Here’s a few oldies I found while going through the millions of pictures I’ve taken over the years…
-
- XMMS-on-X-on-OSX
-
- Wifi Command Center
-
- Connection
-
- Omni Antenna
Jul 012010
Jul 012010
So, ASG 8 was released to partners this morning on July 1st, 2010.
I was super stoked about this, especially with Astaro announcing that this version will take advantage of 64-bit support. Immediately I went to go download it.
Since I run a vSphere cluster, I went ahead and downloaded the Virtual Appliance. After installing, restoring the old v7 backup configuration file, I noticed that running “uname –a” didn’t report back that it was running a 64-bit kernel.
So after some time and a few e-mails to and from my partner rep, I went ahead and downloaded the software appliance .iso hoping that the installation would provide the option and I was correct.
So as of this article, if you want to get version 8 of ASG setup, do NOT download the virtual appliance. Create your own VM, and use the installation .iso available from Astaro.
One last note, if you are using a partner license, you may have to contact your partner rep since the partner licenses use the old licensing scheme. You MUST use a new license (that uses the new licensing scheme) to use your partner license on the Astaro Security Gateway Version 8.
I LOVE Astaro!
Apr 222010
For the longest time I’ve been on Fido with a unlocked (direct from Sony) Xperia X1a. I’ve never had any problems with it at all. Everything worked flawless. It was a great setup. Exchange, connecting to my VPN, etc…
Recently I setup a corporate plan with Rogers. Ended up getting a bunch of Xperia X1s at a discounted rate since I signed a 3 year on a bunch of lines… Turns out Rogers charges you for an “external IP” that you can use to connect to your business VPN. If you don’t add this option you will not be able to connect to a VPN.
After setting up the VPN.com apn on the new rogers (rogers firmware) Xperia X1s, I noticed that everything worked except simple web page browsing (in both browsers). No errors, just loaded completely blank pages. When changing apn back to internet.com everything worked fine. I automaticly assumed this was related to a “hidden proxy” configured somewhere on the phone.
From this behavior I went ahead and checked the config on the device, no proxies were configured anywhere. Rogers denied the proxy existed, I’m not sure if they do this because they don’t want anyone knowing their internet is being filtered/monitored, or if tech’s simply do not know.
While waiting for a call back from Tier 2 support, I went ahead and started fishing through the registry. I found a bunch of very odd registry entries pertaining to proxies. There was a SOCKS proxy configured, along with what appeared to be a HTTP Proxy, a few other entries also existed which were configured.
After removing these “odd” proxy registry keys, all of a sudden everything started working. Please note that if you modify these settings, you may break your configuration. Any of your providers “online” services (such as ring tone marketplace, application marketplace, etc…) also may cease to function properly (as these services are probably being hosted on their internal network).
To Remove:
1. Open your phone’s registry using any Windows Mobile Registry editor. I use “CeRegEditor” available at: http://ceregeditor.mdsoft.pl/
2. Open “HKEY_LOCAL_MACHINE”, then open “Comm”, then open “ConnMgr”. Under this value, you should be able to see all the devices configured GPRS/HSPA/HSDPA data connections. Browse through the folders and look for a “Proxy” entry. The “Proxy” entry is the configured hidden proxy. I simply deleted this key. If you find anything that has a value of “inet-new” or “inet-corp” you can safely ignore these as I have found they are part of the standard Windows Mobile firmware.
3. Take a look at the other folders under “ConnMgr”, you may notice a few items called “SOCKS”, and “HTTP”. Go into these folders, and remove the proxy values. As I mentioned before if you see any keys with the values “inet-new” or “inet-corp” you can safely ignore these.
Please note that this worked in my specific case. Your results may vary. Also insure that you have made a backup of the keys you have modified in case you need to revert back. Depending on the way your provider has configured your device you may also be tampering with other services (ie. MMS, WAP).
Apr 222010
Recently with the new vulnerabilities with Java, I needed to push the latest Java update remotely to all of my clients currently using my companies “Managed Services”.
The upgrade was being scheduled for certain dates per location, however as of Tuesday morning I noticed that some computers were being hit with some of the newer vulnerabilities recently discovered.
This all of a sudden changed the priority from “high priority” to “emergency”. I needed a quick and efficient means of pushing this update to computers at client sites.
Active Directory allows system administrators to push, allow, or make available software installations to users. This is all controlled inside of Active Directory Group Policy Management.
To push the latest Java update to all computers on a network, I had to perform the steps below:
1. Download the “Offline Installation” of Java from the Java website. Open the file, do not proceed to continue the installation. (You will simply hit cancel after you extract the MSI and other files needed).
2. Open a explorer and browse to C:\Users\%USERNAME%\AppData\LocalLow\Sun\Java\jre1.6.0_20. After navigating to this location copy “Data1.cab”, “jre1.6.0_20.msi”, and “sp1033.MST” to a new folder (I chose a folder on my desktop).
3. Log into the remote server, create a file share (for example NetInstall), and configure users read access only.
4. Copy the folder you created on your desktop to the new file share on the server. Remember to use a naming scheme for the applications you wish to push so that they all make sense and can be organized.
5. On the server, go to Start -> Administrative Tools -> Group Policy Management
6. Either create a new GPO, or use an existing on that you have configured. If you are unfamiliar with this, it may be worth while doing some online research on GPOs. In my case I right clicked, and chose edit on the “Windows SBS Client Policy” GPO on SBS 2008.
7. Expand Computer Configuration, policies, Software Settings, Software installation. Right click on “Software Installation” and select new package. Follow the instructions.
8. When choosing the location of the .msi file, PLEASE make sure that you browse to it using your UNC network path. This location has to be somewhere where all the computers have access to. (I.E. don’t use C:\Folder\file.msi, you would rather use \\servername\sharename\programname\file.msi).
At this point you have now configured the server to force install Java on all the computers that apply to that GPO. This is perfect to make sure that all your clients are running the latest versions of free software available. It will also help with managing vulnerabilities with aging software, etc…
Please note: If this doesn’t work right away it is because the client workstations need to refresh their GPO. After the GPO is refreshed on the client workstation side, the system should install the package on next reboot.
There are some other neat things you can do with GPOs, and pushing applications on your network, however I’m not covering it in this document. For example instead of using “Computer Configuration”, you could use “User Configuration”, and instead of forcing applications you could actually make applications available for install through “Add/Remove Programs” for users to install.
Please always make sure that any applications you use are properly paid for and/or licensed.
Apr 112010
Some time ago, I needed to configure an SIP trunk between a Trixbox/FreePBX (Asterisk on Linux) PBX and a Cisco Call Manager PBX. It was pretty hard to find any relevant information on the internet, however eventually I figured out how to do it. Originally this article was written for Trixbox, however the same configuration applies to FreePBX (with minor differences in steps due to the UI differences).
Please note that the following configuration reflects a Trixbox/FreePBX PBX configured with phones with extensions of 1XX and the Cisco Unified Call Manager configured with extensions of 3XX.
If you are simply using CUCM for Cisco IP Phone handset connectivity, you don’t even need CUCM anymore, you can simply use the commercial “EndPoint Manager” on FreePBX to handle Cisco IP Phone connectivity to FreePBX (includes the Cisco 7961 phone’s I use).
Trixbox/FreePBX Configuration
Create an SIP Trunk (Leave settings default unless otherwise specified below)
Outgoing Settings
Trunk Name: CallManager
Peer Details:
type=friend
qualify=yes
nat=no
insecure=very
host=ip.address.of.CUCM
fromdomain=ip.address.of.CUCM
dtmf=rfc2833
disallow=all
context=from-internal
canreinvite=no
allow=ulaw
Incoming Settings
USER Context: ip.address.of.CUCM
USER Details:
type=friend
qualify=yes
nat=no
insecure=very
host= ip.address.of.CUCM
fromdomain= ip.address.of.CUCM
dtmf=rfc2833
disallow=all
context=from-internal
canreinvite=no
allow=ulaw
Create an Outbound Route to route calls made to 3XX to the Cisco Call Manager
Create outbound route “Cisco”. Check the “Intra Company Route”, and inside of the Dial Patterns type in 3XX. Under Trunk Sequence select “CallManager”.
This pretty much sums up the amount of configuration required on the Trixbox/FreePBX side of things. Now onto the Cisco stuff.
Cisco Unified Call Manager Configuration
Create an SIP Trunk
Device -> Trunk -> Add New
Trunk Type: SIP Trunk
Device Protocol: SIP
Device Name: TrixboxPBX
Call Classification: OnNet
Check the “Media Termination Point Required” checkbox (this is to handle transfers, hold music, etc…)
Check “Remote-Party-Id”
Check “Asserted-Identity”
SIP Information
Destination Address: IP.address.of.trixboxfreepbx
Uncheck “Destination Address is an SRV”
Destination Port: 5060
MTP Preferred Originating Code: 711ulaw
SIP Trunk Security Profile: Non-Secure SIP Trunk Profile
Change the “Non-Secure SIP Trunk Profile” security profile from TCP to UDP
System -> Security Profile -> SIP Trunk Security Profile
Hit the “Find” button
Select “Non Secure SIP Trunk Profile”
Incoming Transport Type: TCP+UDP
Outgoing Transport Type: UDP
Uncheck “Enable Digest Authentication”
Incoming Port: 5060
Out of the last 6 checkboxes, all should be checked except the First and Last.
Create a Route Pattern to route calls from the Cisco Call Manager to Trixbox
Call Routing -> Route/Hunt -> Route Pattern
Create New
Route Pattern: 1XX
Gateway/Route List: TrixboxPBX
Route Option: Route this pattern
Call Classification: OnNet
Enable Required Services on CUCM
I’m not too sure which ones are actually required, however the below configuration works great. To get to the CUCM services go to the “Cisco Unified Serviceability” section (Top right of web interface).
Enable Services
Tools -> Serviceability
Enable the following:
CM Services
Cisco CallManager
Cisco Tftp
Cisco Messaging Interface
Cisco Unified Mobile Voice Access Service
Cisco IP Voice Media Streaming App
CTI Services
Cisco CallManager Attendant Console Server
Cisco IP Manager Assistant
Cisco WebDialer Web Service
Select “Save”, afterwards select “Set to Default”. Please note that it may take some time to bring the services up.
It’s always a good idea to restart both the Trixbox/FreePBX PBX and the CUCM PBX.
After you have configured the above, configure phones in the 1XX range for the trixbox, configure phones on the CUCM for the 3XX range and they should be able to call each other. Please remember that if you have a PSTN line on your Trixbox or FreePBX you will need to create another route pattern for how to transfer 9XXXXXXXXXX from your CUCM -> Trixbox, then configure the applicable route in Trixbox -> PSTN.
Feedback is welcome, leave a comment!