Networking

Curl can provide us the following time report: time_namelookup time_redirect time_connect time_appconnect time_pretransfer time_starttransfer time_total To get these report time, you need to use the option -w , here is an example: curl -L –output /dev/null –silent –show-error –w ‘lookup: %{time_namelookup}\nconnect: %{time_connect}\nappconnect: %{time_appconnect}\npretransfer: %{time_pretransfer}\nredirect: %{time_redirect}\nstarttransfer: %{time_starttransfer}\ntotal: %{time_total}\n’ ‘google.com’ By default Smokeping Curl probe only fetch the load time – that is total_time – dns resolution. There are many occasions we have with DNS lookup, so we can’t find that issue. That’s why we have “AnotherCurl” probe , the big difference is the “write_out” option , AnotherCurl allows us to specify which the probe will report.Read More →

Please check if your subdomain is a CNAME , the DNS rule does not allow CNAME record to have other record. The fix is to use A record for your sub domain – this could be hard if you are using some cloud service like aws.Read More →

When you setup a GRE tunnel through an existing ipsec – the keepalives should be turn off , if you turn on keepalives the tunnel will never be up int Tunnel100 no keepalives  Read More →

My Strongswan : Local IP: 172.30.0.37 Elastic IP: 19.215.188.2 OS: Ubuntu My WAN: Customer grade broadband Internet Public IP:28.77.250.17 – connect to my fiber optics Local gateway IP: 192.168.1.100 we need to setup porftforwarding : UDP port 4500,500, to our router interface 192.16.1.108 My Cisco: Cisco 1841 fa0/1 : 192.168.1.108  – connect to My WAN router local interface fa0/0: 172.16.8.254 – connect to my local switch / pc My Strongswan config: /etc/ipsec.conf config setup # strictcrlpolicy=yes # uniqueids = no conn %default ikelifetime=1440m keylife=60m rekeymargin=3m keyingtries=1 keyexchange=ikev1 authby=secret conn myremoteoffice left=172.30.0.37 #strongswan outside address leftsubnet=172.30.0.0/24,0.0.0.0/0 #network behind strongswan leftid=19.215.188.2 #IKEID sent by strongswan leftfirewall=yes right=28.77.250.17Read More →

i have 2 sites vpn between Strongswan and Cisco 1841 , the vpn works well , but there is a problem , some of ssl website could not open , after some research it turned out that’s the mtu issue. this is how i fix: conf t int fa0/1 ip mtu 1500 int fa0/0 ip mtu 1500 In case of yahoo, i need to update this on strongswan server: $ iptables -t mangle -A FORWARD -o eth0 \ -p tcp -m tcp –tcp-flags SYN,RST SYN \ -m tcpmss –mss 1361:1536 \ -j TCPMSS –set-mss 1360 $ echo 1 >/proc/sys/net/ipv4/ip_no_pmtu_disc For your reference: MTU woes inRead More →

In case a client doesn’t have DNS entry when it register with DHCP, it could be because the client just send the DHCP Renew request, DHCP renew will not trigger the DDNS update.Read More →