Change Static IP on AirFiber over SSH

Posted on February 6, 2020 by admin

Log into device

SSH into AirFiber

ssh ubnt@192.168.1.20

Modify config file

Open up the “/tmp/system.cfg” configuration file

vi /tmp/system.cfg

Find the line that has the ip address and modify the address.
Note that you’ll need to hit i to enter text if you are using vi

...
netconf.3.hwaddr.status=disabled
netconf.3.ip=192.168.1.10   <-- Change IP here
netconf.3.mtu=1500 
...

Save file by hitting the esc key then type :x and then hit Enter

Save changes and reboot

Now run the following command to write the changes to the device. Once it comes back up it should have the new IP address from the config file.

cfgmtd -f /tmp/system.cfg -w && reboot

Mikrotik – bridge port received packet with own address as source address (), probably loop

Posted on February 5, 2020 by admin

Sometime the following warning can show up in the log.

10:48:45 interface,warning ether2: bridge port received packet with own address as source address (74:4d:28:69:89:9d), probably loop

Check and verify that your interface MAC addresses are unique. VLANs look to be the exception as they should share the MAC address of the interface the VLAN is on.

More information in this thread.
https://forum.mikrotik.com/viewtopic.php?p=583064#p703228

Unable to access old HTTPS login for WiFi router

Posted on January 28, 2020 by admin

Part of the reason some of the older sites do not work is due to insecurities in older SSL protocol’s. Some of the older versions are disabled in newer browsers thereby keeping someone from accessing the device.

Work Around

Internet Explorer will let you change the security settings to allow older security protocols to work. Chrome and Firefox seem to have issues letting you do that.

Open Internet Explorer and then go to the Internet Options and find the Advanced tab. Scroll down and locate the “Use SSL3.0” option and enable it.

You may also need to modify the Zones.

You should now be able to accept the Security Certificate and log in.

This should only be done if absolutely needed and only on sites you trust. It would be a good idea to change the settings back when finished.

More info.
https://community.spiceworks.com/topic/1958251-just-purchased-a-sonicwall-via-ebay-but-after-doing-the-initial-config

cPanel – Setup second domain to redirect to primary website

Posted on January 28, 2020 by admin

Pointing Two URLs to the Same Website

In cPanel go to the Aliases under DOMAINS.
Enter the domain and create New Alias
After it is added, Click “Manage Redirection”
Enter the domain to redirect to and save.

LibreNMS – Setting up Alerts to monitor Voltage on Mikrotik Routers

Posted on January 27, 2020 by admin

Create Alert Rule

Go to “Alerts -> Alert Rules” Then “Create rule from Collection”

Search for “Sensor under limit” and Select

Configure Alert Rule

Add another rule to limit to just the Voltage Sensors by using the “sensors.sensor_class = Voltage”

Select your Groups and Transports and Save.

Disable Alerts for Unused Ports

You may get some alerts because there are some ports that do not have any any voltage on them. You can disable them on a per device basis by going to the “device -> Edit -> Health” and turning alerts off

Turn off voltage alerts on port that has no PoE

Mikrotik RouterOS – VLAN notes

Posted on January 22, 2020 by admin

https://wiki.mikrotik.com/wiki/Manual:Interface/VLAN

VLAN successfully passes through regular Ethernet bridges

https://wiki.mikrotik.com/wiki/Manual:Basic_VLAN_switching

https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration

DHCP offering lease without success issue with Mikrotik on the far side of Ubiquiti device.

Make sure that radio does not have the VLAN configured on just the WAN interface. Easiest way would be to put it in bridge mode and use the management VLAN.

Install GDM as default display manager

Posted on January 15, 2020 by admin

Install Gnome Display Manager if it is not already installed

sudo apt install gdm3

Stop and disable the currently display manager, replace sddm with the current display manager. May be lightdm

sudo systemctl disable sddm
sudo systemctl stop sddm

Enable GDM

sudo dpkg-reconfigure gdm3
sudo systemctl enable gdm3
sudo systemctl start gdm3

Should be good to go.

How To Fix no matching cipher found. Their offer: aes128-cbc,3des-cbc…

Posted on January 14, 2020 by admin

When trying to SSH to older devices like a Ubiquiti Bullet2, you may receive an error saying

no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc

The work around is to manually specify the cipher with the “-c” option. You will also probably need to specify the KexAlgorithm “Key Exchange Algorithm”

ssh -c aes128-cbc -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@192.168.1.20

You can see what ciphers SSH supports by running “ssh -Q cipher”

Example output

ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

More information
https://www.openssh.com/legacy.html

Auto Start VM after XenServer reboot

Posted on January 11, 2020 by admin

SSH or gain command line access to XenServer

First we need to enable the Pool to allow auto starting
Second we will need to turn on the auto_poweron to true

In the following examples replace the UUIDs with your UUIDs

Find Pool UUID

You can find the pool UUID by running the “xe pool-list” Command. Note: you’ll still have a pool even if there is only a single server.

# xe pool-list
uuid ( RO) : 2e587aeb-de94-hf29-3eda-923d8he634fe

Enable auto_poweron for the pool

xe pool-param-set uuid=2e587aeb-de94-hf29-3eda-923d8he634fe other-config:auto_poweron=true

Verify that it is enabled

xe pool-param-list uuid=2e587aeb-de94-hf29-3eda-923d8he634fe  | grep auto_poweron

List VM UUID’s

Locate the UUID’s of the VM’s you want to start

# xe vm-list
uuid ( RO)           : 521be58a-3495-ea29-02a0-85ffcda06583
     name-label ( RW): CentOS 7
    power-state ( RO): running

Enable auto start

Run the following command for each VM you want to auto start. Change the UUID to the UUID of the vm you want to start.

xe pool-param-set uuid=521be58a-3495-ea29-02a0-85ffcda06583  other-config:auto_poweron=true

Print parameter settings

Use the following command to verify that the auto_poweron option is enabled.

xe vm-param-list uuid=521be58a-3495-ea29-02a0-85ffcda06583 | grep -i poweron | cut -d";" -f1

Example output

                      other-config (MRW): auto_poweron: true

https://support.citrix.com/article/CTX133910

Mikrotik RouterOS – “drop all from WAN not DSTNATed”

Posted on January 10, 2020 by admin

The default DSTNATed firewall rule keeps traffic from the WAN accessing LAN side IP addresses.

More info here

Printing the rules on a router with the default config should show the following.

;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-nat-state=!dstnat in-interface=ether1

If you are wanting to add the rule to a router, you can copy and past the following command. Replace in-interface=ether with your in interface.

/ip firewall add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat in-interface=ether1