Oct 292013
 

This post is a corollary to the previous one on building iOS client based IPSec VPN with the Stonesoft NGFW.

Testing the same configuration with OS X native VPN client, which you can configure in System Preferences – Network, I’ve found that things have changed a little bit in Mountain Lion (and Mavericks). Due to the Gatekeeper enhanced protection, you need to enter your Keychain on the Mac to modify some privileges.

Click on System and identify the certificate you are using to authenticate your machine.

Once found, you just need to expand it to show the private key portion as shown below (yeah, screenshot is in Italian but I think you get the point):

PrivateKey

 

Then you “open” the access to the component to every application as shown below (again, screenshot in Italian):

OpenAccess

Once you do this and confirm, the VPN will restart to work as previously (for example, in Snow Leopard).

Enjoy,

RoarinPenguin

Jun 212013
 

This post is the fruit of quite big experience I’ve done to build what mentioned in the title.

The choice of the NGFW is because Stonesoft is the company where I happened to be working for the last decade… actually for the last 12 years 🙂

Since iOS devices have been announced, this question has been more and more recurring… and I even wrote a kind of a HowTo at one point. Which has been extended by a good friend of mine and published on a blog… which does not exist anymore.
The problem is that HowTo was not completely detailed… and it generated lots of questions and comment, to clarify various aspects of the topic.

Hence I’ve decided to avoid that knowledge to go lost, publishing this post on something that I control (well, sort of 😉 ).

Enriching it with bit more details and side information.

Still reading? Still wanting to have your iThing connected in VPN with the mighty Stonesoft NGFW? Allrite! Read on!

Continue reading »

Jun 182013
 

I just realized OS X has a cool great web interface to check printers queue names, jobs, printer names, etc.

Unfortunately this is disabled by default.

To enable, open a Terminal session and type the command:

cupsctl WebInterface=yes

Then, point your browser to http://localhost:631 and… enjoy!

Mar 252013
 

Continuing on my seafile experiments, I’ve found that they’ve done a pretty good job in offering local language support and this includes italian.

Well, sort of.

I mean, the tranlsation is nice and mostly well done… but sometimes you see part of the UI in… cyrillic???

After my first WTF reaction 🙂 I started checking how to fix this and I got good hints from Seafile as well. I ended up improving the italian language support they offer, and they promise to integrate my efforts in next version (good!).

In case you’re interested in modifying some part of an existing language support in Seafile web UI, what you need to have on your server machine is the following (commands refers to Ubuntu 12.04 LTS):

  • Python 2.7 (if you don’t have it, give a “apt-get install python-2.7” to get it)
  • Django extension to Python (if you don’t have it, give a “apt-get install python-django” to get it)
  • gettext command (if you don’t have it, give a “apt-get install gettext” to get it)

Then, modify the file <seafile_install_directory>/seahub/locale/<your_language_country_code>/LC_MESSAGES/django.po

Replace <your_language_country_code> with the language code your interested in, for example it for Italian.

Change/correct/replace/add the strings you’re missing.

The file logic is based on the string in English, followed by the one in the local language, for example:

#: forms.py:56 templates/snippets/repo_create_js.html:28
msgid "Name can't be empty"
msgstr "Il nome non può essere vuoto"

Once you’re done with your django.po file, copy the existing django.mo file (language file compiled) in the same directory to some other safe place and from <seafile_install_directory>/seahub/ directory type the command:

./i18n.sh compile-all

This should generate a new django.mo file with the modifications you have made.

As a bonus, if you just want to get rid of cyrillic you can copy these two files into <seafile_install_directory>/seahub/locale/<your_language_country_code>/LC_MESSAGES/ in your installation and restart the servers (seafile and seahub).

Enjoy.

 

Mar 212013
 

seafilelogoSeafile is a cool project about building a private “Dropbox-like” system.

Although young, it looks VERY promising and it is well documented.

The only shadow part is that if you follow the manual step by step you end up in having an HTTP web server frontend which is definitely not perfect if you’re looking for security.

Info about how to decently configure Apache2 are a bit dispersed on multiple sites, hence I’ve decided to detail in this post the few simple steps you need to achieve a Seafile based private cloud where even the  web frontend works in HTTPS.

Let’s pick up from where you end up if you follow the instructions published by Seafile Team.

Continue reading »

Mar 022013
 

AutomatorI use EasyPHPAlbum to manage my online photo gallery.

It’s handy and does the job, since when I need to add new pictures I just need to upload the directory, add the index.php et voilà.

I decided to use OS X Automator to upload both the exported versions of the pictures and the needed index.php to my online gallery.

It has been insanely easy, and it work like a champ. SO sharing my experience here.

First of all, copy the EasyPHPAlbum index.php configured as you needed in a specific folder on your Mac.

Then create an empty folder, which is the one you want to “monitor for new photos”.

Retrieve and install a very handy FTP Automator Action to help you with data transfer.

Add index.php to the newly created folder

Launch Automator, choosing  to create a Folder Action.

On top of it, select the folder you want to monitor for the new photos.

From the menu on the left select Variables, then Locations, then Path.

Drag and drop to the right to get it populated with the newly created folder.

From the menu on the left choose Actions, then Utility and finally Set the variable value.

Drag and drop on the right and it should automatically take the variable name set in the previous step. If not, drag and drop the variable name on it from the bottom of the screen.

From Files and Folders action group on the left, select Get Specified Finder Items.
Be careful now. From the options button, flag Ignore Action Input and click on Add… button to manually add the index.php file you want to upload with the pictures.

From same action group, select Copy Finder Items, drop it on the right and drag the path variable over it.

Finally, add the FTP action to the end and configure it with the needed credentials to upload the folder content to the hosted space on the internet.

Enjoy.

Jan 302013
 

Very handy and easy operation, performed successfully on a Windows 7 64 bit box without ANY issue.

First, you go in Settings of the VM in VirtualBox and in Storage Section, remove the VDI Virtual HDD from the storage controller of the VM as shown in the picture below.

Once VDI is selected, click on - sign to detach it.

Once VDI is selected, click on – sign to detach it.

Then, you open a Terminal session, position in the VM directory and type the command:

VBoxManage modifyhd <name_of_the_VDI_file>.vdi --resize <new_size_you_want_in_megabytes>

You can follow the progression with the command output, which should be similar to the example reported below:

VBoxManage modifyhd ObsoleteOS.vdi --resize 50000
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

Once the command completes, remember to reattach the VDI to the VM before powering up.

When Windows boots up again, right click on Computer and select Manage to see the new disk space active and shown as an Unallocated partition.

To extend the current partition to match the new space, you need to use external softwares such as the free (for Home use) Easeus Partition Manager.

Enjoy!

Dec 272012
 

Using a Mac with VMware ESX(i) is a pain, since very scarce support is available for the poor lovers of the apple 🙂

Luckily, once you enable ssh access on the hypervisor, the following commands come very handy:

ESXi 5.0

To power on a virtual machine from the command line:
  1. List the inventory ID of the virtual machine with the command:vim-cmd vmsvc/getallvms |grep <vm name>

    Note: The first column of the output shows the vmid.

  2. Check the power state of the virtual machine with the command:vim-cmd vmsvc/power.getstate <vmid>
  3. Power-on the virtual machine with the command: 

    vim-cmd vmsvc/power.on <vmid>

ESXi 4.1

To power on a virtual machine from the command line:
  1. List the inventory ID of the virtual machine with the command:vim-cmd vmsvc/getallvms |grep <vm name>

    Note: The first column of the output shows the vmid.

  2. Check the power state of the virtual machine with the command:vim-cmd vmsvc/power.getstate <vmid>
  3. Power-on the virtual machine with the command:vim-cmd vmsvc/power.on <vmid>

ESXi 4.0

To power on a virtual machine from the command line:
  1. List the inventory ID of the virtual machine with the command:vmware-vim-cmd vmsvc/getallvms |grep <vm name>

    Note: The first column of the output shows the vmid.

  2. Check the power state of the virtual machine with the command:vmware-vim-cmd vmsvc/power.getstate <vmid>
  3. Power on the virtual machine with the command:vmware-vim-cmd vmsvc/power.on <vmid>

 

ESX 4.0 and ESX 4.1

To power on a virtual machine from the command line:
  1. To list the path of all the virtual machines on the host:vmware-cmd -l
  2. Get the state of the virtual machine with the command:vmware-cmd <path to the VMX file> getstate
  3. Power on the virtual machine with the command:vmware-cmd <path to the VMX file> start

Enjoy.

Dec 072012
 

I’ve been struggling with this issue for the last freaking three years with this issue!!! And I’ve been able to fix once forever only today, after countless hours of attempts and internet searches and queries to “Windows gurus and experts”.

None of which ended to any decent result. SO, since today I fixed it, I’ll write the solution here for the sake of the Human Kind 🙂

Issue: a Windows client (no matter if XP, Vista, 7) connects to a Win 2003 terminal server and flags in mstsc.exe to redirect his printer.

Connection succeeds and he opens a file on server, tries to print and… whoa! The local printer is not redirected.

Unsure in which proportion the two countermeasures I’ve taken helped, hence I report here both:

  • insert a registry key to redirect all client printers, regardless of the “port names” they are connected to.
  • enable Windows 2003 server to fall back on “known” printer drivers, in case the client printer does not match to any printer driver present on the server itself

Insert registry key for “global” printer redirection on client

On the client launch Regedit.

Navigate to HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default\AddIns\RDPDR

Add a key of type DWORD named FilterQueueType with value ffffffff

This tells to the system to redirect each and every printer on the client, regardless of the port name it is connected to. If this keyword is absent, not all port names are correctly redirected but only the most standard ones (e.g. LPT…)

Enable “Printer Driver Fallback” on Windows Server 

On the Windows 2003 server, launch mmc.exe.

Add a snap-in to edit Group Policy

Open it and navigate to: Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Client / Server data redirection\Terminal Server Fallback Printer Driver Behavior

as shown below:

Click to zoom

The configure it to be Enabled and configured as more appropriate for the printer you are using on the client:

Once you save and reconnect in a new terminal server session, you will see your printers properly redirected and usable in your terminal session.

Enjoy, and let me know your comments!