Reply Alexey August 8 2014 at 05 55 9 vmware install pl d Reply lewis September 25 2014 at 03 05 when the configuration too is run vmware config tools pl it gets and empty path for the kernel header files Reply Markku Leiniö September 25 2014 at 08 56 I would first check that the kernel headers are installed as suggested in the apt get install gcc make linux headers uname r command Reply Bob Bentley October 4 2014 at 10 53 Thank You for a simple and effective way to get something done again install vmware tools Bob Reply Leave a Reply Cancel reply Search for Markku Leiniö Senior Network Architect Senior Technology Consultant and CCIE 26438 Routing Switching in Finland Majornetwork on Twitter Markku Leiniö on Google Your IPv4 IPv6 Status You are using IPv4 address 81 198 240 36 Recent Posts majornetwork net Is Now TLS Enabled IPsec VPN Tunnel between F5 BIG IP and Juniper SRX SoftEther VPN with a VPN Address Pool Juniper SRX IPsec LAN to LAN VPN Part 2 Juniper SRX IPsec LAN to LAN VPN Part 1 Tags 15 0SY 15 1SY ba bridge assurance cat6500 catalyst 6500 cisco cli cmp console

    Original URL path: https://majornetwork.net/2013/03/installing-vmware-tools-on-debian-linux/ (2016-04-25)
    Open archived version from archive

  • Building My Own VMware vSphere Hypervisor Host – Majornetwork
    allocate your disks LUNs NFS disks or whatever as datastores in vSphere One datastore is like one partition if you are using local disks If you want you can create several datastores on one disk I didn t see any need for that so I just allocated the whole disk as one big datastore The datastores are automatically formatted in VMFS The existing partitions the factory installed Windows 7 NTFS partitions were automatically deleted from the disk I didn t find any way in the vSphere Client to explicitly delete the NTFS partitions it just happened in the datastore addition process If there had been some unpartitioned space on the disk maybe it would have been possible to allocate it for datastore and leave other partitions alone I don t know as I didn t have that situation I had previously read an article about the scratch partition in systems started from USB http kb vmware com kb 1033696 Basically it is about the situation that system logs and other files are saved on a volatile ramdisk because tmp scratch is there and that is not good for practical reasons like when your system powers off the logs are all lost So I went to the Datastore Browser by right clicking on the datastore and created a scratch folder in the datastore and then configured the Advanced Settings as described in the article ScratchConfig ConfiguredScratchLocation vmfs volumes WD500G scratch the path is automatically expanded to a more precise technical format In this screenshot there are also two other folders in the datastore Debian1 It was created automatically when I created a virtual machine called Debian1 on this datastore It seems to contain all of the settings and virtual disks of the virtual machine ISO CDs DVDs I created this folder and used the Upload button in the toolbar to transfer some DVD images into the host Later I can use the images to install operating systems for the virtual machines I don t want to play with physical DVDs unless I really have to Networking The networking settings look like this at the moment As shown I only have one physical NIC detected and it seems to be called vmnic1 My VMs and the host management connections are using the same network for connectivity The management connection with vSphere Client seems to work fine with IPv6 as well Let s Call This a Success I can only come to one main conclusion The host implementation is successful I haven t really test driven the platform yet since one small 256 MB Debian VM does not cause any kind of load by itself but it is some start anyway Other steps to possibly follow later Add at least one NIC or maybe even dual quad port NIC to get more possibilities for network implementations Send me your extra Intel NICs Add more RAM Just because I can Create a Linux VM for my own SSL CA and then deploy the certificates

    Original URL path: https://majornetwork.net/2013/01/building-my-own-vmware-vsphere-hypervisor-host/ (2016-04-25)
    Open archived version from archive

  • Installing VMware vSphere Hypervisor 5.x on a USB Stick – Majornetwork
    target for the actual install will be the USB stick On the next screen you can accept the default settings for the disk size 40GB and to split the virtual disk into multiple files again we will delete the disk with the virtual machine later Finally in the Ready to Create Virtual Machine screen you can see the settings for the virtual machine The default settings work just fine two CPUs two gigs of RAM When clicking Finish the virtual machine will be started automatically with the ISO image acting as the boot CD drive On my laptop I receive an error message Virtualized Intel VT x EPT is not supported on this platform Continue without virtualized Intel VT X EPT I just say Yes there The installer image is now started in the virtual machine Note that you have to click on the virtual machine window to set the keyboard focus in the virtual machine to be able to move around in the boot menu with the arrow keys Press Ctrl Alt to get the mouse control in your host OS again Here is a promising screenshot of the progress to color the post and to prove that I m actually doing something here In the boot menu proceed with the ESXi standard installer After loading some modules and doing some other internal stuff it welcomes to the installer just continue with Enter Carefully read the license as usual and accept it with F11 It now scans the hardware the virtual machine for targets where to install ESXi At this point it only sees the local 40GB virtual disk Now connect the USB stick minimum of 2GB I believe or maybe 1G is enough as well on the computer Note that the current contents of the USB stick will be completely erased while installing ESXi so don t expect to use it for other purposes from now on without complete repartitioning later In the Player menu of the virtual machine window go to Removable Devices Mass Storage Device or wherever the USB stick logically resides and select Connect Disconnect from host The USB stick is now hidden from the host computer and it is attached to the virtual machine Press F5 Refresh in the virtual machine window again you have to click on the window to get your keystrokes there Now you should see the USB stick in the Local Storage Devices list Select it and press Enter to continue with it Select the keyboard layout of your taste Configure the desired root password for the platform After some system scanning I get an error message again This time it says Hardware virtualization is not a feature of the CPU or is not enabled in the BIOS Basically this means that my laptop is not able to run nested virtual machines Remember the installer is now running in a virtual machine and it detects that it is not able to create virtual machines under itself I just ignore the

    Original URL path: https://majornetwork.net/2012/12/installing-vmware-vsphere-hypervisor-5-x-on-a-usb-stick/ (2016-04-25)
    Open archived version from archive

  • Juniper SRX IPsec LAN-to-LAN VPN Part 1 – Majornetwork
    0 Type dynamic State installed Protocol ESP Authentication hmac sha256 128 Encryption aes cbc 256 bits Anti replay service counter based enabled Replay window size 64 and there is traffic going between the sites markku testcomputer ping 10 30 1 24 PING 10 30 1 24 10 30 1 24 56 84 bytes of data 64 bytes from 10 30 1 24 icmp req 1 ttl 252 time 9 07 ms 64 bytes from 10 30 1 24 icmp req 2 ttl 252 time 9 42 ms 64 bytes from 10 30 1 24 icmp req 3 ttl 252 time 8 69 ms Note the proxy identities in the IPsec output above 172 21 1 0 24 local and 10 30 1 0 24 remote They were set automatically according to the security policies Route based VPN Now let s modify the configuration to route based VPN VPN tunnel interface st0 1 is created set interfaces st0 unit 1 description VPN tunnel set interfaces st0 unit 1 family inet The tunnel interface is bound to the VPN set security ipsec vpn VPN TEST bind interface st0 1 The IPsec SA identities are set manually because there is no VPN policy anymore set security ipsec vpn VPN TEST ike proxy identity local 172 21 1 0 24 set security ipsec vpn VPN TEST ike proxy identity remote 10 30 1 0 24 set security ipsec vpn VPN TEST ike proxy identity service any A new security zone is created for the VPN you could also use UNTRUST if wanted set security zones security zone VPN interfaces st0 1 The old VPN policies are deleted delete security policies from zone TRUST to zone UNTRUST policy TEST OUT delete security policies from zone UNTRUST to zone TRUST policy TEST IN Access is permitted from TRUST to VPN set security policies from zone TRUST to zone VPN policy VPN OUT match source address NET 172 21 1 0 24 set security policies from zone TRUST to zone VPN policy VPN OUT match destination address NET 10 30 1 0 24 set security policies from zone TRUST to zone VPN policy VPN OUT match application any set security policies from zone TRUST to zone VPN policy VPN OUT then permit You can use whatever policies you like inbound and outbound In this case there is no access inbound from the VPN tunnel The static route is set up for the remote site set routing options static route 10 30 1 0 24 next hop st0 1 As the name implies the routing decides which traffic will be encrypted and the proxy identities will take care of assigning the correct IPsec SA in the VPN Here are the status outputs markku srx210 show security ike security associations Index State Initiator cookie Responder cookie Mode Remote Address 6185178 UP b03b9c7910e44843 d3f7a6485836c37f Main 198 51 100 10 markku srx210 show security ipsec security associations Total active tunnels 1 ID Algorithm SPI Life sec kb Mon lsys Port Gateway

    Original URL path: https://majornetwork.net/2015/02/juniper-srx-ipsec-lan-to-lan-vpn-part-1/?replytocom=3047 (2016-04-25)
    Open archived version from archive



  •