Category: VM

DD-WRT VPN PIA

By , January 14, 2016 11:54 PM
I’ve read many users have trouble setting up the OpenVPN client on some DD-WRT flashed routers. There are DD-WRT builds that lack the ADVANCED OPTIONS button, here’s my solution:

1- Go to SETUP – BASIC SETUP – NETWORK ADDRESS SERVER SETTINGS (DHCP)
Set Static DNS 1 to: 8.8.8.8
Set Static DNS 2 to: 8.8.4.4
or any other DNS servers you want.
2- Set TIME SETTINGS to match your current location.
Click SAVE – Click APPLY SETTINGS
3- Go to SERVICES – VPN
Enable OpenVPN Server (Just click the enable button, do nothing else). This step you can skip. It only serves the purpose of enabling OPENVPN STATUS so that you can see the current state and log of PIA OPENVPN CLIENT.
Click APPLY SETTINGS
4- Go to ADMINISTRATION – COMMANDS
Copy – Paste the text from link below to commands, don’t forget to edit Your_PIA_Username and Your_PIA_Password with your own credentials, if you want you can change the remote regional-gateway (us-west…) too:
Click SAVE STARTUP
5- Go to ADMINISTRATION – MANAGEMENT
Click REBOOT ROUTER
6- That should do it, from now on every device that gets a IP address from your router will go through PIA’s VPN tunnel.
As you can see, we did nothing to the OpenVPN client in SERVICES – VPN. The script takes care of that for us.
ENJOY!!
PICK A LOCATION
#!/bin/sh

USERNAME="Your_PIA_Username"
PASSWORD="Your_PIA_Password"
PROTOCOL="udp"
# Add - delete - edit servers between ##BB## and ##EE##
REMOTE_SERVERS="
##BB##
# US - WEST
remote us-west.privateinternetaccess.com 1194
##EE##
"

#### DO NOT CHANGE below this line unless you know exactly what you're doing ####

CA_CRT='-----BEGIN CERTIFICATE-----
MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK
ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50
ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow
gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx
IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2
YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy
aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m
hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt
4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB
CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU
l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD
QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH
atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge
fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2
llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6
-----END CERTIFICATE-----'

OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'`

if [ "$OPVPNENABLE" != 0 ]; then
   nvram set openvpncl_enable=0
   nvram commit
fi

sleep 10
mkdir /tmp/pia; cd /tmp/pia
echo -e "$USERNAME\n$PASSWORD" > userpass.conf
echo "$CA_CRT" > ca.crt
echo "#!/bin/sh
iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE" > route-up.sh
echo "#!/bin/sh
iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE" > route-down.sh
chmod 644 ca.crt; chmod 600 userpass.conf; chmod 700 route-up.sh route-down.sh
sleep 10
echo "client
auth-user-pass /tmp/pia/userpass.conf
management 127.0.0.1 5001
management-log-cache 50
dev tun0
proto $PROTOCOL
comp-lzo adaptive
fast-io
script-security 2
mtu-disc yes
verb 4
mute 5
cipher bf-cbc
auth sha1
tun-mtu 1500
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
log-append piavpn.log
ca ca.crt
status-version 3
status status
daemon
$REMOTE_SERVERS" > pia.conf
ln -s /tmp/pia/piavpn.log /tmp/piavpn.log
ln -s /tmp/pia/status /tmp/status
(killall openvpn; openvpn --config /tmp/pia/pia.conf --route-up /tmp/pia/route-up.sh --down /tmp/pia/route-down.sh) &
exit 0

Dell Equallogic generic hard drive firmware update

By , March 5, 2013 1:24 AM
> This might be of some use - I've updated a ST31000340NS (ES.2 1TB > version) under Linux to MA0D using hdparm v9.27's --fwdownload switch on > Debian 5. You have to strip the first 256 bytes of Dell header from the > start of the Dell update binary using dd bs=256 skip=1 ... 
You're the man!! Your method worked like a charm (after rebooting in a clean,
live environment).
These are the steps I did to update the SATA HD firmware on my Dell R410
without SAS controller and in Debian:

1) boot the server from a live CD (Ubuntu 9.10 in my case)
2) downloaded from packages.debian.org the Sid package of hdparm (v9.27)
3) installed it in the Ubuntu live session
4) downloaded the firware from support.dell.com and unpacked it
5) dd if=payload/MA0D.fw of=payload/MA0D.lod bs=256 skip=1
6) hdparm --fwdownload payload/MA0D.lod /dev/sda
7) then added the extra switches that hdparm needs to follow with this
dangerous operation
8) firmware updated!

Just to mention that I did the first hdparm --fwdownload with the HD *working*
(I was using the system installed on it, not a live one) and the updated
failed (due to the disk disconnecting from the SATA bus) but the disk worked
without problem. No fried disk, no bricking at all.

http://www.upemax.user.icpnet.pl/



It’s seems it’s 208 bytes

I need to update firmware on my Seagate Constellation ES ST32000644NS branded as Dell Equallogic. Since I don’t use this drive in a Dell Server but in my Apple Mac Pro the only possible way to do this is to use Linux and hdparm.

Then I found this: http://lists.us.dell.com/pipermail/linux-poweredge/2010-April/042003.html

The correct firmware for my drive is Muskie/KA09.fwh

The only question is how many bytes I have to remove from the Dell header to able to flash it with hdparm ?

Files for comparision: http://www.upemax.user.icpnet.pl/

Create NFS Datastore for ESX in WIndows Server 2008 R2

By , September 17, 2012 2:22 PM

Create NFS Datastore for ESX in WIndows Server 2008 R2

Here, I am going to explain step by step procedure to configure NFS share in windows 2008 R2 to use with ESX data storeAdding NFS Share Role in Windows

Choose Start -> Administrative Tools -> Server Manager
I have already File services installed on my windows server with default options. So, Go to file services role and click on add Role services and select “services for network file system”

Click on Install

Create a folder called “nfstest”. Right click the folder and click on properties

Click on the “NFS sharing” tab and click on “Manage NFS Sharing”

Select the check mark  “Share this folder” and remove the check mark Kerberos V5 integrity and authentication  & Kerberos V5 authentication.

Select the Allow anonymous access and click on Permissions tab

In Type of Access , choose “Read-Write” and check mark the Allow Root access and apply ok.

Adding  the NFS datastore to ESX\ESXi host

Make sure you have vmkernel port is configured in your ESX/ESXi host.

Goto Configuration Tab and select Storage. Click on Add storage.

Select Network File system.

Enter the Fully qualified domain name of the server or IP address, share name and Datastore name. Click on Next.

NFS datastore named “NFS DATASTORE” is created.

NFS datastore is created and we are ready to go.Thanks For Reading!!!!

Vmware ESX NFS datastore on Windows Server 2008

By , September 17, 2012 2:20 PM

Vmware ESX NFS datastore on Windows Server 2008

So if this is the need for slow file transfers, you can do it that way:

1. Install Services for Network File System (NFS)
Server Manager – Add Roles – File Services – Services for Network File System

2. Edit Local policy(or GPO) to Everyone permissions apply to anonymous users
Administrative tools – Local Security Policy – Local Policies – Security Options – Network Access: Let Everyone permissions apply to anonymous users – Enabled
GPO – Computer Configuration – Policies – Windows Settings – Security Settings – Local Policies – Security Options – Network Access – Network Access: Let Everyone permissions apply to anonymous users – Enabled

3. set NFS to TCP only
Administrative tools – Services for Network File System (NFS) – Server for NFS Properties – Transport protocol to TCP only (default is TCP+UDP)
Reboot server!

4. Create Share and set IP access
Open Folder Properties – NFS Sharing – Manage NFS Sharing – select Share this folder – select Allow anonymous access – set Anonymous UID and Anonymous GID to 0 – Permissions – Add VMKernel IP to Add names, leave read-write, select Allow root access – ok – ok – ok – ok

5. Set datastore on esx server
Go to service console and type: esxcfg-nas -a -o (Windows 2008 IP) -s /(sharename) (datastore_name)

… and now can cpoy ISO images and backup files betwen esx and windows. For virtual machine running you beter to buy dedicated NAS or SAN system.

ESX and PERC6 Monitoring

By , September 13, 2012 3:16 PM

http://blog.rebelit.net/?p=283

 

After upgrading my ESXi whitebox server using the official ESXi 5.0 install DVD I noticed that the health status monitoring for my PERC 6i RAID card was not showing up anymore. Everything else went smoothly during the upgrade and the test VMs all powered on from the datastore on the PERC 6i without issues. When checking health status only the processors and software components were listed. As it turns out VMware has removed the vendor specific VIBs for health monitoring in ESXi 5.0.

In order to restore health monitoring for the PERC 6i to the health status screen you will need the latest LSI offline bundle VIB for ESXi 5.0. I tried using the Dell OpenManage offline bundle but it stopped displaying all monitoring after the reboot and the system would not reset the sensors. After removing the installed OpenManage VIB and after a few hours of scouring the internet I managed to find the solution. The Dell PERC 6i cards use the LSI MegaRAID chipset for their controller.

LSI’s latest offline bundle package supports a variety of cards. After finding the proper version (500.04.V0.24) I was able to locate the download on one of the other controller card pages. Doing a search for “LSI 500.04.V0.24 site:lsi.com” on Google brought up several results. I selected the first result for the MegaRAID SAS 9260CV-4i – LSI and scrolled down to the Management Tools section. Here you will find VIB downloads for 4.x and 5.x. Download the file for ESXi 5.x from any of the listed card pages. You will need to extract the offline bundle from the archive otherwise it will not install and you will get errors about being unable to load the index.xml file.

You will need VMware vSphere CLI installed on a machine. The update requires maintenance mode and a host reboot so if you are using a vMA make sure it’s on another physical host. Using CLI on my Windows desktop machine I first copied the extracted offline bundle zip to the root of the ESXi host datastore via the vSphere Client. Then on the machine with CLI installed I opened command prompt and browsed to the folder C:\Program Files (x86)\VMware\VMware vSphere CLI\bin.

I put the ESXi host in maintenance mode using the following command,

vicfg-hostops.pl -server x.x.x.x -operation enter

Note: Several times CLI returned connection errors or said that operation is a mandatory argument. I found that pasting the command was the culprit and manually typing in each command solved the issue. Also note that the VMs must be powered off to enter maintenance mode.

After the server was in maintenance mode I verified the status by running the following command,

vicfg-hostops.pl -server x.x.x.x -operation info

Once the host was in maintenance mode I ran the following command to install the vib offline bundle,

esxcli.exe -s x.x.x.x software vib install -d [datastore]VMW-ESX-5.0.0-LSIProvider-500.04.V0.24-261033-offline_bundle-456178.zip

When running the command and supplying credentials CLI sat at a flashing cursor for a few minutes. If it’s going to throw an error it will do it right away, otherwise it’s installing and you should leave it alone. There are no status updates until the install has completed.

Once the install was complete the following was returned,

Now you need to restart the ESXi host in order for the changes to work. You can also do this with CLI running the following command,

vicfg-hostops.pl -server x.x.x.x -operation reboot

After the host was done rebooting I logged in with the vSphere Client and checked the Health Status. It now shows the Storage category and displays all of the information related to my Dell PERC 6i including battery status.

I removed the host from maintenance mode and powered all of the test VMs on without any issues. I hope this helps any users out there upgrading with a PERC 6i RAID controller that want to retain the ability to monitor their storage array.

Thomas Challenger Thomas Challenger