If you get the following message on your Cisco router when you connect a VPN client using PPTP *Mar 17 16:43:02.371: Vi5 PPP: Control packet rate limit 10 reached *Mar 17 16:43:02.371: Vi5 PPP: Entering block state for 30 seconds *Mar 17 16:43:02.371: Vi5 PPP: Packet throttled, Dropping packet Then it means you have an IOS version which greatly reduced the allowed rate of PPP control packets before it triggers a block. ...

I was recently confronted to a strange issue with a PPTP VPN connection to a central site. Some users could connect and some others could not. They all used Windows 7 with SP1, configured the same way, and all computers were behind NAT/PAT routers but not necessarily on the same site. On the VPN server, the only information I could get was this log stating the GRE protocol was unreachable: ...

You can find pretty cheap USB to Serial devices on Ebay. I bought one and received a device using a chip ch341. Unfortunately, the drive is bugged in Ubuntu 12.04 and 14.04. Fortunately, there is patch to fix it. Here is how to recompile the module to enjoy these devices. $ sudo apt-get source linux-source-3.13.0 linux-headers-$(uname -r) $ cd /tmp $ tar -xjf /usr/src/linux-source-3.13.0.tar.bz2 $ cd linux-source-3.13.0/ $ make oldconfig $ make prepare $ make scripts $ cp -v /usr/src/linux-headers-$(uname -r)/Module.symvers . $ cp /lib/modules/$(uname -r)/kernel/drivers/usb/serial/ch341.ko /lib/modules/$(uname -r)/kernel/drivers/usb/serial/ch341.ko.orig $ cd drivers/usb/serial $ cp ch341.c ch341.c.orig $ wget https://github.com/karlp/ch341-linux/raw/master/0001-usb-serial-ch341-Add-parity-support.patch $ cat 0001-usb-serial-ch341-Add-parity-support.patch | patch -p4 patching file ch341.c Hunk #1 succeeded at 349 (offset 3 lines). Hunk #2 succeeded at 370 (offset 3 lines). $ make -C /lib/modules/$(uname -r)/build M=$(pwd) modules $ sudo cp ch341.ko /lib/modules/$(uname -r)/kernel/drivers/usb/serial/ch341.ko $ sudo rmmod ch341 $ sudo modprobe ch341 Source for instructions: http://askubuntu.com/questions/515407/how-recipe-to-build-only-one-kernel-module ...

GNS3 Sourceforge account provides an OVA image ready to run gns3-server for those who want to use Cisco IOS on Unix images . However, at the time of this writing, the gns3-server version is outdated (1.3.3). The client must have the same version as the server to be able to connect to it. Here is how you can update the gns3-server inside the image. Note that you need Internet access for the update. ...

Recently I had to migrate services from a running Debian server to another one, with minimal downtime of services. I usually do this to P2V or V2V Linux systems, as this allows me to resize the new virtual machine to meet the services requirements (adjust disk size, inodes, partitionning, etc.). I have done this several times in the past on systems with Grub 1 but this is the first time with Grub 2, so I thought I’d share my process. ...

If you have issues with your SNOM phones and presence monitoring (the little LEDs that display when another extension is ringing or busy), then maybe this will help. We had this problem at work. When we checked the SIP traces, we could see our server was sending SIP NOTIFY packets to tell the phone “hey your collegue phone is ringing!”, but the phone: (very old firmware) either answered with a 200 OK but did not blink the LED; (latest firmware) or it answered a 481 Call/Transaction Does Not Exist and still did not blink the LED. The issue was that the SIP NOTIFY packets were malformed by our system and the phone simply declared our server as broken, and discarded those NOTIFY packets. We did not realize earlier the packets were malformed because it worked with other brands of phones (Aastra for example), so we thought we were OK. Sadly, we were not :-( ...

To monitor the status of a LSI RAID card, say for example a Dell PERC card, you will need to install NRPE, sudo, mpt-status and check_mpt.sh . Install sudo and NRPE via your package manager. You can grab mpt-status via apt if you use Debian/Ubuntu or here if you use CentOS. You can grab check_mpt.sh here. First, load the module mptctl if it’s not done already: modprobe mptctl To have the module loaded at boot, you can use your distribution specific behavior. In my case, I put it in /etc/rc.local . ...

I have had a strange issue lately with Windows servers on VMware vSphere 5.1 hosts. Throughput of TCP connections between some virtual machines were very very slow, barely 10 mbit/s . The behavior was easily reproducible : just start an iperf connection between a Windows Server 2008 and a Windows 2012 server, and you get 10 mbit/s . Moving both virtual machines on the same ESXi host, or on different hosts, did not change anything. ...

If you are frustrated to get your Domain account locked while you are logged on a VPN with different credentials than your Domain credentials, then this is for you. Edit the file %userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk with your favorite text editor. All the VPN connections managed by Windows are defined in that file. Search the string UseRasCredentials=1 and replace it with UseRasCredentials=0 for each VPN connection that gets you locked out (or just replace all of them if you are lazy). Save the file. ...

I have been getting increasing number of errors in my Exim log related to GnuTLS Diffie-Hellman prime number. That prime number being too small causes Exim to abort the connection and initiate a new one to send the email over an unencrypted session. The exact error message is: TLS error on connection to foobar.example.com [x.x.x.x] (gnutls_handshake): The Diffie-Hellman prime sent by the server is not acceptable (not long enough). With a recent enough Exim installation, you can define the tls_dh_min_bits parameter to a value that you find acceptable. ...