Friday, April 29, 2016

Replacing TM Malaysia provided router for Unifi service

If you plan to replace the router provided by TM Malaysia with your own router, you have to ensure that the replacement router has the option to choose TM Unifi as the ISP or at least allow you to configure the WAN interface with a VLAN tag.

Below is how you can replace the router with a Linux based router for internet access, which is tagged to VLAN 500.

1. Create the VLAN interface 


Run the following command to create a VLAN interface.  Replace the x with your actual interface eg eth0, which will then make the VLAN interface as 'eth0.500'. The '.' is an indication that it is a VLAN interface.

[root@router ~]# vi /etc/sysconfig/network-scripts/ifcfg-x.500

Enter the following details

DEVICE=eth0.500
TYPE="VLAN"
ONBOOT="yes"
BOOTPROTO="none"
VLAN="yes"

2. Create the PPP interface


Run the following command to create the PPP interface

[root@router ~]# vi /etc/sysconfig/network-scripts/ifcfg-ppp0

Enter the following details. Remember to change as needed.

DEVICE=ppp0
TYPE="xDSL"
USERCTL="no"
BOOTPROTO="dialup"
NAME="DSLppp0"
ONBOOT="yes"
PIDFILE="/var/run/pppoe-ppp0.pid"
FIREWALL="NONE"
PING="."
PPPOE_TIMEOUT="80"
LCP_FAILURE="5"
LCP_INTERVAL="20"
CLAMPMSS="1412"
CONNECT_POLL="6"
CONNECT_TIMEOUT="80"
DEFROUTE="yes"
SYNCHRONOUS="no"
ETH="eth0.500"
PROVIDER="DSLppp0"
PEERDNS="yes"
USER="yourusername@unifibiz"

3. Create the PPP password files


Create the password files with the following command, one for CHAP and and one for PAP


[root@router ~]# vi /etc/ppp/chap-secrets

[root@router ~]# vi /etc/ppp/pap-secrets


Enter your username and password as provided by TM for both files.


"yourusername@unifibiz" * "password" *

4. You can now start the PPP interface

[root@router ~]# ifup ppp0


5. Check if the connection is successful


You can check if the connection is successful by running the following command. If the connection is successful, the ppp0 will be up and obtained an IP address

[root@router ~]# ifconfig ppp0
ppp0      Link encap:Point-to-Point Protocol
          inet addr:x.x.x.x  P-t-P:x.x.x.x  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:908071 errors:0 dropped:0 overruns:0 frame:0
          TX packets:397529 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:1039747302 (991.5 MiB)  TX bytes:91079309 (86.8 MiB)




Wednesday, April 27, 2016

How to detect a scam email?

If you received a notification from 'PayPal' on some irregularities with your account, don't be so quick to follow what was asked of you because it is most likely a scam

There are several ways to detect a scam. Some are very easy, like the one shown below, while some needs a bit more work.

1. Bad grammar 


Noticed how the word 'noticed' was spelled 'noticied'? Apparently a lot of scammers do not come from the English speaking part of the world.

2. Fake sender


The sender is not from @paypal.com but from @outlook.com. PayPal and all these organisation has their own domain. They will not use any other email domains.

3. Fake link. 


If you hover of the 'Login PayPal', you can see at the bottom showing the actual link which is not pointing to PayPal.



4. Fake URL


If you click on the link, it will bring you to the actual URL and as you can see, it is not paypal.com but pcypal.com, which is clearly bogus.







Monday, April 18, 2016

Cisco VPN Client v5.x on Windows 10

To install Cisco VPN client v5.x on Windows 10, follow the following steps

1. Launch the MSI not the EXE

2. Install DNE which you can obtain here else you will get errors while installing.

3. Once you have successfully installed the VPN client, you will need to edit the registry else you will get error while trying to connect


Friday, April 8, 2016

Simple WPAD script for direct connection to anything local

Below is a simple wpad script to let users have direct connection to anything local and the rest through proxy. You can continue to add statements but remember to add the corresponding brackets and the start and end.

Explanation

isPlainHostName(host) - the destination hostname. Any plain hostname (without FQDN) will be going direct

isInNet(myIpAddress() - the source address. This may be a local network where you do not want the users to use the proxy.

isInNet(host) - the destination address. The three shown are all the private address
function FindProxyForURL(url, host)
{
if (((((isPlainHostName(host) ||
dnsDomainIs(host, ".yourlocaldomain.com") ||
isInNet(myIpAddress(), "x.x.x.x", "m.m.m.m") ||
isInNet(host, "10.0.0.0", "255.0.0.0") ||
isInNet(host, "172.16.0.0", "255.240.0.0") ||
isInNet(host, "192.168.0.0", "255.255.0.0"))))))
return "DIRECT";
else return "PROXY your-proxy-server-ip:3128";
}

Monday, April 4, 2016

ClearOS 7 - Webconfig OpenVPN page returning error

If your ClearOS webconfig OpenVPN page is returning error, be it the app configuration page or the user certificate page URL below

https://server:81/app/openvpn
https://server:81/app/user_certificates

then most probably you have renamed or created a different configuration file name other than the default filename which are client.conf and client-tcp,conf

If you would like to custom name the configuration files, you will have to edit the file

/usr/clearos/apps/openvpn/libraries/OpenVPN.php

and edit the line below to suit your configuration filename

 const FILE_CLIENTS_CONFIG = '/etc/openvpn/your-config-filename.conf';




What you need to know about 10GBe home broadband

More ISPs are offering 10 Gbps fiber home broadband at pretty affordable prices ($189-$199) but before you sign up, the following are what you need to take note of

1. Most networking products like routers, desktops and notebooks currently support only up to 1 Gbps therefore if you do not upgrade them, 1 Gbps will the maximum speed you will be getting.

2. While you can upgrade your desktop by buying a 10Gbe NIC like the Intel X540 series, you can't do so with your notebook or routers

3. There are very limited number of routers that do support 10Gbe WAN port and they are very very expensive.

So until most end user products make 10 Gbps mainstream, it is not really advisable to sign up now. Price will also be much lower later as compared to what is available now.