I have configured hardware(juniper) to software VPN(openswan) tunnel. I want to make openswan highly available.
I was wondering if i can configure openswan cluster, but I didn't find anything substantial regarding that. How should i make my openswan highly available so that if one node goes down, the second node would be available.
You may use the left/rightupdown script to re-up the 2nd connection.
Add a line in the connection's conf file like:
leftupdown=/etc/ipsec.d/conn7up.sh
Write the bash script to re-up the other connection.
I havent tested it for a while, but it can be made to work.
Note: You need to enable DPD so that the connection would detect its state.
Thanks
Related
I am working for a company that is providing File-Share-Software for all sorts of Protocols such as FTP, SFTP, FTPS and so on. One of our customers is facing an issue with Key-Auth and spontaneously login-problems.
Going trough the code I am pretty certain that the server collapses with too many requests at the same time. What I need right now is a simple tool to test a situation just like this. I need a simple SFTP-Fuzzer or Stresser, sending invalid or broken Auth-Attempts to the SFTP-Server.
I am not a developer but a technician and instead of writing something myself (which would take forever) I would love to have a simple script or toolset to go...if there is one.
Ok, found one faster than I thought.
Steps:
Download Kali Linux (or any Distro that contains Metasploit)
Fire up Kali Linux and put it in the same subnet as your SFTP-Server
Start Metasploit and use the SSH-Fuzzer /auxiliary/fuzzer/ssh/ssh_version_2
Set RHOST and RPORT to the relevant IP and port your server is listening to
Exploit and see what will happen
As you may assume I need a little assistance here.
I have four routers (TP-Link WDR3600) that I need to use to create an Ad-Hoc network. Currently I am only dealing with two of the four routers for simplicity. All of the routers have OpenWRT Chaos Calmer 15.05 OS installed on them and all of them are running the OLSR routing protocol. My question is super simple but the answer eludes me and I would love some direction on the matter.
How do I get these two (and eventually four) routers to talk to each other using HNA (Host and Network Association) and the setup specified above?
Edit: they need to be connected to each other wirelessly too. End edit.
I have followed this specific guide to the T but as soon as it gets to "HOW TO Step 4" the guide breaks down in terms of application because the file they point to (/etc/olsrd.conf) does not exist in my setup. When continuing anyway and running "olsrd start" it spits out: Notice how it says "Could not find specific config file /etc/olsrd/olsrd.conf" and how that differs from earlier when it asked me to modify "/etc/olsrd.conf"
In addition, the folder "/etc/olsrd" also does not exist in case you are wondering. I'm at a loss regarding this. Does anybody have any input on the matter? I'm certain that I'm missing something simple.
Thanks in advance.
I had to create /etc/olsrd.conf using the template provided and uncomment the third line of /etc/config/olsrd. I would also recommend installing olsrd-mod-httpinfo using opkg like he recommends.
One thing I noticed is that he never specifies giving the wireless interface (wlan0 in my case) an IP address to communicate with the mesh. Since I believe that is required, I had to use LuCI to give the interface an IP. I think I have my setup working but I am trying to get my new OpenWRT node to communicate with my previous DD-WRT nodes right now. Might just have to change them all to OpenWRT since it offers more "customization" due to it's bare-bones type configuration.
Can you try to run :
/usr/sbin/olsrd -d -f /etc/olsrd.conf
As someone who is very new to the opensource PBX projects like Asterisk and FreeSWITCH, I am grappling with some information overload. Have read the basic FreeSWITCH docs on Wiki, but still have few questions. Since I am not very familiar with the terminology, I will try to use close approximations.
Trying to create a small/minimalistic build of FreeSWITCH, that needs to run on an rather old laptop (Celeron 1GHz, 512MB RAM, 20GB HDD, already running Debian "Wheezy"), and set it up as a 6-port GSM-SIP/Jabber gateway. So, by "small" and "minimalistic", I mean one which doesn't have modules/optional-software that is not absolutely necessary (e.g. no need for IVR announcements, or Skype integration) -- to keep memory footprint smallest, and occupy less hard-disk real-estate.
The rough idea is to have 6 GSM ports (via 'GSM-open module', similar to chan_dongle) towards public telephony network, and about 60 SIP extension, and support upto 6 calls involving GSM ports, and about 6 SIP-SIP calls (intra PBX), on this setup. I have read that the CPU overhead of GSMopen module is pretty low, so I am guessing this is possible.
Can someone confirm this to be a realistic goal?
What might be the minimum set of modules to select for minimalistic build?
For modules not chosen during initial build, can those be added later? If so, would it require me to rebuild FreeSWITCH completely, only the modules, or that everything would be built, but only configuration changes would be required to ensure that modules are loaded, and configure?
Is there any rough estimate of what might be the maximum call-rate that could be supported in such a configuration? For SIP-SIP calls? Given the underpowered processor, and little RAM (as per modern standards), I am guessing that both shall be bottlenecks, but adding RAM might still be possible (even if costly and difficult).
I have read that "hooks" can be created using Lua/Python/Java etc.. However if someone share share few examples of what-all is possible using such hooks, it would make the concept clearer. Can one hope to write an application like "missed call log" or "redirect on no answer" using these hooks?
Can someone confirm this to be a realistic goal?
Yes, this is quite realistic. You need to target as little as possible transcoding, because that's where CPU resources are needed. But even with a 1Ghz Celeron, 6 transcoded sessions seem quite realistic. But it needs testing :)
What might be the minimum set of modules to select for minimalistic build?
Just start with the default list of modules, and add gsmopen (I have no experience with gsm gateways, can't help with that part). The memory footprint is pretty low, and you may need some of those modules later.
For modules not chosen during initial build, can those be added later?
as far as I remember, Wiki describes this process. You edit modules.conf and make the specific module.
Is there any rough estimate of what might be the maximum call-rate that could be supported in such a configuration? For SIP-SIP calls? Given the underpowered processor, and little RAM (as per modern standards), I am guessing that both shall be bottlenecks, but adding RAM might still be possible (even if costly and difficult).
It really depends on complexity of your dialplan. Each context consists of a number of conditions, which are doing regexp match on channel variables. So, the more complex your dialplan is, the less CPS you get. But for a 6-channel gateway, I don't see this a problem. GSM network will be much slower than your box :)
I have read that "hooks" can be created using Lua/Python/Java etc.. However if someone share share few examples of what-all is possible using such hooks, it would make the concept clearer. Can one hope to write an application like "missed call log" or "redirect on no answer" using these hooks?
You can control every aspect of FreeSWITCH behavior with FreeSWITCH. There are even examples when the complete dialplan is re-implemented by an external program (Kazoo does that).
The simplest mode of operation is when your Lua/JS/Perl/Python script is launched from within the dialplan: then it receives a "session" object, and you can do whatever you want with the call: play sounds, bridge, forward, make a new call and bridge them together, and so on. Here in my blog there's a little practical example.
Then, you can build an external application which connects to the FS socket and monitors the events and performs actions on active calls.
Also, it can be done in the opposite direction: you run a server, and FS connects to it with its socket library.
Also, you can have an HTTP service which delivers pieces of XML configuration to FreeSWITCH, and it requests those on every call (this would be the most CPU-intensive application). This way, you can feed FS from some internal database, and build fault-tolerant systems.
I hope this helps :)
You can also find me in skype if needed.
FreeSWITCH is not really memory-hungry, and you can simply start with the default set of modules (the best is to use the prebuilt Debian packages). For example, on my 64bit machine, the FreeSWIITH process occupies only 35MB of memory.
freeswitch#vx03:~$ uname -a
Linux vx03 2.6.32-5-xen-amd64 #1 SMP Thu Nov 3 05:42:31 UTC 2011 x86_64 GNU/Linux
freeswitch#vx03:~$ ps -p 11873 v
PID TTY STAT TIME MAJFL TRS DRS RSS %MEM COMMAND
11873 ? S<l 10:29 0 0 258136 36852 2.3 /opt/freeswitch/bin/freeswitch -nc -rp -nonat -u freeswitch -g freeswitch
I will go through the rest of your questions later today
I'm new to RServe (and FastRWeb). I installed RServe 1.7.0 as I want to use its built-in webserver. As I already have apache running on this machine I want to run RServe/FastRWeb on a custom port.
I did cd /usr/local/lib/R/site-library/FastRWeb;sudo ./install.sh, which created /var/FastRWeb/ directory tree.
I'm not seeing any configuration file that mentions port. The default /var/FastRWeb/code/rserve.conf looks like this:
socket /var/FastRWeb/socket
sockmod 0666
source /var/FastRWeb/code/rserve.R
control enable
I'm guessing that means it uses unix sockets, by default? So I think my question is what exactly do I have to put in (and remove from) that file to, say, have it listen on TCP port 8888? And is there anything else I need to do? (I want to be able to connect from other machines, not just localhost.)
Possibly related, is I've looked at /var/FastRWeb/web/index.html and it contains javascript that is going to connect to /cgi-bin/R/ Is that path specific to when using Apache, or is it going to be fine, as-is, when using RServe?
There is an explanation of setting port in the Rserve 1.7.0 release announcement. Therefore, at the top of rserve.conf, I added this line: http.port 8888 Then I used the start script (as root), to start it.
This got me halfway as now http://127.0.0.1:8888/ works, but gives me a page that says:
Error in try(.http.request("/", NULL, NULL, c(48, 6f, 73, 74, 3a, 20, :
could not find function ".http.request"
The second half of the solution is to add this to the top of /var/FastRWeb/code/rserve.R:
library(FastRWeb)
.http.request <- FastRWeb:::.http.request
Then start things going by running /var/FastRWeb/code/start. There is no default handler, so you can test it with http://127.0.0.1:8888/info. Or a more interesting example is http://127.0.0.1:8888/example1.png (to view a chart) or http://127.0.0.1:8888/example2 (to view a mix of html and chart)
Note: I did not delete or edit any other configuration to get this working. That means we also have the unix socket listening. If that is not needed remove those two lines from the Rserve.conf file.
If you want it listening on all IP addresses, not just localhost, then add remote enable to your Rserve.conf file. NOTE: Make sure you understand the security consequences before opening your server to the world.
So, after those two changes, my /var/FastRWeb/code/Rserve.conf file looks like:
http.port 8888
remote enable
source /var/FastRWeb/code/rserve.R
control enable
Did you see Jay Emerson's write-up from a while back about how to use RServe as a backend for web-driven analysis? As I recall, one still uses Apache for the redirection, rather than an explicit port as you surmise here.
Jay's setup was very impressive. He used Rserve to provide mixed table/chart pages written via the grid package, all very slick and very fast, based of an immense data set (from a UN agency, or the World Bank, or something). But I can't find a link to that report right now...
Is it possible to push something (maybe a text snippet) to n number(1000s) of Unix hosts over HTTP using comet or something like that?
Basically my requirement is to transfer a text file to multiple Unix hosts at one go; currently I am using SSH and its rather slow :(
I thought to cron a poll through wget/curl but that causes lots of unwanted traffic.
Any insights please?
Take a look at Udpcast - might of might not be what you are looking for. Here is some guy's blog about using it.
Comet is unrelated to this, each client will still have its own connection. If you have control of the network you could use multicast to send it in one go. Or if you have control of the clients you could have them all forward it to each other to spread the load out from the first pc.