Categories

Bluetrait
        Bluetrait
                Bluetrait
                    Coding
                    Geek
                    General
                    Videos
                    Solar
                    Coding
                    Geek
                    General
                    Coding
                        PHP
                        Bluetrait
                        PHP
                        Bluetrait
                        WordPress
                            Plugins
                        PHP
                        Bluetrait (Program)
                    Geek
                        Juniper
                        Cisco
                        IBM N2200 8363
                        PCs
                        Spam
                        IPv6
                        Apple
                        NetScreen
                        Internet
                    General
                        Uni

Wed, 06 Feb 2008 10:00 AM

IPv6

Michael Dale

I spent a bit of time last night getting more of my network IPv6 ready.


  • My Bind DNS server can now answer queries on IPv6.

  • dalegroup.net now has an IPv6 address

  • I'm in the process of trying to get my name server (ns1.dalegroup.net) to have an IPv6 address.

  • Mail server has an IPv6 address (although nothing is routed to the IPv6 address yet)

EDIT: And now my IPv6 tunnel is completely broken :( I've email aarnet and hopefully it will be working soon!


Thu, 31 Jan 2008 9:22 AM

Setting up a route based site-to-site vpn using aggressive mode

Michael Dale

The following howto guide explains how to setup a route based site-to-site VPN with one site using a firewalled internet connection and a dyanmic ip address.


So the background:

We have a client who is currently uses a Next G wireless connection who requires a link back into head office.


The wireless connection is limited in the follownig ways:


  • No public ip address

  • No static ip address

  • No port forwarding capabilities

So the connection is locked down.


The client required a site-to-site vpn for their business to operate (main application is running in head office).


So the following guide will show you how to set this up.


Network Details:

Head Office


  • Real internet connection with a static IP address

  • 192.168.0.x internal network

Remote Office


  • Internet connection without public ip address and/or port forwards

  • 192.168.6.x internal network

Head Office Setup


  1. Create a new IKE user (Objects->Users->Local)

  2. Create a new Unnumbered Tunnel Interface mapped to the untrust zone (Network->Interfaces (List)) and connected to your untrust Interface

  3. Create a new "Dialup User" VPN Gateway (VPNs->AutoKey Advanced->Gateway),
    1. Dialup user being the one you created in step 1.

    2. Outgoing interface is your untrust port.

    3. Enter a preshared key.

    4. In the advanced settings:
      1. Mode (Initiator) Aggressive

      2. Enable NAT-Traversal



  4. Create a new AutoKey IKE (VPNs->AutoKey IKE).
    1. Security Level: Custom

    2. Remote gateway is the one you setup in step 3

    3. In the advanced settings
      1. Replay Protection

      2. Bind to the Tunnel Interface you created in step 2

      3. VPN Monitor

      4. Rekey



  5. Create Routes (Network->Routing->Routing Entries)
    1. Network (remote network): 192.168.6.0/255.255.255.0

    2. Gateway

    3. Interface: Tunnel Interface you created in step 2


  6. Create polcies:
    1. From Trust to Untrust:
      1. Source: 192.168.0.0/24

      2. Destination: 192.168.6.0/24 


    2. From Untrust to Trust: 
      1. Source: 192.168.6.0/24

      2. Destination: 192.168.0.0/24

          



Remote Office Setup


  1. Create a new Unnumbered Tunnel Interface mapped to the untrust zone (Network->Interfaces (List)) and connected to your untrust Interface

  2. Create a new "Dialup User" VPN Gateway (VPNs->AutoKey Advanced->Gateway),
    1. Local ID being the IKE Identity you created in step 1 on the Head Office setup.

    2. Outgoing interface is your untrust port.

    3. Enter a preshared key (same as Head Office setup).

    4. In the advanced settings:
      1. Mode (Initiator) Aggressive

      2. Enable NAT-Traversal



  3. Create a new AutoKey IKE (VPNs->AutoKey IKE).
    1. Security Level: Custom

    2. Remote gateway is the one you setup in step 2

    3. In the advanced settings
      1. Replay Protection

      2. Bind to the Tunnel Interface you created in step 1

      3. VPN Monitor

      4. Rekey



  4. Create Routes (Network->Routing->Routing Entries)
    1. Network (remote network): 192.168.0.0/255.255.255.0

    2. Gateway

    3. Interface: Tunnel Interface you created in step 1


  5. Create polcies:
    1. From Trust to Untrust:
      1. Source: 192.168.6.0/24

      2. Destination: 192.168.0.0/24 


    2. From Untrust to Trust: 
      1. Source: 192.168.0.0/24

      2. Destination: 192.168.6.0/24



So that should be all you need to do. The Remote Office will be the side that starts the VPN. Make sure the encryption settings are the same for each side.


The good thing about this setup is that you don't need to use a service like DynDNS so it should be a bit more reliable.


If I get a chance I'll try and add some screen shots.


Sun, 27 Jan 2008 4:52 PM

Bluetrait Event Viewer 1.6

Michael Dale

Bluetrait Event Viewer (BTEV) 1.6 is now out. It has a few fixes that should make it compatible with WordPress 2.5 (due out in March I believe).


Mon, 14 Jan 2008 3:20 PM

.au domains for $21.45 2/year

Michael Dale

Jumba have a special on at the moment; .au domains for $21.45 for two years. Thats cheaper than what I pay for a standard .com!


Anyway I picked up dalegroup.net.au


Wed, 02 Jan 2008 11:42 AM

Syntax Highlighting

Michael Dale

I wrote a small plugin for Bluetrait 2 that allows some basic WordPress plugin compatibility. The first plugin that works is WP-Syntax the only change that was required to this plugin was to rename the main plugin file.


Let's give it a test:



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
span style="color: #808080; font-style: italic;">/*
	Bluetrait 2.0 Cron Support
	Michael Dale Copyright 2007
*/
 
//stop from running over and over again :)
'BT_RUNNING_CRON''bt-common.php''cron_intervals''next_run''next_run''frequency''cron_''name']);
		//too noisy
		//trigger_error('Cron ('.$cron_interval['description'].') Successful', E_USER_NOTICE);
'cron_intervals'




Looks like I need to make a few changes to the CSS. But it doesn't look too bad.

Wed, 02 Jan 2008 10:38 AM

PHP 5.3

Michael Dale

I had a play around with PHP 5.3. The main new feature is namespaces. I am looking forward to using this in future.


Unfortunately PHP 5.2 isn't very common so using namespaces in my code will need to wait.


This is a good website if you want to learn about how namespaces will work in PHP 5.3


PHP

Fri, 28 Dec 2007 5:29 PM

New TV

Michael Dale

Max purchased a new TV.


Sony 46" Bravia


Sony 46" TV


Oh and we're getting a free PS3 with it too :)


Wed, 19 Dec 2007 6:32 PM

My Website History

Michael Dale

I've just spent the last half hour restoring some of my old websites (dating back to around 2004).


I thought it would be interesting to see how they'd changed.


I did something like this back in early 2004, and ended up with a PDF document called "Dalegroup Evolved".


This time it is a little more interactive as the websites are live (click on the screen shots to visit the site) :)


So the first on my list:


dalegroup.net - 2004


dalegroup.net 2004


Dalegroup.net was my primary website before I started a blog. This site ran on one of my first CMS' and it is still working on PHP5 :)


I setup GD to generate the news titles into a coloured image that changed for each news item.


blog.dalegroup.net - 2005


blog.dalegroup.net 2005


This site was my first "real" blog and could be found at blog.dalegroup.net (no longer exists). This site ran on a script I called getnews and was simply a basic blog program I wrote during the HSC.


The customised CSS styles still work too!


bluetrait.com - 2007


bluetrait.com 2007


Bluetrait was my first site completely separate from dalegroup. I don't remember where the name came from but the idea behind it was to write a blog script that people could download and use.


So bluetrait ran on Bluetrait 1 which worked pretty well for a few years.


And now we're at the end of 2007. Bluetrait.com is still around and is currently running Bluetrait 2 Alpha-2.


 


Tue, 18 Dec 2007 3:38 PM

Gravatar

Michael Dale

I've added Gravatar support to this site.


A gravatar, or globally recognized avatar, is quite simply an 80×80 pixel avatar image that follows you from weblog to weblog appearing beside your name when you comment on gravatar enabled sites.

Tue, 18 Dec 2007 8:06 AM

WampServer 2

Michael Dale

I've been using WAMP (a Windows package that includes: MySQL, PHP and Apache) for dev purposes and it has been great.


The new version WampServer 2 is even more awesome. It is now possible to install multiple versions of Apache/PHP/MySQL. WampServer provides a tray icon that allows you to switch to a different version.


So now I can easily test Bluetrait with multiple versions of MySQL and PHP *is happy*


Bluetrait works with PHP-6 dev too!