I’m running an OpenVPN server, configured in bridging mode.

I had quite a bit of trouble getting OpenVPN to start after networking is up, but before the the bridge is setup so that the tap0 device, which is created by OpenVPN can be added to the bridge.

The solution is simpler : let the tap0 be automatically created and added to the bridge by Gentoo Linux, then start OpenVPN with a config file instructing to use the already created tap0 device.

This post shows the configuration snippets to get things started in the right order on Gentoo.

My new center of interest those days being virtualization, I tried quite a few software starting with Xen, then QEMU, then KVM, and finally VirtualBox. But as far as giving a network access to the VM is concerned, I’ve always sticked to a network bridge for the reason that this makes the VM appear on the network just like any other computer of your network.

This post provided a sample script to setup a bridge suitable to use with all of the named virtualization softwares.

This posts gives a short intro about VLAN and a simple configuration sample on a DELL PowerConnect 5224 switch with an OpenBSD machine.

If you are looking for a procedure to reset the password of a Dell PowerConnect switch, you’ll find it at the Dell support forum in the following thread : PowerConnect Password Recovery Procedure for managed switches.

As far as the 5224 is concerned, you mostly have to hold Ctrl-F from the power-on till the end of the boot of the switch, which will bring the “reset to factory ?” question and solve the problem of the lost password.

A bit of context : I have a bind 9 DNS allowing DNS updates from clients on the LAN (ok this is fairly insecure, but still my LAN is my home LAN composed of 4 machines … let’s say that’s good enough for me ! 🙂 )

The named.conf allows those updates with this config directive in the zone config block :
allow-update {mynet; };<br />
and mynet is defined an acl directive to be my LAN.

Windows XP

To see multicast group memberships in Windows XP, you can use netsh :

U:>netsh interface ip show joins
Interface Addr   Multicast Group
---------------  ---------------
192.168.139.1    224.0.0.1
192.168.137.1    224.0.0.1
192.168.136.1    224.0.0.1

Solaris (and probably other Unixen as well)

In Solaris, the netstat command can be used :

$ netstat -g
Group Memberships: IPv4
Interface Group                RefCnt
--------- -------------------- ------
lo0       224.0.0.1                 1
eri0      224.0.0.1                 1
$

The “interface name” part of an ifconfig command can be a simple interface name, such as eri0, bge0 and such, or a logical unit such as eri0:1, eri0:2 and so on.

This makes it easy to setup more than 1 ip address on a network card, and hence to make virtual servers.

This post will be short, because it is actually easier than I expected … Anyway, considering my memory, better blog out that for later reference 😉

A bridge is a network device used to connect two or more network segments. You can achieve this easily on OpenBSD with the following commands :

`# echo ‘up’ > /etc/hostname.if0

echo ‘up’ > /etc/hostname.if1

echo ‘add if0 add if1 up’ > /etc/bridgename.bridge0

`

On a Unix machine, you can use this little ftp trick to have an idea of your throughput :

ftp somehost
ftp> put “| dd if=/dev/zero bs=100000 count=100” /dev/null
200 PORT command successful.
150 ASCII data connection for /dev/null (192.168.0.1,32953).
100+0 records in
100+0 records out
226 Transfer complete.
local: | dd if=/dev/zero bs=100000 count=100 remote: /dev/null
10000000 bytes sent in 2.9 seconds (3388.52 Kbytes/s)

This will generate a stream of bytes from one host to another and give you the data rate at the end

To allow a proxy to act as a tunnel for SSL connection as in HTTPS, you actually need to provide the HTTP method CONNECT. It took me some time to realize 😉

If you do this with Apache/mod_proxy, that means that you have to use the mod_proxy_connect and allow the CONNECT method.

Few pointers :

• CONNECT method
• Apache mod_proxy_connect