15
In the void is virtue, and no evil. Wisdom has existance, principle has existance, the Way has existance, spirit is nothingness.
Thursday, October 22, 2020
Wednesday, April 08, 2020
DD-WRT on a Videotron reflashed DIR-825
The Videotron custom firmware does not allow local upgrade. On the firmware update page there is a nice "Firmware upgrade: Disabled" and that's where the update ends in the main interface.
In order to update, I've rebooted in recovery mode browser by keeping the reset pressed white plugin the power. However, the upload process was always staying at 0% and didn't finished;
Then I've hexedited the factory-to-ddwrt_NA.bin and changed the last byte in the file from "0" to "2" - still no luck;
I've tried uploading directly from the shell: "ifconfig enp0s25 192.168.0.34 up && curl -0vF files=@factory-to-ddwrt_NA.bin http://192.168.0.1/cgi/index" - nope, still nothing;
The solution was deceivingly simple: I've put a switch between the D-Link and the computer - then the curl upload worked perfectly!
In order to update, I've rebooted in recovery mode browser by keeping the reset pressed white plugin the power. However, the upload process was always staying at 0% and didn't finished;
Then I've hexedited the factory-to-ddwrt_NA.bin and changed the last byte in the file from "0" to "2" - still no luck;
I've tried uploading directly from the shell: "ifconfig enp0s25 192.168.0.34 up && curl -0vF files=@factory-to-ddwrt_NA.bin http://192.168.0.1/cgi/index" - nope, still nothing;
The solution was deceivingly simple: I've put a switch between the D-Link and the computer - then the curl upload worked perfectly!
Thursday, February 13, 2020
Asterisk PAGE say time every hour
Digium D6x phones and CyberData SIP Speakers are used to page.
The phones are also used as intercoms (bidirectional page).
To start, we need accounts for the phones/speakers added to sip.conf:
[phone1] ; Phone
type=friend
host=dynamic
context=my-context
secret=5678
mailbox=319
[speaker1]; Speaker
type=friend
host=dynamic
context=my-context
secret=1234
mailbox=329
record_out=Adhoc
record_in=Adhoc
qualify=no
The phones are also used as intercoms (bidirectional page).
To start, we need accounts for the phones/speakers added to sip.conf:
[phone1] ; Phone
type=friend
host=dynamic
context=my-context
secret=5678
mailbox=319
[speaker1]; Speaker
type=friend
host=dynamic
context=my-context
secret=1234
mailbox=329
record_out=Adhoc
record_in=Adhoc
qualify=no
Then in extensions.conf, in the [my-context] context, add:
; Paging extensions
exten => 3319,1,GotoIf($[ ${CALLERID(number)} = 319 ]?skipself)
exten => 3319,1,SIPAddHeader(Alert-Info: info=<intercom>) ; Digium D6x require this to enable paging - search documentation for different phone models!
exten => 3319,n,Dial(SIP/phone1) ; this is the phone1 defined in sip.conf
exten => 3319,n(skipself),Noop(Not paging originator)
exten => 3329,1,GotoIf($[ ${CALLERID(number)} = 329 ]?skipself)
exten => 3329,n,Dial(SIP/speaker1,50) ; this is the speaker1 defined in sip.conf
exten => 3329,n(skipself),Noop(Not paging originator)
exten => 398,1,Page(LOCAL/3319@my-context&LOCAL/3329@my-context,di,120) ; Bidirectional PAGE - that's what the "d" does.
exten => 398,n,Hangup()
With this, we can dial 398 and the PAGE should work.
Now, in order to say the time automatically, we need a .call file, let's create /var/lib/asterisk/third-party/say-time.call
Channel: LOCAL/398@my-context
MaxRetries: 10
RetryTime: 5
WaitTime: 20
Context: page-say-time
Extension: 3310
Of course, we need to create the [page-say-time] context in extensions.conf:
[page-say-time]
exten => 3310,1,Answer()
exten => 3310,n,Wait(1)
exten => 3310,n,Playback(at-tone-time-exactly) ; this sound file is already in asterisk sounds
exten => 3310,n,Wait(1)
exten => 3310,n,SayUnixTime(,EST,IMp)
exten => 3310,n,Wait(1)
exten => 3310,n,Playback(beep) ; this sound file is already in asterisk sounds
exten => 3310,n,Wait(2)
exten => 3310,n,Hangup()
and the last step, create a crontab that copies the say-time.call to the astersk outgoing at every fix hour:
0 * * * * /bin/cp /var/lib/asterisk/third-party/say-time.call /var/spool/asterisk/outgoing/
Tuesday, January 28, 2020
Copy standard switch port groups from one esx host to another
The below code asks for lmvap-vcs60 credentials, connects to Vcenter, and copied aesx11 vSwitch2 portgroups over to a new host called aesx05 using vSwitch1. (or so said my buddy Josh O. who wrote it)
$vccred = get-credential
connect-viserver -server lmvap-vcs60.domain.tld -credential $vccred
$dest = get-virtualswitch -name vSwitch1 -vmhost aesx05.domain.tld
$source = get-virtualportgroup -vmhost aesx11.domain.tld -virtualswitch vSwitch2 -standard
$countvar = $source.count
for ($a=0 ; $a -le $countvar-1 ; $a++)
{
$pgname = $source[$a].name
$vlan = $source[$a].VLANID
new-virtualportgroup -virtualswitch $dest -name $pgname -VLANID $vlan
}
disconnect-viserver -server lmvap-vcs60.domain.tld -confirm:$false
Wednesday, October 16, 2019
Wednesday, July 03, 2019
DD-WRT wireless extender
Setup -> Basic Setup -> WAN Connection Type -> Connection Type ->Disabled
Network Setup -> Router IP -> Local IP Address - choose an IP outside the DHCP Range from the main router
Gateway and Local DNS - usually the IP of the main router
Wireless -> Basic Settings -> First interface (2.4GHz) -> Wireless Mode: Client Bridge (Routed)
Default GW Mode: Manual
Gateway: IP of the main router
Wireless Security: same as on main router
Wireless -> Basic Settings -> Second interface (5GHz) -> Wireless Mode: AP
Set the WiFi network the way you want - You can duplicate the 5GHz config form the main router. this way the clients will do seamless roaming.
Services -> disable all
Security -> disable all
Access Restrictions -> disable all
NAT / QoS -> disable all
Administration -> Management
802.1x: Disable
Reset Button: Disable
Routing: Disable
Administration -> Keep Alive
Enable Watchdog: Enable
Interval (in seconds): 900
IP Addresses: Ip of the main router
Network Setup -> Router IP -> Local IP Address - choose an IP outside the DHCP Range from the main router
Gateway and Local DNS - usually the IP of the main router
Wireless -> Basic Settings -> First interface (2.4GHz) -> Wireless Mode: Client Bridge (Routed)
Default GW Mode: Manual
Gateway: IP of the main router
Wireless Security: same as on main router
Wireless -> Basic Settings -> Second interface (5GHz) -> Wireless Mode: AP
Set the WiFi network the way you want - You can duplicate the 5GHz config form the main router. this way the clients will do seamless roaming.
Services -> disable all
Security -> disable all
Access Restrictions -> disable all
NAT / QoS -> disable all
Administration -> Management
802.1x: Disable
Reset Button: Disable
Routing: Disable
Administration -> Keep Alive
Enable Watchdog: Enable
Interval (in seconds): 900
IP Addresses: Ip of the main router
Tuesday, June 04, 2019
Web Interface for Parental Control
This continues the Parental Control post from last month.
First of all, in order to protect the web page, we need an authentication method. A simple user/password will do for the moment (it's not perfect, you can bypass it by accessing directly the /cgi-bin/script.sh, but for the purpose of this exercise is OK-ish) .
Make sure that in the lighttpd.conf, mod_auth and mod_access are loaded,
server.modules += ( "mod_access" )
server.modules += ( "mod_auth" )
and the host section is protected
HTTP["url"] =~ "^/" {
auth.backend = "plain"
auth.backend.plain.userfile = "/jffs/lighttpd/.lighttpdpassword"
auth.require = ( "/" => (
"method" => "basic",
"realm" => "Password protected Parental Control",
"require" => "valid-user"
))}
(where /jffs/lighttpd/.lighttpdpassword contains the plaintext credentials, let's say parent:password)
The following index.html must be placed into the lighthttpd www root (/jffs/www/):
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Parental Control</title>
<form action="../cgi-bin/ai.sh" method="POST">
<button name="name" value="value" style="background-color:lime;height:150px;width:400px"> Allow internet </button>
</form><p><br>
<form action="../cgi-bin/ag.sh" method="POST">
<button name="name" value="value" style="background-color:yellowgreen;height:150px;width:400px"> Allow games </button>
</form><p><br>
<form action="../cgi-bin/ay.sh" method="POST">
<button name="name" value="value" style="background-color:khaki;height:150px;width:400px"> Allow only YouTube </button>
</form><p><br>
<form action="../cgi-bin/ni.sh" method="POST">
<button name="name" value="value" style="background-color:red;height:150px;width:400px"> No internet </button>
</form><p><br>
<form action="../cgi-bin/ng.sh" method="POST">
<button name="name" value="value" style="background-color:lightcoral;height:150px;width:400px"> No games </button>
</form><p><br>
<form action="../cgi-bin/lst.sh" method="POST">
<button name="name" value="value" style="background-color:cyan;height:150px;width:400px"> Show actual </button>
</form>
</head>
</html>
First of all, in order to protect the web page, we need an authentication method. A simple user/password will do for the moment (it's not perfect, you can bypass it by accessing directly the /cgi-bin/script.sh, but for the purpose of this exercise is OK-ish) .
Make sure that in the lighttpd.conf, mod_auth and mod_access are loaded,
server.modules += ( "mod_access" )
server.modules += ( "mod_auth" )
HTTP["url"] =~ "^/" {
auth.backend = "plain"
auth.backend.plain.userfile = "/jffs/lighttpd/.lighttpdpassword"
auth.require = ( "/" => (
"method" => "basic",
"realm" => "Password protected Parental Control",
"require" => "valid-user"
))}
(where /jffs/lighttpd/.lighttpdpassword contains the plaintext credentials, let's say parent:password)
The following index.html must be placed into the lighthttpd www root (/jffs/www/):
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Parental Control</title>
<form action="../cgi-bin/ai.sh" method="POST">
<button name="name" value="value" style="background-color:lime;height:150px;width:400px"> Allow internet </button>
</form><p><br>
<form action="../cgi-bin/ag.sh" method="POST">
<button name="name" value="value" style="background-color:yellowgreen;height:150px;width:400px"> Allow games </button>
</form><p><br>
<form action="../cgi-bin/ay.sh" method="POST">
<button name="name" value="value" style="background-color:khaki;height:150px;width:400px"> Allow only YouTube </button>
</form><p><br>
<form action="../cgi-bin/ni.sh" method="POST">
<button name="name" value="value" style="background-color:red;height:150px;width:400px"> No internet </button>
</form><p><br>
<form action="../cgi-bin/ng.sh" method="POST">
<button name="name" value="value" style="background-color:lightcoral;height:150px;width:400px"> No games </button>
</form><p><br>
<form action="../cgi-bin/lst.sh" method="POST">
<button name="name" value="value" style="background-color:cyan;height:150px;width:400px"> Show actual </button>
</form>
</head>
</html>
The following scripts will be placed into the ./cgi-bin folder:
ag.sh
#!/bin/sh
OUTPUT=$('/jffs/allow_game ; sleep 1; iptables -L FORWARD | grep DROP | grep -v "DROP 0 -- anywhere anywhere" | if grep -q "DROP 0 -- 192.168.1.128/28 anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"
ai.sh
#!/bin/sh
OUTPUT=$('/jffs/del_fw ;sleep 1; iptables -L FORWARD | grep DROP | grep -v "DROP 0 -- anywhere anywhere" | if grep -q "DROP 0 -- 192.168.1.128/28 anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"
ay.sh
#!/bin/sh
OUTPUT=$('/jffs/allow_yt ; sleep 1; iptables -L FORWARD | grep DROP | grep -v "DROP 0 -- anywhere anywhere" | if grep -q "DROP 0 -- 192.168.1.128/28 anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"
lst.sh
#!/bin/sh
OUTPUT=$('iptables -L FORWARD | grep DROP | grep -v "DROP 0 -- anywhere anywhere" | if grep -q "DROP 0 -- 192.168.1.128/28 anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi;' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"
ng.sh
#!/bin/sh
OUTPUT=$('/jffs/disable_game && iptables -L FORWARD | grep DROP | grep -v "DROP 0 -- anywhere anywhere" | if grep -q "DROP 0 -- 192.168.1.128/28 anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"
ni.sh
#!/bin/sh
OUTPUT=$('/jffs/add_fw && iptables -L FORWARD | grep DROP | grep -v "DROP 0 -- anywhere anywhere" | if grep -q "DROP 0 -- 192.168.1.128/28 anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"
Now a very simple web page will allow you to control the kids internet from any browser:
Subscribe to:
Comments (Atom)