Part 1: ZeroTier and making a multi-site LAN (MAN?)

Recently I have come across an interesting little software tech that lets me do some fun things that normally one would only see in the data center or large companies.  That software is called ZeroTier.

When I first started playing with this I was doing some really bad things abusing networks to get a nice simple method to access all my remote servers and devices without hassle.  Let’s just say all of what I did was horrible and was burned to the ground in favor of this. My goal was to set up a small network that would span 3 LANs and allow me to connect them together either in a routed or one big bridge.  I do not recommend the bridge but it can be done.

So the first step I took was to draw out what the network should look like. Then I took a little time and thought about it and had to modify it a little more.

Rough hand drawn what I wanted it to look like.

After a little thinking.

In the picture on the left, I identified I would need to use 4 subnets, 3 for the LANs and one for the inter LAN routing.  I then saw a flaw with this initial diagram, how do I route to ZeroTier?  My routers of choice are MikroTik, there is no built-in ZeroTier package for them.  It is then I thought of doing a router on a stick at each site to handle doing the handoff to ZeroTier.  Granted I drew a device with traffic routing through it; not to and from it on the same interface.  This will take you to I need more subnets.  So finally I had what needed to complete this task. 3 LAN subnets, 3 point to point subnets, and 1 ZeroTier subnet.

Now, why did I want to go this way?  Sure one could set up an IPsec tunnel or any various other VPN tunnels and send traffic over them.  This software offered the opportunity to let me make a MAN like network across the internet that is very little configuration and almost zero NAT hole punching.  At work, I have seen what happens when VPNs suddenly die and it is due to someone/something doing something bad.

Continue reading

Reference URL: https://zerotier.com
Reference URL: https://mikrotik.com
Reference URL: https://www.google.com/search?q=router+on+a+stick

Series about ZeroTier

Currently, I am writing a little series involving a product I recently discovered, ZeroTier.  Many people seem interested in how I am using it for personal use.  So spending a few nights writing up my thoughts, the how to’s, and grabbing some screenshots along the way.

Below is a bulleted list of post titles for the series.

I hope this is a nice little list of topics/points that will cover the subject well.  Once I have all the core parts written I will post them all back to back (minutes apart) and link them here as well.

(edit 2018-12-07, Updated Part 4 & 5 to have links, Added Part 6 text.)

Xbox One Audio Issue

So the girlfriend and I just tried to watch an episode of Stargate SG-1 on DVD on the Xbox One. During playback we have an interesting audio issue. We heard more background sounds than speech. A short Google search later and the problem was resolved.

To solve this we simply had to open settings, go to display and sound. From there edit the audio output from 7.1 surround to stereo. I think this is the simplest to date of problems that I have run into.

Fix for Java 8+ & iDRAC 6 Connection Failed

For work I recently had to stand up a temporary system that has the old iDRAC 6 in it. Many will know that Java 8+ (from my testing) seems to have a disliking for that version of iDRAC. I spent a day grumbling at the error while standing next to the offending system in the data center watching the OS hang on install. After doing some digging this morning I found the key that kills the connection. SSLv3.

So thanks to MathieuW on the dell community forums for posting this info!

Go to Java installation folder.
Open {JRE_HOME}\lib\security\java.security -file in text editor.
Delete or comment out the following line “jdk.tls.disabledAlgorithms=SSLv3”.

My notes, open the file in notepad++ as admin, just comment out the whole line. Save. Re-Launch your virtual console.

Reference URL: https://www.dell.com/community/Systems-Management-General/iDRAC6-Virtual-Console-Connection-Failed/m-p/6088796/highlight/true#M26061

Reset lost iDRAC pass from OMSA

I was recently playing around with EM7 and various Dynamic Apps around Dell hardware.  I came to find that my remote server (hosting this site) had storage in a ‘nonCritical’ state.  I promptly tried logging into my idrac for the system and was having issues getting in.  I had forgot what I had set for the password on the root and personal accounts.  (For those that leave it root/calvin, shame on you!)  This set off a “fear” if you will of having to shut down several VMs and get the datacenter hosting it to attach a remote KVM so I could change the drac password.  I hate this thought.  I spent 30 seconds here and there trying every password I could think of but nothing worked.  I finally started googling around to see if there was any other method.  I struck a winner.

So first thing is you will need Dell Open manage installed on the host system.  From what I can tell this wont work otherwise.  I wrote up a short on installing Dell OpenManage on an Ubuntu 16.04 system previously.

I quickly found that racadm is not properly setup for x64 systems.

[email protected]:~# racadm getconfig -g cfgUserAdmin -i 2
/opt/dell/srvadmin/sbin/racadm: line 3: /opt/dell/srvadmin/lib/srvadmin-omilcore/Funcs.sh: No such file or directory
/opt/dell/srvadmin/sbin/racadm: line 5: GetRegVal: command not found
/opt/dell/srvadmin/sbin/racadm: line 6: GetRegVal: command not found
/opt/dell/srvadmin/sbin/racadm: line 8: GetSysId: command not found
/opt/dell/srvadmin/sbin/racadm: line 9: GetRegVal: command not found
/opt/dell/srvadmin/sbin/racadm: line 10: GetRegVal: command not found
/opt/dell/srvadmin/sbin/racadm: line 13: printf: 0x: invalid hex number
ERROR: Unable to communicate with RAC controller. Please make sure that a RAC
controller is present in the server and appropriate software is installed.

Thankfully it looks like it was just missing a couple of things in the lib folder that are in lib64.

cd /opt/dell/srvadmin/lib
ln -s ../lib64/srvadmin-deng/
ln -s ../lib64/srvadmin-idrac/
ln -s ../lib64/srvadmin-isvc/
ln -s ../lib64/srvadmin-omacore/
ln -s ../lib64/srvadmin-omilcore/
ln -s ../lib64/srvadmin-storage/

After that, racadm appears to work on the hostsystem.

After all that, it appears that racadm works locally without needing a user/pass to do anything.  This will help later when I will be working on pushing out LetsEncrypt certs into the iDRACs automatically.  So I ran the following as mentioned on the dell forum post to reset the root password to ‘ThisIsNewPass’.  If you want to change other users, change the 2 to what ever number they are in the user list.

racadm set idrac.users.2.password ThisIsNewPass
[email protected]:~# racadm set idrac.users.3.password ThisIsNewPass
[Key=idrac.Embedded.1#Users.3]
Object value modified successfully

[email protected]:~#
Reference URL: https://www.dell.com/community/PowerEdge-Hardware-General/Unluckly-I-forgot-my-dell-server-R720-IDRAC-password-now-I-can-t/td-p/4458788
Reference URL: https://mindlesstux.com/2018/01/08/install-dell-openmanage-on-ubuntu-16-04-and-up/