This was created because the WAN IP is connected to is dynamic and the ISP has NAT to it. To further explain it it was like this...
MYPC(192.168.0.x) --> router(10.x.x.x) --> ISP(120.x.x.x)
As you can see if the DUC app the no-ip provided checks our IP it will see the 120.x.x.x and not the 10.x.x.x so I created a script to extract the IP from the router. After getting the IP from the router the trick to send the acquired IP to update our account is...
wget.exe -Ooutput -E --http-user="your@mail.com" --http-password=p4ssw0rd "http://dynupdate.no-ip.com/nic/update?hostname=yourDNS.no-ip.org&myip=1.2.3.4"
This will update the IP of the account DNS and will put the result to a file named "output"
I colored the command Blue where it should not be changed and Green to change it according to your needs.
To see the documentation on how to update your DNS in no-ip.com kindly see http://www.noip.com/integrate/
Tuesday, May 13, 2014
Wednesday, October 23, 2013
Revoke/Unrevoke a client certificate in OpenVPN
Source: http://blog.abhijeetr.com/2012/06/revokeunrevoke-client-certificate-in.html
REVOKING
To revoke the access of a client, the first method will be to use the Client Revocation List. For that, go to easy_rsa directory & execute (where cname is the one which you want to disable)
# source ./vars
# ./revoke-full cname
Then move the file crl.pem created in keys folder to the /etc/openvpn/ folder. Finally, edit the server.conf & add the following line.
crl-verify crl.pem
The above file is append-only file & re-read every time a client connects to the server so there is no need to restart the server next time you overwrite the file.
UNREVOKING
Now coming on the un-revoking part, I tried asking the above question on serverfault & came to know that un-revoking of certificate should generally not be done.
But, even then if you want to do that I will quote the guy:
To regenerate the CRL file again, execute the following two commands in the easy_rsa directory:
source ./vars
openssl ca -gencrl -out "crl.pem" -config "$KEY_CONFIG"'
If the revoke command fails read this bug report...
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/231199
REVOKING
To revoke the access of a client, the first method will be to use the Client Revocation List. For that, go to easy_rsa directory & execute (where cname is the one which you want to disable)
# source ./vars
# ./revoke-full cname
Then move the file crl.pem created in keys folder to the /etc/openvpn/ folder. Finally, edit the server.conf & add the following line.
crl-verify crl.pem
The above file is append-only file & re-read every time a client connects to the server so there is no need to restart the server next time you overwrite the file.
UNREVOKING
Now coming on the un-revoking part, I tried asking the above question on serverfault & came to know that un-revoking of certificate should generally not be done.
But, even then if you want to do that I will quote the guy:
in your CA folder, there should be an index.txt, with certificate IDs in it. The ones starting with "V" are valid, and ones with "R" are revoked. You can edit that file, and fix the first char to "V", and delete the third column (the revocation date). If you have more then one certificate, you should see the pattern (sequential number comes in the third column now, etc).
Then you just need to regenerate the CRL again, and it should work.
To regenerate the CRL file again, execute the following two commands in the easy_rsa directory:
source ./vars
openssl ca -gencrl -out "crl.pem" -config "$KEY_CONFIG"'
If the revoke command fails read this bug report...
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/231199
Thursday, September 19, 2013
Update for my "IPTABLES for transparent Squid"
Ahoy! On my old post on TRANSPARENT SQUID there is an existing problem where https or port 443 can get through because SQUID does not cache SSL. Try visitng https://www.google.com from my old configuration and see that it can pass thru.
Here on my post I added this config from my previous post to block certain IP range or non-internet users group. Place the rule below the "DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy".
# Sample of IP range to be blocked
$ipt -t nat -A PREROUTING -i $LAN -m iprange --src-range 192.168.1.200-192.168.1.250 -p tcp --dport 443 -j DNAT --to 192.168.1.1:3128
$ipt -A FORWARD -p tcp -i $LAN -m iprange --src-range 192.168.1.200-192.168.1.250 --dport 443 -j REJECT
After this all https request from the IP range declared above will be rejected.
Note that If a certain application needs to connect to an SSL connection but the user is in the blocked list you will need to manually hand code the proxy IP to the client PC application and add to the SQUID rules the url that needs to be given access. This way the server will be the one giving SSL connection thru proxy and we can retain the transparent proxy configuration.
Here on my post I added this config from my previous post to block certain IP range or non-internet users group. Place the rule below the "DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy".
# Sample of IP range to be blocked
$ipt -t nat -A PREROUTING -i $LAN -m iprange --src-range 192.168.1.200-192.168.1.250 -p tcp --dport 443 -j DNAT --to 192.168.1.1:3128
$ipt -A FORWARD -p tcp -i $LAN -m iprange --src-range 192.168.1.200-192.168.1.250 --dport 443 -j REJECT
After this all https request from the IP range declared above will be rejected.
Note that If a certain application needs to connect to an SSL connection but the user is in the blocked list you will need to manually hand code the proxy IP to the client PC application and add to the SQUID rules the url that needs to be given access. This way the server will be the one giving SSL connection thru proxy and we can retain the transparent proxy configuration.
Friday, April 12, 2013
Reset NIC in Win7
I posted this because sometimes the NIC/LAN card does not work out of the box. The problem that I encountered is that Win7 says that there are no Internet connection on the network, though all are fine.
After a restart (disable and enable) of the NIC the Internet starts working.
I would like to do this automatically so I created a batch file and I name it "lanreset.bat". Below are the contents...
@echo off
wmic path win32_networkadapter where NetConnectionID="LAN" call disable
wmic path win32_networkadapter where NetConnectionID="LAN" call enable
Just replace the blue colored text with the name of the NIC.
Put it in the Task Scheduler where it would run in on startup so that it would execute.
After a restart (disable and enable) of the NIC the Internet starts working.
I would like to do this automatically so I created a batch file and I name it "lanreset.bat". Below are the contents...
@echo off
wmic path win32_networkadapter where NetConnectionID="LAN" call disable
wmic path win32_networkadapter where NetConnectionID="LAN" call enable
Just replace the blue colored text with the name of the NIC.
Put it in the Task Scheduler where it would run in on startup so that it would execute.
Saturday, December 29, 2012
autoDial script for Windows
This is my personal script or batchfile because my connection is not that reliable or should I say the connection sometimes stops working. So I created this script from various sites to complete it.
Sorry I got lazy what sites are the sources but I just searched how to dial using command prompt.
This script runs in msdos shell and uses rasdial to control the dial up and there is an existing dial up account named Sun before creating this script. See the script I made below...
@echo off
:goagain
ping www.google.com | find "TTL"
if ERRORLEVEL 1 goto reconnect
if ERRORLEVEL 0 goto lineok
:reconnect
echo Disconnected
rasdial Sun /disconnect
rasdial Sun
:lineok
echo line ok
echo Waiting for 50 seconds before checking connection again...
PING 1.1.1.1 -n 50 -w 1000 >NUL
goto goagain
This script filename is autodial.bat
As the script goes the @echo off line hides the commands,
the ping www.google.com | find "TTL" is to check if the connection gets a ping reply,
the rasdial [connection name] connects the internet
and adding /disconnect disconnects the internet.
the PING 1.1.1.1 -n 50 -w 1000 >NUL is the delay command where it will wait for 50 seconds before going to the next line.
Also this script goes on an endless loop so to stop the script just either close the command prompt window or press ctrl + c to cancel the script.
Hope this small script may help others in any way. Happy Holidays!!!
Sorry I got lazy what sites are the sources but I just searched how to dial using command prompt.
This script runs in msdos shell and uses rasdial to control the dial up and there is an existing dial up account named Sun before creating this script. See the script I made below...
@echo off
:goagain
ping www.google.com | find "TTL"
if ERRORLEVEL 1 goto reconnect
if ERRORLEVEL 0 goto lineok
:reconnect
echo Disconnected
rasdial Sun /disconnect
rasdial Sun
:lineok
echo line ok
echo Waiting for 50 seconds before checking connection again...
PING 1.1.1.1 -n 50 -w 1000 >NUL
goto goagain
This script filename is autodial.bat
As the script goes the @echo off line hides the commands,
the ping www.google.com | find "TTL" is to check if the connection gets a ping reply,
the rasdial [connection name] connects the internet
and adding /disconnect disconnects the internet.
the PING 1.1.1.1 -n 50 -w 1000 >NUL is the delay command where it will wait for 50 seconds before going to the next line.
Also this script goes on an endless loop so to stop the script just either close the command prompt window or press ctrl + c to cancel the script.
Hope this small script may help others in any way. Happy Holidays!!!
Tuesday, November 13, 2012
Multi-Boot PE using Grub4Dos
Thanks to the sources below on how I completed this project of mine...
http://www.rmprepusb.com/tutorials/ubuntu
http://www.themudcrab.com/acronis_grub4dos.php#tagInstall
http://www.rmprepusb.com/tutorials/grub4dos#TOC-Part-1---Making-a-bootable-USB-pen-
http://www.rmprepusb.com/tutorials/install-xp-from-an-iso
http://www.dedoimedo.com/computers/grub.html
Setup Prerequisites...
Setup environment: Windows
Items needed:
HDD Setup Layout:
Note: This can be accomplished doing 1 partition where there will be less issues. But I prefer organizing my boot partition from my installer partition.
Start of Grub installation:
See below the sample menu entry to load ntldr
title Boot BartPE
find --set-root --ignore-floppies --ignore-cd /ntldr
map () (hd0)
map (hd0) ()
map --rehook
find --set-root --ignore-floppies --ignore-cd /ntldr
chainloader /ntldr
How to Boot Win7/Vista or WinPE2+
See below the sample menu entry to load bootmgr
title Boot WinPE/Vista/Win7
find --set-root --ignore-floppies --ignore-cd /bootmgr
map () (hd0)
map (hd0) ()
map --rehook
find --set-root --ignore-floppies --ignore-cd /bootmgr
chainloader /bootmgr
In the menu above my BartPE and WinPE2/3/Win7 data is also on the boot partition. Note that the ntldr and bootmgr are all in the root of the partition.
This is my birthday gift to you people! Happy birthday to me! :p
http://www.rmprepusb.com/tutorials/ubuntu
http://www.themudcrab.com/acronis_grub4dos.php#tagInstall
http://www.rmprepusb.com/tutorials/grub4dos#TOC-Part-1---Making-a-bootable-USB-pen-
http://www.rmprepusb.com/tutorials/install-xp-from-an-iso
http://www.dedoimedo.com/computers/grub.html
Setup Prerequisites...
Setup environment: Windows
Items needed:
- usb-HDD (at least 80GB)
- Grub4DOS Installer (http://www.themudcrab.com/acronis_grub4dos.php#tagInstall)
HDD Setup Layout:
Note: This can be accomplished doing 1 partition where there will be less issues. But I prefer organizing my boot partition from my installer partition.
- Boot Partition = 16GB / FAT32
- Data Partition = rest of the space / NTFS
Start of Grub installation:
- After creating the partition on the HDD whether a whole or 2 partition like mine run the windows application grub_gui (see the above link themudcrab site)
- Use Whole disk (MBR)
- Then check the Don't search floppy option, leave all the other options unchecked.
- Click on Install
- After a successful write copy the grldr file to the root of the partition or your usb hdd
- Now create your menu.lst to create a menu for grub
See below the sample menu entry to load ntldr
title Boot BartPE
find --set-root --ignore-floppies --ignore-cd /ntldr
map () (hd0)
map (hd0) ()
map --rehook
find --set-root --ignore-floppies --ignore-cd /ntldr
chainloader /ntldr
How to Boot Win7/Vista or WinPE2+
See below the sample menu entry to load bootmgr
title Boot WinPE/Vista/Win7
find --set-root --ignore-floppies --ignore-cd /bootmgr
map () (hd0)
map (hd0) ()
map --rehook
find --set-root --ignore-floppies --ignore-cd /bootmgr
chainloader /bootmgr
In the menu above my BartPE and WinPE2/3/Win7 data is also on the boot partition. Note that the ntldr and bootmgr are all in the root of the partition.
This is my birthday gift to you people! Happy birthday to me! :p
Thursday, October 18, 2012
Multiple gateway in Windows
Ahoy! Been busy this past months and here I am again.
In this topic I experienced a problem where I have 2 NIC connected to different routers. One is I use for internet browsing (NIC1) and the other is for file sharing and other stuff (NIC2).
Now I need to use VPN to connect to NIC2 but the default gateway is on NIC1.Below is the current configuration...
NIC1 (default gateway)
IP = 192.168.10.50
Gateway = 192.168..10.1
NIC2
IP = 192.168.20.50
Gateway = 192.168..20.1
IP to connect from outside NIC2
192.168.1.20
Then from what I read from Microsoft Support it said that I need to add a static route to be able to route IP datagrams (whatever that is) to my specified destination.
To do that open command prompt and type...
route add 192.168.1.0 mask 255.255.255.0 192.168.20.1
where: ROUTE ADD destination subnet MASK subnet mask my gateway
then try to ping to the IP that you want and it should respond. If it works then VPN and other application you wish to use can connect to that destination.
Happy tweaking!!!
In this topic I experienced a problem where I have 2 NIC connected to different routers. One is I use for internet browsing (NIC1) and the other is for file sharing and other stuff (NIC2).
Now I need to use VPN to connect to NIC2 but the default gateway is on NIC1.Below is the current configuration...
NIC1 (default gateway)
IP = 192.168.10.50
Gateway = 192.168..10.1
NIC2
IP = 192.168.20.50
Gateway = 192.168..20.1
IP to connect from outside NIC2
192.168.1.20
Then from what I read from Microsoft Support it said that I need to add a static route to be able to route IP datagrams (whatever that is) to my specified destination.
To do that open command prompt and type...
route add 192.168.1.0 mask 255.255.255.0 192.168.20.1
where: ROUTE ADD destination subnet MASK
then try to ping to the IP that you want and it should respond. If it works then VPN and other application you wish to use can connect to that destination.
Happy tweaking!!!
Subscribe to:
Posts (Atom)